2 * Copyright (C) 2016 Roland Häder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.jjobs.beans.user.password;
19 import java.util.Objects;
20 import javax.enterprise.context.RequestScoped;
21 import javax.enterprise.event.Event;
22 import javax.enterprise.inject.Any;
23 import javax.faces.view.facelets.FaceletException;
24 import javax.inject.Inject;
25 import javax.inject.Named;
26 import javax.naming.Context;
27 import javax.naming.InitialContext;
28 import javax.naming.NamingException;
29 import org.mxchange.jcoreee.utils.FacesUtils;
30 import org.mxchange.jjobs.beans.BaseJobsController;
31 import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController;
32 import org.mxchange.jjobs.beans.login.JobsUserLoginWebSessionController;
33 import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent;
34 import org.mxchange.jusercore.exceptions.UserNotFoundException;
35 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
36 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
37 import org.mxchange.jusercore.model.user.User;
38 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
39 import org.mxchange.jusercore.model.user.UserUtils;
40 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
41 import org.mxchange.jusercore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
44 * A user password (change) controller (bean)
46 * @author Roland Häder<roland@mxchange.org>
48 @Named ("userPasswordController")
50 public class JobsUserPasswordWebRequestBean extends BaseJobsController implements JobsUserPasswordWebRequestController {
55 private static final long serialVersionUID = 15_267_867_367_501L;
61 private JobsFeaturesWebApplicationController featureController;
66 private final UserSessionBeanRemote userBean;
69 * Login controller (bean)
72 private JobsUserLoginWebSessionController userLoginController;
75 * User password (unencrypted from web form)
77 private String userPassword;
80 * User password repeated (unencrypted from web form)
82 private String userPasswordRepeat;
85 * Event being fired when user's password has been updated
89 private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
94 public JobsUserPasswordWebRequestBean () {
97 // Get initial context
98 Context context = new InitialContext();
101 this.userBean = (UserSessionBeanRemote) context.lookup("java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N
102 } catch (final NamingException e) {
104 throw new FaceletException(e);
109 public String doChangePassword () {
110 // This method shall only be called if the user is logged-in
111 if (!this.userLoginController.isUserLoggedIn()) {
113 throw new IllegalStateException("User is not logged-in"); //NOI18N
114 } else if (!this.isRequiredChangePasswordSet()) {
115 // Not all required fields are set
116 throw new FaceletException("Not all required fields are set."); //NOI18N
117 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
118 // Password mismatches
119 this.showFacesMessage("form_user_change_password:userCurrentPassword", "ERROR_USER_CURRENT_PASSWORD_MISMATCHING"); //NOI18N
122 this.userLoginController.setUserCurrentPassword(null);
127 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
128 // Editing is not allowed
129 throw new IllegalStateException("User tried to change password."); //NOI18N
130 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
131 // Both entered passwords don't match
132 this.showFacesMessage("form_user_change_password:userPasswordRepeat", "ERROR_USER_NEW_PASSWORDS_MISMATCH"); //NOI18N
135 this.userLoginController.setUserCurrentPassword(null);
140 } else if (Objects.equals(this.userLoginController.getUserCurrentPassword(), this.getUserPassword())) {
141 // New password matches current
142 this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_SAME_AS_CURRENT"); //NOI18N
145 this.userLoginController.setUserCurrentPassword(null);
150 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
151 // Is already in list (to old passwords are ignored)
152 this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_ALREADY_ENTERED"); //NOI18N
155 this.userLoginController.setUserCurrentPassword(null);
160 } else if (this.isWeakPassword(this.getUserPassword())) {
161 // Password is to weak
162 this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_PASSWORD_TO_WEAK"); //NOI18N
165 this.userLoginController.setUserCurrentPassword(null);
173 User user = this.userLoginController.getLoggedInUser();
176 String encryptedPassword = UserUtils.encryptPassword(this.getUserPassword());
179 user.setUserMustChangePassword(Boolean.FALSE);
180 user.setUserEncryptedPassword(encryptedPassword);
184 String baseUrl = FacesUtils.generateBaseUrl();
186 // All is set, then update password
187 PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
190 this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory));
191 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
193 this.userLoginController.setUserCurrentPassword(null);
197 throw new FaceletException(ex);
204 return "user_data_saved"; //NOI18N
208 public String getUserPassword () {
209 return this.userPassword;
213 public void setUserPassword (final String userPassword) {
214 this.userPassword = userPassword;
218 public String getUserPasswordRepeat () {
219 return this.userPasswordRepeat;
223 public void setUserPasswordRepeat (final String userPasswordRepeat) {
224 this.userPasswordRepeat = userPasswordRepeat;
228 public boolean isRequiredChangePasswordSet () {
230 return ((this.userLoginController.getUserCurrentPassword() != null) &&
231 (!this.userLoginController.getUserCurrentPassword().isEmpty()) &&
232 (this.getUserPassword() != null) &&
233 (!this.getUserPassword().isEmpty()) &&
234 (this.getUserPasswordRepeat() != null) &&
235 (!this.getUserPasswordRepeat().isEmpty()));
241 private void clear () {
243 this.setUserPassword(null);
244 this.setUserPasswordRepeat(null);