src/java/org/mxchange/pizzaapplication/beans/user/password/PizzaUserPasswordWebRequestBean.java

   1 /*
   2  * Copyright (C) 2016 - 2020 Free Software Foundation
   3  *
   4  * This program is free software: you can redistribute it and/or modify
   5  * it under the terms of the GNU Affero General Public License as
   6  * published by the Free Software Foundation, either version 3 of the
   7  * License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU Affero General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Affero General Public License
  15  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16  */
  17 package org.mxchange.pizzaapplication.beans.user.password;
  18
  19 import java.util.Objects;
  20 import javax.ejb.EJB;
  21 import javax.enterprise.context.RequestScoped;
  22 import javax.enterprise.event.Event;
  23 import javax.enterprise.inject.Any;
  24 import javax.faces.view.facelets.FaceletException;
  25 import javax.inject.Inject;
  26 import javax.inject.Named;
  27 import org.mxchange.jcoreee.utils.FacesUtils;
  28 import org.mxchange.jusercore.exceptions.UserNotFoundException;
  29 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
  30 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
  31 import org.mxchange.jusercore.model.user.User;
  32 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
  33 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
  34 import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
  35 import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent;
  36 import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
  37 import org.mxchange.juserlogincore.login.UserLoginUtils;
  38 import org.mxchange.pizzaapplication.beans.BasePizzaBean;
  39 import org.mxchange.pizzaapplication.beans.features.PizzaFeaturesWebApplicationController;
  40 import org.mxchange.pizzaapplication.beans.user.login.PizzaUserLoginWebSessionController;
  41
  42 /**
  43  * A user password (change) bean (controller)
  44  * <p>
  45  * @author Roland Häder<roland@mxchange.org>
  46  */
  47 @Named ("userPasswordController")
  48 @RequestScoped
  49 public class PizzaUserPasswordWebRequestBean extends BasePizzaBean implements PizzaUserPasswordWebRequestController {
  50
  51         /**
  52          * Serial number
  53          */
  54         private static final long serialVersionUID = 15_267_867_367_501L;
  55
  56         /**
  57          * Features controller
  58          */
  59         @Inject
  60         private PizzaFeaturesWebApplicationController featureController;
  61
  62         /**
  63          * Remote user bean
  64          */
  65         @EJB (lookup = "java:global/addressbook-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote")
  66         private UserSessionBeanRemote userBean;
  67
  68         /**
  69          * Current password (for confirmation of password change)
  70          */
  71         private String userCurrentPassword;
  72
  73         /**
  74          * Login bean (controller)
  75          */
  76         @Inject
  77         private PizzaUserLoginWebSessionController userLoginController;
  78
  79         /**
  80          * User password (clear-text from web form)
  81          */
  82         private String userPassword;
  83
  84         /**
  85          * User password repeated (clear-text from web form)
  86          */
  87         private String userPasswordRepeat;
  88
  89         /**
  90          * Event being fired when user's password has been updated
  91          */
  92         @Any
  93         @Inject
  94         private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
  95
  96         /**
  97          * Default constructor
  98          */
  99         public PizzaUserPasswordWebRequestBean () {
 100                 // Call super constructor
 101                 super();
 102         }
 103
 104         /**
 105          * Changes logged-in user's password. It must not match with current
 106          * password and should not appear in password history list for X
 107          * (configurable) entries.
 108          * <p>
 109          * @return Redirect outcome
 110          */
 111         public String doChangePassword () {
 112                 // This method shall only be called if the user is logged-in
 113                 if (!this.userLoginController.isUserLoggedIn()) {
 114                         // Not logged-in
 115                         throw new IllegalStateException("User is not logged-in"); //NOI18N
 116                 } else if (!this.isRequiredChangePasswordSet()) {
 117                         // Not all required fields are set
 118                         throw new FaceletException("Not all required fields are set."); //NOI18N
 119                 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
 120                         // Password not matching
 121                         throw new FaceletException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
 122                 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
 123                         // Editing is not allowed
 124                         throw new IllegalStateException("User tried to change password."); //NOI18N
 125                 } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
 126                         // Password mismatches
 127                         this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password."); //NOI18N
 128
 129                         // Clear bean
 130                         this.clear();
 131
 132                         // No redirect
 133                         return ""; //NOI18N
 134                 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
 135                         // Both entered passwords don't match
 136                         this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch."); //NOI18N
 137
 138                         // Clear bean
 139                         this.clear();
 140
 141                         // No redirect
 142                         return ""; //NOI18N
 143                 } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
 144                         // New password matches current
 145                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password."); //NOI18N
 146
 147                         // Clear bean
 148                         this.clear();
 149
 150                         // No redirect
 151                         return ""; //NOI18N
 152                 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
 153                         // Is already in list (to old passwords are ignored)
 154                         this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago."); //NOI18N
 155
 156                         // Clear bean
 157                         this.clear();
 158
 159                         // No redirect
 160                         return ""; //NOI18N
 161                 }
 162
 163                 // Get user instance
 164                 final User user = this.userLoginController.getLoggedInUser();
 165
 166                 // Encrypt password
 167                 final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword());
 168
 169                 // Set it in user
 170                 user.setUserEncryptedPassword(encryptedPassword);
 171
 172                 try {
 173                         // Get base URL
 174                         final String baseUrl = FacesUtils.generateBaseUrl();
 175
 176                         // All is set, then update password
 177                         PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
 178
 179                         // Fire event
 180                         this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword()));
 181                 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
 182                         // Clear bean
 183                         this.clear();
 184
 185                         // Throw again
 186                         throw new FaceletException(ex);
 187                 }
 188
 189                 // Clear bean
 190                 this.clear();
 191
 192                 // Return outcome
 193                 return "login_data_saved"; //NOI18N
 194         }
 195
 196         /**
 197          * Getter for current clear-text user password
 198          * <p>
 199          * @return Current clear-text user password
 200          */
 201         public String getUserCurrentPassword () {
 202                 return this.userCurrentPassword;
 203         }
 204
 205         /**
 206          * Setter for current clear-text user password
 207          * <p>
 208          * @param userCurrentPassword Current clear-text user password
 209          */
 210         public void setUserCurrentPassword (final String userCurrentPassword) {
 211                 this.userCurrentPassword = userCurrentPassword;
 212         }
 213
 214         /**
 215          * Getter for clear-text user password
 216          * <p>
 217          * @return Clear-text user password
 218          */
 219         public String getUserPassword () {
 220                 return this.userPassword;
 221         }
 222
 223         /**
 224          * Setter for clear-text user password
 225          * <p>
 226          * @param userPassword Clear-text user password
 227          */
 228         public void setUserPassword (final String userPassword) {
 229                 this.userPassword = userPassword;
 230         }
 231
 232         /**
 233          * Getter for clear-text user password repeated
 234          * <p>
 235          * @return Clear-text user password repeated
 236          */
 237         public String getUserPasswordRepeat () {
 238                 return this.userPasswordRepeat;
 239         }
 240
 241         /**
 242          * Setter for clear-text user password repeated
 243          * <p>
 244          * @param userPasswordRepeat Clear-text user password repeated
 245          */
 246         public void setUserPasswordRepeat (final String userPasswordRepeat) {
 247                 this.userPasswordRepeat = userPasswordRepeat;
 248         }
 249
 250         @Override
 251         public boolean isRequiredChangePasswordSet () {
 252                 // Is all data set?
 253                 return ((this.getUserCurrentPassword() != null) &&
 254                                 (!this.getUserCurrentPassword().isEmpty()) &&
 255                                 (this.getUserPassword() != null) &&
 256                                 (!this.getUserPassword().isEmpty()) &&
 257                                 (this.getUserPasswordRepeat() != null) &&
 258                                 (!this.getUserPasswordRepeat().isEmpty()));
 259         }
 260
 261         /**
 262          * Clears this bean
 263          */
 264         private void clear () {
 265                 // Clear all data
 266                 this.setUserPassword(null);
 267                 this.setUserPasswordRepeat(null);
 268         }
 269
 270 }