Continued with email change:

- introduced generateSecureHash() which generates a unique, secure hash
- added sanity-check on email address itself
- TODO: Email validation by regex missing
- updated jar(s)

diff --git a/lib/juser-core.jar b/lib/juser-core.jar
index cce1526b2f263662b877473253f05b3b4252f099..0ec158aec46f5e2cb152081a1e03136da2eb0fb9 100644 (file)
Binary files a/lib/juser-core.jar and b/lib/juser-core.jar differ

diff --git a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
index f2c08f95365f1b1a862567c998fa17a1cc07a6b4..1a67eb186c0c63fc2dea262b105ea6bd1745de23 100644 (file)
--- a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
+++ b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
@@ -17,6 +17,7 @@
 package org.mxchange.jusercore.model.email_address;
 
 import java.text.MessageFormat;
+import java.util.GregorianCalendar;
 import java.util.List;
 import javax.ejb.EJB;
 import javax.ejb.EJBException;
@@ -25,6 +26,7 @@ import javax.persistence.NoResultException;
 import javax.persistence.Query;
 import org.mxchange.jcoreee.database.BaseDatabaseBean;
 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
+import org.mxchange.jusercore.model.user.UserUtils;
 
 /**
  * A session bean for changing email addresses
@@ -58,7 +60,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
                this.getLoggerBeanLocal().logTrace("allQueuedAddressesAsList: CALLED!"); //NOI18N
 
                // Get named query
-               Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class);
+               Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class); //NOI18N
 
                // Get all entries
                List<String> emailAddresses = query.getResultList();
@@ -75,18 +77,25 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
                // Trace message
                this.getLoggerBeanLocal().logTrace(MessageFormat.format("enqueueEmailAddressForChange: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-               // user should not be null
+               // Email address change should be valid
                if (null == emailAddress) {
                        // Abort here
                        throw new NullPointerException("emailAddress is null"); //NOI18N
                } else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
                        // User does not exist
                        throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
+               } else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+                       // Email address is empty
+                       throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
                } else if (this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
                        // Email address is already enqueued
-                       throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress()));
+                       throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress())); //NOI18N
                }
 
+               // The email change is not (yet) there, add secure hash and "created" timestamp
+               emailAddress.setEmailChangeCreated(new GregorianCalendar());
+               this.generateSecureHash(emailAddress);
+
                throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
        }
 
@@ -128,7 +137,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
                // Trace message
                this.getLoggerBeanLocal().logTrace(MessageFormat.format("updateEmailAddress: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-               // user should not be null
+               // Email address change should be valid
                if (null == emailAddress) {
                        // Abort here
                        throw new NullPointerException("emailAddress is null"); //NOI18N
@@ -138,15 +147,69 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
                } else if (emailAddress.getEmailChangeId() < 1) {
                        // Not valid
                        throw new IllegalArgumentException(MessageFormat.format("emailAddress.emailChangeId={0} is not valid.", emailAddress.getEmailChangeId())); //NOI18N
+               } else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+                       // Email address is empty
+                       throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
                } else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
                        // User does not exist
                        throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
                } else if (!this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
                        // Email address is not enqueued
-                       throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress()));
+                       throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress())); //NOI18N
                }
 
                throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
        }
 
+       /**
+        * Generates a secure, unique hash for given email address change. This
+        * requires to check if the hash is really not there.
+        * <p>
+        * @param emailAddress Email address change
+        */
+       private void generateSecureHash (final ChangeableEmailAddress emailAddress) {
+               // Email address change should be valid
+               if (null == emailAddress) {
+                       // Abort here
+                       throw new NullPointerException("emailAddress is null"); //NOI18N
+               } else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+                       // Email address is empty
+                       throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
+               }
+
+               // Initialize loop with null
+               String hash = null;
+
+               // Default is not used
+               boolean isUsed = true;
+
+               // Search for free hash
+               while (isUsed) {
+                       // Generate hash, there is already in UserUtils a nice method that can be used for this purpose.
+                       hash = UserUtils.encryptPassword(String.format("%s:%s", emailAddress.getEmailAddress(), emailAddress.toString())); //NOI18N
+
+                       // The hash *may* be unique, better test it
+                       Query query = this.getEntityManager().createNamedQuery("SearchEmailChangeByHash", EmailAddressChange.class); //NOI18N
+
+                       // Set hash as parameter
+                       query.setParameter("hash", hash); //NOI18N
+
+                       // Try to get single result
+                       try {
+                               // Get single result
+                               ChangeableEmailAddress dummy = (ChangeableEmailAddress) query.getSingleResult();
+                       } catch (final NoResultException ex) {
+                               // Not found
+                               isUsed = false;
+                       }
+               }
+
+               // hash should not be null and set
+               assert (hash != null) : "hash is null"; //NOI18N
+               assert (!hash.isEmpty()) : "hash is empty"; //NOI18N
+
+               // Set it in email change
+               emailAddress.setEmailChangeHash(hash);
+       }
+
 }