2 * Copyright (C) 2016 Roland Haeder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.jjobs.beans.login;
19 import java.text.MessageFormat;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Objects;
23 import javax.enterprise.context.SessionScoped;
24 import javax.enterprise.event.Event;
25 import javax.enterprise.event.Observes;
26 import javax.enterprise.inject.Any;
27 import javax.faces.context.FacesContext;
28 import javax.faces.view.facelets.FaceletException;
29 import javax.inject.Inject;
30 import javax.inject.Named;
31 import javax.naming.Context;
32 import javax.naming.InitialContext;
33 import javax.naming.NamingException;
34 import org.mxchange.jjobs.beans.BaseJobsController;
35 import org.mxchange.jjobs.beans.user.JobsUserWebSessionController;
36 import org.mxchange.jusercore.container.login.LoginContainer;
37 import org.mxchange.jusercore.container.login.UserLoginContainer;
38 import org.mxchange.jusercore.events.login.UserLoggedInEvent;
39 import org.mxchange.jusercore.events.login.UserLoginEvent;
40 import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent;
41 import org.mxchange.jusercore.exceptions.UserNotFoundException;
42 import org.mxchange.jusercore.exceptions.UserPasswordMismatchException;
43 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
44 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
45 import org.mxchange.jusercore.model.login.UserLoginSessionBeanRemote;
46 import org.mxchange.jusercore.model.user.User;
47 import org.mxchange.jusercore.model.user.UserUtils;
48 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
49 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
50 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
51 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
54 * A web bean for user registration
56 * @author Roland Haeder<roland@mxchange.org>
58 @Named ("loginController")
60 public class JobsUserLoginWebSessionBean extends BaseJobsController implements JobsUserLoginWebSessionController {
63 * Path name for guest base template
65 private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest"; //NOI18N
68 * Path name for logged-in user base template
70 private static final String USER_BASE_TEMPLATE_NAME = "login/user/user"; //NOI18N
75 private static final long serialVersionUID = 47_828_986_719_691_592L;
80 private String currentPassword;
83 * Logged-in user instance
85 private User loggedInUser;
91 private JobsUserWebSessionController userController;
94 * Event being fired when user logs in
98 private Event<UserLoggedInEvent> loginEvent;
103 private UserLoginSessionBeanRemote userLoginBean;
106 * Flag whether the user has logged-in, set only from inside
108 private boolean userLoggedIn;
111 * User's password history
113 private List<PasswordHistory> userPasswordHistory;
116 * EJB for user's password history
118 private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
121 * Default constructor
123 public JobsUserLoginWebSessionBean () {
125 // Get initial context
126 Context context = new InitialContext();
129 this.userLoginBean = (UserLoginSessionBeanRemote) context.lookup("java:global/jjobs-ejb/login!org.mxchange.jusercore.model.login.UserLoginSessionBeanRemote"); //NOI18N
132 this.userPasswordHistoryBean = (UserPasswordHistorySessionBeanRemote) context.lookup(""); //NOI18N
134 // Defaul template is guest
135 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
136 } catch (final NamingException ex) {
138 throw new FaceletException(ex);
143 public void afterUserUpdatedPasswordEvent (@Observes final UpdatedUserPasswordEvent event) {
147 throw new NullPointerException("event is null"); //NOI18N
148 } else if (event.getPasswordHistory() == null) {
150 throw new NullPointerException("event.passwordHistory is null"); //NOI18N
151 } else if (event.getPasswordHistory().getUserPasswordHistoryId() == null) {
153 throw new NullPointerException("event.passwordHistory.userPasswordHistoryId is null"); //NOI18N
154 } else if (event.getPasswordHistory().getUserPasswordHistoryId() < 1) {
156 throw new IllegalArgumentException(MessageFormat.format("event.passwordHistory.userPasswordHistoryId={0} is in valid", event.getPasswordHistory().getUserPasswordHistoryId())); //NOI18N
159 // All fine, so update list
160 this.updatePasswordHistory(event.getPasswordHistory());
164 public String doAdminLogout () {
165 // Is a user logged-in?
166 if (this.isUserLoggedIn()) {
168 return this.doUserLogout();
171 // Invalidate session
172 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
174 // Set template type to guest
175 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
178 return "index?faces-redirect=true"; //NOI18N
182 public String doUserLogin () {
184 User user = this.userController.createUserLogin();
186 // Create login container
187 LoginContainer container = new UserLoginContainer(user, this.userController.getUserPassword());
191 User confirmedUser = this.userLoginBean.validateUserAccountStatus(container);
193 // All fine here so set it here
194 this.setLoggedInUser(confirmedUser);
196 // Retrieve user's password list
197 this.userPasswordHistory = this.userPasswordHistoryBean.getUserPasswordHistory(confirmedUser);
199 // Set template to "login"
200 this.setTemplateType("login"); //NOI18N
202 // Fire event away. Keep this last before return statement.
203 this.loginEvent.fire(new UserLoginEvent(confirmedUser));
206 return "login"; //NOI18N
207 } catch (final UserNotFoundException | UserStatusLockedException | UserStatusUnconfirmedException ex) {
209 this.showFacesMessage("form_user_login:userName", ex); //NOI18N
211 } catch (final UserPasswordMismatchException ex) {
213 this.showFacesMessage("form_user_login:userPassword", ex); //NOI18N
219 public String getCurrentPassword () {
220 return this.currentPassword;
224 public void setCurrentPassword (final String currentPassword) {
225 this.currentPassword = currentPassword;
229 public User getLoggedInUser () {
230 return this.loggedInUser;
234 public void setLoggedInUser (final User loggedInUser) {
235 this.loggedInUser = loggedInUser;
239 public List<PasswordHistory> getUserPasswordHistory () {
240 return Collections.unmodifiableList(this.userPasswordHistory);
244 public boolean ifCurrentPasswordMatches () {
245 // The current password must be set and not empty
246 if (this.getCurrentPassword() == null) {
248 throw new NullPointerException("this.currentPassword is null"); //NOI18N
249 } else if (this.getCurrentPassword().isEmpty()) {
251 throw new IllegalStateException("this.currentPassword is empty."); //NOI18N
254 // Create "container"
255 LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getCurrentPassword());
257 // Now check if it matches
258 return UserUtils.ifPasswordMatches(container, this.getLoggedInUser());
262 public boolean ifUserMustChangePassword () {
263 return (this.isUserLoggedIn() && this.getLoggedInUser().getUserMustChangePassword());
267 public boolean isInvisible () {
269 if (!this.isUserLoggedIn()) {
271 throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
274 // Check logged-in first, then invisibility
275 return this.getLoggedInUser().getUserProfileMode().equals(ProfileMode.INVISIBLE);
279 public boolean isPasswordInHistory (final String userPassword) {
280 // Default is not found
281 boolean isPasswordInHistory = false;
285 int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
287 // Check all passwords
288 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
289 // Is password the same?
290 if (UserUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
292 isPasswordInHistory = true;
294 } else if (count == maxEntries) {
304 return isPasswordInHistory;
308 public boolean isUserLoggedIn () {
310 // NOISY-DEBUG System.out.println(MessageFormat.format("JobsUserLoginWebSessionBean:isUserLoggedIn: this.loggedInUser={0},this.templateType={1} - CALLED!", this.getLoggedInUser(), this.getTemplateType()));
313 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
316 // NOISY-DEBUG System.out.println(MessageFormat.format("JobsUserLoginWebSessionBean:isUserLoggedIn: this.userLoggedIn={0} - EXIT!", this.userLoggedIn));
319 return this.userLoggedIn;
325 private void clear () {
327 this.setCurrentPassword(null);
331 * Updates password history by adding given entry to it as long as it is not
334 * @param passwordHistory Password history entry
336 private void updatePasswordHistory (final PasswordHistory passwordHistory) {
337 if (null == passwordHistory) {
339 throw new NullPointerException("passwordHistory is null"); //NOI18N
340 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
342 throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
343 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
345 throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
349 if (this.userPasswordHistory.contains(passwordHistory)) {
355 for (final PasswordHistory entry : this.userPasswordHistory) {
356 // Is same id number?
357 if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
363 // Not found, so add it
364 this.userPasswordHistory.add(passwordHistory);