1 files changed, 29 insertions, 17 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
index dfaad3a..33d2e4f 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/controller/UserController.java
@@ -1,7 +1,6 @@
 package com.ufund.api.ufundapi.controller;
 
 import java.io.IOException;
-import java.security.InvalidParameterException;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -43,6 +42,7 @@ public class UserController {
      */
     @PostMapping("")
     public ResponseEntity<User> createUser(@RequestBody Map<String, String> params) {
+        LOG.log(Level.INFO, "POST /users body={0}", params);
         String username = params.get("username");
         String password = params.get("password");
 
@@ -54,8 +54,10 @@ public class UserController {
                 return new ResponseEntity<>(HttpStatus.CONFLICT);
             }
         } catch (DuplicateKeyException ex) {
+            LOG.log(Level.WARNING, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.CONFLICT);
         } catch (IOException ex) {
+            LOG.log(Level.SEVERE, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
         }
     }
@@ -72,10 +74,10 @@ public class UserController {
      */
     @GetMapping("/{username}")
     public ResponseEntity<User> getUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
-        LOG.log(Level.INFO, "GET /user/{0}", username);
+        LOG.log(Level.INFO, "GET /user/{0} key={1}", of(username, key));
 
         try {
-            authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             User user = userService.getUser(username);
             if (user != null) {
                 return new ResponseEntity<>(user.withoutPasswordHash(), HttpStatus.OK);
@@ -83,9 +85,10 @@ public class UserController {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
         } catch (IllegalAccessException ex) {
+            LOG.log(Level.WARNING, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
-        } catch (IOException e) {
-            LOG.log(Level.SEVERE, e.getLocalizedMessage());
+        } catch (IOException ex) {
+            LOG.log(Level.SEVERE, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
         }
 
@@ -102,23 +105,25 @@ public class UserController {
      */
     @PutMapping("/{username}")
     public ResponseEntity<User> updateUser(@RequestBody User user, @PathVariable String username, @RequestHeader("jelly-api-key") String key) {
-        LOG.log(Level.INFO,"PUT: " + user + " " + username + " " + key.toString());
+        LOG.log(Level.INFO,"PUT /users/{0} body={1} key={2}", of(username, user, key));
         try {
-            //authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             user = userService.updateUser(user, username);
             if (user != null) {
                 return new ResponseEntity<>(user, HttpStatus.OK);
             } else {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
-        } catch (InvalidParameterException ex) {
+        } catch (IllegalArgumentException ex) {
+            LOG.log(Level.WARNING, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
-        } catch (IOException e) {
+        } catch (IllegalAccessException ex) {
+            LOG.log(Level.WARNING, ex.getLocalizedMessage());
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+        } catch (IOException ex) {
+            LOG.log(Level.SEVERE, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
-        } 
-        // catch (IllegalAccessException e) {
-        //     return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
-        // }
+        }
     }
 
     /**
@@ -131,19 +136,26 @@ public class UserController {
      */
     @DeleteMapping("/{username}")
     public ResponseEntity<Boolean> deleteUser(@PathVariable String username, @RequestHeader("jelly-api-key") String key) {
+        LOG.log(Level.INFO, "DELETE /users/{0} id={1}", of(username, key));
 
         try {
-            authService.authenticate(username, key);
+            authService.keyHasAccessToUser(username, key);
             if (userService.deleteUser(username)) {
                 return new ResponseEntity<>(HttpStatus.OK);
             } else {
                 return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             }
-        } catch (IOException e) {
-            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
-        } catch (IllegalAccessException e) {
+        } catch (IllegalAccessException ex) {
+            LOG.log(Level.WARNING, ex.getLocalizedMessage());
             return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+        } catch (IOException ex) {
+            LOG.log(Level.SEVERE, ex.getLocalizedMessage());
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
         }
     }
 
+    private Object[] of(Object ...params) {
+        return params;
+    }
+
 }