secure invite link

Co-authored-by: Christoph <tobi@urpost.de>

src/main/java/mops/gruppen2/controller/WebController.java

@@ -3,11 +3,15 @@ package mops.gruppen2.controller;
 import mops.gruppen2.domain.Group;
 import mops.gruppen2.domain.Role;
 import mops.gruppen2.domain.User;
-import mops.gruppen2.domain.dto.InviteLinkDTO;
 import mops.gruppen2.domain.exception.EventException;
 import mops.gruppen2.domain.exception.PageNotFoundException;
 import mops.gruppen2.security.Account;
-import mops.gruppen2.service.*;
+import mops.gruppen2.service.ControllerService;
+import mops.gruppen2.service.GroupService;
+import mops.gruppen2.service.InviteService;
+import mops.gruppen2.service.KeyCloakService;
+import mops.gruppen2.service.UserService;
+import mops.gruppen2.service.ValidationService;
 import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -191,8 +195,11 @@ public class WebController {
     }
 
     @RolesAllowed({"ROLE_orga", "ROLE_studentin", "ROLE_actuator)"})
-    @GetMapping("/details/{link}")
-    public String showGroupDetails(KeycloakAuthenticationToken token, Model model, HttpServletRequest request, @PathVariable("link") String groupId) throws EventException {
+    @GetMapping("/details/{id}")
+    public String showGroupDetails(KeycloakAuthenticationToken token,
+                                   Model model,
+                                   HttpServletRequest request,
+                                   @PathVariable("id") String groupId) throws EventException {
         model.addAttribute("account", keyCloakService.createAccountFromPrincipal(token));
 
         Group group = userService.getGroupById(UUID.fromString(groupId));
@@ -219,7 +226,7 @@ public class WebController {
 
         String actualURL = request.getRequestURL().toString();
         String serverURL = actualURL.substring(0, actualURL.indexOf("gruppen2/"));
-        model.addAttribute("link", serverURL + "gruppen2/acceptinvite/" + groupId);
+        model.addAttribute("link", serverURL + "gruppen2/acceptinvite/" + inviteService.getLinkByGroupId(group.getId()));
 
         return "detailsMember";
     }
@@ -227,11 +234,11 @@ public class WebController {
     @RolesAllowed({"ROLE_orga", "ROLE_studentin", "ROLE_actuator"})
     @PostMapping("/detailsBeitreten")
     public String joinGroup(KeycloakAuthenticationToken token,
-                            Model model, @RequestParam("link") String link) throws EventException {
+                            Model model, @RequestParam("id") String groupId) throws EventException {
         model.addAttribute("account", keyCloakService.createAccountFromPrincipal(token));
         Account account = keyCloakService.createAccountFromPrincipal(token);
         User user = new User(account.getName(), account.getGivenname(), account.getFamilyname(), account.getEmail());
-        Group group = userService.getGroupById(inviteService.getGroupIdFromLink(link));
+        Group group = userService.getGroupById(UUID.fromString(groupId));
         validationService.checkIfUserInGroupJoin(group, user);
         validationService.checkIfGroupFull(group);
         controllerService.addUser(account, group.getId());
@@ -260,12 +267,16 @@ public class WebController {
     @RolesAllowed({"ROLE_orga", "ROLE_studentin", "ROLE_actuator"})
     @GetMapping("/acceptinvite/{link}")
     public String acceptInvite(KeycloakAuthenticationToken token,
-                               Model model, @PathVariable String link) throws EventException {
+                               Model model,
+                               @PathVariable("link") String link) throws EventException {
         model.addAttribute("account", keyCloakService.createAccountFromPrincipal(token));
         Group group = userService.getGroupById(inviteService.getGroupIdFromLink(link));
         validationService.checkGroup(group.getTitle());
         model.addAttribute("group", group);
-        return "redirect:/gruppen2/detailsSearch?id=" + group.getId();
+
+        controllerService.addUser(keyCloakService.createAccountFromPrincipal(token), group.getId());
+
+        return "redirect:/gruppen2/details/" + group.getId();
     }
 
     @RolesAllowed({"ROLE_orga", "ROLE_studentin", "ROLE_actuator"})

src/main/java/mops/gruppen2/domain/exception/InvalidInviteException.java

@@ -0,0 +1,10 @@
+package mops.gruppen2.domain.exception;
+
+import org.springframework.http.HttpStatus;
+
+public class InvalidInviteException extends EventException {
+
+    public InvalidInviteException(String info) {
+        super(HttpStatus.NOT_FOUND, "Der Einladungslink ist ungültig.", info);
+    }
+}

src/main/java/mops/gruppen2/domain/exception/NoInviteExistException.java

@@ -0,0 +1,10 @@
+package mops.gruppen2.domain.exception;
+
+import org.springframework.http.HttpStatus;
+
+public class NoInviteExistException extends EventException {
+
+    public NoInviteExistException(String info) {
+        super(HttpStatus.NOT_FOUND, "Für diese Gruppe existiert kein Link.", info);
+    }
+}

src/main/java/mops/gruppen2/repository/InviteRepository.java

@@ -14,5 +14,5 @@ public interface InviteRepository extends CrudRepository<InviteLinkDTO, Long> {
     void deleteLinkOfGroup(@Param("group") String group);
 
     @Query("SELECT invite_link FROM invite WHERE group_id = :group")
-    String findLinkByGroupId(@Param("group") String groupId);
+    String findLinkByGroupId(String group);
 }

src/main/java/mops/gruppen2/service/ControllerService.java

@@ -1,6 +1,5 @@
 package mops.gruppen2.service;
 
-import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
 import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
 import mops.gruppen2.domain.Group;
 import mops.gruppen2.domain.GroupType;
@@ -94,8 +93,6 @@ public class ControllerService {
 
         UUID groupId = createGroup(account, title, description, isVisibilityPrivate, isLecture, isMaximumInfinite, userMaximum, parent);
 
-        inviteService.createLink(groupId);
-
         addUserList(newUsers, groupId);
     }
 

src/main/java/mops/gruppen2/service/InviteService.java

@@ -1,6 +1,8 @@
 package mops.gruppen2.service;
 
 import mops.gruppen2.domain.dto.InviteLinkDTO;
+import mops.gruppen2.domain.exception.InvalidInviteException;
+import mops.gruppen2.domain.exception.NoInviteExistException;
 import mops.gruppen2.repository.InviteRepository;
 import org.springframework.stereotype.Service;
 
@@ -22,11 +24,22 @@ public class InviteService {
     }
 
     public UUID getGroupIdFromLink(String link) {
-        return UUID.fromString(inviteRepository.findGroupIdByLink(link));
+        try {
+            return UUID.fromString(inviteRepository.findGroupIdByLink(link));
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        throw new InvalidInviteException(link);
     }
 
-    public String getLinkFromGroupId(UUID groupId) {
-        return inviteRepository.findLinkByGroupId(groupId.toString());
-    }
+    public String getLinkByGroupId(UUID groupId) {
+        try {
+            return inviteRepository.findLinkByGroupId(groupId.toString());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
 
+        throw new NoInviteExistException(groupId.toString());
+    }
 }

src/main/resources/templates/search.html

@@ -69,7 +69,7 @@
                             <span class="badge badge-pill badge-success"
                                   style="background: lightseagreen; margin-right: 25px;"
                                   th:if='${gruppe.getType() == gruppe.getType().LECTURE}'>Veranstaltung</span>
-                            <a th:href="@{/gruppen2/detailsSearch(link=${inviteService.getLinkFromGroupId(gruppe.getId())})}"
+                            <a th:href="@{/gruppen2/detailsSearch(id=${gruppe.getId()})}"
                                th:text="${#strings.abbreviate(gruppe.getTitle(), 50)}">Gruppenname</a>
                         </th>
                         <td style="" th:text="${#strings.abbreviate(gruppe.getDescription(), 50)}">