From: Roland Haeder <roland@mxchange.org>
Date: Sun, 13 Mar 2016 14:02:38 +0000 (+0100)
Subject: Continued with email change:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=01ccdc234ff0401fabf8ab3cfe7b38d412165f5f;p=jjobs-ejb.git

Continued with email change:
- introduced generateSecureHash() which generates a unique, secure hash
- added sanity-check on email address itself
- TODO: Email validation by regex missing
- updated jar(s)
---

diff --git a/lib/juser-core.jar b/lib/juser-core.jar
index cce1526..0ec158a 100644
Binary files a/lib/juser-core.jar and b/lib/juser-core.jar differ
diff --git a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
index f2c08f9..1a67eb1 100644
--- a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
+++ b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
@@ -17,6 +17,7 @@
 package org.mxchange.jusercore.model.email_address;
 
 import java.text.MessageFormat;
+import java.util.GregorianCalendar;
 import java.util.List;
 import javax.ejb.EJB;
 import javax.ejb.EJBException;
@@ -25,6 +26,7 @@ import javax.persistence.NoResultException;
 import javax.persistence.Query;
 import org.mxchange.jcoreee.database.BaseDatabaseBean;
 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
+import org.mxchange.jusercore.model.user.UserUtils;
 
 /**
  * A session bean for changing email addresses
@@ -58,7 +60,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		this.getLoggerBeanLocal().logTrace("allQueuedAddressesAsList: CALLED!"); //NOI18N
 
 		// Get named query
-		Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class);
+		Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class); //NOI18N
 
 		// Get all entries
 		List<String> emailAddresses = query.getResultList();
@@ -75,18 +77,25 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		// Trace message
 		this.getLoggerBeanLocal().logTrace(MessageFormat.format("enqueueEmailAddressForChange: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-		// user should not be null
+		// Email address change should be valid
 		if (null == emailAddress) {
 			// Abort here
 			throw new NullPointerException("emailAddress is null"); //NOI18N
 		} else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
 			// User does not exist
 			throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
 		} else if (this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
 			// Email address is already enqueued
-			throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress()));
+			throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress())); //NOI18N
 		}
 
+		// The email change is not (yet) there, add secure hash and "created" timestamp
+		emailAddress.setEmailChangeCreated(new GregorianCalendar());
+		this.generateSecureHash(emailAddress);
+
 		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
 	}
 
@@ -128,7 +137,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		// Trace message
 		this.getLoggerBeanLocal().logTrace(MessageFormat.format("updateEmailAddress: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-		// user should not be null
+		// Email address change should be valid
 		if (null == emailAddress) {
 			// Abort here
 			throw new NullPointerException("emailAddress is null"); //NOI18N
@@ -138,15 +147,69 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		} else if (emailAddress.getEmailChangeId() < 1) {
 			// Not valid
 			throw new IllegalArgumentException(MessageFormat.format("emailAddress.emailChangeId={0} is not valid.", emailAddress.getEmailChangeId())); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
 		} else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
 			// User does not exist
 			throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
 		} else if (!this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
 			// Email address is not enqueued
-			throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress()));
+			throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress())); //NOI18N
 		}
 
 		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
 	}
 
+	/**
+	 * Generates a secure, unique hash for given email address change. This
+	 * requires to check if the hash is really not there.
+	 * <p>
+	 * @param emailAddress Email address change
+	 */
+	private void generateSecureHash (final ChangeableEmailAddress emailAddress) {
+		// Email address change should be valid
+		if (null == emailAddress) {
+			// Abort here
+			throw new NullPointerException("emailAddress is null"); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
+		}
+
+		// Initialize loop with null
+		String hash = null;
+
+		// Default is not used
+		boolean isUsed = true;
+
+		// Search for free hash
+		while (isUsed) {
+			// Generate hash, there is already in UserUtils a nice method that can be used for this purpose.
+			hash = UserUtils.encryptPassword(String.format("%s:%s", emailAddress.getEmailAddress(), emailAddress.toString())); //NOI18N
+
+			// The hash *may* be unique, better test it
+			Query query = this.getEntityManager().createNamedQuery("SearchEmailChangeByHash", EmailAddressChange.class); //NOI18N
+
+			// Set hash as parameter
+			query.setParameter("hash", hash); //NOI18N
+
+			// Try to get single result
+			try {
+				// Get single result
+				ChangeableEmailAddress dummy = (ChangeableEmailAddress) query.getSingleResult();
+			} catch (final NoResultException ex) {
+				// Not found
+				isUsed = false;
+			}
+		}
+
+		// hash should not be null and set
+		assert (hash != null) : "hash is null"; //NOI18N
+		assert (!hash.isEmpty()) : "hash is empty"; //NOI18N
+
+		// Set it in email change
+		emailAddress.setEmailChangeHash(hash);
+	}
+
 }