2 * Copyright (C) 2016, 2017 Roland Häder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.pizzaapplication.beans.user.login;
19 import java.text.MessageFormat;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Objects;
23 import javax.annotation.PostConstruct;
24 import javax.enterprise.context.SessionScoped;
25 import javax.enterprise.event.Event;
26 import javax.enterprise.event.Observes;
27 import javax.enterprise.inject.Any;
28 import javax.faces.context.FacesContext;
29 import javax.faces.view.facelets.FaceletException;
30 import javax.inject.Inject;
31 import javax.inject.Named;
32 import javax.naming.Context;
33 import javax.naming.InitialContext;
34 import javax.naming.NamingException;
35 import org.mxchange.jusercore.exceptions.UserNotFoundException;
36 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
37 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
38 import org.mxchange.jusercore.model.user.User;
39 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
40 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
41 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
42 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
43 import org.mxchange.juserlogincore.container.login.LoginContainer;
44 import org.mxchange.juserlogincore.container.login.UserLoginContainer;
45 import org.mxchange.juserlogincore.events.login.ObservableUserLoggedInEvent;
46 import org.mxchange.juserlogincore.events.login.UserLoggedInEvent;
47 import org.mxchange.juserlogincore.events.logout.ObservableUserLogoutEvent;
48 import org.mxchange.juserlogincore.events.logout.UserLogoutEvent;
49 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
50 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
51 import org.mxchange.juserlogincore.login.UserLoginUtils;
52 import org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote;
53 import org.mxchange.pizzaapplication.beans.BasePizzaController;
54 import org.mxchange.pizzaapplication.beans.user.PizzaUserWebSessionController;
57 * A web bean for user registration
59 * @author Roland Häder<roland@mxchange.org>
61 @Named ("userLoginController")
63 public class PizzaUserLoginWebSessionBean extends BasePizzaController implements PizzaUserLoginWebSessionController {
66 * Path name for guest base template
68 private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest";
71 * Path name for logged-in user base template
73 private static final String USER_BASE_TEMPLATE_NAME = "login/user/user";
78 private static final long serialVersionUID = 47_828_986_719_691_592L;
81 * Template type for pages that might be displayed in guest area and login
84 private String baseTemplatePathName;
87 * Logged-in user instance
89 private User loggedInUser;
92 * Event fired when user has logged in
96 private Event<ObservableUserLoggedInEvent> loginEvent;
102 private PizzaUserWebSessionController userController;
107 private String userCurrentPassword;
110 * Flag whether the user has logged-in, set only from inside
112 private boolean userLoggedIn;
115 * Remote register session-scoped bean
117 private UserLoginSessionBeanRemote userLoginBean;
120 * Event fired when user has logged in
124 private Event<ObservableUserLoggedInEvent> userLoginEvent;
127 * Event fired when user has logged out
131 private Event<ObservableUserLogoutEvent> userLogoutEvent;
134 * User's password history
136 private List<PasswordHistory> userPasswordHistory;
139 * EJB for user's password history
141 private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
144 * Default constructor
146 public PizzaUserLoginWebSessionBean () {
147 // Call super constructor
150 // Defaul template is guest
151 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
155 * Method being call after user's password has been updated (and history
156 * entry has been created).
158 * @param event Event being observed
160 public void afterUserUpdatedPasswordEvent (@Observes final ObservableUpdatedUserPasswordEvent event) {
164 throw new NullPointerException("event is null"); //NOI18N
165 } else if (event.getPasswordHistory() == null) {
167 throw new NullPointerException("event.passwordHistory is null"); //NOI18N
168 } else if (event.getPasswordHistory().getUserPasswordHistoryId() == null) {
170 throw new NullPointerException("event.passwordHistory.userPasswordHistoryId is null"); //NOI18N
171 } else if (event.getPasswordHistory().getUserPasswordHistoryId() < 1) {
173 throw new IllegalArgumentException(MessageFormat.format("event.passwordHistory.userPasswordHistoryId={0} is in valid", event.getPasswordHistory().getUserPasswordHistoryId())); //NOI18N
176 // All fine, so update list
177 this.updatePasswordHistory(event.getPasswordHistory());
181 * Logout for administrator area. If a logged-in user instance exists, it is
182 * being logged-out, too.
184 * @return Outcome (should be redirected)
186 public String doAdminLogout () {
187 // Is a user logged-in?
188 if (this.isUserLoggedIn()) {
190 return this.doUserLogout();
193 // Invalidate session
194 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
196 // Set template type to guest
197 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
200 return "index?faces-redirect=true"; //NOI18N
204 * Logins the user, if the account is found, confirmed and unlocked.
206 * @return Redirect target
208 public String doUserLogin () {
210 User user = this.userController.createUserLogin();
212 // Create login container
213 LoginContainer loginContainer = new UserLoginContainer(user, this.userController.getUserPassword());
217 User confirmedUser = this.userLoginBean.validateUserAccountStatus(loginContainer);
219 // All fine here so set it here
220 this.setLoggedInUser(confirmedUser);
222 // Retrieve user's password list
223 this.userPasswordHistory = this.userPasswordHistoryBean.getUserPasswordHistory(confirmedUser);
225 // Set template to "login"
226 this.setBaseTemplatePathName(USER_BASE_TEMPLATE_NAME); //NOI18N
228 // Fire event away. Keep this last before return statement.
229 this.userLoginEvent.fire(new UserLoggedInEvent(confirmedUser));
235 return "login_user"; //NOI18N
236 } catch (final UserNotFoundException ex) {
238 this.showFacesMessage("form_user_login:userName", "ERROR_USER_NOT_FOUND"); //NOI18N
240 } catch (final UserStatusLockedException ex) {
241 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_LOCKED"); //NOI18N
243 } catch (final UserStatusUnconfirmedException ex) {
244 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_UNCONFIRMED"); //NOI18N
246 } catch (final UserPasswordMismatchException ex) {
248 this.showFacesMessage("form_user_login:userPassword", "ERROR_USER_PASSWORD_MISMATCH"); //NOI18N
254 * Logout for current user by invalidating the current session.
256 * @return Outcome (should be redirected)
258 public String doUserLogout () {
259 // Is loggedInUser set?
260 if (this.getLoggedInUser() == null) {
262 throw new NullPointerException("this.loggedInUser is null"); //NOI18N
263 } else if (this.getLoggedInUser().getUserId() == null) {
265 throw new NullPointerException("this.loggedInUser.userId is null"); //NOI18N
266 } else if (this.getLoggedInUser().getUserId() < 1) {
268 throw new IllegalStateException(MessageFormat.format("this.loggedInUser.userId={0} is not valid.", this.getLoggedInUser().getUserId())); //NOI18N
272 this.userLogoutEvent.fire(new UserLogoutEvent(this.getLoggedInUser()));
274 // Invalidate session
275 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
277 // Unset any user instances
278 this.setLoggedInUser(null);
279 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
282 return "index"; //NOI18N
286 public String getBaseTemplatePathName () {
287 return this.baseTemplatePathName;
291 public void setBaseTemplatePathName (final String baseTemplatePathName) {
292 this.baseTemplatePathName = baseTemplatePathName;
296 public User getLoggedInUser () {
297 return this.loggedInUser;
301 public void setLoggedInUser (final User loggedInUser) {
302 this.loggedInUser = loggedInUser;
306 * Getter for current password (clear text)
308 * @return Current password
310 public String getUserCurrentPassword () {
311 return this.userCurrentPassword;
315 * Setter for current password (clear text)
317 * @param userCurrentPassword Current password
319 public void setUserCurrentPassword (final String userCurrentPassword) {
320 this.userCurrentPassword = userCurrentPassword;
324 public List<PasswordHistory> getUserPasswordHistory () {
325 return Collections.unmodifiableList(this.userPasswordHistory);
329 public boolean ifCurrentPasswordMatches () {
330 // The current password must be set and not empty
331 if (this.getUserCurrentPassword() == null) {
333 throw new NullPointerException("this.userCurrentPassword is null"); //NOI18N
334 } else if (this.getUserCurrentPassword().isEmpty()) {
336 throw new IllegalStateException("this.userCurrentPassword is empty."); //NOI18N
339 // Create "container"
340 LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getUserCurrentPassword());
342 // Now check if it matches
343 return UserLoginUtils.ifPasswordMatches(container, this.getLoggedInUser());
347 public boolean ifUserMustChangePassword () {
348 return ((this.isUserLoggedIn()) && (Objects.equals(this.getLoggedInUser().getUserMustChangePassword(), Boolean.TRUE)));
352 * Post-construction method
355 public void init () {
357 // Get initial context
358 Context context = new InitialContext();
361 this.userLoginBean = (UserLoginSessionBeanRemote) context.lookup("java:global/jrecruiter-ejb/userLogin!org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote"); //NOI18N
364 this.userPasswordHistoryBean = (UserPasswordHistorySessionBeanRemote) context.lookup("java:global/jrecruiter-ejb/userPasswordHistory!org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote"); //NOI18N
366 // Defaul template is guest
367 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
368 } catch (final NamingException ex) {
370 throw new FaceletException(ex);
375 public boolean isInvisible () {
377 if (!this.isUserLoggedIn()) {
379 throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
382 // Check logged-in first, then invisibility
383 return Objects.equals(this.getLoggedInUser().getUserProfileMode(), ProfileMode.INVISIBLE);
387 public boolean isPasswordInHistory (final String userPassword) {
388 // Default is not found
389 boolean isPasswordInHistory = false;
393 int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
395 // Check all passwords
396 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
397 // Is password the same?
398 if (UserLoginUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
400 isPasswordInHistory = true;
402 } else if (count == maxEntries) {
412 return isPasswordInHistory;
416 public boolean isUserLoggedIn () {
418 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
421 return this.userLoggedIn;
427 private void clear () {
429 this.setUserCurrentPassword(null);
433 * Updates password history by adding given entry to it as long as it is not
436 * @param passwordHistory Password history entry
438 private void updatePasswordHistory (final PasswordHistory passwordHistory) {
439 if (null == passwordHistory) {
441 throw new NullPointerException("passwordHistory is null"); //NOI18N
442 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
444 throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
445 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
447 throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
451 if (this.userPasswordHistory.contains(passwordHistory)) {
457 for (final PasswordHistory entry : this.userPasswordHistory) {
458 // Is same id number?
459 if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
465 // Not found, so add it
466 this.userPasswordHistory.add(passwordHistory);