2 * Copyright (C) 2016 - 2020 Free Software Foundation
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.jfinancials.beans.user.login;
19 import java.text.MessageFormat;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Objects;
24 import javax.enterprise.context.SessionScoped;
25 import javax.enterprise.event.Event;
26 import javax.enterprise.event.Observes;
27 import javax.enterprise.inject.Any;
28 import javax.faces.application.FacesMessage;
29 import javax.faces.context.FacesContext;
30 import javax.inject.Inject;
31 import javax.inject.Named;
32 import org.mxchange.jfinancials.beans.BaseFinancialsBean;
33 import org.mxchange.jfinancials.beans.user.FinancialsUserWebRequestController;
34 import org.mxchange.jfinancials.beans.user.list.FinancialsUserListWebViewController;
35 import org.mxchange.jusercore.events.user.add.ObservableAdminAddedUserEvent;
36 import org.mxchange.jusercore.events.user.created.ObservableCreatedUserEvent;
37 import org.mxchange.jusercore.events.user.linked.ObservableAdminLinkedUserEvent;
38 import org.mxchange.jusercore.model.user.User;
39 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
40 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
41 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
42 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
43 import org.mxchange.juserlogincore.container.login.LoginContainer;
44 import org.mxchange.juserlogincore.container.login.UserLoginContainer;
45 import org.mxchange.juserlogincore.events.login.ObservableUserLoggedInEvent;
46 import org.mxchange.juserlogincore.events.login.UserLoggedInEvent;
47 import org.mxchange.juserlogincore.events.logout.ObservableUserLogoutEvent;
48 import org.mxchange.juserlogincore.events.logout.UserLogoutEvent;
49 import org.mxchange.juserlogincore.events.registration.ObservableUserRegisteredEvent;
50 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
51 import org.mxchange.juserlogincore.login.UserLoginUtils;
54 * A web bean for user registration
56 * @author Roland Häder<roland@mxchange.org>
58 @Named ("userLoginController")
60 public class FinancialsUserLoginWebSessionBean extends BaseFinancialsBean implements FinancialsUserLoginWebSessionController {
63 * Path name for guest base template
65 private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest"; //NOI18N
68 * Path name for logged-in user base template
70 private static final String USER_BASE_TEMPLATE_NAME = "login/user/user"; //NOI18N
75 private static final long serialVersionUID = 47_828_986_719_691_592L;
78 * Template type for pages that might be displayed in guest area and login
81 private String baseTemplatePathName;
84 * Logged-in user instance
86 private User loggedInUser;
92 private FinancialsUserWebRequestController userController;
97 private String userCurrentPassword;
105 * Administrative user-list controller
108 private FinancialsUserListWebViewController userListController;
111 * Flag whether the user has logged-in, set only from inside
113 private boolean userLoggedIn;
116 * Event fired when user has logged in
120 private Event<ObservableUserLoggedInEvent> userLoginEvent;
123 * Event fired when user has logged out
127 private Event<ObservableUserLogoutEvent> userLogoutEvent;
132 private String userName;
135 * User password (clear-text from web form)
137 private String userPassword;
140 * User's password history
142 private List<PasswordHistory> userPasswordHistory;
145 * EJB for user's password history
147 @EJB (lookup = "java:global/jfinancials-ejb/userPasswordHistory!org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote")
148 private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
151 * Whether the user wants a public profile
153 private ProfileMode userProfileMode;
156 * Default constructor
158 public FinancialsUserLoginWebSessionBean () {
159 // Call super constructor
162 // Defaul template is guest
163 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
167 * Event observer for newly added users by administrator
169 * @param event Event being fired
171 public void afterAdminAddedUserEvent (@Observes final ObservableAdminAddedUserEvent event) {
172 // Event and contained entity instance should not be null
175 throw new NullPointerException("event is null"); //NOI18N
176 } else if (event.getAddedUser() == null) {
178 throw new NullPointerException("event.addedUser is null"); //NOI18N
179 } else if (event.getAddedUser().getUserId() == null) {
181 throw new NullPointerException("event.addedUser.userId is null"); //NOI18N
182 } else if (event.getAddedUser().getUserId() < 1) {
184 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getAddedUser(), event.getAddedUser().getUserId())); //NOI18N
188 this.setUserId(event.getAddedUser().getUserId());
192 * Event observer for linked users with existing contact data
194 * @param event Event being fired
196 public void afterAdminLinkedUserEvent (@Observes final ObservableAdminLinkedUserEvent event) {
197 // Event and contained entity instance should not be null
200 throw new NullPointerException("event is null"); //NOI18N
201 } else if (event.getLinkedUser() == null) {
203 throw new NullPointerException("event.linkedUser is null"); //NOI18N
204 } else if (event.getLinkedUser().getUserId() == null) {
206 throw new NullPointerException("event.linkedUser.userId is null"); //NOI18N
207 } else if (event.getLinkedUser().getUserId() < 1) {
209 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getLinkedUser(), event.getLinkedUser().getUserId())); //NOI18N
213 this.setUserId(event.getLinkedUser().getUserId());
217 * Event observer for when a bean helper has successfully created a user
218 * instance, means the user exists. If the user does not exist, this event
219 * should not fire but instead a proper exception must be thrown.
221 * @param event User created event
223 public void afterCreatedUserEvent (@Observes final ObservableCreatedUserEvent event) {
224 // Is the instance valid?
227 throw new NullPointerException("event is null"); //NOI18N
228 } else if (event.getCreatedUser() == null) {
230 throw new NullPointerException("event.createdUser is null"); //NOI18N
231 } else if (event.getCreatedUser().getUserId() == null) {
233 throw new NullPointerException("event.createdUser.userId is null"); //NOI18N
234 } else if (event.getCreatedUser().getUserId() < 1) {
236 throw new NullPointerException(MessageFormat.format("event.createdUser.userId={0} is not valid", event.getCreatedUser().getUserId())); //NOI18N
240 final User user = event.getCreatedUser();
242 // Set all fields here
247 * Event observer for logged-in user
249 * @param event Event instance
251 public void afterUserLoginEvent (@Observes final ObservableUserLoggedInEvent event) {
252 // Event and contained entity instance should not be null
255 throw new NullPointerException("event is null"); //NOI18N
256 } else if (event.getLoggedInUser() == null) {
258 throw new NullPointerException("event.registeredUser is null"); //NOI18N
259 } else if (event.getLoggedInUser().getUserId() == null) {
261 throw new NullPointerException("event.registeredUser.userId is null"); //NOI18N
262 } else if (event.getLoggedInUser().getUserId() < 1) {
264 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getLoggedInUser(), event.getLoggedInUser().getUserId())); //NOI18N
267 // "Cache" user instance
268 final User user = event.getLoggedInUser();
270 // Copy all data to this bean
275 * Event observer for user password changes
277 * @param event Event being fired
279 public void afterUserPasswordChangedEvent (@Observes final ObservableUpdatedUserPasswordEvent event) {
283 throw new NullPointerException("event is null"); //NOI18N
284 } else if (event.getUserPassword() == null) {
286 throw new NullPointerException("event.userPassword is null"); //NOI18N
287 } else if (event.getUserPassword().isEmpty()) {
289 throw new IllegalArgumentException("event.userPassword is empty"); //NOI18N
293 this.setUserPassword(event.getUserPassword());
294 this.updatePasswordHistory(event.getPasswordHistory());
298 * Event observer for new user registrations
300 * @param event User registration event
302 public void afterUserRegistrationEvent (@Observes final ObservableUserRegisteredEvent event) {
303 // Event and contained entity instance should not be null
306 throw new NullPointerException("event is null"); //NOI18N
307 } else if (event.getRegisteredUser() == null) {
309 throw new NullPointerException("event.registeredUser is null"); //NOI18N
310 } else if (event.getRegisteredUser().getUserId() == null) {
312 throw new NullPointerException("event.registeredUser.userId is null"); //NOI18N
313 } else if (event.getRegisteredUser().getUserId() < 1) {
315 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getRegisteredUser(), event.getRegisteredUser().getUserId())); //NOI18N
319 final User registeredUser = event.getRegisteredUser();
321 // Copy all data from registered->user
322 this.copyUser(registeredUser);
325 this.setUserId(registeredUser.getUserId());
329 * Logout for administrator area. If a logged-in user instance exists, it is
330 * being logged-out, too.
332 * @return Outcome (should be redirected)
334 public String doAdminLogout () {
335 // Is a user logged-in?
336 if (this.isUserLoggedIn()) {
338 return this.doUserLogout();
341 // Invalidate session
342 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
344 // Set template type to guest
345 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
348 return "index?faces-redirect=true"; //NOI18N
352 * Logins the user, if the account is found, confirmed and unlocked.
354 * @return Redirect target
356 public String doUserLogin () {
357 // Found user instance
358 User updatedUser = null;
360 // Iterate over all users
361 for (final User currentUser : this.userListController.getAllUsers()) {
362 // Is the user name matching?
363 if (currentUser.getUserName().equals(this.getUserName())) {
364 // Yes, same user, then set it and stop iteration
365 updatedUser = currentUser;
370 if (null == updatedUser) {
372 this.showFacesMessage("form_user_login:userName", "ERROR_USER_NOT_FOUND", FacesMessage.SEVERITY_ERROR); //NOI18N
374 } else if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.LOCKED)) {
375 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_LOCKED", FacesMessage.SEVERITY_WARN); //NOI18N
377 } else if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.UNCONFIRMED)) {
378 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_UNCONFIRMED", FacesMessage.SEVERITY_INFO); //NOI18N
380 } else if (!UserLoginUtils.ifPasswordMatches(this.getUserPassword(), updatedUser)) {
382 this.showFacesMessage("form_user_login:userPassword", "ERROR_USER_PASSWORD_MISMATCH", FacesMessage.SEVERITY_WARN); //NOI18N
386 // All fine here so set it here
387 this.setLoggedInUser(updatedUser);
389 // Retrieve user's password list
390 this.userPasswordHistory = this.userPasswordHistoryBean.fetchPasswordHistoryByUser(updatedUser);
392 // Set template to "login"
393 this.setBaseTemplatePathName(USER_BASE_TEMPLATE_NAME);
395 // Fire event away. Keep this last before return statement.
396 this.userLoginEvent.fire(new UserLoggedInEvent(updatedUser));
402 return "login_user"; //NOI18N
406 * Logout for current user by invalidating the current session.
408 * @return Outcome (should be redirected)
410 public String doUserLogout () {
411 // Is loggedInUser set?
412 if (this.getLoggedInUser() == null) {
414 throw new NullPointerException("this.loggedInUser is null"); //NOI18N
415 } else if (this.getLoggedInUser().getUserId() == null) {
417 throw new NullPointerException("this.loggedInUser.userId is null"); //NOI18N
418 } else if (this.getLoggedInUser().getUserId() < 1) {
420 throw new IllegalStateException(MessageFormat.format("this.loggedInUser.userId={0} is not valid.", this.getLoggedInUser().getUserId())); //NOI18N
424 this.userLogoutEvent.fire(new UserLogoutEvent(this.getLoggedInUser()));
426 // Invalidate session
427 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
429 // Unset any user instances
430 this.setLoggedInUser(null);
431 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
434 return "index"; //NOI18N
438 public String getBaseTemplatePathName () {
439 return this.baseTemplatePathName;
443 public void setBaseTemplatePathName (final String baseTemplatePathName) {
444 this.baseTemplatePathName = baseTemplatePathName;
448 public User getLoggedInUser () {
449 return this.loggedInUser;
453 public void setLoggedInUser (final User loggedInUser) {
454 this.loggedInUser = loggedInUser;
458 * Getter for current password (clear text)
460 * @return Current password
462 public String getUserCurrentPassword () {
463 return this.userCurrentPassword;
467 * Setter for current password (clear text)
469 * @param userCurrentPassword Current password
471 public void setUserCurrentPassword (final String userCurrentPassword) {
472 this.userCurrentPassword = userCurrentPassword;
480 public Long getUserId () {
487 * @param userId User id
489 public void setUserId (final Long userId) {
490 this.userId = userId;
494 * Getter for user name
498 public String getUserName () {
499 return this.userName;
503 * Setter for user name
505 * @param userName User name
507 public void setUserName (final String userName) {
508 this.userName = userName;
512 * Getter for clear-text user password
514 * @return Clear-text user password
516 public String getUserPassword () {
517 return this.userPassword;
521 * Setter for clear-text user password
523 * @param userPassword Clear-text user password
525 public void setUserPassword (final String userPassword) {
526 this.userPassword = userPassword;
530 public List<PasswordHistory> getUserPasswordHistory () {
531 return Collections.unmodifiableList(this.userPasswordHistory);
535 * Getter for user profile mode
537 * @return User profile mode
539 public ProfileMode getUserProfileMode () {
540 return this.userProfileMode;
544 * Setter for user profile mode
546 * @param userProfileMode User profile mode
548 public void setUserProfileMode (final ProfileMode userProfileMode) {
549 this.userProfileMode = userProfileMode;
553 public boolean ifCurrentPasswordMatches () {
554 // The current password must be set and not empty
555 if (this.getUserCurrentPassword() == null) {
557 throw new NullPointerException("this.userCurrentPassword is null"); //NOI18N
558 } else if (this.getUserCurrentPassword().isEmpty()) {
560 throw new IllegalStateException("this.userCurrentPassword is empty."); //NOI18N
563 // Create "container"
564 final LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getUserCurrentPassword());
566 // Now check if it matches
567 return UserLoginUtils.ifPasswordMatches(container, this.getLoggedInUser());
571 public boolean ifUserMustChangePassword () {
572 return ((this.isUserLoggedIn()) && (Objects.equals(this.getLoggedInUser().getUserMustChangePassword(), Boolean.TRUE)));
576 public boolean isInvisible () {
578 if (!this.isUserLoggedIn()) {
580 throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
583 // Check logged-in first, then invisibility
584 return Objects.equals(this.getLoggedInUser().getUserProfileMode(), ProfileMode.INVISIBLE);
588 public boolean isPasswordInHistory (final String userPassword) {
589 // Default is not found
590 boolean isPasswordInHistory = false;
594 final int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
596 // Check all passwords
597 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
598 // Is password the same?
599 if (UserLoginUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
601 isPasswordInHistory = true;
603 } else if (count == maxEntries) {
613 return isPasswordInHistory;
617 * Checks if the user id is empty
619 * @return Whether the user id is empty
621 public boolean isUserIdEmpty () {
622 return ((this.getUserId() == null) || (this.getUserId() == 0));
626 public boolean isUserLoggedIn () {
628 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
631 return this.userLoggedIn;
637 private void clear () {
639 this.setLoggedInUser(null);
640 this.setUserName(null);
641 this.setUserPassword(null);
642 this.setUserCurrentPassword(null);
643 this.setUserProfileMode(null);
647 * Copies given user into the controller
649 * @param user User instance
651 private void copyUser (final User user) {
654 this.setUserId(user.getUserId());
655 this.setUserName(user.getUserName());
656 this.setUserProfileMode(user.getUserProfileMode());
660 * Updates password history by adding given entry to it as long as it is not
663 * @param passwordHistory Password history entry
665 private void updatePasswordHistory (final PasswordHistory passwordHistory) {
666 if (null == passwordHistory) {
668 throw new NullPointerException("passwordHistory is null"); //NOI18N
669 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
671 throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
672 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
674 throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
678 if (this.userPasswordHistory.contains(passwordHistory)) {
684 for (final PasswordHistory entry : this.userPasswordHistory) {
685 // Is same id number?
686 if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
692 // Not found, so add it
693 this.userPasswordHistory.add(passwordHistory);