2 * Copyright (C) 2016 Roland Häder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.pizzaapplication.beans.user.password;
19 import java.util.Objects;
20 import javax.enterprise.context.RequestScoped;
21 import javax.enterprise.event.Event;
22 import javax.enterprise.inject.Any;
23 import javax.faces.view.facelets.FaceletException;
24 import javax.inject.Inject;
25 import javax.inject.Named;
26 import javax.naming.Context;
27 import javax.naming.InitialContext;
28 import javax.naming.NamingException;
29 import org.mxchange.jcoreee.utils.FacesUtils;
30 import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent;
31 import org.mxchange.jusercore.exceptions.UserNotFoundException;
32 import org.mxchange.jusercore.exceptions.UserPasswordMismatchException;
33 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
34 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
35 import org.mxchange.jusercore.model.user.User;
36 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
37 import org.mxchange.jusercore.model.user.UserUtils;
38 import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
39 import org.mxchange.pizzaapplication.beans.BasePizzaController;
40 import org.mxchange.pizzaapplication.beans.features.PizzaFeaturesWebApplicationController;
41 import org.mxchange.pizzaapplication.beans.login.PizzaUserLoginWebSessionController;
42 import org.mxchange.jusercore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
45 * A user password (change) bean (controller)
47 * @author Roland Häder<roland@mxchange.org>
49 @Named ("userPasswordController")
51 public class PizzaUserPasswordWebRequestBean extends BasePizzaController implements PizzaUserPasswordWebRequestController {
56 private static final long serialVersionUID = 15_267_867_367_501L;
62 private PizzaFeaturesWebApplicationController featureController;
67 private final UserSessionBeanRemote userBean;
70 * Current password (for confirmation of password change)
72 private String userCurrentPassword;
75 * Login bean (controller)
78 private PizzaUserLoginWebSessionController userLoginController;
81 * User password (clear-text from web form)
83 private String userPassword;
86 * User password repeated (clear-text from web form)
88 private String userPasswordRepeat;
91 * Event being fired when user's password has been updated
95 private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
100 public PizzaUserPasswordWebRequestBean () {
103 // Get initial context
104 Context context = new InitialContext();
107 this.userBean = (UserSessionBeanRemote) context.lookup("java:global/pizzaservice-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N
108 } catch (final NamingException e) {
110 throw new FaceletException(e);
115 public String doChangePassword () {
116 // This method shall only be called if the user is logged-in
117 if (!this.userLoginController.isUserLoggedIn()) {
119 throw new IllegalStateException("User is not logged-in"); //NOI18N
120 } else if (!this.isRequiredChangePasswordSet()) {
121 // Not all required fields are set
122 throw new FaceletException("Not all required fields are set."); //NOI18N
123 } else if (!this.userLoginController.ifCurrentPasswordMatches()) {
124 // Password not matching
125 throw new FaceletException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
126 } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
127 // Editing is not allowed
128 throw new IllegalStateException("User tried to change password."); //NOI18N
129 } else if (!UserUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
130 // Password mismatches
131 this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password."); //NOI18N
138 } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
139 // Both entered passwords don't match
140 this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch."); //NOI18N
147 } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
148 // New password matches current
149 this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password."); //NOI18N
156 } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
157 // Is already in list (to old passwords are ignored)
158 this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago."); //NOI18N
168 User user = this.userLoginController.getLoggedInUser();
171 String encryptedPassword = UserUtils.encryptPassword(this.getUserPassword());
174 user.setUserEncryptedPassword(encryptedPassword);
178 String baseUrl = FacesUtils.generateBaseUrl();
180 // All is set, then update password
181 PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
184 this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory));
185 } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
190 throw new FaceletException(ex);
197 return "login_data_saved"; //NOI18N
201 public String getUserCurrentPassword () {
202 return this.userCurrentPassword;
206 public void setUserCurrentPassword (final String userCurrentPassword) {
207 this.userCurrentPassword = userCurrentPassword;
211 public String getUserPassword () {
212 return this.userPassword;
216 public void setUserPassword (final String userPassword) {
217 this.userPassword = userPassword;
221 public String getUserPasswordRepeat () {
222 return this.userPasswordRepeat;
226 public void setUserPasswordRepeat (final String userPasswordRepeat) {
227 this.userPasswordRepeat = userPasswordRepeat;
230 public boolean isRequiredChangePasswordSet () {
232 return ((this.getUserCurrentPassword() != null) &&
233 (!this.getUserCurrentPassword().isEmpty()) &&
234 (this.getUserPassword() != null) &&
235 (!this.getUserPassword().isEmpty()) &&
236 (this.getUserPasswordRepeat() != null) &&
237 (!this.getUserPasswordRepeat().isEmpty()));
243 private void clear () {
245 this.setUserPassword(null);
246 this.setUserPasswordRepeat(null);