From 0bb2df135b122cca42126bc702b50b4e8c18bdbf Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Sun, 3 Sep 2023 19:44:16 +0100
Subject: [PATCH] testing messages

---
 .../security/UserAuthenticationFilter.java    | 11 +++---
 .../SPDF/controller/api/UserController.java   | 30 ++++++++--------
 src/main/resources/messages_en_GB.properties  |  6 +++-
 src/main/resources/templates/account.html     | 16 ++++++++-
 .../resources/templates/change-creds.html     | 12 +++++++
 src/main/resources/templates/login.html       | 35 +++++++++++--------
 6 files changed, 74 insertions(+), 36 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
index 1d5aab88..eca7f70e 100644
--- a/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserAuthenticationFilter.java
@@ -44,7 +44,7 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
             filterChain.doFilter(request, response);
             return;
         }
-
+        String requestURI = request.getRequestURI(); 
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
         // Check for API key in the request headers if no authentication exists
@@ -74,13 +74,14 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
         // If we still don't have any authentication, deny the request
         if (authentication == null || !authentication.isAuthenticated()) {
         	String method = request.getMethod();
-        	if ("GET".equalsIgnoreCase(method)) {
+        	if ("GET".equalsIgnoreCase(method) && !"/login".equals(requestURI)) {
         		 response.sendRedirect("/login");  // redirect to the login page
         	     return;
+            } else {
+	            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+	            response.getWriter().write("Authentication required. Please provide a X-API-KEY in request header.\nThis is found in Settings -> Account Settings -> API Key\nAlternativly you can disable authentication if this is unexpected");
+	            return;
             }
-            response.setStatus(HttpStatus.UNAUTHORIZED.value());
-            response.getWriter().write("Authentication required. Please provide a X-API-KEY in request header.\nThis is found in Settings -> Account Settings -> API Key\nAlternativly you can disable authentication if this is unexpected");
-            return;
         }
 
         filterChain.doFilter(request, response);
diff --git a/src/main/java/stirling/software/SPDF/controller/api/UserController.java b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
index f232daf1..647dca6b 100644
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@@ -50,26 +50,26 @@ public class UserController {
                                                  HttpServletResponse response,
                                                  RedirectAttributes redirectAttributes) {
         if (principal == null) {
-            redirectAttributes.addFlashAttribute("error", "User not authenticated.");
-            return new RedirectView("/error");
+        	redirectAttributes.addFlashAttribute("notAuthenticated", true);
+            return new RedirectView("/change-creds");
         }
 
         Optional<User> userOpt = userService.findByUsername(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            redirectAttributes.addFlashAttribute("error", "User not found.");
-            return new RedirectView("/error");
+        	redirectAttributes.addFlashAttribute("userNotFound", true);
+            return new RedirectView("/change-creds");
         }
         User user = userOpt.get();
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
-            return new RedirectView("/error");
+        	redirectAttributes.addFlashAttribute("incorrectPassword", true);
+            return new RedirectView("/change-creds");
         }
 
         if (!user.getUsername().equals(newUsername) && userService.usernameExists(newUsername)) {
-            redirectAttributes.addFlashAttribute("error", "New username already exists.");
-            return new RedirectView("/error");
+        	redirectAttributes.addFlashAttribute("usernameExists", true);
+            return new RedirectView("/change-creds");
         }
 
         userService.changePassword(user, newPassword);
@@ -95,25 +95,25 @@ public class UserController {
                                        HttpServletResponse response,
                                        RedirectAttributes redirectAttributes) {
         if (principal == null) {
-            redirectAttributes.addFlashAttribute("error", "User not authenticated.");
+        	redirectAttributes.addFlashAttribute("notAuthenticated", true);
             return new RedirectView("/account");
         }
 
         Optional<User> userOpt = userService.findByUsername(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            redirectAttributes.addFlashAttribute("error", "User not found.");
+        	redirectAttributes.addFlashAttribute("userNotFound", true);
             return new RedirectView("/account");
         }
         User user = userOpt.get();
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
+        	redirectAttributes.addFlashAttribute("incorrectPassword", true);
             return new RedirectView("/account");
         }
 
         if (userService.usernameExists(newUsername)) {
-            redirectAttributes.addFlashAttribute("error", "New username already exists.");
+        	redirectAttributes.addFlashAttribute("usernameExists", true);
             return new RedirectView("/account");
         }
 
@@ -134,20 +134,20 @@ public class UserController {
                                        HttpServletResponse response,
                                        RedirectAttributes redirectAttributes) {
         if (principal == null) {
-            redirectAttributes.addFlashAttribute("error", "User not authenticated.");
+        	redirectAttributes.addFlashAttribute("notAuthenticated", true);
             return new RedirectView("/account");
         }
 
         Optional<User> userOpt = userService.findByUsername(principal.getName());
 
         if (userOpt == null || userOpt.isEmpty()) {
-            redirectAttributes.addFlashAttribute("error", "User not found.");
+        	redirectAttributes.addFlashAttribute("userNotFound", true);
             return new RedirectView("/account");
         }
         User user = userOpt.get();
 
         if (!userService.isPasswordCorrect(user, currentPassword)) {
-            redirectAttributes.addFlashAttribute("error", "Current password is incorrect.");
+        	redirectAttributes.addFlashAttribute("incorrectPassword", true);
             return new RedirectView("/account");
         }
 
diff --git a/src/main/resources/messages_en_GB.properties b/src/main/resources/messages_en_GB.properties
index a5620aa1..88284dec 100644
--- a/src/main/resources/messages_en_GB.properties
+++ b/src/main/resources/messages_en_GB.properties
@@ -42,8 +42,12 @@ red=Red
 green=Green
 blue=Blue
 custom=Custom...
-changeCredsMessage=First time login, Please change your username and/or password!
+changedCredsMessage=Credentials changed!
 
+notAuthenticatedMessage=User not authenticated.
+userNotFoundMessage=User not found.
+incorrectPasswordMessage=Current password is incorrect.
+usernameExistsMessage=New Username already exists.
 
 
 
diff --git a/src/main/resources/templates/account.html b/src/main/resources/templates/account.html
index ba104b86..ac855d1b 100644
--- a/src/main/resources/templates/account.html
+++ b/src/main/resources/templates/account.html
@@ -16,7 +16,21 @@
                         <!-- User Settings Title -->
                         <h2 class="text-center" th:text="#{account.accountSettings}">User Settings</h2>
                         <hr>
-						<div th:if="${changeCredsFlag}" class="alert alert-success" th:text="#{changeCredsMessage}"></div>
+						<div th:if="${notAuthenticated}" class="alert alert-danger" role="alert">
+						    User not authenticated.
+						</div>
+								<div th:if="${userNotFound}" class="alert alert-danger" role="alert">
+						    User not found.
+						</div>
+								<div th:if="${incorrectPassword}" class="alert alert-danger" role="alert">
+						    Current password is incorrect.
+						</div>
+						<div th:if="${usernameExists}" class="alert alert-danger" role="alert">
+						    New username already exists.
+						</div>
+						
+						
+						
 						
 						<!-- At the top of the user settings -->
 						<h3 class="text-center"><span th:text="#{welcome} + ' ' + ${username}">User</span>!</h3>
diff --git a/src/main/resources/templates/change-creds.html b/src/main/resources/templates/change-creds.html
index c6d94c66..8f64eb49 100644
--- a/src/main/resources/templates/change-creds.html
+++ b/src/main/resources/templates/change-creds.html
@@ -16,6 +16,18 @@
                         <!-- User Settings Title -->
                         <h2 class="text-center" th:text="#{changeCreds.header}">User Settings</h2>
                         <hr>
+                        <div th:if="${notAuthenticated}" class="alert alert-danger" role="alert">
+						    User not authenticated.
+						</div>
+								<div th:if="${userNotFound}" class="alert alert-danger" role="alert">
+						    User not found.
+						</div>
+								<div th:if="${incorrectPassword}" class="alert alert-danger" role="alert">
+						    Current password is incorrect.
+						</div>
+						<div th:if="${usernameExists}" class="alert alert-danger" role="alert">
+						    New username already exists.
+						</div>
 						<div th:if="${changeCredsFlag}" class="alert alert-success" th:text="#{changeCredsMessage}"></div>
 						
 						<!-- At the top of the user settings -->
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
index 1ddea6ec..a82205d8 100644
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -179,11 +179,13 @@ document.addEventListener('DOMContentLoaded', function() {
     const urlParams = currentURL.searchParams;
     const currentLangParam = urlParams.get('lang') || defaultLocale;
 
-    console.log("defaultLocale", defaultLocale)
-    console.log("storedLocale", storedLocale)
-    console.log("currentLangParam", currentLangParam)
+    console.log("defaultLocale", defaultLocale);
+    console.log("storedLocale", storedLocale);
+    console.log("currentLangParam", currentLangParam);
 
-    if (currentLangParam !== storedLocale) {
+    if (defaultLocale !== storedLocale && currentLangParam !== storedLocale) {
+    	console.log("currentLangParam", currentLangParam)
+		console.log("storedLocale", storedLocale)
         urlParams.set('lang', storedLocale);
         currentURL.search = urlParams.toString();
 
@@ -235,17 +237,20 @@ function handleDropdownItemClick(event) {
     event.preventDefault();
     const languageCode = event.currentTarget.dataset.bsLanguageCode;
     const dropdown = document.getElementById('languageDropdown');
-
+    
     if (languageCode) {
-        localStorage.setItem('languageCode', languageCode);
-
-        const currentUrl = window.location.href;
-        if (currentUrl.indexOf('?lang=') === -1) {
-            window.location.href = currentUrl + '?lang=' + languageCode;
-        } else {
-            window.location.href = currentUrl.replace(/\?lang=\w{2,}/, '?lang=' + languageCode);
-        }
-
+    	localStorage.setItem('languageCode', languageCode);
+    	const currentLang = document.documentElement.getAttribute('lang');
+    	if (currentLang !== languageCode) {
+    		console.log("currentLang", currentLang)
+    		console.log("languageCode", languageCode)
+	        const currentUrl = window.location.href;
+	        if (currentUrl.indexOf('?lang=') === -1) {
+	            window.location.href = currentUrl + '?lang=' + languageCode;
+	        } else {
+	            window.location.href = currentUrl.replace(/\?lang=\w{2,}/, '?lang=' + languageCode);
+	        }
+    	}
         dropdown.innerHTML = event.currentTarget.innerHTML;  // Update the dropdown button's content
     } else {
         console.error("Language code is not set for this item.");
@@ -258,6 +263,8 @@ function handleDropdownItemClick(event) {
 		<div th:if="${logoutMessage}" class="alert alert-success"
 			th:text="${logoutMessage}"></div>
 
+
+
 		<form th:action="@{login}" method="post">
 			<img class="mb-4" src="favicon.svg" alt="" width="144" height="144">
 			<h1 class="h1 mb-3 fw-normal" th:text="${@appName}">Stirling-PDF</h1>