]> git.mxchange.org Git - jjobs-war.git/blob - src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java
Updated copyright year
[jjobs-war.git] / src / java / org / mxchange / jjobs / beans / user / password / JobsUserPasswordWebRequestBean.java
1 /*
2  * Copyright (C) 2016 - 2024 Free Software Foundation
3  *
4  * This program is free software: you can redistribute it and/or modify
5  * it under the terms of the GNU Affero General Public License as
6  * published by the Free Software Foundation, either version 3 of the
7  * License, or (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU Affero General Public License for more details.
13  *
14  * You should have received a copy of the GNU Affero General Public License
15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
16  */
17 package org.mxchange.jjobs.beans.user.password;
18
19 import java.util.Objects;
20 import javax.ejb.EJB;
21 import javax.enterprise.context.RequestScoped;
22 import javax.enterprise.event.Event;
23 import javax.enterprise.inject.Any;
24 import javax.faces.FacesException;
25 import javax.faces.application.FacesMessage;
26 import javax.inject.Inject;
27 import javax.inject.Named;
28 import org.mxchange.jcoreee.utils.FacesUtils;
29 import org.mxchange.jjobs.beans.BaseJobsBean;
30 import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController;
31 import org.mxchange.jjobs.beans.user.login.JobsUserLoginWebSessionController;
32 import org.mxchange.jusercore.exceptions.UserNotFoundException;
33 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
34 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
35 import org.mxchange.jusercore.model.user.User;
36 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
37 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
38 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
39 import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent;
40 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
41 import org.mxchange.juserlogincore.utils.UserLoginUtils;
42
43 /**
44  * A user password (change) controller (bean)
45  * <p>
46  * @author Roland Häder<roland@mxchange.org>
47  */
48 @Named ("userPasswordController")
49 @RequestScoped
50 public class JobsUserPasswordWebRequestBean extends BaseJobsBean implements JobsUserPasswordWebRequestController {
51
52         /**
53          * Serial number
54          */
55         private static final long serialVersionUID = 15_267_867_367_501L;
56
57         /**
58          * Features controller
59          */
60         @Inject
61         private JobsFeaturesWebApplicationController featureController;
62
63         /**
64          * Remote user bean
65          */
66         @EJB (lookup = "java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote")
67         private UserSessionBeanRemote userBean;
68
69         /**
70          * Current password (for confirmation of password change)
71          */
72         private String userCurrentPassword;
73
74         /**
75          * Login bean (controller)
76          */
77         @Inject
78         private JobsUserLoginWebSessionController userLoginController;
79
80         /**
81          * User password (clear-text from web form)
82          */
83         private String userPassword;
84
85         /**
86          * User password repeated (clear-text from web form)
87          */
88         private String userPasswordRepeat;
89
90         /**
91          * Event being fired when user's password has been updated
92          */
93         @Any
94         @Inject
95         private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
96
97         /**
98          * Default constructor
99          */
100         public JobsUserPasswordWebRequestBean () {
101                 // Call super constructor
102                 super();
103         }
104
105         /**
106          * Changes logged-in user's password. It must not match with current
107          * password and should not appear in password history list for X
108          * (configurable) entries.
109          * <p>
110          * @return Redirect outcome
111          */
112         public String doChangePassword () {
113                 // This method shall only be called if the user is logged-in
114                 if (!this.userLoginController.isUserLoggedIn()) {
115                         // Not logged-in
116                         throw new IllegalStateException("User is not logged-in"); //NOI18N
117                 } else if (!this.isRequiredChangePasswordSet()) {
118                         // Not all required fields are set
119                         throw new FacesException("Not all required fields are set."); //NOI18N
120                 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
121                         // Password not matching
122                         throw new FacesException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
123                 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
124                         // Editing is not allowed
125                         throw new IllegalStateException("User tried to change password."); //NOI18N
126                 } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
127                         // Password mismatches
128                         this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password.", FacesMessage.SEVERITY_WARN); //NOI18N
129
130                         // Clear bean
131                         this.clear();
132
133                         // No redirect
134                         return ""; //NOI18N
135                 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
136                         // Both entered passwords don't match
137                         this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch.", FacesMessage.SEVERITY_ERROR); //NOI18N
138
139                         // Clear bean
140                         this.clear();
141
142                         // No redirect
143                         return ""; //NOI18N
144                 } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
145                         // New password matches current
146                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password.", FacesMessage.SEVERITY_WARN); //NOI18N
147
148                         // Clear bean
149                         this.clear();
150
151                         // No redirect
152                         return ""; //NOI18N
153                 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
154                         // Is already in list (to old passwords are ignored)
155                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago.", FacesMessage.SEVERITY_WARN); //NOI18N
156
157                         // Clear bean
158                         this.clear();
159
160                         // No redirect
161                         return ""; //NOI18N
162                 }
163
164                 // Get user instance
165                 final User user = this.userLoginController.getLoggedInUser();
166
167                 // Encrypt password
168                 final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword());
169
170                 // Set it in user
171                 user.setUserEncryptedPassword(encryptedPassword);
172
173                 // Init variable
174                 final PasswordHistory passwordHistory;
175
176                 try {
177                         // Get base URL
178                         final String baseUrl = FacesUtils.generateBaseUrl();
179
180                         // All is set, then update password
181                         passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
182                 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
183                         // Clear bean
184                         this.clear();
185
186                         // Throw again
187                         throw new FacesException(ex);
188                 }
189
190                 // Fire event
191                 this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword()));
192
193                 // Clear bean
194                 this.clear();
195
196                 // Return outcome
197                 return "login_data_saved"; //NOI18N
198         }
199
200         /**
201          * Getter for current clear-text user password
202          * <p>
203          * @return Current clear-text user password
204          */
205         public String getUserCurrentPassword () {
206                 return this.userCurrentPassword;
207         }
208
209         /**
210          * Setter for current clear-text user password
211          * <p>
212          * @param userCurrentPassword Current clear-text user password
213          */
214         public void setUserCurrentPassword (final String userCurrentPassword) {
215                 this.userCurrentPassword = userCurrentPassword;
216         }
217
218         /**
219          * Getter for clear-text user password
220          * <p>
221          * @return Clear-text user password
222          */
223         public String getUserPassword () {
224                 return this.userPassword;
225         }
226
227         /**
228          * Setter for clear-text user password
229          * <p>
230          * @param userPassword Clear-text user password
231          */
232         public void setUserPassword (final String userPassword) {
233                 this.userPassword = userPassword;
234         }
235
236         /**
237          * Getter for clear-text user password repeated
238          * <p>
239          * @return Clear-text user password repeated
240          */
241         public String getUserPasswordRepeat () {
242                 return this.userPasswordRepeat;
243         }
244
245         /**
246          * Setter for clear-text user password repeated
247          * <p>
248          * @param userPasswordRepeat Clear-text user password repeated
249          */
250         public void setUserPasswordRepeat (final String userPasswordRepeat) {
251                 this.userPasswordRepeat = userPasswordRepeat;
252         }
253
254         @Override
255         public boolean isRequiredChangePasswordSet () {
256                 // Is all data set?
257                 return ((this.getUserCurrentPassword() != null) &&
258                                 (!this.getUserCurrentPassword().isEmpty()) &&
259                                 (this.getUserPassword() != null) &&
260                                 (!this.getUserPassword().isEmpty()) &&
261                                 (this.getUserPasswordRepeat() != null) &&
262                                 (!this.getUserPasswordRepeat().isEmpty()));
263         }
264
265         /**
266          * Clears this bean
267          */
268         private void clear () {
269                 // Clear all data
270                 this.setUserPassword(null);
271                 this.setUserPasswordRepeat(null);
272         }
273
274 }