LuteceDefaultAdminUserDAO.java

  1. /*
  2.  * Copyright (c) 2002-2022, City of Paris
  3.  * All rights reserved.
  4.  *
  5.  * Redistribution and use in source and binary forms, with or without
  6.  * modification, are permitted provided that the following conditions
  7.  * are met:
  8.  *
  9.  *  1. Redistributions of source code must retain the above copyright notice
  10.  *     and the following disclaimer.
  11.  *
  12.  *  2. Redistributions in binary form must reproduce the above copyright notice
  13.  *     and the following disclaimer in the documentation and/or other materials
  14.  *     provided with the distribution.
  15.  *
  16.  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  17.  *     contributors may be used to endorse or promote products derived from
  18.  *     this software without specific prior written permission.
  19.  *
  20.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  24.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30.  * POSSIBILITY OF SUCH DAMAGE.
  31.  *
  32.  * License 1.0
  33.  */
  34. package fr.paris.lutece.portal.business.user.authentication;

  35. import fr.paris.lutece.portal.service.util.AppException;
  36. import fr.paris.lutece.util.password.IPassword;
  37. import fr.paris.lutece.util.password.IPasswordFactory;
  38. import fr.paris.lutece.util.sql.DAOUtil;

  39. import java.sql.Timestamp;

  40. import javax.inject.Inject;

  41. /**
  42.  * This class provides Data Access methods for LuteceDefaultAdminUser objects
  43.  */
  44. public class LuteceDefaultAdminUserDAO implements ILuteceDefaultAdminUserDAO
  45. {
  46.     private static final String SQL_QUERY_LOAD_PASSWORD = "SELECT password FROM core_admin_user WHERE  access_code = ? ";
  47.     private static final String SQL_QUERY_LOAD_USER = " SELECT access_code, id_user, password_max_valid_date, account_max_valid_date, email FROM core_admin_user WHERE access_code = ? ";
  48.     private static final String SQL_QUERY_UPDATE_PASSWORD_RESET = "UPDATE core_admin_user set reset_password = ? WHERE id_user = ? ";
  49.     private static final String SQL_QUERY_UPDATE_PASSWORD = "UPDATE core_admin_user SET password = ? WHERE access_code = ?";

  50.     @Inject
  51.     private IPasswordFactory _passwordFactory;

  52.     // /////////////////////////////////////////////////////////////////////////////////////
  53.     // Access methods to data

  54.     /**
  55.      * load the data of an user from the table provided by the database authentication module This only provides data specific to the database authentication
  56.      * module.
  57.      *
  58.      * @param strAccessCode
  59.      *            The access code of user
  60.      * @param authenticationService
  61.      *            The AdminAuthentication
  62.      * @return user The instance of an LuteceDefaultAdminUser's object
  63.      */
  64.     public LuteceDefaultAdminUser load( String strAccessCode, AdminAuthentication authenticationService )
  65.     {
  66.         LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
  67.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER ) )
  68.         {
  69.             daoUtil.setString( 1, strAccessCode );
  70.             daoUtil.executeQuery( );

  71.             if ( !daoUtil.next( ) )
  72.             {
  73.                 daoUtil.free( );
  74.                 throw new AppException( "The line doesn't exist " );
  75.             }

  76.             String strUserName = daoUtil.getString( 1 );
  77.             user.setAccessCode( strUserName );
  78.             user.setAuthenticationService( authenticationService.getAuthServiceName( ) );
  79.             user.setUserId( daoUtil.getInt( 2 ) );
  80.             user.setPasswordMaxValidDate( daoUtil.getTimestamp( 3 ) );

  81.             long accountMaxValidDate = daoUtil.getLong( 4 );

  82.             if ( accountMaxValidDate > 0 )
  83.             {
  84.                 user.setAccountMaxValidDate( new Timestamp( accountMaxValidDate ) );
  85.             }

  86.             user.setEmail( daoUtil.getString( 5 ) );
  87.         }

  88.         return user;
  89.     }

  90.     /**
  91.      * Set the reset password attribute of the user
  92.      *
  93.      * @param user
  94.      *            User to update
  95.      * @param bIsPasswordReset
  96.      *            New value of the reset password attribute
  97.      */
  98.     public void updateResetPassword( LuteceDefaultAdminUser user, boolean bIsPasswordReset )
  99.     {
  100.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD_RESET ) )
  101.         {
  102.             daoUtil.setBoolean( 1, bIsPasswordReset );
  103.             daoUtil.setInt( 2, user.getUserId( ) );
  104.             daoUtil.executeUpdate( );
  105.         }
  106.     }

  107.     @Override
  108.     public IPassword loadPassword( String strAccessCode )
  109.     {
  110.         IPassword storedPassword;
  111.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_PASSWORD ) )
  112.         {
  113.             daoUtil.setString( 1, strAccessCode );
  114.             daoUtil.executeQuery( );

  115.             if ( daoUtil.next( ) )
  116.             {
  117.                 storedPassword = _passwordFactory.getPassword( daoUtil.getString( 1 ) );
  118.             }
  119.             else
  120.             {
  121.                 // timing resistance
  122.                 storedPassword = _passwordFactory.getDummyPassword( );
  123.             }
  124.         }

  125.         return storedPassword;
  126.     }

  127.     @Override
  128.     public void store( String strAccessCode, IPassword password )
  129.     {
  130.         if ( password.isLegacy( ) )
  131.         {
  132.             throw new IllegalArgumentException( "Should not store password in legacy format " + password.getClass( ).getCanonicalName( ) );
  133.         }
  134.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD ) )
  135.         {
  136.             daoUtil.setString( 1, password.getStorableRepresentation( ) );
  137.             daoUtil.setString( 2, strAccessCode );
  138.             daoUtil.executeUpdate( );
  139.         }
  140.     }
  141. }