001/* 002 * (C) Copyright 2017 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Guillaume Renard <grenard@nuxeo.com> 018 */ 019package org.nuxeo.ecm.restapi.server.jaxrs.usermanager; 020 021import javax.ws.rs.GET; 022import javax.ws.rs.PUT; 023import javax.ws.rs.Path; 024import javax.ws.rs.Produces; 025import javax.ws.rs.core.Context; 026import javax.ws.rs.core.MediaType; 027import javax.ws.rs.core.Request; 028import javax.ws.rs.core.Response; 029import javax.ws.rs.core.Response.Status; 030 031import org.json.JSONException; 032import org.json.JSONObject; 033import org.nuxeo.ecm.core.api.CoreSession; 034import org.nuxeo.ecm.core.api.DocumentModel; 035import org.nuxeo.ecm.core.api.NuxeoPrincipal; 036import org.nuxeo.ecm.core.api.UnrestrictedSessionRunner; 037import org.nuxeo.ecm.platform.usermanager.UserManager; 038import org.nuxeo.ecm.webengine.model.WebObject; 039import org.nuxeo.ecm.webengine.model.impl.DefaultObject; 040import org.nuxeo.runtime.api.Framework; 041 042/** 043 * @since 9.1 044 */ 045@WebObject(type = "me") 046@Produces({ MediaType.APPLICATION_JSON }) 047public class MeObject extends DefaultObject { 048 049 @GET 050 public NuxeoPrincipal doGet(@Context Request request) { 051 return (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 052 } 053 054 @PUT 055 @Path("changepassword") 056 public Object changePassword(String payload) throws JSONException { 057 NuxeoPrincipal currentUser = (NuxeoPrincipal) getContext().getCoreSession().getPrincipal(); 058 JSONObject payloadJson = new JSONObject(payload); 059 String oldPassword = payloadJson.getString("oldPassword"); 060 String newPassword = payloadJson.getString("newPassword"); 061 UserManager userManager = Framework.getService(UserManager.class); 062 if (userManager.checkUsernamePassword(currentUser.getName(), oldPassword)) { 063 currentUser.setPassword(newPassword); 064 UpdateUserUnrestricted updateUserUnrestricted = new UpdateUserUnrestricted(ctx.getCoreSession(), 065 currentUser.getModel()); 066 updateUserUnrestricted.runUnrestricted(); 067 return currentUser; 068 } else { 069 return Response.status(Status.UNAUTHORIZED).build(); 070 } 071 072 } 073 074 static class UpdateUserUnrestricted extends UnrestrictedSessionRunner { 075 076 private DocumentModel updatedUser; 077 078 public UpdateUserUnrestricted(CoreSession session, DocumentModel userDoc) { 079 super(session); 080 this.updatedUser = userDoc; 081 } 082 083 @Override 084 public void run() { 085 UserManager userManager = Framework.getService(UserManager.class); 086 userManager.updateUser(updatedUser); 087 } 088 089 } 090 091}