X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2Fjava%2Forg%2Fmxchange%2Fjjobs%2Fbeans%2Fuser%2Fpassword%2FJobsUserPasswordWebRequestBean.java;h=42fa746f8e24474f374df169722aae2311582679;hb=7f47d8c52a333a812c65df514a613bc6a8559de8;hp=61b31771a4e3ed74f7831f5bab2f081a3beca25c;hpb=00e21400f78547c5b10f6fe82c5f6dbe0b665469;p=jjobs-war.git diff --git a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java index 61b31771..42fa746f 100644 --- a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java +++ b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Roland Haeder + * Copyright (C) 2016 - 2020 Free Software Foundation * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -17,38 +17,37 @@ package org.mxchange.jjobs.beans.user.password; import java.util.Objects; +import javax.ejb.EJB; import javax.enterprise.context.RequestScoped; import javax.enterprise.event.Event; import javax.enterprise.inject.Any; -import javax.faces.view.facelets.FaceletException; +import javax.faces.FacesException; +import javax.faces.application.FacesMessage; import javax.inject.Inject; import javax.inject.Named; -import javax.naming.Context; -import javax.naming.InitialContext; -import javax.naming.NamingException; import org.mxchange.jcoreee.utils.FacesUtils; -import org.mxchange.jjobs.beans.BaseJobsController; +import org.mxchange.jjobs.beans.BaseJobsBean; import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController; -import org.mxchange.jjobs.beans.login.JobsUserLoginWebSessionController; -import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent; -import org.mxchange.jusercore.events.user.password_change.UserUpdatedPasswordEvent; +import org.mxchange.jjobs.beans.user.login.JobsUserLoginWebSessionController; import org.mxchange.jusercore.exceptions.UserNotFoundException; -import org.mxchange.jusercore.exceptions.UserPasswordMismatchException; import org.mxchange.jusercore.exceptions.UserStatusLockedException; import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException; import org.mxchange.jusercore.model.user.User; import org.mxchange.jusercore.model.user.UserSessionBeanRemote; -import org.mxchange.jusercore.model.user.UserUtils; import org.mxchange.jusercore.model.user.password_history.PasswordHistory; +import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent; +import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent; +import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException; +import org.mxchange.juserlogincore.login.UserLoginUtils; /** * A user password (change) controller (bean) *

- * @author Roland Haeder + * @author Roland Häder */ @Named ("userPasswordController") @RequestScoped -public class JobsUserPasswordWebRequestBean extends BaseJobsController implements JobsUserPasswordWebRequestController { +public class JobsUserPasswordWebRequestBean extends BaseJobsBean implements JobsUserPasswordWebRequestController { /** * Serial number @@ -64,21 +63,27 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement /** * Remote user bean */ - private final UserSessionBeanRemote userBean; + @EJB (lookup = "java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote") + private UserSessionBeanRemote userBean; /** - * Login controller (bean) + * Current password (for confirmation of password change) + */ + private String userCurrentPassword; + + /** + * Login bean (controller) */ @Inject private JobsUserLoginWebSessionController userLoginController; /** - * User password (unencrypted from web form) + * User password (clear-text from web form) */ private String userPassword; /** - * User password repeated (unencrypted from web form) + * User password repeated (clear-text from web form) */ private String userPasswordRepeat; @@ -87,26 +92,23 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement */ @Any @Inject - private Event userUpdatedPasswordEvent; + private Event userUpdatedPasswordEvent; /** * Default constructor */ public JobsUserPasswordWebRequestBean () { - // Try it - try { - // Get initial context - Context context = new InitialContext(); - - // Try to lookup - this.userBean = (UserSessionBeanRemote) context.lookup("java:global/jlandingpage-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N - } catch (final NamingException e) { - // Throw again - throw new FaceletException(e); - } + // Call super constructor + super(); } - @Override + /** + * Changes logged-in user's password. It must not match with current + * password and should not appear in password history list for X + * (configurable) entries. + *

+ * @return Redirect outcome + */ public String doChangePassword () { // This method shall only be called if the user is logged-in if (!this.userLoginController.isUserLoggedIn()) { @@ -114,49 +116,45 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement throw new IllegalStateException("User is not logged-in"); //NOI18N } else if (!this.isRequiredChangePasswordSet()) { // Not all required fields are set - throw new FaceletException("Not all required fields are set."); //NOI18N + throw new FacesException("Not all required fields are set."); //NOI18N } else if (!this.userLoginController.ifCurrentPasswordMatches()) { // Password not matching - throw new FaceletException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser())); + throw new FacesException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser())); } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N // Editing is not allowed throw new IllegalStateException("User tried to change password."); //NOI18N - } else if (!UserUtils.ifPasswordMatches(this.userLoginController.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) { + } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) { // Password mismatches - this.showFacesMessage("form_user_change_password:userCurrentPassword", "ERROR_USER_CURRENT_PASSWORD_MISMATCHING"); //NOI18N + this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) { // Both entered passwords don't match - this.showFacesMessage("form_user_change_password:userPasswordRepeat", "ERROR_USER_NEW_PASSWORDS_MISMATCH"); //NOI18N + this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch.", FacesMessage.SEVERITY_ERROR); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N - } else if (Objects.equals(this.userLoginController.getUserCurrentPassword(), this.getUserPassword())) { + } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) { // New password matches current - this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_SAME_AS_CURRENT"); //NOI18N + this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) { // Is already in list (to old passwords are ignored) - this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_ALREADY_ENTERED"); //NOI18N + this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect @@ -164,33 +162,34 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement } // Get user instance - User user = this.userLoginController.getLoggedInUser(); + final User user = this.userLoginController.getLoggedInUser(); // Encrypt password - String encryptedPassword = UserUtils.encryptPassword(this.getUserPassword()); + final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword()); // Set it in user - user.setUserMustChangePassword(Boolean.FALSE); user.setUserEncryptedPassword(encryptedPassword); + // Init variable + final PasswordHistory passwordHistory; + try { // Get base URL - String baseUrl = FacesUtils.generateBaseUrl(); + final String baseUrl = FacesUtils.generateBaseUrl(); // All is set, then update password - PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl); - - // Fire event - this.userUpdatedPasswordEvent.fire(new UserUpdatedPasswordEvent(passwordHistory)); + passwordHistory = this.userBean.updateUserPassword(user, baseUrl); } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) { // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // Throw again - throw new FaceletException(ex); + throw new FacesException(ex); } + // Fire event + this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword())); + // Clear bean this.clear(); @@ -198,22 +197,56 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement return "login_data_saved"; //NOI18N } - @Override + /** + * Getter for current clear-text user password + *

+ * @return Current clear-text user password + */ + public String getUserCurrentPassword () { + return this.userCurrentPassword; + } + + /** + * Setter for current clear-text user password + *

+ * @param userCurrentPassword Current clear-text user password + */ + public void setUserCurrentPassword (final String userCurrentPassword) { + this.userCurrentPassword = userCurrentPassword; + } + + /** + * Getter for clear-text user password + *

+ * @return Clear-text user password + */ public String getUserPassword () { return this.userPassword; } - @Override + /** + * Setter for clear-text user password + *

+ * @param userPassword Clear-text user password + */ public void setUserPassword (final String userPassword) { this.userPassword = userPassword; } - @Override + /** + * Getter for clear-text user password repeated + *

+ * @return Clear-text user password repeated + */ public String getUserPasswordRepeat () { return this.userPasswordRepeat; } - @Override + /** + * Setter for clear-text user password repeated + *

+ * @param userPasswordRepeat Clear-text user password repeated + */ public void setUserPasswordRepeat (final String userPasswordRepeat) { this.userPasswordRepeat = userPasswordRepeat; } @@ -221,8 +254,8 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement @Override public boolean isRequiredChangePasswordSet () { // Is all data set? - return ((this.userLoginController.getUserCurrentPassword() != null) && - (!this.userLoginController.getUserCurrentPassword().isEmpty()) && + return ((this.getUserCurrentPassword() != null) && + (!this.getUserCurrentPassword().isEmpty()) && (this.getUserPassword() != null) && (!this.getUserPassword().isEmpty()) && (this.getUserPasswordRepeat() != null) &&