src/java/org/mxchange/jfinancials/beans/user/password/FinancialsUserPasswordWebRequestBean.java

   1 /*
   2  * Copyright (C) 2016 - 2020 Free Software Foundation
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Affero General Public License as
   6  * published by the Free Software Foundation, either version 3 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Affero General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Affero General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17 package org.mxchange.jfinancials.beans.user.password;
  18
  19 import java.util.Objects;
  20 import javax.ejb.EJB;
  21 import javax.enterprise.context.RequestScoped;
  22 import javax.enterprise.event.Event;
  23 import javax.enterprise.inject.Any;
  24 import javax.faces.FacesException;
  25 import javax.faces.application.FacesMessage;
  26 import javax.inject.Inject;
  27 import javax.inject.Named;
  28 import org.mxchange.jcoreee.utils.FacesUtils;
  29 import org.mxchange.jfinancials.beans.BaseFinancialsBean;
  30 import org.mxchange.jfinancials.beans.features.FinancialsFeaturesWebApplicationController;
  31 import org.mxchange.jfinancials.beans.user.login.FinancialsUserLoginWebSessionController;
  32 import org.mxchange.jusercore.exceptions.UserNotFoundException;
  33 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
  34 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
  35 import org.mxchange.jusercore.model.user.User;
  36 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
  37 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
  38 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
  39 import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent;
  40 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
  41 import org.mxchange.juserlogincore.login.UserLoginUtils;
  42
  43 /**
  44  * A user password (change) bean (controller)
  45  * <p>
  46  * @author Roland Häder<roland@mxchange.org>
  47  */
  48 @Named ("userPasswordController")
  49 @RequestScoped
  50 public class FinancialsUserPasswordWebRequestBean extends BaseFinancialsBean implements FinancialsUserPasswordWebRequestController {
  51
  52         /**
  53          * Serial number
  54          */
  55         private static final long serialVersionUID = 15_267_867_367_501L;
  56
  57         /**
  58          * Features controller
  59          */
  60         @Inject
  61         private FinancialsFeaturesWebApplicationController featureController;
  62
  63         /**
  64          * Remote user bean
  65          */
  66         @EJB (lookup = "java:global/jfinancials-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote")
  67         private UserSessionBeanRemote userBean;
  68
  69         /**
  70          * Current password (for confirmation of password change)
  71          */
  72         private String userCurrentPassword;
  73
  74         /**
  75          * Login bean (controller)
  76          */
  77         @Inject
  78         private FinancialsUserLoginWebSessionController userLoginController;
  79
  80         /**
  81          * User password (clear-text from web form)
  82          */
  83         private String userPassword;
  84
  85         /**
  86          * User password repeated (clear-text from web form)
  87          */
  88         private String userPasswordRepeat;
  89
  90         /**
  91          * Event being fired when user's password has been updated
  92          */
  93         @Any
  94         @Inject
  95         private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
  96
  97         /**
  98          * Default constructor
  99          */
 100         public FinancialsUserPasswordWebRequestBean () {
 101                 // Call super constructor
 102                 super();
 103         }
 104
 105         /**
 106          * Changes logged-in user's password. It must not match with current
 107          * password and should not appear in password history list for X
 108          * (configurable) entries.
 109          * <p>
 110          * @return Redirect outcome
 111          */
 112         public String doChangePassword () {
 113                 // This method shall only be called if the user is logged-in
 114                 if (!this.userLoginController.isUserLoggedIn()) {
 115                         // Not logged-in
 116                         throw new IllegalStateException("User is not logged-in"); //NOI18N
 117                 } else if (!this.isRequiredChangePasswordSet()) {
 118                         // Not all required fields are set
 119                         throw new FacesException("Not all required fields are set."); //NOI18N
 120                 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
 121                         // Password not matching
 122                         throw new FacesException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
 123                 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
 124                         // Editing is not allowed
 125                         throw new IllegalStateException("User tried to change password."); //NOI18N
 126                 } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
 127                         // Password mismatches
 128                         this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password.", FacesMessage.SEVERITY_WARN); //NOI18N
 129
 130                         // Clear bean
 131                         this.clear();
 132
 133                         // No redirect
 134                         return ""; //NOI18N
 135                 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
 136                         // Both entered passwords don't match
 137                         this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch.", FacesMessage.SEVERITY_ERROR); //NOI18N
 138
 139                         // Clear bean
 140                         this.clear();
 141
 142                         // No redirect
 143                         return ""; //NOI18N
 144                 } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
 145                         // New password matches current
 146                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password.", FacesMessage.SEVERITY_WARN); //NOI18N
 147
 148                         // Clear bean
 149                         this.clear();
 150
 151                         // No redirect
 152                         return ""; //NOI18N
 153                 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
 154                         // Is already in list (to old passwords are ignored)
 155                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago.", FacesMessage.SEVERITY_WARN); //NOI18N
 156
 157                         // Clear bean
 158                         this.clear();
 159
 160                         // No redirect
 161                         return ""; //NOI18N
 162                 }
 163
 164                 // Get user instance
 165                 final User user = this.userLoginController.getLoggedInUser();
 166
 167                 // Encrypt password
 168                 final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword());
 169
 170                 // Set it in user
 171                 user.setUserEncryptedPassword(encryptedPassword);
 172
 173                 // Init variable
 174                 final PasswordHistory passwordHistory;
 175
 176                 try {
 177                         // Get base URL
 178                         final String baseUrl = FacesUtils.generateBaseUrl();
 179
 180                         // All is set, then update password
 181                         passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
 182                 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
 183                         // Clear bean
 184                         this.clear();
 185
 186                         // Throw again
 187                         throw new FacesException(ex);
 188                 }
 189
 190                 // Fire event
 191                 this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword()));
 192
 193                 // Clear bean
 194                 this.clear();
 195
 196                 // Return outcome
 197                 return "login_data_saved"; //NOI18N
 198         }
 199
 200         /**
 201          * Getter for current clear-text user password
 202          * <p>
 203          * @return Current clear-text user password
 204          */
 205         public String getUserCurrentPassword () {
 206                 return this.userCurrentPassword;
 207         }
 208
 209         /**
 210          * Setter for current clear-text user password
 211          * <p>
 212          * @param userCurrentPassword Current clear-text user password
 213          */
 214         public void setUserCurrentPassword (final String userCurrentPassword) {
 215                 this.userCurrentPassword = userCurrentPassword;
 216         }
 217
 218         /**
 219          * Getter for clear-text user password
 220          * <p>
 221          * @return Clear-text user password
 222          */
 223         public String getUserPassword () {
 224                 return this.userPassword;
 225         }
 226
 227         /**
 228          * Setter for clear-text user password
 229          * <p>
 230          * @param userPassword Clear-text user password
 231          */
 232         public void setUserPassword (final String userPassword) {
 233                 this.userPassword = userPassword;
 234         }
 235
 236         /**
 237          * Getter for clear-text user password repeated
 238          * <p>
 239          * @return Clear-text user password repeated
 240          */
 241         public String getUserPasswordRepeat () {
 242                 return this.userPasswordRepeat;
 243         }
 244
 245         /**
 246          * Setter for clear-text user password repeated
 247          * <p>
 248          * @param userPasswordRepeat Clear-text user password repeated
 249          */
 250         public void setUserPasswordRepeat (final String userPasswordRepeat) {
 251                 this.userPasswordRepeat = userPasswordRepeat;
 252         }
 253
 254         @Override
 255         public boolean isRequiredChangePasswordSet () {
 256                 // Is all data set?
 257                 return ((this.getUserCurrentPassword() != null) &&
 258                                 (!this.getUserCurrentPassword().isEmpty()) &&
 259                                 (this.getUserPassword() != null) &&
 260                                 (!this.getUserPassword().isEmpty()) &&
 261                                 (this.getUserPasswordRepeat() != null) &&
 262                                 (!this.getUserPasswordRepeat().isEmpty()));
 263         }
 264
 265         /**
 266          * Clears this bean
 267          */
 268         private void clear () {
 269                 // Clear all data
 270                 this.setUserPassword(null);
 271                 this.setUserPasswordRepeat(null);
 272         }
 273
 274 }