feat(api): add API route for resending email verifcation

Refs ibi-group/datatools-ui#492
ibi-group · Oct 21, 2019 · 2a50df3 · 2a50df3
1 parent 57f93e2
commit 2a50df3
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/src/main/java/com/conveyal/datatools/manager/auth/Auth0Users.java b/src/main/java/com/conveyal/datatools/manager/auth/Auth0Users.java
@@ -38,7 +38,7 @@ public class Auth0Users {
     private static final String clientId = DataManager.getConfigPropertyAsText("AUTH0_CLIENT_ID");
     private static final String MANAGEMENT_API_VERSION = "v2";
     private static final String SEARCH_API_VERSION = "v3";
-    private static final String API_PATH = "/api/" + MANAGEMENT_API_VERSION;
+    public static final String API_PATH = "/api/" + MANAGEMENT_API_VERSION;
     public static final String USERS_API_PATH = API_PATH + "/users";
     // Cached API token so that we do not have to request a new one each time a Management API request is made.
     private static Auth0AccessToken cachedToken = null;

diff --git a/src/main/java/com/conveyal/datatools/manager/controllers/api/UserController.java b/src/main/java/com/conveyal/datatools/manager/controllers/api/UserController.java
@@ -10,8 +10,10 @@
 import com.conveyal.datatools.manager.models.Project;
 import com.conveyal.datatools.manager.persistence.Persistence;
 import com.conveyal.datatools.manager.utils.json.JsonManager;
+import com.conveyal.datatools.manager.utils.json.JsonUtil;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
@@ -43,6 +45,8 @@
 import java.util.Map;
 
 import static com.conveyal.datatools.common.utils.SparkUtils.logMessageAndHalt;
+import static com.conveyal.datatools.manager.DataManager.repoUrl;
+import static com.conveyal.datatools.manager.auth.Auth0Users.API_PATH;
 import static com.conveyal.datatools.manager.auth.Auth0Users.USERS_API_PATH;
 import static com.conveyal.datatools.manager.auth.Auth0Users.getUserById;
 import static spark.Spark.delete;
@@ -300,6 +304,45 @@ private static Object getRecentActivity(Request req, Response res) {
         return activityList;
     }
 
+    /**
+     * Resends the user confirmation email for a given user
+     */
+    private static ObjectNode resendEmailConfirmation(Request req, Response res) {
+        // verify if the request is legit. Should only come from an application administrator or the user for which the
+        // account belongs to.
+        Auth0UserProfile userProfile = req.attribute("user");
+        if (userProfile.canAdministerApplication() || userProfile.getUser_id().equals(req.params("id"))) {
+            // authorized. Create request to resend email verification
+            HttpPost resendEmailVerificationRequest = new HttpPost(
+                "https://" + AUTH0_DOMAIN + API_PATH + "/jobs/verification-email"
+            );
+            setHeaders(req, resendEmailVerificationRequest);
+            setRequestEntityUsingJson(
+                resendEmailVerificationRequest,
+                JsonUtil.objectMapper.createObjectNode()
+                    .put("user_id", userProfile.getUser_id())
+                    .put("client_id", AUTH0_CLIENT_ID)
+                    .toString(),
+                req
+            );
+
+            // Execute request. If a HTTP response other than 200 occurs, an error will be returned.
+            executeRequestAndGetResult(resendEmailVerificationRequest, req);
+
+            // Email verification successfully sent! Return successful response.
+            return JsonUtil.objectMapper.createObjectNode()
+                .put("emailSent", true);
+        } else {
+            logMessageAndHalt(
+                req,
+                401,
+                "Not authorized to resend confirmation email"
+            );
+            // doesn't actually return null since above line sends a 401 response
+            return null;
+        }
+    }
+
     /**
      * Set some common headers on the request, including the API access token, which must be obtained via token request
      * to Auth0.
@@ -548,6 +591,7 @@ public static void setBaseUsersUrl (String url) {
     public static void register (String apiPrefix) {
         get(apiPrefix + "secure/user/:id", UserController::getUser, json::write);
         get(apiPrefix + "secure/user/:id/recentactivity", UserController::getRecentActivity, json::write);
+        get(apiPrefix + "secure/user/:id/resendEmailConfirmation", UserController::resendEmailConfirmation, json::write);
         get(apiPrefix + "secure/user", UserController::getAllUsers, json::write);
         get(apiPrefix + "secure/usercount", UserController::getUserCount, json::write);
         post(apiPrefix + "secure/user", UserController::createUser, json::write);