IVIS-57 : - Add information to docs (according to questions from Gust…

…av Boström ).

docs/basic_concepts/front_end_side.rst

@@ -0,0 +1,26 @@
+Front-end side
+==============
+
+Endpoint pages
+--------------
+
+Front-end side based on **HTML+CSS+JS**.
+
+JS in iVIS powered by **jQuery** library.
+
+To expand jQuery functionality was used several plugins:
+
+    #. jQuery Validation Plugin;
+    #. jQuery Tristate Plugin.
+
+Server side pages
+-----------------
+
+Source code of endpoint pages placed in **JSPs**.
+
+JSPs designed with **JSTL** and **Spring** tag libraries.
+
+**Apache tiles** composed several JSP views with templates to one endpoint page.
+
+
+

docs/basic_concepts/index.rst

@@ -14,13 +14,16 @@ iVIS Server itself is split into 4 main layers:
 
 .. image:: /images/bundlesSchema.png
 
+Front-end side also reviewed.
+
 .. toctree::
    :titlesonly:
 
    database_layer
    data_access
    security_layer
    api_layer
+   front_end_side
 
 
 

docs/basic_concepts/password_management.rst

@@ -0,0 +1,35 @@
+Password management
+===================
+
+    * `Password handling`_
+         * `Saving Password`_
+         * `Password in authorization context`_
+    * `Password policy`_
+
+Password handling
+-----------------
+
+Passwords handling divide into saving password and process password in authorization context.
+
+Saving Password
+~~~~~~~~~~~~~~~
+
+Password is handled by **Spring MVC Controller**.
+After form submitting from password generate bcrypt hash and hash persisted to database.
+
+Password in authorization context
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In authorization process passwords are handled by **Spring Security** standard filters request.
+Handling means get password from login page, compare password with hash from database.
+
+Password policy
+---------------
+
+Passwords must have **8 characters**.
+
+Check for password strength is absent.
+
+
+
+

docs/basic_concepts/security_layer.rst

@@ -51,6 +51,12 @@ Validation errors
 
 Handling and providing corresponding messages about missing required fields, too long text values etc.
 
+.. note::
+    Validation works on both sides (client and server).
+    On client powered by **jQuery Validation Plugin**.
+    On server powered by **Spring Validator** interface.
+    Validation use cases in details described `here </en/latest/use_cases/validation.html>`_.
+
 Database level errors
 ~~~~~~~~~~~~~~~~~~~~~
 
@@ -71,6 +77,14 @@ Other errors
 
 All other errors.
 
+Handling user password
+----------------------
+
+.. toctree::
+    :titlesonly:
+
+    password_management
+
 More about OAuth 2.0 implementation
 -----------------------------------
 

docs/use_cases/index.rst

@@ -6,5 +6,6 @@ Use cases
 
     school_transport
     incidents
+    validation
 
 

docs/use_cases/validation.rst

@@ -0,0 +1,132 @@
+Validation
+==========
+
+    * `Client side`_
+    * `Server side`_
+
+Client side
+-----------
+
+To make client side validation need define rules for special form (see `jQuery Validation Plugin <https://jqueryvalidation.org/>`_).
+
+Example of how to do it you can find at `restore_password_validation.js <https://github.com/imCodePartnerAB/iVIS/blob/25e0d0bd3b43fea115e8fc2cdfdaf411064c0c3d/ivis-server/src/main/webapp/WEB-INF/web-resources/js/restore_password_validation.js>`_
+
+.. code-block:: js
+    :linenos:
+    :lineno-start: 30
+
+    $('#restorePasswordFormEmail').validate({
+
+        rules: {
+
+            email: {
+                required: true,
+                email: true,
+                checkNotUnique: "/restore_password/emailunique"
+            }
+
+        },
+
+        messages: {
+
+            email: {
+                required: "Email is required",
+                email: "Email not valid",
+                checkNotUnique: "User with this email does not exist"
+            }
+
+        }
+
+    });
+
+Server side
+-----------
+
+Server side validation based on class `GeneralValidator <https://github.com/imCodePartnerAB/iVIS/blob/ae67abdd723e52c67c04a2410964f30c9b52868e/ivis-server/src/main/java/com/imcode/validators/GeneralValidator.java>`_.
+It uses interface Validator.
+
+For API object validation need override method getFieldsConstraints() for example in `IncidentRestControllerImpl <https://github.com/imCodePartnerAB/iVIS/blob/d7773778cb1401fb48fa45626bb514a70199d99b/ivis-server/src/main/java/com/imcode/controllers/restful/IncidentRestControllerImpl.java>`_
+
+.. code-block:: java
+    :linenos:
+    :lineno-start: 77
+
+    @Override
+    protected Map<String, Map<GeneralValidator.Constraint, String>> getFieldsConstraints() {
+        Map<String, Map<GeneralValidator.Constraint, String>> fieldsConstraints = super.getFieldsConstraints();
+
+        GeneralValidator.buildField(fieldsConstraints, "title",
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.MIN, "4")
+        );
+
+        GeneralValidator.buildField(fieldsConstraints, "description",
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.MIN, "4")
+        );
+
+        GeneralValidator.buildField(fieldsConstraints, "categories",
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null)
+        );
+
+        GeneralValidator.buildField(fieldsConstraints, "pupils",
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null)
+        );
+
+        GeneralValidator.buildField(fieldsConstraints, "priority",
+                new AbstractMap.SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null)
+        );
+
+        return fieldsConstraints;
+    }
+
+Example how create validation from `AdminController <https://github.com/imCodePartnerAB/iVIS/blob/ae67abdd723e52c67c04a2410964f30c9b52868e/ivis-server/src/main/java/com/imcode/controllers/html/AdminController.java>`_ for form parameters.
+
+.. code-block:: java
+    :linenos:
+    :lineno-start: 236
+
+    Map<String, Map<GeneralValidator.Constraint, String>> constraints = new HashMap<>();
+
+    GeneralValidator.buildField(constraints, "password",
+            new SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+            new SimpleEntry<>(GeneralValidator.Constraint.MIN, "4"),
+            new SimpleEntry<>(GeneralValidator.Constraint.MATCH_WITH, "confirmPassword")
+    );
+
+    GeneralValidator.buildField(constraints, "person.firstName",
+            new SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+            new SimpleEntry<>(GeneralValidator.Constraint.MIN, "4")
+    );
+
+    GeneralValidator.buildField(constraints, "person.lastName",
+            new SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+            new SimpleEntry<>(GeneralValidator.Constraint.MIN, "4")
+    );
+
+    GeneralValidator.buildField(constraints, "person.emails",
+            new SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+            new SimpleEntry<>(GeneralValidator.Constraint.REGEX, GeneralValidator.EMAIL_PATTERN)
+    );
+
+    GeneralValidator.buildField(constraints, "person.phones",
+            new SimpleEntry<>(GeneralValidator.Constraint.NOT_NULL_OR_EMPTY, null),
+            new SimpleEntry<>(GeneralValidator.Constraint.MIN, "8")
+    );
+
+
+    if (userService.findByUsername(user.getUsername()) != null) {
+        bindingResult.reject(null, "username not unique");
+    }
+
+    if (userService.findByEmail(email) != null) {
+        bindingResult.reject(null, "email not unique");
+    }
+
+    new GeneralValidator(constraints).invoke(user, bindingResult);
+
+
+
+
+
+