X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2Fjava%2Forg%2Fmxchange%2Fjjobs%2Fbeans%2Fuser%2Fpassword%2FJobsUserPasswordWebRequestBean.java;h=42fa746f8e24474f374df169722aae2311582679;hb=7f47d8c52a333a812c65df514a613bc6a8559de8;hp=b82eb125a43e8e90352961c1ce6af11dc5203ff7;hpb=d5fda2ab63061743d025611b5751a8346e11c698;p=jjobs-war.git diff --git a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java index b82eb125..42fa746f 100644 --- a/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java +++ b/src/java/org/mxchange/jjobs/beans/user/password/JobsUserPasswordWebRequestBean.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016 Roland Häder + * Copyright (C) 2016 - 2020 Free Software Foundation * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -17,28 +17,28 @@ package org.mxchange.jjobs.beans.user.password; import java.util.Objects; +import javax.ejb.EJB; import javax.enterprise.context.RequestScoped; import javax.enterprise.event.Event; import javax.enterprise.inject.Any; -import javax.faces.view.facelets.FaceletException; +import javax.faces.FacesException; +import javax.faces.application.FacesMessage; import javax.inject.Inject; import javax.inject.Named; -import javax.naming.Context; -import javax.naming.InitialContext; -import javax.naming.NamingException; import org.mxchange.jcoreee.utils.FacesUtils; -import org.mxchange.jjobs.beans.BaseJobsController; +import org.mxchange.jjobs.beans.BaseJobsBean; import org.mxchange.jjobs.beans.features.JobsFeaturesWebApplicationController; -import org.mxchange.jjobs.beans.login.JobsUserLoginWebSessionController; -import org.mxchange.jusercore.events.user.password_change.UpdatedUserPasswordEvent; +import org.mxchange.jjobs.beans.user.login.JobsUserLoginWebSessionController; import org.mxchange.jusercore.exceptions.UserNotFoundException; import org.mxchange.jusercore.exceptions.UserStatusLockedException; import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException; import org.mxchange.jusercore.model.user.User; import org.mxchange.jusercore.model.user.UserSessionBeanRemote; -import org.mxchange.jusercore.model.user.UserUtils; import org.mxchange.jusercore.model.user.password_history.PasswordHistory; -import org.mxchange.jusercore.events.user.password_change.ObservableUpdatedUserPasswordEvent; +import org.mxchange.juserlogincore.events.user.password_change.ObservableUpdatedUserPasswordEvent; +import org.mxchange.juserlogincore.events.user.password_change.UpdatedUserPasswordEvent; +import org.mxchange.juserlogincore.exceptions.UserPasswordMismatchException; +import org.mxchange.juserlogincore.login.UserLoginUtils; /** * A user password (change) controller (bean) @@ -47,7 +47,7 @@ import org.mxchange.jusercore.events.user.password_change.ObservableUpdatedUserP */ @Named ("userPasswordController") @RequestScoped -public class JobsUserPasswordWebRequestBean extends BaseJobsController implements JobsUserPasswordWebRequestController { +public class JobsUserPasswordWebRequestBean extends BaseJobsBean implements JobsUserPasswordWebRequestController { /** * Serial number @@ -63,21 +63,27 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement /** * Remote user bean */ - private final UserSessionBeanRemote userBean; + @EJB (lookup = "java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote") + private UserSessionBeanRemote userBean; /** - * Login controller (bean) + * Current password (for confirmation of password change) + */ + private String userCurrentPassword; + + /** + * Login bean (controller) */ @Inject private JobsUserLoginWebSessionController userLoginController; /** - * User password (unencrypted from web form) + * User password (clear-text from web form) */ private String userPassword; /** - * User password repeated (unencrypted from web form) + * User password repeated (clear-text from web form) */ private String userPasswordRepeat; @@ -92,20 +98,17 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement * Default constructor */ public JobsUserPasswordWebRequestBean () { - // Try it - try { - // Get initial context - Context context = new InitialContext(); - - // Try to lookup - this.userBean = (UserSessionBeanRemote) context.lookup("java:global/jjobs-ejb/user!org.mxchange.jusercore.model.user.UserSessionBeanRemote"); //NOI18N - } catch (final NamingException e) { - // Throw again - throw new FaceletException(e); - } + // Call super constructor + super(); } - @Override + /** + * Changes logged-in user's password. It must not match with current + * password and should not appear in password history list for X + * (configurable) entries. + *

+ * @return Redirect outcome + */ public String doChangePassword () { // This method shall only be called if the user is logged-in if (!this.userLoginController.isUserLoggedIn()) { @@ -113,113 +116,137 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement throw new IllegalStateException("User is not logged-in"); //NOI18N } else if (!this.isRequiredChangePasswordSet()) { // Not all required fields are set - throw new FaceletException("Not all required fields are set."); //NOI18N + throw new FacesException("Not all required fields are set."); //NOI18N } else if (!this.userLoginController.ifCurrentPasswordMatches()) { + // Password not matching + throw new FacesException(new UserPasswordMismatchException(this.userLoginController.getLoggedInUser())); + } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N + // Editing is not allowed + throw new IllegalStateException("User tried to change password."); //NOI18N + } else if (!UserLoginUtils.ifPasswordMatches(this.getUserCurrentPassword(), this.userLoginController.getLoggedInUser())) { // Password mismatches - this.showFacesMessage("form_user_change_password:userCurrentPassword", "ERROR_USER_CURRENT_PASSWORD_MISMATCHING"); //NOI18N + this.showFacesMessage("form_user_change_password:userCurrentPassword", "Entered current password does not matched stored password.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N - } else if (!this.featureController.isFeatureEnabled("change_user_password")) { //NOI18N - // Editing is not allowed - throw new IllegalStateException("User tried to change password."); //NOI18N } else if (!Objects.equals(this.getUserPassword(), this.getUserPasswordRepeat())) { // Both entered passwords don't match - this.showFacesMessage("form_user_change_password:userPasswordRepeat", "ERROR_USER_NEW_PASSWORDS_MISMATCH"); //NOI18N + this.showFacesMessage("form_user_change_password:userPasswordRepeat", "Entered new passwords mismatch.", FacesMessage.SEVERITY_ERROR); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N - } else if (Objects.equals(this.userLoginController.getUserCurrentPassword(), this.getUserPassword())) { + } else if (Objects.equals(this.getUserCurrentPassword(), this.getUserPassword())) { // New password matches current - this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_SAME_AS_CURRENT"); //NOI18N + this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is same as current password.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N } else if (this.userLoginController.isPasswordInHistory(this.getUserPassword())) { // Is already in list (to old passwords are ignored) - this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_NEW_PASSWORD_ALREADY_ENTERED"); //NOI18N + this.showFacesMessage("form_user_change_password:userPassword", "Entered new password is has already been used some time ago.", FacesMessage.SEVERITY_WARN); //NOI18N // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // No redirect return ""; //NOI18N - } else if (this.isWeakPassword(this.getUserPassword())) { - // Password is to weak - this.showFacesMessage("form_user_change_password:userPassword", "ERROR_USER_PASSWORD_TO_WEAK"); //NOI18N - - // Clear bean - this.userLoginController.setUserCurrentPassword(null); - this.clear(); - - // Skip it - return ""; //NOI18N } // Get user instance - User user = this.userLoginController.getLoggedInUser(); + final User user = this.userLoginController.getLoggedInUser(); // Encrypt password - String encryptedPassword = UserUtils.encryptPassword(this.getUserPassword()); + final String encryptedPassword = UserLoginUtils.encryptPassword(this.getUserPassword()); // Set it in user - user.setUserMustChangePassword(Boolean.FALSE); user.setUserEncryptedPassword(encryptedPassword); + // Init variable + final PasswordHistory passwordHistory; + try { // Get base URL - String baseUrl = FacesUtils.generateBaseUrl(); + final String baseUrl = FacesUtils.generateBaseUrl(); // All is set, then update password - PasswordHistory passwordHistory = this.userBean.updateUserPassword(user, baseUrl); - - // Fire event - this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory)); + passwordHistory = this.userBean.updateUserPassword(user, baseUrl); } catch (final UserNotFoundException | UserStatusUnconfirmedException | UserStatusLockedException ex) { // Clear bean - this.userLoginController.setUserCurrentPassword(null); this.clear(); // Throw again - throw new FaceletException(ex); + throw new FacesException(ex); } + // Fire event + this.userUpdatedPasswordEvent.fire(new UpdatedUserPasswordEvent(passwordHistory, this.getUserPassword())); + // Clear bean this.clear(); // Return outcome - return "user_data_saved"; //NOI18N + return "login_data_saved"; //NOI18N } - @Override + /** + * Getter for current clear-text user password + *

+ * @return Current clear-text user password + */ + public String getUserCurrentPassword () { + return this.userCurrentPassword; + } + + /** + * Setter for current clear-text user password + *

+ * @param userCurrentPassword Current clear-text user password + */ + public void setUserCurrentPassword (final String userCurrentPassword) { + this.userCurrentPassword = userCurrentPassword; + } + + /** + * Getter for clear-text user password + *

+ * @return Clear-text user password + */ public String getUserPassword () { return this.userPassword; } - @Override + /** + * Setter for clear-text user password + *

+ * @param userPassword Clear-text user password + */ public void setUserPassword (final String userPassword) { this.userPassword = userPassword; } - @Override + /** + * Getter for clear-text user password repeated + *

+ * @return Clear-text user password repeated + */ public String getUserPasswordRepeat () { return this.userPasswordRepeat; } - @Override + /** + * Setter for clear-text user password repeated + *

+ * @param userPasswordRepeat Clear-text user password repeated + */ public void setUserPasswordRepeat (final String userPasswordRepeat) { this.userPasswordRepeat = userPasswordRepeat; } @@ -227,8 +254,8 @@ public class JobsUserPasswordWebRequestBean extends BaseJobsController implement @Override public boolean isRequiredChangePasswordSet () { // Is all data set? - return ((this.userLoginController.getUserCurrentPassword() != null) && - (!this.userLoginController.getUserCurrentPassword().isEmpty()) && + return ((this.getUserCurrentPassword() != null) && + (!this.getUserCurrentPassword().isEmpty()) && (this.getUserPassword() != null) && (!this.getUserPassword().isEmpty()) && (this.getUserPasswordRepeat() != null) &&