Almost support for editing without login

Author: klakegg

src/main/java/no/java/submit/config/ApplicationConfig.java

@@ -5,6 +5,9 @@
 import jakarta.ws.rs.Produces;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
+import java.util.Arrays;
+import java.util.List;
+
 @Dependent
 public class ApplicationConfig {
 
@@ -14,6 +17,9 @@ public class ApplicationConfig {
     @ConfigProperty(name = "app.secret", defaultValue = "JavaZoneForever")
     String appSecret;
 
+    @ConfigProperty(name = "app.admins", defaultValue = "admin@example.com")
+    String[] appAdmins;
+
     @Produces
     @Named("app.url")
     public String getAppUrl() {
@@ -25,4 +31,10 @@ public String getAppUrl() {
     public String getAppSecret() {
         return appSecret;
     }
+
+    @Produces
+    @Named("app.admins")
+    public List<String> getAppAdmins() {
+        return Arrays.asList(appAdmins);
+    }
 }

src/main/java/no/java/submit/controller/TalkController.java

@@ -6,6 +6,7 @@
 import io.quarkus.security.identity.SecurityIdentity;
 import io.smallrye.common.annotation.Blocking;
 import jakarta.inject.Inject;
+import jakarta.inject.Named;
 import jakarta.validation.Validator;
 import jakarta.ws.rs.*;
 import jakarta.ws.rs.core.Context;
@@ -18,16 +19,18 @@
 import no.java.submit.service.ConferenceService;
 import no.java.submit.service.TalksService;
 import no.java.submit.service.TimelineService;
+import no.java.submit.util.SessionSecretHelper;
 import no.java.submit.util.UserHelper;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.resteasy.reactive.ClientWebApplicationException;
+import org.jboss.resteasy.reactive.RestResponse;
 
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.List;
 import java.util.stream.Collectors;
 
 @Path("talk")
-@Authenticated
 @Blocking
 @Produces(MediaType.TEXT_HTML)
 public class TalkController {
@@ -44,6 +47,9 @@ public class TalkController {
     @Inject
     TimelineService timelineService;
 
+    @Inject
+    SessionSecretHelper sessionSecrets;
+
     @Inject
     Template talk;
 
@@ -59,13 +65,19 @@ public class TalkController {
     @Inject
     Validator validator;
 
+    @Inject
+    @Named("app.admins")
+    List<String> appAdmins;
+
     @GET
+    @Authenticated
     public TemplateInstance all() {
         return all.instance();
     }
 
     @GET
     @Path("{sessionId}")
+    @Authenticated
     public TemplateInstance view(@PathParam("sessionId") String sessionId, @Context SecurityIdentity securityIdentity) {
         var email = UserHelper.getEmail(securityIdentity);
 
@@ -75,14 +87,47 @@ public TemplateInstance view(@PathParam("sessionId") String sessionId, @Context
             if (!session.containsEmail(email))
                 throw new NotAuthorizedException("Not allowed to view this session");
 
-            return talk.data("session", session);
+            return talk
+                    .data("session", session)
+                    .data("secret", null);
+        } catch (ClientWebApplicationException e) {
+            throw new NotAuthorizedException("Not allowed to view this session", e);
+        }
+    }
+
+    @GET
+    @Path("{sessionId}/{secret}")
+    public TemplateInstance view(@PathParam("sessionId") String sessionId, @PathParam("secret") String secret) {
+        sessionSecrets.validate(sessionId, secret);
+
+        try {
+            var session = talksService.getSession("", sessionId);
+
+            return talk
+                    .data("session", session)
+                    .data("secret", secret);
         } catch (ClientWebApplicationException e) {
             throw new NotAuthorizedException("Not allowed to view this session", e);
         }
     }
 
+    @GET
+    @Path("{sessionId}/secret")
+    @Authenticated
+    public RestResponse<?> redirectWithSecret(@PathParam("sessionId") String sessionId, @Context SecurityIdentity securityIdentity) {
+        var email = UserHelper.getEmail(securityIdentity);
+
+        if (!appAdmins.contains(email))
+            throw new NotAuthorizedException("Not admin");
+
+        return RestResponse.seeOther(UriBuilder
+                .fromUri(String.format("/talk/%s/%s", sessionId, sessionSecrets.get(sessionId)))
+                .build());
+    }
+
     @GET
     @Path("new")
+    @Authenticated
     public TemplateInstance newSession(@Context SecurityIdentity securityIdentity) {
         if (timelineService.isClosed(UserHelper.hasExtension(securityIdentity)))
             return error
@@ -106,6 +151,7 @@ public TemplateInstance newSession(@Context SecurityIdentity securityIdentity) {
     @POST
     @Path("new")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Authenticated
     public Object newSessionPost(SessionForm form, @Context SecurityIdentity securityIdentity) {
         if (timelineService.isClosed(UserHelper.hasExtension(securityIdentity)))
             return error
@@ -138,13 +184,26 @@ public Object newSessionPost(SessionForm form, @Context SecurityIdentity securit
 
     @GET
     @Path("{sessionId}/edit")
+    @Authenticated
     public TemplateInstance editSession(@PathParam("sessionId") String sessionId, @Context SecurityIdentity securityIdentity) {
         var email = UserHelper.getEmail(securityIdentity);
 
+        return editSession(sessionId, email, null);
+    }
+
+    @GET
+    @Path("{sessionId}/{secret}/edit")
+    public TemplateInstance editSession(@PathParam("sessionId") String sessionId, @PathParam("secret") String secret) {
+        sessionSecrets.validate(sessionId, secret);
+
+        return editSession(sessionId, "", secret);
+    }
+
+    public TemplateInstance editSession(String sessionId, String email, String secret) {
         try {
             var session = talksService.getSession(email, sessionId);
 
-            if (!session.containsEmail(email))
+            if (!email.isEmpty() && !session.containsEmail(email))
                 throw new NotAuthorizedException("Not allowed to view this session");
 
             if (!conferenceService.current().id.equals(session.conferenceId))
@@ -153,7 +212,8 @@ public TemplateInstance editSession(@PathParam("sessionId") String sessionId, @C
             return sessionForm
                     .data("form", SessionForm.parse(session))
                     .data("val", Collections.emptyMap())
-                    .data("sessionId", sessionId);
+                    .data("sessionId", sessionId)
+                    .data("secret", secret);
         } catch (ClientWebApplicationException e) {
             throw new NotAuthorizedException("Not allowed to view this session", e);
         }
@@ -162,6 +222,7 @@ public TemplateInstance editSession(@PathParam("sessionId") String sessionId, @C
     @POST
     @Path("{sessionId}/edit")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Authenticated
     public Object editSessionPost(@PathParam("sessionId") String sessionId, SessionForm form, @Context SecurityIdentity securityIdentity) {
         // Validate form and present form if there are any errors
         var validation = validator.validate(form);

src/main/java/no/java/submit/service/TimelineService.java

@@ -4,7 +4,6 @@
 import jakarta.inject.Named;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
-import java.text.ParseException;
 import java.time.Instant;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
@@ -16,14 +15,17 @@
 @ApplicationScoped
 public class TimelineService {
 
-    private static DateTimeFormatter formatter = DateTimeFormatter.ofPattern("MMMM d");
+    private static final DateTimeFormatter formatter = DateTimeFormatter.ofPattern("MMMM d");
 
     @ConfigProperty(name = "timeline.opening")
     public Instant opening;
 
     @ConfigProperty(name = "timeline.closing")
     Instant closing;
 
+    @ConfigProperty(name = "timeline.finalized")
+    Instant finalized;
+
     @ConfigProperty(name = "timeline.feedback")
     Instant feedback;
 
@@ -57,6 +59,10 @@ public boolean isClosed(boolean hasExtension) {
         return getClosingHard().isBefore(LocalDateTime.now());
     }
 
+    public boolean isFinalized() {
+        return finalized != null && finalized.isBefore(Instant.now());
+    }
+
     public String format(LocalDate date) {
         return formatter.format(date).substring(0, 1).toUpperCase() +
                 formatter.format(date).substring(1) +

src/main/java/no/java/submit/util/SessionSecretHelper.java

@@ -0,0 +1,27 @@
+package no.java.submit.util;
+
+import com.google.common.hash.Hashing;
+import com.google.common.io.BaseEncoding;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.inject.Named;
+import jakarta.ws.rs.NotAuthorizedException;
+
+@ApplicationScoped
+public class SessionSecretHelper {
+
+    @Inject
+    @Named("app.secret")
+    String appSecret;
+
+    public String get(String sessionId) {
+        var str = String.format("%s:%s", appSecret, sessionId);
+        return BaseEncoding.base32().omitPadding().encode(Hashing.sha256().hashBytes(str.getBytes()).asBytes()).toLowerCase();
+    }
+
+    public void validate(String sessionId, String sessionSecret) {
+        if (!get(sessionId).equals(sessionSecret)) {
+            throw new NotAuthorizedException("Invalid session secret");
+        }
+    }
+}

src/main/resources/application.properties

@@ -17,6 +17,7 @@ quarkus.cache.caffeine."sessions".expire-after-write=5m
 conference.current=ffbdc06b-b570-4409-bf2f-7d3b5dd2aed3
 timeline.opening=2025-02-14T00:00:00Z
 timeline.closing=2025-04-28T23:59:59Z
+timeline.finalized=2025-05-31T00:00:00Z
 timeline.feedback=2025-06-30T00:00:00Z
 timeline.refund=2025-08-01T00:00:00Z
 

src/main/resources/templates/all.html

@@ -19,14 +19,26 @@ <h1>All talks</h1>
                 <h2>{conference.name}</h2>
 
                 {#for session in talks}
-                    <div class="session-item">
-                        <a href="/talk/{session.sessionId}">{session.data["title"]}</a>
+                    {#let tags=session:tags(session)}
+                        <div class="session-item{#if tags.contains("rejected") || tags.contains("trukket") || tags.contains("withdrawn")} out{/if}">
+                            <a href="/talk/{session.sessionId}">{session.data["title"]}</a>
 
-                        <ul>
-                            <li>{Kind:of(session.data).name}</li>
-                            <li>{Language:of(session.data).name}</li>
-                        </ul>
-                    </div>
+                            <ul>
+                                <li>{Kind:of(session.data).name}</li>
+                                <li>{Language:of(session.data).name}</li>
+                                {#if tags.contains("rejected")}
+                                <li>Rejected</li>
+                                {#else if tags.contains("trukket") || tags.contains("withdrawn")}
+                                <li>Withdrawn</li>
+                                {#else if tags.contains("accepted") && tags.contains("confirmed")}
+                                <li>Confirmed</li>
+                                {#else if tags.contains("accepted")}
+                                <li>Accepted</li>
+                                <li><a href="https://cakeredux.javazone.no/confirm.html?id={session.sessionId}">Confirm</a></li>
+                                {/if}
+                            </ul>
+                        </div>
+                    {/let}
                 {/for}
             {/if}
         {/for}

src/main/resources/templates/listing.html

@@ -18,14 +18,14 @@ <h2>Submitted talks</h2>
             </ul>
 
             {#if closed}
-                <div class="submit">
+                <!-- <div class="submit">
                     <p>We are past the deadline for new submissions</p>
 
                     <form hx-post="/login/extend" hx-target="body">
                         <input type="text" name="code" placeholder="Code for extension" required="required"/>
                         <button>Verify</button>
                     </form>
-                </div>
+                </div> -->
             {/if}
 
             {#if talks.isEmpty}

src/main/resources/templates/sessionForm.html

@@ -166,7 +166,7 @@ <h2>Speaker {speaker_count}</h2>
     </div>
 
     <div class="buttons">
-        <a href="{#if sessionId == null}/{#else}/talk/{sessionId}{/if}">Cancel</a>
+        <a href="{#if sessionId == null}/{#else}/talk/{sessionId}{#if secret != null}/{secret}{/if}{/if}">Cancel</a>
         <button type="submit">Save</button>
     </div>
 </form>

src/main/resources/templates/talk.html

@@ -18,17 +18,16 @@ <h1>{session.data["title"]}</h1>
         <li>Confirmed</li>
         {#else if tags.contains("accepted")}
         <li>Accepted</li>
-        <li><a href="https://cakeredux.javazone.no/confirm.html?id={session.sessionId}">Confirm</a></li>
         {/if}
         {#if session.conferenceId == conference:current.id}
-        <li><a href="/talk/{session.sessionId}/edit">Edit</a></li>
+        <li><a href="/talk/{session.sessionId}{#if secret != null}/{secret}{/if}/edit">Edit</a></li>
         {/if}
     </ul>
 
     {#if tags.contains("accepted") && !tags.contains("confirmed")}
     <div class="submit">
         <form>
-            <p>This proposal accepted but not yet confirmed.</p>
+            <p>This proposal is accepted but not yet confirmed.</p>
 
             <a href="https://cakeredux.javazone.no/confirm.html?id={session.sessionId}" class="button">Confirm</a>
         </form>