2 * Copyright (C) 2016 - 2022 Free Software Foundation
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.pizzaapplication.beans.user.login;
19 import java.text.MessageFormat;
20 import java.util.Collections;
21 import java.util.List;
22 import java.util.Objects;
24 import javax.enterprise.context.SessionScoped;
25 import javax.enterprise.event.Event;
26 import javax.enterprise.event.Observes;
27 import javax.enterprise.inject.Any;
28 import javax.faces.context.FacesContext;
29 import javax.inject.Inject;
30 import javax.inject.Named;
31 import org.mxchange.jusercore.exceptions.UserNotFoundException;
32 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
33 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
34 import org.mxchange.jusercore.model.user.User;
35 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
36 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
37 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
38 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
39 import org.mxchange.juserlogincore.container.login.LoginContainer;
40 import org.mxchange.juserlogincore.container.login.UserLoginContainer;
41 import org.mxchange.juserlogincore.events.login.ObservableUserLoggedInEvent;
42 import org.mxchange.juserlogincore.events.login.UserLoggedInEvent;
43 import org.mxchange.juserlogincore.events.logout.ObservableUserLogoutEvent;
44 import org.mxchange.juserlogincore.events.logout.UserLogoutEvent;
45 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
46 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
47 import org.mxchange.juserlogincore.login.UserLoginUtils;
48 import org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote;
49 import org.mxchange.pizzaapplication.beans.BasePizzaBean;
50 import org.mxchange.pizzaapplication.beans.user.PizzaUserWebRequestController;
53 * A web bean for user registration
55 * @author Roland Häder<roland@mxchange.org>
57 @Named ("userLoginController")
59 public class PizzaUserLoginWebSessionBean extends BasePizzaBean implements PizzaUserLoginWebSessionController {
62 * Path name for guest base template
64 private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest";
67 * Path name for logged-in user base template
69 private static final String USER_BASE_TEMPLATE_NAME = "login/user/user";
74 private static final long serialVersionUID = 47_828_986_719_691_592L;
77 * Template type for pages that might be displayed in guest area and login
80 private String baseTemplatePathName;
83 * Logged-in user instance
85 private User loggedInUser;
88 * Event fired when user has logged in
92 private Event<ObservableUserLoggedInEvent> loginEvent;
98 private PizzaUserWebRequestController userController;
103 private String userCurrentPassword;
106 * Flag whether the user has logged-in, set only from inside
108 private boolean userLoggedIn;
111 * Remote register session-scoped bean
113 @EJB (lookup = "java:global/addressbook-ejb/userLogin!org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote")
114 private UserLoginSessionBeanRemote userLoginBean;
117 * Event fired when user has logged in
121 private Event<ObservableUserLoggedInEvent> userLoginEvent;
124 * Event fired when user has logged out
128 private Event<ObservableUserLogoutEvent> userLogoutEvent;
131 * User's password history
133 private List<PasswordHistory> userPasswordHistory;
136 * EJB for user's password history
138 @EJB (lookup = "java:global/addressbook-ejb/userPasswordHistory!org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote")
139 private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
142 * Default constructor
144 public PizzaUserLoginWebSessionBean () {
145 // Call super constructor
148 // Defaul template is guest
149 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
153 * Method being call after user's password has been updated (and history
154 * entry has been created).
156 * @param event Event being observed
158 public void afterUserUpdatedPasswordEvent (@Observes final ObservableUpdatedUserPasswordEvent event) {
162 throw new NullPointerException("event is null"); //NOI18N
163 } else if (event.getPasswordHistory() == null) {
165 throw new NullPointerException("event.passwordHistory is null"); //NOI18N
166 } else if (event.getPasswordHistory().getUserPasswordHistoryId() == null) {
168 throw new NullPointerException("event.passwordHistory.userPasswordHistoryId is null"); //NOI18N
169 } else if (event.getPasswordHistory().getUserPasswordHistoryId() < 1) {
171 throw new IllegalArgumentException(MessageFormat.format("event.passwordHistory.userPasswordHistoryId={0} is in valid", event.getPasswordHistory().getUserPasswordHistoryId())); //NOI18N
175 final User user = event.getCreatedUser();
177 // Set all fields here
178 this.copyToUser(user);
182 * Event observer for logged-in user
184 * @param event Event instance
186 public void afterUserLoginEvent (@Observes final ObservableUserLoggedInEvent event) {
187 // Event and contained entity instance should not be null
190 throw new NullPointerException("event is null"); //NOI18N
191 } else if (event.getLoggedInUser() == null) {
193 throw new NullPointerException("event.registeredUser is null"); //NOI18N
194 } else if (event.getLoggedInUser().getUserId() == null) {
196 throw new NullPointerException("event.registeredUser.userId is null"); //NOI18N
197 } else if (event.getLoggedInUser().getUserId() < 1) {
199 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getLoggedInUser(), event.getLoggedInUser().getUserId())); //NOI18N
202 // "Cache" user instance
203 final User user = event.getLoggedInUser();
205 // Copy all data to this bean
206 this.copyToUser(user);
210 * Event observer for user password changes
212 * @param event Event being fired
214 public void afterUserPasswordChangedEvent (@Observes final ObservableUpdatedUserPasswordEvent event) {
218 throw new NullPointerException("event is null"); //NOI18N
219 } else if (event.getUserPassword() == null) {
221 throw new NullPointerException("event.userPassword is null"); //NOI18N
222 } else if (event.getUserPassword().isEmpty()) {
224 throw new IllegalArgumentException("event.userPassword is empty"); //NOI18N
228 this.setUserPassword(event.getUserPassword());
229 this.updatePasswordHistory(event.getPasswordHistory());
233 * Event observer for new user registrations
235 * @param event User registration event
237 public void afterUserRegistrationEvent (@Observes final ObservableUserRegisteredEvent event) {
238 // Event and contained entity instance should not be null
241 throw new NullPointerException("event is null"); //NOI18N
242 } else if (event.getRegisteredUser() == null) {
244 throw new NullPointerException("event.registeredUser is null"); //NOI18N
245 } else if (event.getRegisteredUser().getUserId() == null) {
247 throw new NullPointerException("event.registeredUser.userId is null"); //NOI18N
248 } else if (event.getRegisteredUser().getUserId() < 1) {
250 throw new IllegalArgumentException(MessageFormat.format("userId of user={0} is not valid: {1}", event.getRegisteredUser(), event.getRegisteredUser().getUserId())); //NOI18N
254 final User registeredUser = event.getRegisteredUser();
256 // Copy all data from registered->user
257 this.copyToUser(registeredUser);
260 this.setUserId(registeredUser.getUserId());
264 * Logout for administrator area. If a logged-in user instance exists, it is
265 * being logged-out, too.
267 * @return Outcome (should be redirected)
269 public String doAdminLogout () {
270 // Is a user logged-in?
271 if (this.isUserLoggedIn()) {
273 return this.doUserLogout();
276 // Invalidate session
277 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
279 // Set template type to guest
280 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
283 return "index?faces-redirect=true"; //NOI18N
287 * Logins the user, if the account is found, confirmed and unlocked.
289 * @return Redirect target
291 public String doUserLogin () {
293 final User user = this.userController.createUserLogin();
295 // Create login container
296 final LoginContainer loginContainer = new UserLoginContainer(user, this.userController.getUserPassword());
300 final User confirmedUser = this.userLoginBean.validateUserAccountStatus(loginContainer);
302 // All fine here so set it here
303 this.setLoggedInUser(confirmedUser);
305 // Retrieve user's password list
306 this.userPasswordHistory = this.userPasswordHistoryBean.getUserPasswordHistory(confirmedUser);
308 // Set template to "login"
309 this.setBaseTemplatePathName(USER_BASE_TEMPLATE_NAME); //NOI18N
311 // Fire event away. Keep this last before return statement.
312 this.userLoginEvent.fire(new UserLoggedInEvent(confirmedUser));
318 return "login_user"; //NOI18N
319 } catch (final UserNotFoundException ex) {
321 this.showFacesMessage("form_user_login:userName", "ERROR_USER_NOT_FOUND"); //NOI18N
323 } catch (final UserStatusLockedException ex) {
324 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_LOCKED"); //NOI18N
326 } catch (final UserStatusUnconfirmedException ex) {
327 this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_UNCONFIRMED"); //NOI18N
329 } catch (final UserPasswordMismatchException ex) {
331 this.showFacesMessage("form_user_login:userPassword", "ERROR_USER_PASSWORD_MISMATCH"); //NOI18N
337 * Logout for current user by invalidating the current session.
339 * @return Outcome (should be redirected)
341 public String doUserLogout () {
342 // Is loggedInUser set?
343 if (this.getLoggedInUser() == null) {
345 throw new NullPointerException("this.loggedInUser is null"); //NOI18N
346 } else if (this.getLoggedInUser().getUserId() == null) {
348 throw new NullPointerException("this.loggedInUser.userId is null"); //NOI18N
349 } else if (this.getLoggedInUser().getUserId() < 1) {
351 throw new IllegalStateException(MessageFormat.format("this.loggedInUser.userId={0} is not valid.", this.getLoggedInUser().getUserId())); //NOI18N
355 this.userLogoutEvent.fire(new UserLogoutEvent(this.getLoggedInUser()));
357 // Invalidate session
358 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
360 // Unset any user instances
361 this.setLoggedInUser(null);
362 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
365 return "index"; //NOI18N
369 public String getBaseTemplatePathName () {
370 return this.baseTemplatePathName;
374 public void setBaseTemplatePathName (final String baseTemplatePathName) {
375 this.baseTemplatePathName = baseTemplatePathName;
379 public User getLoggedInUser () {
380 return this.loggedInUser;
384 public void setLoggedInUser (final User loggedInUser) {
385 this.loggedInUser = loggedInUser;
389 * Getter for current password (clear text)
391 * @return Current password
393 public String getUserCurrentPassword () {
394 return this.userCurrentPassword;
398 * Setter for current password (clear text)
400 * @param userCurrentPassword Current password
402 public void setUserCurrentPassword (final String userCurrentPassword) {
403 this.userCurrentPassword = userCurrentPassword;
407 public List<PasswordHistory> getUserPasswordHistory () {
408 return Collections.unmodifiableList(this.userPasswordHistory);
412 public boolean ifCurrentPasswordMatches () {
413 // The current password must be set and not empty
414 if (this.getUserCurrentPassword() == null) {
416 throw new NullPointerException("this.userCurrentPassword is null"); //NOI18N
417 } else if (this.getUserCurrentPassword().isEmpty()) {
419 throw new IllegalStateException("this.userCurrentPassword is empty."); //NOI18N
422 // Create "container"
423 final LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getUserCurrentPassword());
425 // Now check if it matches
426 return UserLoginUtils.ifPasswordMatches(container, this.getLoggedInUser());
430 public boolean ifUserMustChangePassword () {
431 return ((this.isUserLoggedIn()) && (Objects.equals(this.getLoggedInUser().getUserMustChangePassword(), Boolean.TRUE)));
435 public boolean isInvisible () {
437 if (!this.isUserLoggedIn()) {
439 throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
442 // Check logged-in first, then invisibility
443 return Objects.equals(this.getLoggedInUser().getUserProfileMode(), ProfileMode.INVISIBLE);
447 public boolean isPasswordInHistory (final String userPassword) {
448 // Default is not found
449 boolean isPasswordInHistory = false;
453 final int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
455 // Check all passwords
456 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
457 // Is password the same?
458 if (UserLoginUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
460 isPasswordInHistory = true;
462 } else if (count == maxEntries) {
472 return isPasswordInHistory;
476 public boolean isUserLoggedIn () {
478 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
481 return this.userLoggedIn;
487 private void clear () {
489 this.setUserCurrentPassword(null);
490 this.setUserProfileMode(null);
494 * Copies given user into the controller
496 * @param user User instance
498 private void copyToUser (final User user) {
501 this.setUserId(user.getUserId());
502 this.setUserName(user.getUserName());
503 this.setUserProfileMode(user.getUserProfileMode());
507 * Updates password history by adding given entry to it as long as it is not
510 * @param passwordHistory Password history entry
512 private void updatePasswordHistory (final PasswordHistory passwordHistory) {
513 if (null == passwordHistory) {
515 throw new NullPointerException("passwordHistory is null"); //NOI18N
516 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
518 throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
519 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
521 throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
525 if (this.userPasswordHistory.contains(passwordHistory)) {
531 for (final PasswordHistory entry : this.userPasswordHistory) {
532 // Is same id number?
533 if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
539 // Not found, so add it
540 this.userPasswordHistory.add(passwordHistory);