[译] 学习 Spring Security（五）：重发验证邮件

时间 2019-12-06

标签学习 spring security 重发验证邮件栏目 Spring 繁體版

原文原文链接

www.baeldung.com/spring-secu…javascript

做者：Eugen Paraschivhtml

译者：oopsguy.comjava

一、概述

在本教程中，咱们将继续 Spring Security 系列中的注册流程，在用户激活账户以前重发验证连接给用户。jquery

二、重发验证连接

首先，当用户请求另外一个验证连接时，咱们须要防上一个验证连接发生过时。git

咱们将用新的 expireDate 重置现有的令牌，以后向用户发送一封新邮件，并附上新的连接和令牌：github

@RequestMapping(value = "/user/resendRegistrationToken", method = RequestMethod.GET)
@ResponseBody
public GenericResponse resendRegistrationToken( HttpServletRequest request, @RequestParam("token") String existingToken) {
    VerificationToken newToken = userService.generateNewVerificationToken(existingToken);
     
    User user = userService.getUser(newToken.getToken());
    String appUrl = 
      "http://" + request.getServerName() + 
      ":" + request.getServerPort() + 
      request.getContextPath();
    SimpleMailMessage email = 
      constructResendVerificationTokenEmail(appUrl, request.getLocale(), newToken, user);
    mailSender.send(email);
 
    return new GenericResponse(
      messages.getMessage("message.resendToken", null, request.getLocale()));
}
复制代码

生成用户邮件的工具方法 — constructResendVerificationTokenEmail()：spring

private SimpleMailMessage constructResendVerificationTokenEmail (String contextPath, Locale locale, VerificationToken newToken, User user) {
    String confirmationUrl = 
      contextPath + "/regitrationConfirm.html?token=" + newToken.getToken();
    String message = messages.getMessage("message.resendToken", null, locale);
    SimpleMailMessage email = new SimpleMailMessage();
    email.setSubject("Resend Registration Token");
    email.setText(message + " rn" + confirmationUrl);
    email.setFrom(env.getProperty("support.email"));
    email.setTo(user.getEmail());
    return email;
}
复制代码

咱们还须要修改现有的注册功能 — 在模型上添加一些涉及到令牌到期的新逻辑：app

@RequestMapping(value = "/regitrationConfirm", method = RequestMethod.GET)
public String confirmRegistration( Locale locale, Model model, @RequestParam("token") String token) {
    VerificationToken verificationToken = userService.getVerificationToken(token);
    if (verificationToken == null) {
        String message = messages.getMessage("auth.message.invalidToken", null, locale);
        model.addAttribute("message", message);
        return "redirect:/badUser.html?lang=" + locale.getLanguage();
    }
 
    User user = verificationToken.getUser();
    Calendar cal = Calendar.getInstance();
    if ((verificationToken.getExpiryDate().getTime() - cal.getTime().getTime()) <= 0) {
        model.addAttribute("message", messages.getMessage("auth.message.expired", null, locale));
        model.addAttribute("expired", true);
        model.addAttribute("token", token);
        return "redirect:/badUser.html?lang=" + locale.getLanguage();
    }
 
    user.setEnabled(true);
    userService.saveRegisteredUser(user);
    model.addAttribute("message", messages.getMessage("message.accountVerified", null, locale));
    return "redirect:/login.html?lang=" + locale.getLanguage();
}
复制代码

三、异常处理

之前的功能是在某些状况下抛出异常，这些异常须要处理，咱们将使用自定义的异常处理程序来处理这些异常：工具

@ControllerAdvice
public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionHandler {
 
    @Autowired
    private MessageSource messages;
 
    @ExceptionHandler({ UserNotFoundException.class })
    public ResponseEntity<Object> handleUserNotFound(RuntimeException ex, WebRequest request) {
        logger.error("404 Status Code", ex);
        GenericResponse bodyOfResponse = new GenericResponse(
          messages.getMessage("message.userNotFound", null, request.getLocale()), "UserNotFound");
         
        return handleExceptionInternal(
          ex, bodyOfResponse, new HttpHeaders(), HttpStatus.NOT_FOUND, request);
    }
 
    @ExceptionHandler({ MailAuthenticationException.class })
    public ResponseEntity<Object> handleMail(RuntimeException ex, WebRequest request) {
        logger.error("500 Status Code", ex);
        GenericResponse bodyOfResponse = new GenericResponse(
          messages.getMessage(
            "message.email.config.error", null, request.getLocale()), "MailError");
         
        return handleExceptionInternal(
          ex, bodyOfResponse, new HttpHeaders(), HttpStatus.NOT_FOUND, request);
    }
 
    @ExceptionHandler({ Exception.class })
    public ResponseEntity<Object> handleInternal(RuntimeException ex, WebRequest request) {
        logger.error("500 Status Code", ex);
        GenericResponse bodyOfResponse = new GenericResponse(
          messages.getMessage(
            "message.error", null, request.getLocale()), "InternalError");
         
        return handleExceptionInternal(
          ex, bodyOfResponse, new HttpHeaders(), HttpStatus.NOT_FOUND, request);
    }
}
复制代码

注意：oop

咱们使用 @ControllerAdvice 注解来处理整个应用程序中的异常，并使用一个简单的对象 GenericResponse 来发送响应：

public class GenericResponse {
    private String message;
    private String error;
 
    public GenericResponse(String message) {
        super();
        this.message = message;
    }
 
    public GenericResponse(String message, String error) {
        super();
        this.message = message;
        this.error = error;
    }
}
复制代码

四、修改 badUser.html

如今咱们修改 badUser.html，使用户只有在令牌过时时才能得到新的 VerificationToken：

<html>
<head>
<title th:text="#{label.badUser.title}">bad user</title>
</head>
<body>
<h1 th:text="${param.message[0]}">error</h1>
<br>
<a th:href="@{/user/registration}" th:text="#{label.form.loginSignUp}">
  signup</a>
 
<div th:if="${param.expired[0]}">
<h1 th:text="#{label.form.resendRegistrationToken}">resend</h1>
<button onclick="resendToken()" th:text="#{label.form.resendRegistrationToken}">resend</button>
  
<script src="jquery.min.js"></script>
<script type="text/javascript"> var serverContext = [[@{/}]]; function resendToken(){ $.get(serverContext + "user/resendRegistrationToken?token=" + token, function(data){ window.location.href = serverContext +"login.html?message=" + data.message; }) .fail(function(data) { if(data.responseJSON.error.indexOf("MailError") > -1) { window.location.href = serverContext + "emailError.html"; } else { window.location.href = serverContext + "login.html?message=" + data.responseJSON.message; } }); } </script>
</div>
</body>
</html>
复制代码

请注意，咱们在这里使用了一些很是简单的 JavaScript 和 JQuery 来处理 /user/resendRegistrationToken 的响应，并根据它重定向用户。

五、结论

在本文中，咱们容许用户从新请求一个新的验证连接来激活帐户，以防旧帐户过时。

本教程的完整实现能够在 github 项目中找到 — 这是一个基于 Eclipse 的项目，应该很容易导入和运行。

原文项目地址

github.com/eugenp/spri…