Merge pull request #370 from phuonghuynh/master

Fix security issues on front-end side

pom.xml

@@ -26,7 +26,7 @@
     <jackson.version>2.4.4</jackson.version>
     <aspectj.version>1.8.1</aspectj.version>
     <spring-data-jpa.version>1.7.0.RELEASE</spring-data-jpa.version>
-    <spring-data-elasticsearch>1.2.0.RELEASE</spring-data-elasticsearch>
+    <spring-data-elasticsearch>1.2.2.RELEASE</spring-data-elasticsearch>
     <spring-data-couchbase>1.3.0.RELEASE</spring-data-couchbase>
     <hsqldb.version>2.3.2</hsqldb.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

src/main/java/com/techlooper/config/CoreConfiguration.java

@@ -2,20 +2,13 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.api.client.auth.oauth2.Credential;
-import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
 import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
 import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.jackson2.JacksonFactory;
-import com.google.api.client.util.DateTime;
-import com.google.api.client.util.store.FileDataStoreFactory;
 import com.google.api.services.calendar.Calendar;
 import com.google.api.services.calendar.CalendarScopes;
-import com.google.api.services.calendar.model.Event;
-import com.google.api.services.calendar.model.EventAttendee;
-import com.google.api.services.calendar.model.EventDateTime;
 import com.techlooper.converter.ListCSVStringConverter;
 import com.techlooper.converter.LocaleConverter;
 import com.techlooper.converter.ProfileNameConverter;
@@ -56,15 +49,12 @@
 import javax.mail.MessagingException;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
-import java.io.File;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
 import java.nio.file.Paths;
 import java.security.GeneralSecurityException;
 import java.util.*;
-import java.util.stream.Collector;
-import java.util.stream.Collectors;
 
 @Configuration
 @ComponentScan(basePackages = "com.techlooper")
@@ -181,6 +171,10 @@ protected void configure() {
         mapping(VnwJobAlert.class, VnwJobAlertRequest.class)
           .fields("jobLocations", "locationId", FieldsMappingOptions.customConverter(ListCSVStringConverter.class))
           .fields("minSalary", "netSalary");
+
+//        mapping(WebinarInfoDto.class, WebinarEntity.class)
+//          .fields("startDate", "startDate", FieldsMappingOptions.customConverter(DateTime2BasicOrdinalDateTimeConverter.class))
+//          .fields("endDate", "endDate", FieldsMappingOptions.customConverter(DateTime2BasicOrdinalDateTimeConverter.class));
       }
     });
     return dozerBeanMapper;

src/main/java/com/techlooper/config/web/sec/SwitchingAuthenticationProvider.java

@@ -12,33 +12,34 @@
 
 public class SwitchingAuthenticationProvider implements AuthenticationProvider {
 
-    private static final Logger LOGGER = LoggerFactory.getLogger(SwitchingAuthenticationProvider.class);
-
-    private Map<SocialProvider, AuthenticationProvider> providers;
-
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        try {
-            SocialProvider socialProvider = SocialProvider.valueOf(authentication.getCredentials().toString());
-            if (socialProvider != null) {
-                AuthenticationProvider delegateTo = providers.get(socialProvider);
-                return delegateTo.authenticate(authentication);
-            }
-        } catch (Exception ex) {
-            LOGGER.error(ex.getMessage(), ex);
-        }
-
-        return providers.get(SocialProvider.VIETNAMWORKS).authenticate(authentication);
-    }
+  private static final Logger LOGGER = LoggerFactory.getLogger(SwitchingAuthenticationProvider.class);
 
-    public boolean supports(Class<?> authentication) {
-        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
-    }
+  private Map<SocialProvider, AuthenticationProvider> providers;
 
-    public Map<SocialProvider, AuthenticationProvider> getProviders() {
-        return providers;
+  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+    try {
+      SocialProvider socialProvider = SocialProvider.valueOf(authentication.getCredentials().toString());
+      if (socialProvider != null) {
+        AuthenticationProvider delegateTo = providers.get(socialProvider);
+        return delegateTo.authenticate(authentication);
+      }
     }
-
-    public void setProviders(Map<SocialProvider, AuthenticationProvider> providers) {
-        this.providers = providers;
+    catch (Exception ex) {
+      LOGGER.debug(ex.getMessage(), ex);
     }
+
+    return providers.get(SocialProvider.VIETNAMWORKS).authenticate(authentication);
+  }
+
+  public boolean supports(Class<?> authentication) {
+    return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
+  }
+
+  public Map<SocialProvider, AuthenticationProvider> getProviders() {
+    return providers;
+  }
+
+  public void setProviders(Map<SocialProvider, AuthenticationProvider> providers) {
+    this.providers = providers;
+  }
 }

src/main/java/com/techlooper/controller/JobAlertController.java

@@ -4,6 +4,7 @@
 import com.techlooper.entity.ScrapeJobEntity;
 import com.techlooper.model.JobAlertRegistration;
 import com.techlooper.service.JobAlertService;
+import com.techlooper.service.impl.JobAlertServiceImpl;
 import com.techlooper.util.DateTimeUtils;
 import org.joda.time.DateTime;
 import org.joda.time.Days;
@@ -19,6 +20,8 @@
 import java.util.Date;
 import java.util.List;
 
+import static com.techlooper.service.impl.JobAlertServiceImpl.*;
+
 @Controller
 public class JobAlertController {
 
@@ -67,8 +70,12 @@ public void sendJobAlertEmail() throws Exception {
                             List<ScrapeJobEntity> scrapeJobEntities = jobAlertService.searchJob(jobAlertRegistrationEntity);
                             if (!scrapeJobEntities.isEmpty()) {
                                 jobAlertService.sendEmail(numberOfJobs, jobAlertRegistrationEntity, scrapeJobEntities);
+                            } else {
+                                jobAlertService.updateSendEmailResultCode(jobAlertRegistrationEntity, JOB_ALERT_JOB_NOT_FOUND);
                             }
                         }
+                    } else {
+                        jobAlertService.updateSendEmailResultCode(jobAlertRegistrationEntity, JOB_ALERT_ALREADY_SENT_ON_TODAY);
                     }
                 }
             }

src/main/java/com/techlooper/entity/JobAlertRegistrationEntity.java

@@ -37,6 +37,9 @@ public class JobAlertRegistrationEntity {
     @Field(type = FieldType.Date, format = DateFormat.custom, pattern = "dd/MM/yyyy HH:mm")
     private String lastEmailSentDateTime;
 
+    @Field(type = Integer)
+    private Integer lastEmailSentCode;
+
     public Long getJobAlertRegistrationId() {
         return jobAlertRegistrationId;
     }
@@ -108,4 +111,12 @@ public Integer getLocationId() {
     public void setLocationId(Integer locationId) {
         this.locationId = locationId;
     }
+
+    public Integer getLastEmailSentCode() {
+        return lastEmailSentCode;
+    }
+
+    public void setLastEmailSentCode(Integer lastEmailSentCode) {
+        this.lastEmailSentCode = lastEmailSentCode;
+    }
 }

src/main/java/com/techlooper/entity/WebinarEntity.java

@@ -3,6 +3,7 @@
 import org.springframework.data.annotation.Id;
 import org.springframework.data.elasticsearch.annotations.*;
 
+import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
 
@@ -15,6 +16,7 @@ public class WebinarEntity {
   @Id
   private Long createdDateTime = new Date().getTime();
 
+  @Field(type = FieldType.String)
   private String name;
 
   @Field(type = FieldType.Date, format = DateFormat.custom, pattern = "dd/MM/yyyy hh:mm a")
@@ -23,57 +25,27 @@ public class WebinarEntity {
   @Field(type = FieldType.Date, format = DateFormat.custom, pattern = "dd/MM/yyyy hh:mm a")
   private String endDate;
 
+  @Field(type = FieldType.String)
   private String description;
 
-  private Set<String> attendees;
+  @Field(type = FieldType.String)
+  private Collection<String> attendees;
 
-  @Field(index = FieldIndex.not_analyzed)
+  @Field(type = FieldType.String, index = FieldIndex.not_analyzed)
   private String organiser;
 
-  @Field(index = FieldIndex.not_analyzed)
+  @Field(type = FieldType.String, index = FieldIndex.not_analyzed)
   private String where = "Google Hangout";
 
-  @Field(index = FieldIndex.not_analyzed)
+  @Field(type = FieldType.String, index = FieldIndex.not_analyzed)
   private String calendarUrl;
 
-
-  @Field(index = FieldIndex.not_analyzed)
+  @Field(type = FieldType.String, index = FieldIndex.not_analyzed)
   private String hangoutLink;
 
+  @Field(type = FieldType.String)
   private String whatEvent;
 
-  public String getWhatEvent() {
-    return whatEvent;
-  }
-
-  public void setWhatEvent(String whatEvent) {
-    this.whatEvent = whatEvent;
-  }
-
-  public String getWhere() {
-    return where;
-  }
-
-  public void setWhere(String where) {
-    this.where = where;
-  }
-
-  public String getHangoutLink() {
-    return hangoutLink;
-  }
-
-  public void setHangoutLink(String hangoutLink) {
-    this.hangoutLink = hangoutLink;
-  }
-
-  public String getCalendarUrl() {
-    return calendarUrl;
-  }
-
-  public void setCalendarUrl(String calendarUrl) {
-    this.calendarUrl = calendarUrl;
-  }
-
   public Long getCreatedDateTime() {
     return createdDateTime;
   }
@@ -114,11 +86,11 @@ public void setDescription(String description) {
     this.description = description;
   }
 
-  public Set<String> getAttendees() {
+  public Collection<String> getAttendees() {
     return attendees;
   }
 
-  public void setAttendees(Set<String> attendees) {
+  public void setAttendees(Collection<String> attendees) {
     this.attendees = attendees;
   }
 
@@ -129,4 +101,36 @@ public String getOrganiser() {
   public void setOrganiser(String organiser) {
     this.organiser = organiser;
   }
+
+  public String getWhere() {
+    return where;
+  }
+
+  public void setWhere(String where) {
+    this.where = where;
+  }
+
+  public String getCalendarUrl() {
+    return calendarUrl;
+  }
+
+  public void setCalendarUrl(String calendarUrl) {
+    this.calendarUrl = calendarUrl;
+  }
+
+  public String getHangoutLink() {
+    return hangoutLink;
+  }
+
+  public void setHangoutLink(String hangoutLink) {
+    this.hangoutLink = hangoutLink;
+  }
+
+  public String getWhatEvent() {
+    return whatEvent;
+  }
+
+  public void setWhatEvent(String whatEvent) {
+    this.whatEvent = whatEvent;
+  }
 }