src/java/org/mxchange/addressbook/beans/login/AddressbookUserLoginWebSessionBean.java

   1 /*
   2  * Copyright (C) 2016 Roland Häder
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Affero General Public License as
   6  * published by the Free Software Foundation, either version 3 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Affero General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Affero General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17 package org.mxchange.addressbook.beans.login;
  18
  19 import java.text.MessageFormat;
  20 import java.util.Collections;
  21 import java.util.List;
  22 import java.util.Objects;
  23 import javax.enterprise.context.SessionScoped;
  24 import javax.enterprise.event.Event;
  25 import javax.enterprise.event.Observes;
  26 import javax.enterprise.inject.Any;
  27 import javax.faces.context.FacesContext;
  28 import javax.faces.view.facelets.FaceletException;
  29 import javax.inject.Inject;
  30 import javax.inject.Named;
  31 import javax.naming.Context;
  32 import javax.naming.InitialContext;
  33 import javax.naming.NamingException;
  34 import org.mxchange.addressbook.beans.BaseAddressbookController;
  35 import org.mxchange.addressbook.beans.user.AddressbookUserWebSessionController;
  36 import org.mxchange.jusercore.container.login.LoginContainer;
  37 import org.mxchange.jusercore.container.login.UserLoginContainer;
  38 import org.mxchange.jusercore.events.login.UserLoggedInEvent;
  39 import org.mxchange.jusercore.events.login.UserLoginEvent;
  40 import org.mxchange.jusercore.events.logout.ObserveableUserLogoutEvent;
  41 import org.mxchange.jusercore.events.logout.UserLogoutEvent;
  42 import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent;
  43 import org.mxchange.jusercore.exceptions.UserNotFoundException;
  44 import org.mxchange.jusercore.exceptions.UserPasswordMismatchException;
  45 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
  46 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
  47 import org.mxchange.jusercore.model.login.UserLoginSessionBeanRemote;
  48 import org.mxchange.jusercore.model.user.User;
  49 import org.mxchange.jusercore.model.user.UserUtils;
  50 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
  51 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
  52 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
  53 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
  54
  55 /**
  56  * A web bean for user registration
  57  * <p>
  58  * @author Roland Häder<roland@mxchange.org>
  59  */
  60 @Named ("loginController")
  61 @SessionScoped
  62 public class AddressbookUserLoginWebSessionBean extends BaseAddressbookController implements AddressbookUserLoginWebSessionController {
  63
  64         /**
  65          * Path name for guest base template
  66          */
  67         private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest"; //NOI18N
  68
  69         /**
  70          * Path name for logged-in user base template
  71          */
  72         private static final String USER_BASE_TEMPLATE_NAME = "login/user/user"; //NOI18N
  73
  74         /**
  75          * Serial number
  76          */
  77         private static final long serialVersionUID = 47_828_986_719_691_592L;
  78
  79         /**
  80          * Template type for pages that might be displayed in guest area and login
  81          * area.
  82          */
  83         private String baseTemplatePathName;
  84
  85         /**
  86          * Current password
  87          */
  88         private String currentPassword;
  89
  90         /**
  91          * Logged-in user instance
  92          */
  93         private User loggedInUser;
  94
  95         /**
  96          * User controller
  97          */
  98         @Inject
  99         private AddressbookUserWebSessionController userController;
 100
 101         /**
 102          * Flag whether the user has logged-in, set only from inside
 103          */
 104         private boolean userLoggedIn;
 105
 106         /**
 107          * EJB for user-login
 108          */
 109         private UserLoginSessionBeanRemote userLoginBean;
 110
 111         /**
 112          * Event fired when user has logged in
 113          */
 114         @Inject
 115         @Any
 116         private Event<UserLoggedInEvent> userLoginEvent;
 117
 118         /**
 119          * Event fired when user has logged out
 120          */
 121         @Inject
 122         @Any
 123         private Event<ObserveableUserLogoutEvent> userLogoutEvent;
 124
 125         /**
 126          * User's password history
 127          */
 128         private List<PasswordHistory> userPasswordHistory;
 129
 130         /**
 131          * EJB for user's password history
 132          */
 133         private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
 134
 135         /**
 136          * Default constructor
 137          */
 138         public AddressbookUserLoginWebSessionBean () {
 139                 try {
 140                         // Get initial context
 141                         Context context = new InitialContext();
 142
 143                         // Try to lookup
 144                         this.userLoginBean = (UserLoginSessionBeanRemote) context.lookup("java:global/addressbook-ejb/login!org.mxchange.jusercore.model.login.UserLoginSessionBeanRemote"); //NOI18N
 145
 146                         // Also find this
 147                         this.userPasswordHistoryBean = (UserPasswordHistorySessionBeanRemote) context.lookup("java:global/addressbook-ejb/userPasswordHistory!org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote"); //NOI18N
 148
 149                         // Defaul template is guest
 150                         this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
 151                 } catch (final NamingException ex) {
 152                         // Continue to throw
 153                         throw new FaceletException(ex);
 154                 }
 155         }
 156
 157         @Override
 158         public void afterUserUpdatedPasswordEvent (@Observes final UpdatedUserPasswordEvent event) {
 159                 // Check parameter
 160                 if (null == event) {
 161                         // Throw NPE
 162                         throw new NullPointerException("event is null"); //NOI18N
 163                 } else if (event.getPasswordHistory() == null) {
 164                         // Throw NPE again
 165                         throw new NullPointerException("event.passwordHistory is null"); //NOI18N
 166                 } else if (event.getPasswordHistory().getUserPasswordHistoryId() == null) {
 167                         // ... and again
 168                         throw new NullPointerException("event.passwordHistory.userPasswordHistoryId is null"); //NOI18N
 169                 } else if (event.getPasswordHistory().getUserPasswordHistoryId() < 1) {
 170                         // Invalid value
 171                         throw new IllegalArgumentException(MessageFormat.format("event.passwordHistory.userPasswordHistoryId={0} is in valid", event.getPasswordHistory().getUserPasswordHistoryId())); //NOI18N
 172                 }
 173
 174                 // All fine, so update list
 175                 this.updatePasswordHistory(event.getPasswordHistory());
 176         }
 177
 178         @Override
 179         public String doAdminLogout () {
 180                 // Is a user logged-in?
 181                 if (this.isUserLoggedIn()) {
 182                         // Call other logout
 183                         return this.doUserLogout();
 184                 }
 185
 186                 // Invalidate session
 187                 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
 188
 189                 // Set template type to guest
 190                 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
 191
 192                 // Redirect to index
 193                 return "index?faces-redirect=true"; //NOI18N
 194         }
 195
 196         @Override
 197         public String doUserLogin () {
 198                 // Get user instance
 199                 User user = this.userController.createUserLogin();
 200
 201                 // Create login container
 202                 LoginContainer container = new UserLoginContainer(user, this.userController.getUserPassword());
 203
 204                 try {
 205                         // Call bean
 206                         User confirmedUser = this.userLoginBean.validateUserAccountStatus(container);
 207
 208                         // All fine here so set it here
 209                         this.setLoggedInUser(confirmedUser);
 210
 211                         // Retrieve user's password list
 212                         this.userPasswordHistory = this.userPasswordHistoryBean.getUserPasswordHistory(confirmedUser);
 213
 214                         // Set template to "login"
 215                         this.setBaseTemplatePathName(USER_BASE_TEMPLATE_NAME); //NOI18N
 216
 217                         // Fire event away. Keep this last before return statement.
 218                         this.userLoginEvent.fire(new UserLoginEvent(confirmedUser));
 219
 220                         // Clear this bean
 221                         this.clear();
 222
 223                         // All fine
 224                         return "login"; //NOI18N
 225                 } catch (final UserNotFoundException | UserStatusLockedException | UserStatusUnconfirmedException ex) {
 226                         // Show JSF message
 227                         this.showFacesMessage("form_user_login:userName", ex); //NOI18N
 228                         return ""; //NOI18N
 229                 } catch (final UserPasswordMismatchException ex) {
 230                         // Show JSF message
 231                         this.showFacesMessage("form_user_login:userPassword", ex); //NOI18N
 232                         return ""; //NOI18N
 233                 }
 234         }
 235
 236         @Override
 237         public String doUserLogout () {
 238                 // Is loggedInUser set?
 239                 if (this.getLoggedInUser() == null) {
 240                         // Throw NPE
 241                         throw new NullPointerException("this.loggedInUser is null"); //NOI18N
 242                 } else if (this.getLoggedInUser().getUserId() == null) {
 243                         // Throw again
 244                         throw new NullPointerException("this.loggedInUser.userId is null"); //NOI18N
 245                 } else if (this.getLoggedInUser().getUserId() < 1) {
 246                         // Invalid user id
 247                         throw new IllegalStateException(MessageFormat.format("this.loggedInUser.userId={0} is not valid.", this.getLoggedInUser().getUserId())); //NOI18N
 248                 }
 249
 250                 // Fire event
 251                 this.userLogoutEvent.fire(new UserLogoutEvent(this.getLoggedInUser()));
 252
 253                 // Invalidate session
 254                 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
 255
 256                 // Unset any user instances
 257                 this.setLoggedInUser(null);
 258                 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
 259
 260                 // Redirect to index
 261                 return "index"; //NOI18N
 262         }
 263
 264         @Override
 265         public String getBaseTemplatePathName () {
 266                 return this.baseTemplatePathName;
 267         }
 268
 269         @Override
 270         public void setBaseTemplatePathName (final String baseTemplatePathName) {
 271                 this.baseTemplatePathName = baseTemplatePathName;
 272         }
 273
 274         @Override
 275         public String getCurrentPassword () {
 276                 return this.currentPassword;
 277         }
 278
 279         @Override
 280         public void setCurrentPassword (final String currentPassword) {
 281                 this.currentPassword = currentPassword;
 282         }
 283
 284         @Override
 285         public User getLoggedInUser () {
 286                 return this.loggedInUser;
 287         }
 288
 289         @Override
 290         public void setLoggedInUser (final User loggedInUser) {
 291                 this.loggedInUser = loggedInUser;
 292         }
 293
 294         @Override
 295         public List<PasswordHistory> getUserPasswordHistory () {
 296                 return Collections.unmodifiableList(this.userPasswordHistory);
 297         }
 298
 299         @Override
 300         public boolean ifCurrentPasswordMatches () {
 301                 // The current password must be set and not empty
 302                 if (this.getCurrentPassword() == null) {
 303                         // Is not set
 304                         throw new NullPointerException("this.currentPassword is null"); //NOI18N
 305                 } else if (this.getCurrentPassword().isEmpty()) {
 306                         // Is set empty
 307                         throw new IllegalStateException("this.currentPassword is empty."); //NOI18N
 308                 }
 309
 310                 // Create "container"
 311                 LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getCurrentPassword());
 312
 313                 // Now check if it matches
 314                 return UserUtils.ifPasswordMatches(container, this.getLoggedInUser());
 315         }
 316
 317         @Override
 318         public boolean ifUserMustChangePassword () {
 319                 return (this.isUserLoggedIn() && this.getLoggedInUser().getUserMustChangePassword());
 320         }
 321
 322         @Override
 323         public boolean isInvisible () {
 324                 // Check on login
 325                 if (!this.isUserLoggedIn()) {
 326                         // Not logged in!
 327                         throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
 328                 }
 329
 330                 // Check logged-in first, then invisibility
 331                 return this.getLoggedInUser().getUserProfileMode().equals(ProfileMode.INVISIBLE);
 332         }
 333
 334         @Override
 335         public boolean isPasswordInHistory (final String userPassword) {
 336                 // Default is not found
 337                 boolean isPasswordInHistory = false;
 338
 339                 // Init variables
 340                 int count = 1;
 341                 int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
 342
 343                 // Check all passwords
 344                 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
 345                         // Is password the same?
 346                         if (UserUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
 347                                 // Yes, found it
 348                                 isPasswordInHistory = true;
 349                                 break;
 350                         } else if (count == maxEntries) {
 351                                 // Maximum reached
 352                                 break;
 353                         }
 354
 355                         // Count up
 356                         count++;
 357                 }
 358
 359                 // Return status
 360                 return isPasswordInHistory;
 361         }
 362
 363         @Override
 364         public boolean isUserLoggedIn () {
 365                 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
 366
 367                 // Return it
 368                 return this.userLoggedIn;
 369         }
 370
 371         /**
 372          * Clears this bean
 373          */
 374         private void clear () {
 375                 // Clear all fields
 376                 this.setCurrentPassword(null);
 377         }
 378
 379         /**
 380          * Updates password history by adding given entry to it as long as it is not
 381          * there.
 382          * <p>
 383          * @param passwordHistory Password history entry
 384          */
 385         private void updatePasswordHistory (final PasswordHistory passwordHistory) {
 386                 if (null == passwordHistory) {
 387                         // Throw NPE
 388                         throw new NullPointerException("passwordHistory is null"); //NOI18N
 389                 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
 390                         // Throw NPE again
 391                         throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
 392                 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
 393                         // Invalid id
 394                         throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
 395                 }
 396
 397                 // Is it there?
 398                 if (this.userPasswordHistory.contains(passwordHistory)) {
 399                         // Excact copy found
 400                         return;
 401                 }
 402
 403                 // Check all entries
 404                 for (final PasswordHistory entry : this.userPasswordHistory) {
 405                         // Is same id number?
 406                         if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
 407                                 // Found it
 408                                 return;
 409                         }
 410                 }
 411
 412                 // Not found, so add it
 413                 this.userPasswordHistory.add(passwordHistory);
 414         }
 415
 416 }