/*
- * Copyright (C) 2016 Roland Haeder
+ * Copyright (C) 2016 - 2020 Free Software Foundation
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
package org.mxchange.jjobs.beans.user.password;
import java.util.Objects;
+import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped;
import javax.enterprise.event.Event;
import javax.enterprise.inject.Any;
-import javax.faces.view.facelets.FaceletException;
+import javax.faces.FacesException;
+import javax.faces.application.FacesMessage;
import javax.inject.Inject;
import javax.inject.Named;
-import javax.naming.Context;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
import org.mxchange.jcoreee.utils.FacesUtils;
-import org.mxchange.jjobs.beans.BaseJobsController;
+import org.mxchange.jjobs.beans.BaseJobsBean;
import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController;
-import org.mxchange.jjobs.beans.login.JobsUserLoginWebSessionController;
-import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent;
-import org.mxchange.jusercore.events.user.password_change.UserUpdatedPasswordEvent;
+import org.mxchange.jjobs.beans.user.login.JobsUserLoginWebSessionController;
import org.mxchange.jusercore.exceptions.UserNotFoundException;
import org.mxchange.jusercore.exceptions.UserStatusLockedException;
import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
import org.mxchange.jusercore.model.user.User;
import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
-import org.mxchange.jusercore.model.user.UserUtils;
import org.mxchange.jusercore.model.user.password_history.PasswordHistory;
+import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent;
+import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent;
+import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException;
+import org.mxchange.juserlogincore.login.UserLoginUtils;
/**
* A user password (change) controller (bean)
* <p>
- * @author Roland Haeder<roland@mxchange.org>
+ * @author Roland Hรคder<roland@mxchange.org>
*/
@Named ("userPasswordController")
@RequestScoped
-public class JobsUserPasswordWebRequestBean extends BaseJobsController implements JobsUserPasswordWebRequestController {
+public class JobsUserPasswordWebRequestBean extends BaseJobsBean implements JobsUserPasswordWebRequestController {
/**
* Serial number
/**
* Remote user bean
*/
- private final UserSessionBeanRemote userBean;
+ @EJB (lookup = "java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote")
+ private UserSessionBeanRemote userBean;
/**
- * Login controller (bean)
+ * Current password (for confirmation of password change)
+ */
+ private String userCurrentPassword;
+
+ /**
+ * Login bean (controller)
*/
@Inject
private JobsUserLoginWebSessionController userLoginController;
/**
- * User password (unencrypted from web form)
+ * User password (clear-text from web form)
*/
private String userPassword;
/**
- * User password repeated (unencrypted from web form)
+ * User password repeated (clear-text from web form)
*/
private String userPasswordRepeat;
*/
@Any
@Inject
- private Event<UpdatedUserPasswordEvent> userUpdatedPasswordEvent;
+ private Event<ObservableUpdatedUserPasswordEvent> userUpdatedPasswordEvent;
/**
* Default constructor
*/
public JobsUserPasswordWebRequestBean () {
- // Try it
- try {
- // Get initial context
- Context context = new InitialContext();
-
- // Try to lookup
- this.userBean = (UserSessionBeanRemote) context.lookup("java:global/jlandingpage-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N
- } catch (final NamingException e) {
- // Throw again
- throw new FaceletException(e);
- }
+ // Call super constructor
+ super();
}
- @Override
+ /**
+ * Changes logged-in user's password. It must not match with current
+ * password and should not appear in password history list for X
+ * (configurable) entries.
+ * <p>
+ * @return Redirect outcome
+ */
public String doChangePassword () {
// This method shall only be called if the user is logged-in
if (!this.userLoginController.isUserLoggedIn()) {
throw new IllegalStateException("User is not logged-in"); //NOI18N
} else if (!this.isRequiredChangePasswordSet()) {
// Not all required fields are set
- throw new FaceletException("Not all required fields are set."); //NOI18N
+ throw new FacesException("Not all required fields are set."); //NOI18N
} else if (!this.userLoginController.ifCurrentPasswordMatches()) {
+ // Password not matching
+ throw new FacesException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser()));
+ } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
+ // Editing is not allowed
+ throw new IllegalStateException("User tried to change password."); //NOI18N
+ } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) {
// Password mismatches
- this.showFacesMessage("form_user_change_password:userCurrentPassword", "ERROR_USER_CURRENT_PASSWORD_MISMATCHING"); //NOI18N
+ this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password.", FacesMessage.SEVERITY_WARN); //NOI18N
// Clear bean
- this.userLoginController.setUserCurrentPassword(null);
this.clear();
// No redirect
return ""; //NOI18N
- } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N
- // Editing is not allowed
- throw new IllegalStateException("User tried to change password."); //NOI18N
} else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) {
// Both entered passwords don't match
- this.showFacesMessage("form_user_change_password:userPasswordRepeat", "ERROR_USER_NEW_PASSWORDS_MISMATCH"); //NOI18N
+ this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch.", FacesMessage.SEVERITY_ERROR); //NOI18N
// Clear bean
- this.userLoginController.setUserCurrentPassword(null);
this.clear();
// No redirect
return ""; //NOI18N
- } else if (Objects.equals(this.userLoginController.getUserCurrentPassword(), this.getUserPassword())) {
+ } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) {
// New password matches current
- this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_SAME_AS_CURRENT"); //NOI18N
+ this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password.", FacesMessage.SEVERITY_WARN); //NOI18N
// Clear bean
- this.userLoginController.setUserCurrentPassword(null);
this.clear();
// No redirect
return ""; //NOI18N
} else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) {
// Is already in list (to old passwords are ignored)
- this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_ALREADY_ENTERED"); //NOI18N
+ this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago.", FacesMessage.SEVERITY_WARN); //NOI18N
// Clear bean
- this.userLoginController.setUserCurrentPassword(null);
this.clear();
// No redirect
}
// Get user instance
- User user = this.userLoginController.getLoggedInUser();
+ final User user = this.userLoginController.getLoggedInUser();
// Encrypt password
- String encryptedPassword = UserUtils.encryptPassword(this.getUserPassword());
+ final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword());
// Set it in user
- user.setUserMustChangePassword(Boolean.FALSE);
user.setUserEncryptedPassword(encryptedPassword);
+ // Init variable
+ final PasswordHistory passwordHistory;
+
try {
// Get base URL
- String baseUrl = FacesUtils.generateBaseUrl();
+ final String baseUrl = FacesUtils.generateBaseUrl();
// All is set, then update password
- PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
-
- // Fire event
- this.userUpdatedPasswordEvent.fire(new UserUpdatedPasswordEvent(passwordHistory));
+ passwordHistory = this.userBean.updateUserPassword(user, baseUrl);
} catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) {
// Clear bean
- this.userLoginController.setUserCurrentPassword(null);
this.clear();
// Throw again
- throw new FaceletException(ex);
+ throw new FacesException(ex);
}
+ // Fire event
+ this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword()));
+
// Clear bean
this.clear();
return "login_data_saved"; //NOI18N
}
- @Override
+ /**
+ * Getter for current clear-text user password
+ * <p>
+ * @return Current clear-text user password
+ */
+ public String getUserCurrentPassword () {
+ return this.userCurrentPassword;
+ }
+
+ /**
+ * Setter for current clear-text user password
+ * <p>
+ * @param userCurrentPassword Current clear-text user password
+ */
+ public void setUserCurrentPassword (final String userCurrentPassword) {
+ this.userCurrentPassword = userCurrentPassword;
+ }
+
+ /**
+ * Getter for clear-text user password
+ * <p>
+ * @return Clear-text user password
+ */
public String getUserPassword () {
return this.userPassword;
}
- @Override
+ /**
+ * Setter for clear-text user password
+ * <p>
+ * @param userPassword Clear-text user password
+ */
public void setUserPassword (final String userPassword) {
this.userPassword = userPassword;
}
- @Override
+ /**
+ * Getter for clear-text user password repeated
+ * <p>
+ * @return Clear-text user password repeated
+ */
public String getUserPasswordRepeat () {
return this.userPasswordRepeat;
}
- @Override
+ /**
+ * Setter for clear-text user password repeated
+ * <p>
+ * @param userPasswordRepeat Clear-text user password repeated
+ */
public void setUserPasswordRepeat (final String userPasswordRepeat) {
this.userPasswordRepeat = userPasswordRepeat;
}
@Override
public boolean isRequiredChangePasswordSet () {
// Is all data set?
- return ((this.userLoginController.getUserCurrentPassword() != null) &&
- (!this.userLoginController.getUserCurrentPassword().isEmpty()) &&
+ return ((this.getUserCurrentPassword() != null) &&
+ (!this.getUserCurrentPassword().isEmpty()) &&
(this.getUserPassword() != null) &&
(!this.getUserPassword().isEmpty()) &&
(this.getUserPasswordRepeat() != null) &&