From aef49f6faffbd93350f322db5fad339e2867656b Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 九月 2023 17:08:10 +0800
Subject: [PATCH] [UPDATE] 解決弱點Cleartext sensitive data in a database
---
pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java | 66 ++++++++++++++++----------------
1 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java
index 6c1217b..02b24f0 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/UserResource.java
@@ -93,39 +93,39 @@
this.mailService = mailService;
}
- /**
- * {@code POST /admin/users} : Creates a new user.
- * <p>
- * Creates a new user if the login and email are not already used, and sends an
- * mail with an activation link.
- * The user needs to be activated on creation.
- *
- * @param userDTO the user to create.
- * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
- * @throws URISyntaxException if the Location URI syntax is incorrect.
- * @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
- */
- @PostMapping("/users")
- @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
- public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
- log.debug("REST request to save User : {}", userDTO);
-
- if (userDTO.getId() != null) {
- throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
- // Lowercase the user login before comparing with database
- } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
- throw new LoginAlreadyUsedException();
- } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
- throw new EmailAlreadyUsedException();
- } else {
- User newUser = userService.createUser(userDTO);
- mailService.sendCreationEmail(newUser);
- return ResponseEntity
- .created(new URI("/api/admin/users/" + newUser.getLogin()))
- .headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
- .body(newUser);
- }
- }
+// /**
+// * {@code POST /admin/users} : Creates a new user.
+// * <p>
+// * Creates a new user if the login and email are not already used, and sends an
+// * mail with an activation link.
+// * The user needs to be activated on creation.
+// *
+// * @param userDTO the user to create.
+// * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new user, or with status {@code 400 (Bad Request)} if the login or email is already in use.
+// * @throws URISyntaxException if the Location URI syntax is incorrect.
+// * @throws BadRequestAlertException {@code 400 (Bad Request)} if the login or email is already in use.
+// */
+// @PostMapping("/users")
+// @PreAuthorize("hasAuthority(\"" + AuthoritiesConstants.ADMIN + "\")")
+// public ResponseEntity<User> createUser(@Valid @RequestBody AdminUserDTO userDTO) throws URISyntaxException {
+// log.debug("REST request to save User : {}", userDTO);
+//
+// if (userDTO.getId() != null) {
+// throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
+// // Lowercase the user login before comparing with database
+// } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
+// throw new LoginAlreadyUsedException();
+// } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
+// throw new EmailAlreadyUsedException();
+// } else {
+// User newUser = userService.createUser(userDTO);
+// mailService.sendCreationEmail(newUser);
+// return ResponseEntity
+// .created(new URI("/api/admin/users/" + newUser.getLogin()))
+// .headers(HeaderUtil.createAlert(applicationName, "userManagement.created", newUser.getLogin()))
+// .body(newUser);
+// }
+// }
/**
* {@code PUT /admin/users} : Updates an existing User.
--
Gitblit v1.8.0