src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java

   1 /*
   2  * Copyright (C) 2016, 2017 Roland Häder
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Affero General Public License as
   6  * published by the Free Software Foundation, either version 3 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Affero General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Affero General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17 package org.mxchange.jjobs.beans.user.password;
  18
  19 import java.util.Objects;
  20 import javax.annotation.PostConstruct;
  21 import javax.enterprise.context.RequestScoped;
  22 import javax.enterprise.event.Event;
  23 import javax.enterprise.inject.Any;
  24 import javax.faces.view.facelets.FaceletException;
  25 import javax.inject.Inject;
  26 import javax.inject.Named;
  27 import javax.naming.Context;
  28 import javax.naming.InitialContext;
  29 import javax.naming.NamingException;
  30 import org.mxchange.jcoreee.utils.FacesUtils;
  31 import org.mxchange.jjobs.beans.BaseJobsController;
  32 import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController;
  33 import org.mxchange.jjobs.beans.user.login.JobsUserLoginWebSessionController;
  34 import org.mxchange.jusercore.exceptions.UserNotFoundException;
  35 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
  36 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
  37 import org.mxchange.jusercore.model.user.User;
  38 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
  39 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
  40 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
  41 import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent;
  42 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
  43 import org.mxchange.juserlogincore.login.UserLoginUtils;
  44
  45 /**
  46  * A user password (change) controller (bean)
  47  * <p>
  48  * @author Roland Häder<roland@mxchange.org>
  49  */
  50 @Named ("userPasswordController")
  51 @RequestScoped
  52 public class JobsUserPasswordWebRequestBean extends BaseJobsController implements JobsUserPasswordWebRequestController {
  53
  54         /**
  55          * Serial number
  56          */
  57         private static final long serialVersionUID = 15_267_867_367_501L;
  58
  59         /**
  60          * Features controller
  61          */
  62         @Inject
  63         private JobsFeaturesWebApplicationController featureController;
  64
  65         /**
  66          * Remote user bean
  67          */
  68         private UserSessionBeanRemote userBean;
  69
  70         /**
  71          * Current password (for confirmation of password change)
  72          */
  73         private String userCurrentPassword;
  74
  75         /**
  76          * Login bean (controller)
  77          */
  78         @Inject
  79         private JobsUserLoginWebSessionController userLoginController;
  80
  81         /**
  82          * User password (clear-text from web form)
  83          */
  84         private String userPassword;
  85
  86         /**
  87          * User password repeated (clear-text from web form)
  88          */
  89         private String userPasswordRepeat;
  90
  91         /**
  92          * Event being fired when user's password has been updated
  93          */
  94         @Any
  95         @Inject
  96         private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
  97
  98         /**
  99          * Default constructor
 100          */
 101         public JobsUserPasswordWebRequestBean () {
 102                 // Call super constructor
 103                 super();
 104         }
 105
 106         /**
 107          * Changes logged-in user's password. It must not match with current
 108          * password and should not appear in password history list for X
 109          * (configurable) entries.
 110          * <p>
 111          * @return Redirect outcome
 112          */
 113         public String doChangePassword () {
 114                 // This method shall only be called if the user is logged-in
 115                 if (!this.userLoginController.isUserLoggedIn()) {
 116                         // Not logged-in
 117                         throw new IllegalStateException("User is not logged-in"); //NOI18N
 118                 } else if (!this.isRequiredChangePasswordSet()) {
 119                         // Not all required fields are set
 120                         throw new FaceletException("Not all required fields are set."); //NOI18N
 121                 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
 122                         // Password not matching
 123                         throw new FaceletException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
 124                 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
 125                         // Editing is not allowed
 126                         throw new IllegalStateException("User tried to change password."); //NOI18N
 127                 } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
 128                         // Password mismatches
 129                         this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password."); //NOI18N
 130
 131                         // Clear bean
 132                         this.clear();
 133
 134                         // No redirect
 135                         return ""; //NOI18N
 136                 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
 137                         // Both entered passwords don't match
 138                         this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch."); //NOI18N
 139
 140                         // Clear bean
 141                         this.clear();
 142
 143                         // No redirect
 144                         return ""; //NOI18N
 145                 } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
 146                         // New password matches current
 147                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password."); //NOI18N
 148
 149                         // Clear bean
 150                         this.clear();
 151
 152                         // No redirect
 153                         return ""; //NOI18N
 154                 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
 155                         // Is already in list (to old passwords are ignored)
 156                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago."); //NOI18N
 157
 158                         // Clear bean
 159                         this.clear();
 160
 161                         // No redirect
 162                         return ""; //NOI18N
 163                 }
 164
 165                 // Get user instance
 166                 User user = this.userLoginController.getLoggedInUser();
 167
 168                 // Encrypt password
 169                 String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword());
 170
 171                 // Set it in user
 172                 user.setUserEncryptedPassword(encryptedPassword);
 173
 174                 try {
 175                         // Get base URL
 176                         String baseUrl = FacesUtils.generateBaseUrl();
 177
 178                         // All is set, then update password
 179                         PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
 180
 181                         // Fire event
 182                         this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory,this.getUserPassword()));
 183                 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
 184                         // Clear bean
 185                         this.clear();
 186
 187                         // Throw again
 188                         throw new FaceletException(ex);
 189                 }
 190
 191                 // Clear bean
 192                 this.clear();
 193
 194                 // Return outcome
 195                 return "login_data_saved"; //NOI18N
 196         }
 197
 198         /**
 199          * Getter for current clear-text user password
 200          * <p>
 201          * @return Current clear-text user password
 202          */
 203         public String getUserCurrentPassword () {
 204                 return this.userCurrentPassword;
 205         }
 206
 207         /**
 208          * Setter for current clear-text user password
 209          * <p>
 210          * @param userCurrentPassword Current clear-text user password
 211          */
 212         public void setUserCurrentPassword (final String userCurrentPassword) {
 213                 this.userCurrentPassword = userCurrentPassword;
 214         }
 215
 216         /**
 217          * Getter for clear-text user password
 218          * <p>
 219          * @return Clear-text user password
 220          */
 221         public String getUserPassword () {
 222                 return this.userPassword;
 223         }
 224
 225         /**
 226          * Setter for clear-text user password
 227          * <p>
 228          * @param userPassword Clear-text user password
 229          */
 230         public void setUserPassword (final String userPassword) {
 231                 this.userPassword = userPassword;
 232         }
 233
 234         /**
 235          * Getter for clear-text user password repeated
 236          * <p>
 237          * @return Clear-text user password repeated
 238          */
 239         public String getUserPasswordRepeat () {
 240                 return this.userPasswordRepeat;
 241         }
 242
 243         /**
 244          * Setter for clear-text user password repeated
 245          * <p>
 246          * @param userPasswordRepeat Clear-text user password repeated
 247          */
 248         public void setUserPasswordRepeat (final String userPasswordRepeat) {
 249                 this.userPasswordRepeat = userPasswordRepeat;
 250         }
 251
 252         /**
 253          * Post-initialization of this class
 254          */
 255         @PostConstruct
 256         public void init () {
 257                 // Try it
 258                 try {
 259                         // Get initial context
 260                         Context context = new InitialContext();
 261
 262                         // Try to lookup
 263                         this.userBean = (UserSessionBeanRemote) context.lookup("java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N
 264                 } catch (final NamingException e) {
 265                         // Throw again
 266                         throw new FaceletException(e);
 267                 }
 268         }
 269
 270         @Override
 271         public boolean isRequiredChangePasswordSet () {
 272                 // Is all data set?
 273                 return ((this.getUserCurrentPassword() != null) &&
 274                                 (!this.getUserCurrentPassword().isEmpty()) &&
 275                                 (this.getUserPassword() != null) &&
 276                                 (!this.getUserPassword().isEmpty()) &&
 277                                 (this.getUserPasswordRepeat() != null) &&
 278                                 (!this.getUserPasswordRepeat().isEmpty()));
 279         }
 280
 281         /**
 282          * Clears this bean
 283          */
 284         private void clear () {
 285                 // Clear all data
 286                 this.setUserPassword(null);
 287                 this.setUserPasswordRepeat(null);
 288         }
 289
 290 }