src/java/org/mxchange/pizzaapplication/beans/user/login/PizzaUserLoginWebSessionBean.java

   1 /*
   2  * Copyright (C) 2016, 2017 Roland Häder
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Affero General Public License as
   6  * published by the Free Software Foundation, either version 3 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Affero General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Affero General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17 package org.mxchange.pizzaapplication.beans.user.login;
  18
  19 import java.text.MessageFormat;
  20 import java.util.Collections;
  21 import java.util.List;
  22 import java.util.Objects;
  23 import javax.annotation.PostConstruct;
  24 import javax.enterprise.context.SessionScoped;
  25 import javax.enterprise.event.Event;
  26 import javax.enterprise.event.Observes;
  27 import javax.enterprise.inject.Any;
  28 import javax.faces.context.FacesContext;
  29 import javax.faces.view.facelets.FaceletException;
  30 import javax.inject.Inject;
  31 import javax.inject.Named;
  32 import javax.naming.Context;
  33 import javax.naming.InitialContext;
  34 import javax.naming.NamingException;
  35 import org.mxchange.jusercore.exceptions.UserNotFoundException;
  36 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
  37 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
  38 import org.mxchange.jusercore.model.user.User;
  39 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
  40 import org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote;
  41 import org.mxchange.jusercore.model.user.profilemodes.ProfileMode;
  42 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
  43 import org.mxchange.juserlogincore.container.login.LoginContainer;
  44 import org.mxchange.juserlogincore.container.login.UserLoginContainer;
  45 import org.mxchange.juserlogincore.events.login.ObservableUserLoggedInEvent;
  46 import org.mxchange.juserlogincore.events.login.UserLoggedInEvent;
  47 import org.mxchange.juserlogincore.events.logout.ObservableUserLogoutEvent;
  48 import org.mxchange.juserlogincore.events.logout.UserLogoutEvent;
  49 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
  50 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
  51 import org.mxchange.juserlogincore.login.UserLoginUtils;
  52 import org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote;
  53 import org.mxchange.pizzaapplication.beans.BasePizzaController;
  54 import org.mxchange.pizzaapplication.beans.user.PizzaUserWebSessionController;
  55
  56 /**
  57  * A web bean for user registration
  58  * <p>
  59  * @author Roland Häder<roland@mxchange.org>
  60  */
  61 @Named ("userLoginController")
  62 @SessionScoped
  63 public class PizzaUserLoginWebSessionBean extends BasePizzaController implements PizzaUserLoginWebSessionController {
  64
  65         /**
  66          * Path name for guest base template
  67          */
  68         private static final String GUEST_BASE_TEMPLATE_NAME = "guest/guest";
  69
  70         /**
  71          * Path name for logged-in user base template
  72          */
  73         private static final String USER_BASE_TEMPLATE_NAME = "login/user/user";
  74
  75         /**
  76          * Serial number
  77          */
  78         private static final long serialVersionUID = 47_828_986_719_691_592L;
  79
  80         /**
  81          * Template type for pages that might be displayed in guest area and login
  82          * area.
  83          */
  84         private String baseTemplatePathName;
  85
  86         /**
  87          * Logged-in user instance
  88          */
  89         private User loggedInUser;
  90
  91         /**
  92          * Event fired when user has logged in
  93          */
  94         @Inject
  95         @Any
  96         private Event<ObservableUserLoggedInEvent> loginEvent;
  97
  98         /**
  99          * User controller
 100          */
 101         @Inject
 102         private PizzaUserWebSessionController userController;
 103
 104         /**
 105          * Current password
 106          */
 107         private String userCurrentPassword;
 108
 109         /**
 110          * Flag whether the user has logged-in, set only from inside
 111          */
 112         private boolean userLoggedIn;
 113
 114         /**
 115          * Remote register session-scoped bean
 116          */
 117         private UserLoginSessionBeanRemote userLoginBean;
 118
 119         /**
 120          * Event fired when user has logged in
 121          */
 122         @Inject
 123         @Any
 124         private Event<ObservableUserLoggedInEvent> userLoginEvent;
 125
 126         /**
 127          * Event fired when user has logged out
 128          */
 129         @Inject
 130         @Any
 131         private Event<ObservableUserLogoutEvent> userLogoutEvent;
 132
 133         /**
 134          * User's password history
 135          */
 136         private List<PasswordHistory> userPasswordHistory;
 137
 138         /**
 139          * EJB for user's password history
 140          */
 141         private UserPasswordHistorySessionBeanRemote userPasswordHistoryBean;
 142
 143         /**
 144          * Default constructor
 145          */
 146         public PizzaUserLoginWebSessionBean () {
 147                 // Call super constructor
 148                 super();
 149
 150                 // Defaul template is guest
 151                 this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
 152         }
 153
 154         /**
 155          * Method being call after user's password has been updated (and history
 156          * entry has been created).
 157          * <p>
 158          * @param event Event being observed
 159          */
 160         public void afterUserUpdatedPasswordEvent (@Observes final ObservableUpdatedUserPasswordEvent event) {
 161                 // Check parameter
 162                 if (null == event) {
 163                         // Throw NPE
 164                         throw new NullPointerException("event is null"); //NOI18N
 165                 } else if (event.getPasswordHistory() == null) {
 166                         // Throw NPE again
 167                         throw new NullPointerException("event.passwordHistory is null"); //NOI18N
 168                 } else if (event.getPasswordHistory().getUserPasswordHistoryId() == null) {
 169                         // ... and again
 170                         throw new NullPointerException("event.passwordHistory.userPasswordHistoryId is null"); //NOI18N
 171                 } else if (event.getPasswordHistory().getUserPasswordHistoryId() < 1) {
 172                         // Invalid value
 173                         throw new IllegalArgumentException(MessageFormat.format("event.passwordHistory.userPasswordHistoryId={0} is in valid", event.getPasswordHistory().getUserPasswordHistoryId())); //NOI18N
 174                 }
 175
 176                 // All fine, so update list
 177                 this.updatePasswordHistory(event.getPasswordHistory());
 178         }
 179
 180         /**
 181          * Logout for administrator area. If a logged-in user instance exists, it is
 182          * being logged-out, too.
 183          * <p>
 184          * @return Outcome (should be redirected)
 185          */
 186         public String doAdminLogout () {
 187                 // Is a user logged-in?
 188                 if (this.isUserLoggedIn()) {
 189                         // Call other logout
 190                         return this.doUserLogout();
 191                 }
 192
 193                 // Invalidate session
 194                 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
 195
 196                 // Set template type to guest
 197                 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
 198
 199                 // Redirect to index
 200                 return "index?faces-redirect=true"; //NOI18N
 201         }
 202
 203         /**
 204          * Logins the user, if the account is found, confirmed and unlocked.
 205          * <p>
 206          * @return Redirect target
 207          */
 208         public String doUserLogin () {
 209                 // Get user instance
 210                 User user = this.userController.createUserLogin();
 211
 212                 // Create login container
 213                 LoginContainer loginContainer = new UserLoginContainer(user, this.userController.getUserPassword());
 214
 215                 try {
 216                         // Call bean
 217                         User confirmedUser = this.userLoginBean.validateUserAccountStatus(loginContainer);
 218
 219                         // All fine here so set it here
 220                         this.setLoggedInUser(confirmedUser);
 221
 222                         // Retrieve user's password list
 223                         this.userPasswordHistory = this.userPasswordHistoryBean.getUserPasswordHistory(confirmedUser);
 224
 225                         // Set template to "login"
 226                         this.setBaseTemplatePathName(USER_BASE_TEMPLATE_NAME); //NOI18N
 227
 228                         // Fire event away. Keep this last before return statement.
 229                         this.userLoginEvent.fire(new UserLoggedInEvent(confirmedUser));
 230
 231                         // Clear this bean
 232                         this.clear();
 233
 234                         // All fine
 235                         return "login_user"; //NOI18N
 236                 } catch (final UserNotFoundException ex) {
 237                         // Show JSF message
 238                         this.showFacesMessage("form_user_login:userName", "ERROR_USER_NOT_FOUND"); //NOI18N
 239                         return ""; //NOI18N
 240                 } catch (final UserStatusLockedException ex) {
 241                         this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_LOCKED"); //NOI18N
 242                         return ""; //NOI18N
 243                 } catch (final UserStatusUnconfirmedException ex) {
 244                         this.showFacesMessage("form_user_login:userName", "ERROR_USER_STATUS_UNCONFIRMED"); //NOI18N
 245                         return ""; //NOI18N
 246                 } catch (final UserPasswordMismatchException ex) {
 247                         // Show JSF message
 248                         this.showFacesMessage("form_user_login:userPassword", "ERROR_USER_PASSWORD_MISMATCH"); //NOI18N
 249                         return ""; //NOI18N
 250                 }
 251         }
 252
 253         /**
 254          * Logout for current user by invalidating the current session.
 255          * <p>
 256          * @return Outcome (should be redirected)
 257          */
 258         public String doUserLogout () {
 259                 // Is loggedInUser set?
 260                 if (this.getLoggedInUser() == null) {
 261                         // Throw NPE
 262                         throw new NullPointerException("this.loggedInUser is null"); //NOI18N
 263                 } else if (this.getLoggedInUser().getUserId() == null) {
 264                         // Throw again
 265                         throw new NullPointerException("this.loggedInUser.userId is null"); //NOI18N
 266                 } else if (this.getLoggedInUser().getUserId() < 1) {
 267                         // Invalid user id
 268                         throw new IllegalStateException(MessageFormat.format("this.loggedInUser.userId={0} is not valid.", this.getLoggedInUser().getUserId())); //NOI18N
 269                 }
 270
 271                 // Fire event
 272                 this.userLogoutEvent.fire(new UserLogoutEvent(this.getLoggedInUser()));
 273
 274                 // Invalidate session
 275                 FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
 276
 277                 // Unset any user instances
 278                 this.setLoggedInUser(null);
 279                 this.setBaseTemplatePathName(GUEST_BASE_TEMPLATE_NAME); //NOI18N
 280
 281                 // Redirect to index
 282                 return "index"; //NOI18N
 283         }
 284
 285         @Override
 286         public String getBaseTemplatePathName () {
 287                 return this.baseTemplatePathName;
 288         }
 289
 290         @Override
 291         public void setBaseTemplatePathName (final String baseTemplatePathName) {
 292                 this.baseTemplatePathName = baseTemplatePathName;
 293         }
 294
 295         @Override
 296         public User getLoggedInUser () {
 297                 return this.loggedInUser;
 298         }
 299
 300         @Override
 301         public void setLoggedInUser (final User loggedInUser) {
 302                 this.loggedInUser = loggedInUser;
 303         }
 304
 305         /**
 306          * Getter for current password (clear text)
 307          * <p>
 308          * @return Current password
 309          */
 310         public String getUserCurrentPassword () {
 311                 return this.userCurrentPassword;
 312         }
 313
 314         /**
 315          * Setter for current password (clear text)
 316          * <p>
 317          * @param userCurrentPassword Current password
 318          */
 319         public void setUserCurrentPassword (final String userCurrentPassword) {
 320                 this.userCurrentPassword = userCurrentPassword;
 321         }
 322
 323         @Override
 324         public List<PasswordHistory> getUserPasswordHistory () {
 325                 return Collections.unmodifiableList(this.userPasswordHistory);
 326         }
 327
 328         @Override
 329         public boolean ifCurrentPasswordMatches () {
 330                 // The current password must be set and not empty
 331                 if (this.getUserCurrentPassword() == null) {
 332                         // Is not set
 333                         throw new NullPointerException("this.userCurrentPassword is null"); //NOI18N
 334                 } else if (this.getUserCurrentPassword().isEmpty()) {
 335                         // Is set empty
 336                         throw new IllegalStateException("this.userCurrentPassword is empty."); //NOI18N
 337                 }
 338
 339                 // Create "container"
 340                 LoginContainer container = new UserLoginContainer(this.getLoggedInUser(), this.getUserCurrentPassword());
 341
 342                 // Now check if it matches
 343                 return UserLoginUtils.ifPasswordMatches(container, this.getLoggedInUser());
 344         }
 345
 346         @Override
 347         public boolean ifUserMustChangePassword () {
 348                 return ((this.isUserLoggedIn()) && (Objects.equals(this.getLoggedInUser().getUserMustChangePassword(), Boolean.TRUE)));
 349         }
 350
 351         /**
 352          * Post-construction method
 353          */
 354         @PostConstruct
 355         public void init () {
 356                 try {
 357                         // Get initial context
 358                         Context context = new InitialContext();
 359
 360                         // Try to lookup
 361                         this.userLoginBean = (UserLoginSessionBeanRemote) context.lookup("java:global/jrecruiter-ejb/userLogin!org.mxchange.juserlogincore.model.user.login.UserLoginSessionBeanRemote"); //NOI18N
 362
 363                         // Also find this
 364                         this.userPasswordHistoryBean = (UserPasswordHistorySessionBeanRemote) context.lookup("java:global/jrecruiter-ejb/userPasswordHistory!org.mxchange.jusercore.model.user.password_history.UserPasswordHistorySessionBeanRemote"); //NOI18N
 365
 366                         // Defaul template is guest
 367                         this.baseTemplatePathName = GUEST_BASE_TEMPLATE_NAME;
 368                 } catch (final NamingException ex) {
 369                         // Continue to throw
 370                         throw new FaceletException(ex);
 371                 }
 372         }
 373
 374         @Override
 375         public boolean isInvisible () {
 376                 // Check on login
 377                 if (!this.isUserLoggedIn()) {
 378                         // Not logged in!
 379                         throw new IllegalStateException("isInvisible() has been invoked for a guest."); //NOI18N
 380                 }
 381
 382                 // Check logged-in first, then invisibility
 383                 return Objects.equals(this.getLoggedInUser().getUserProfileMode(), ProfileMode.INVISIBLE);
 384         }
 385
 386         @Override
 387         public boolean isPasswordInHistory (final String userPassword) {
 388                 // Default is not found
 389                 boolean isPasswordInHistory = false;
 390
 391                 // Init variables
 392                 int count = 1;
 393                 int maxEntries = this.getIntegerContextParameter("max_user_password_history"); //NOI18N
 394
 395                 // Check all passwords
 396                 for (final PasswordHistory entry : this.getUserPasswordHistory()) {
 397                         // Is password the same?
 398                         if (UserLoginUtils.ifPasswordMatches(userPassword, entry.getUserPasswordHistoryUser())) {
 399                                 // Yes, found it
 400                                 isPasswordInHistory = true;
 401                                 break;
 402                         } else if (count == maxEntries) {
 403                                 // Maximum reached
 404                                 break;
 405                         }
 406
 407                         // Count up
 408                         count++;
 409                 }
 410
 411                 // Return status
 412                 return isPasswordInHistory;
 413         }
 414
 415         @Override
 416         public boolean isUserLoggedIn () {
 417                 // Compare instance
 418                 this.userLoggedIn = ((this.getLoggedInUser() instanceof User) && (Objects.equals(this.getLoggedInUser().getUserAccountStatus(), UserAccountStatus.CONFIRMED)));
 419
 420                 // Return it
 421                 return this.userLoggedIn;
 422         }
 423
 424         /**
 425          * Clears this bean
 426          */
 427         private void clear () {
 428                 // Clear all fields
 429                 this.setUserCurrentPassword(null);
 430         }
 431
 432         /**
 433          * Updates password history by adding given entry to it as long as it is not
 434          * there.
 435          * <p>
 436          * @param passwordHistory Password history entry
 437          */
 438         private void updatePasswordHistory (final PasswordHistory passwordHistory) {
 439                 if (null == passwordHistory) {
 440                         // Throw NPE
 441                         throw new NullPointerException("passwordHistory is null"); //NOI18N
 442                 } else if (passwordHistory.getUserPasswordHistoryId() == null) {
 443                         // Throw NPE again
 444                         throw new NullPointerException("passwordHistory.userPasswordHistoryId is null"); //NOI18N
 445                 } else if (passwordHistory.getUserPasswordHistoryId() < 1) {
 446                         // Invalid id
 447                         throw new IllegalArgumentException(MessageFormat.format("passwordHistory.userPasswordHistoryId={0} is not valid.", passwordHistory.getUserPasswordHistoryId())); //NOI18N
 448                 }
 449
 450                 // Is it there?
 451                 if (this.userPasswordHistory.contains(passwordHistory)) {
 452                         // Excact copy found
 453                         return;
 454                 }
 455
 456                 // Check all entries
 457                 for (final PasswordHistory entry : this.userPasswordHistory) {
 458                         // Is same id number?
 459                         if (Objects.equals(entry.getUserPasswordHistoryId(), passwordHistory.getUserPasswordHistoryId())) {
 460                                 // Found it
 461                                 return;
 462                         }
 463                 }
 464
 465                 // Not found, so add it
 466                 this.userPasswordHistory.add(passwordHistory);
 467         }
 468
 469 }