boot api token update set login user details

vnobo · Feb 23, 2024 · 6d1a32a · 6d1a32a
1 parent 268903d
commit 6d1a32a
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 4 deletions.
diff --git a/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java b/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java
@@ -12,7 +12,10 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
 import org.springframework.security.web.server.csrf.CsrfToken;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebSession;
 import reactor.core.publisher.Mono;
@@ -34,33 +37,68 @@ public Mono<AuthenticationToken> token(WebSession session, Authentication authen
         return Mono.defer(() -> Mono.just(AuthenticationToken.build(session, authentication)));
     }
 
+    /**
+     * Retrieves the CSRF token from the current context.
+     *
+     * @return A Mono<CsrfToken> object containing the CSRF token, or an empty Mono if no CSRF token is found.
+     */
     @GetMapping("csrf")
     public Mono<CsrfToken> csrfToken() {
+        // Defer the retrieval of the CSRF token to subscription time.
+        // This allows the CSRF token to be retrieved from the current context when the Mono is subscribed to.
         return Mono.deferContextual((contextView) -> {
+            // Retrieve the CSRF token from the current context.
             CsrfToken ctk = contextView.get(ContextUtils.CSRF_TOKEN_CONTEXT);
+            // Return the CSRF token wrapped in a Mono, or an empty Mono if no CSRF token is found.
             return Mono.justOrEmpty(ctk);
         });
     }
 
+    /**
+     * Binds an OAuth2 client to the authenticated user.
+     *
+     * @param clientRegistrationId The registration ID of the OAuth2 client.
+     * @param authentication       The authentication object containing the user's credentials.
+     * @param exchange             The current server web exchange.
+     * @return A Mono<Object> object containing the access token of the OAuth2 client.
+     */
     @GetMapping("bind")
     public Mono<Object> bindOauth2(String clientRegistrationId, Authentication authentication, ServerWebExchange exchange) {
+        // Load the authorized OAuth2 client using the client registration ID, authentication object, and server web exchange.
+        // Then, retrieve the access token of the OAuth2 client.
         return this.clientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange)
                 .flatMap(oAuth2AuthorizedClient -> Mono.just(oAuth2AuthorizedClient.getAccessToken()));
     }
 
-    @PostMapping("/change/password")
+    /**
+     * Changes the password of the authenticated user.
+     *
+     * @param request        The request object containing the current and new password.
+     * @param authentication The authentication object containing the user's credentials.
+     * @return A Mono<UserDetails> object of the updated user.
+     * @throws RestServerException if the new password is the same as the current password.
+     * @throws RestServerException if the presented password does not match the current password.
+     */
     public Mono<UserDetails> changePassword(@Valid @RequestBody ChangePasswordRequest request,
                                             Authentication authentication) {
+        // Check if the new password is the same as the current password.
         if (!request.getPassword().equals(request.getNewPassword())) {
+            // Throw an exception if the new password is the same as the current password.
             throw RestServerException.withMsg("Password and newPassword not match", request);
         }
+        // Retrieve the presented password from the authentication object.
         String presentedPassword = (String) authentication.getCredentials();
+        // Check if the presented password matches the current password.
         if (!this.passwordEncoder.matches(presentedPassword, request.getPassword())) {
+            // Throw an exception if the presented password does not match the current password.
             throw RestServerException.withMsg(
                     "Password verification failed, presented password not match", presentedPassword);
         }
+        // Encode the new password.
         String newPassword = this.passwordEncoder.encode(request.getNewPassword());
+        // Retrieve the UserDetails from the authentication object.
         UserDetails userDetails = (UserDetails) authentication.getDetails();
+        // Update the user's password and return the updated UserDetails.
         return this.securityManager.updatePassword(userDetails, newPassword);
     }
 

diff --git a/ui/projects/commons/package.json b/ui/projects/commons/package.json
@@ -2,8 +2,8 @@
   "name": "commons",
   "version": "0.0.1",
   "peerDependencies": {
-    "@angular/common": "^17.0.0",
-    "@angular/core": "^17.0.0"
+    "@angular/common": "^17.2.2",
+    "@angular/core": "^17.2.2"
   },
   "dependencies": {
     "tslib": "^2.3.0"