From 01ccdc234ff0401fabf8ab3cfe7b38d412165f5f Mon Sep 17 00:00:00 2001
From: Roland Haeder <roland@mxchange.org>
Date: Sun, 13 Mar 2016 15:02:38 +0100
Subject: [PATCH] Continued with email change: - introduced
 generateSecureHash() which generates a unique, secure hash - added
 sanity-check on email address itself - TODO: Email validation by regex
 missing - updated jar(s)

---
 lib/juser-core.jar                            | Bin 38859 -> 38967 bytes
 .../JobsEmailChangeSessionBean.java           |  73 ++++++++++++++++--
 2 files changed, 68 insertions(+), 5 deletions(-)

diff --git a/lib/juser-core.jar b/lib/juser-core.jar
index cce1526b2f263662b877473253f05b3b4252f099..0ec158aec46f5e2cb152081a1e03136da2eb0fb9 100644
GIT binary patch
delta 1466
zcmZ9Me@xV69LL|^@ArOiaG=m3C<h#wdKkY1+l0xy<o6xo5h5%maYN#u!;n)FV=CH~
z+%JAScnAf?53A`49hQ|@IBR2Tp{qYMm+Qxtu57Eh)ts&D`8*iR?)Lq>p7;Cnc|PCo
zeV^yKFQ(-4XXJ3ZO;LpcAwcs>Eq&o;rHNz133+O)?;8`vzmj=mtEDVLjg(6mmhuSS
zNjZc#*+NKClG&NZ3~X2qCHWDTt^Hx_#=N{GXDj>;tX4L&R+Wa?l~}53R?38ZK@pAb
zD>ibAR0SN<0oBhEu|wn15O3>CgwBjeQb<=uRtTOl>=3?gS+z`leQdRgc+r?Gc+Zq2
zn7XQ2)DM}b1g$Bvf`*JvRXBgR;+dIWo}Y*YCfLaOik&Az5e<(HUifq{z#qy(fJQwO
zdMWf#=%)m)Gk{STplQdn2$DS*hHwmq;y8v#4wD=v`I;85Ycawilh;lkcxtak3bNbP
z3GC~P&sltC-1Oazb|qdyOhtpEt=?JC;%IW^IUTzi8#Z?oJKRnQ7Utiy=81;1hQ$;m
zOu42UC#N1|*s8^-9w*oqON#Oa#@L~(d^TgzE*;mS8WVc#Lx&!9m}EUMD;};%1iP|6
zYC7iW0a@1$6|V?G2RoNnv-~JD{5^!hhe-Glg8<^ugO%uI=6qlHFs~hf4x@<R_q&wu
zT{QtUCZWYi=<z0Z-@<adjX0c!3GW~S?;;at+3te<;qODnc`U&PFycdYub@!+gq0UX
zvu%ZD^=01WGuBmDD9sA*CilMN-W>O0SW;2C^cDAW)z`RpU3jOs_pPY?t;nqYf%`uS
zKdU%hx+VO5#b)&#?*A(MkGcQ5@TC&7`Va2^Dg1(xbm_kEJ=}i)wFKeMl^7DNP;dYe
z9(Us)4*fUi;)5q^p!8c4;w(7Ke-+Ok#Vc-fFP<^JDc4#zYH4#i%iE2_?^`C+A+-5Q
z_l|c?d)>N_)KdN!W&D+F<vXSv33vu;unp@_i5yfRpRb-B&+>0An&DuVUf!W@<O|?r
zD?3+HM_cEpI4*Y%pVNrLHQv2}jy1d4y@}^pf+vGu_hb{io;<=;&lW<Ww}P<8YbDHh
z?Sv>_72#9Ak-h56q~Qf$iRi5LZzuVjzgEZ@zi6@~P(!XOP)WEPXe6Zcyg(T05lZge
zNy^#VO1LqP(!Li-UF_RW$nI|^ob7KS7};(@4{IU(!`cXK1MdHw+q(mzZ}l;w?6I<S
zN-CSO#j=A|O@!Sh$p&TquZ~Z>!YgLWc|{^KMXA}}4jo$&jH0G#L8ENh^)RDjdxB95
z%fkY}W%5t%h1^^)#xynNDo(#<zrI-m&}G5mXR_;brzozgiqA}|cRAedM<2sgJU3By
cbvvI%*P~NyM;4wg@kj!DZ*ZyRK{xgO7fRaLNB{r;

delta 1320
zcmZ9Le@t6d6vw~sy}ouWEv^OzNI@3&qbQ^ZGuvPb%t4`Luo6UY3?z}bh-{*=0TYR6
zj9XjU!l4up81h3CqS*{8OLU347)^#tOo&WP9Q>h+`iCZNQAVQPbGL-Vm%Q_N=X1}y
z_vOBO7A~k)&Z{<Gxn{5cn}GGn)_$8)yDhNioVqsI|6K;h^-K|IhmyyrSN1bTm4l4y
zN<Jf1En+mNrP|tLD}Agvsc9gNzE>@*e^&S28O@|NgOPk%GN&zC<=tXA;ccy)ZK<I|
zU_NB{MPYUsTaC;cR*%ec<F{&@*VwBi=MoyEH*cv^**}$BXJB4(?3MgGBTq7WdyA|e
zah{j-W_=}@kkf6jiBB#&y1DS`?nGcWjqj>%p0*$nXUsSYzZnS#SVRc&Qy+&AhcJf-
z4~V)1^m7>C*T{rH*3mfF5Vc?kF;0g$9p-ezgi#aTBzxwA^F5E8G%ADhHw!8aaaL5~
zunA*UjMH3EmNtQN^h#bar5!MBp0uJ4Z&}faE-RWaMd76T<Yq>q8T0K2237M(7|?+@
zbdtTeKIIJ<;TKr|b_9`xKBOUp2N0&$i-WciQ9A}R#u1MRN-qg)pMs8Qm@oq?W`%tl
zDR>8|m_r8MMGoFWE-uj3lGC;iq2eRlg9SKnk!sv-<q~~bmPqfro%-iumdo@<X%gLX
zyOb}b&o6cAi^6{`eNU-N`9}K7!hb9LvhZ%@2k8!#IrSCcR%LCZ%%%J!{C@pc;eL}Y
z#p6<bm$i)^r+!oTThdPnzb5?+;r|i-U+Ew6CMX3|<aH=2HF(pl8)sb{k|FOt6CakP
zs#6Z;p%c@3JRgR!ifywUq8~ao(Mpw*GIRqy*{M@u%s9WRebJO%F6OTgdr&F<s}Jd@
z!cJ7<VLXO>JdR@23i||(paCstqU`Pl{b{k|$0*#rgV$N;o{)#S_O%a;n&>%-_wV7R
zBagpOjFaD=!}!E6+vYF-LC*FCDj0!4HDe{<Wn=|?jGkbvY^AJFD*YMEWwo=<b7#as
zp}qosywcZrw@6O(QmCHowNMSi6+Xro4nND#BQiS?Y36Jx(#CN2OI+-Kj<d{x(~Q}H
zQ;alvhH-|TXROn4M$6y}j2{PI{9lJPMw{>FZC?DswYqEs`1WAqn(0la)o2~RTrlKN
zk5-Y=zKvcUN@X)D%+hgToU}4@ubgM&cR~Dwjcca2i|nx?S>syvU3*ll!*|g}31)f=
dsV#PxXZ|eaP_Mr#*J?VFOsT_LjC7Vu{{u(~&hP*L

diff --git a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
index f2c08f9..1a67eb1 100644
--- a/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
+++ b/src/java/org/mxchange/jusercore/model/email_address/JobsEmailChangeSessionBean.java
@@ -17,6 +17,7 @@
 package org.mxchange.jusercore.model.email_address;
 
 import java.text.MessageFormat;
+import java.util.GregorianCalendar;
 import java.util.List;
 import javax.ejb.EJB;
 import javax.ejb.EJBException;
@@ -25,6 +26,7 @@ import javax.persistence.NoResultException;
 import javax.persistence.Query;
 import org.mxchange.jcoreee.database.BaseDatabaseBean;
 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
+import org.mxchange.jusercore.model.user.UserUtils;
 
 /**
  * A session bean for changing email addresses
@@ -58,7 +60,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		this.getLoggerBeanLocal().logTrace("allQueuedAddressesAsList: CALLED!"); //NOI18N
 
 		// Get named query
-		Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class);
+		Query query = this.getEntityManager().createNamedQuery("AllEmailAddressChanges", List.class); //NOI18N
 
 		// Get all entries
 		List<String> emailAddresses = query.getResultList();
@@ -75,18 +77,25 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		// Trace message
 		this.getLoggerBeanLocal().logTrace(MessageFormat.format("enqueueEmailAddressForChange: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-		// user should not be null
+		// Email address change should be valid
 		if (null == emailAddress) {
 			// Abort here
 			throw new NullPointerException("emailAddress is null"); //NOI18N
 		} else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
 			// User does not exist
 			throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
 		} else if (this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
 			// Email address is already enqueued
-			throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress()));
+			throw new EJBException(MessageFormat.format("Email address {0} is already enqueued.", emailAddress.getEmailAddress())); //NOI18N
 		}
 
+		// The email change is not (yet) there, add secure hash and "created" timestamp
+		emailAddress.setEmailChangeCreated(new GregorianCalendar());
+		this.generateSecureHash(emailAddress);
+
 		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
 	}
 
@@ -128,7 +137,7 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		// Trace message
 		this.getLoggerBeanLocal().logTrace(MessageFormat.format("updateEmailAddress: emailAddress={0} - CALLED!", emailAddress)); //NOI18N
 
-		// user should not be null
+		// Email address change should be valid
 		if (null == emailAddress) {
 			// Abort here
 			throw new NullPointerException("emailAddress is null"); //NOI18N
@@ -138,15 +147,69 @@ public class JobsEmailChangeSessionBean extends BaseDatabaseBean implements Emai
 		} else if (emailAddress.getEmailChangeId() < 1) {
 			// Not valid
 			throw new IllegalArgumentException(MessageFormat.format("emailAddress.emailChangeId={0} is not valid.", emailAddress.getEmailChangeId())); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
 		} else if (!this.userBean.ifUserExists(emailAddress.getEmailChangeUser())) {
 			// User does not exist
 			throw new EJBException(MessageFormat.format("Email change with id {0} does not exist.", emailAddress.getEmailChangeId())); //NOI18N
 		} else if (!this.isEmailAddressEnqueued(emailAddress.getEmailAddress())) {
 			// Email address is not enqueued
-			throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress()));
+			throw new EJBException(MessageFormat.format("Email address {0} is not enqueued.", emailAddress.getEmailAddress())); //NOI18N
 		}
 
 		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
 	}
 
+	/**
+	 * Generates a secure, unique hash for given email address change. This
+	 * requires to check if the hash is really not there.
+	 * <p>
+	 * @param emailAddress Email address change
+	 */
+	private void generateSecureHash (final ChangeableEmailAddress emailAddress) {
+		// Email address change should be valid
+		if (null == emailAddress) {
+			// Abort here
+			throw new NullPointerException("emailAddress is null"); //NOI18N
+		} else if (emailAddress.getEmailAddress().trim().isEmpty()) {
+			// Email address is empty
+			throw new IllegalArgumentException("emailAddress.emaiLAddress is empty."); //NOI18N
+		}
+
+		// Initialize loop with null
+		String hash = null;
+
+		// Default is not used
+		boolean isUsed = true;
+
+		// Search for free hash
+		while (isUsed) {
+			// Generate hash, there is already in UserUtils a nice method that can be used for this purpose.
+			hash = UserUtils.encryptPassword(String.format("%s:%s", emailAddress.getEmailAddress(), emailAddress.toString())); //NOI18N
+
+			// The hash *may* be unique, better test it
+			Query query = this.getEntityManager().createNamedQuery("SearchEmailChangeByHash", EmailAddressChange.class); //NOI18N
+
+			// Set hash as parameter
+			query.setParameter("hash", hash); //NOI18N
+
+			// Try to get single result
+			try {
+				// Get single result
+				ChangeableEmailAddress dummy = (ChangeableEmailAddress) query.getSingleResult();
+			} catch (final NoResultException ex) {
+				// Not found
+				isUsed = false;
+			}
+		}
+
+		// hash should not be null and set
+		assert (hash != null) : "hash is null"; //NOI18N
+		assert (!hash.isEmpty()) : "hash is empty"; //NOI18N
+
+		// Set it in email change
+		emailAddress.setEmailChangeHash(hash);
+	}
+
 }
-- 
2.39.5