LuteceDefaultAdminUserDAO.java
- /*
- * Copyright (c) 2002-2022, City of Paris
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice
- * and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice
- * and the following disclaimer in the documentation and/or other materials
- * provided with the distribution.
- *
- * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- * License 1.0
- */
- package fr.paris.lutece.portal.business.user.authentication;
- import fr.paris.lutece.portal.service.util.AppException;
- import fr.paris.lutece.util.password.IPassword;
- import fr.paris.lutece.util.password.IPasswordFactory;
- import fr.paris.lutece.util.sql.DAOUtil;
- import java.sql.Timestamp;
- import javax.inject.Inject;
- /**
- * This class provides Data Access methods for LuteceDefaultAdminUser objects
- */
- public class LuteceDefaultAdminUserDAO implements ILuteceDefaultAdminUserDAO
- {
- private static final String SQL_QUERY_LOAD_PASSWORD = "SELECT password FROM core_admin_user WHERE access_code = ? ";
- private static final String SQL_QUERY_LOAD_USER = " SELECT access_code, id_user, password_max_valid_date, account_max_valid_date, email FROM core_admin_user WHERE access_code = ? ";
- private static final String SQL_QUERY_UPDATE_PASSWORD_RESET = "UPDATE core_admin_user set reset_password = ? WHERE id_user = ? ";
- private static final String SQL_QUERY_UPDATE_PASSWORD = "UPDATE core_admin_user SET password = ? WHERE access_code = ?";
- @Inject
- private IPasswordFactory _passwordFactory;
- // /////////////////////////////////////////////////////////////////////////////////////
- // Access methods to data
- /**
- * load the data of an user from the table provided by the database authentication module This only provides data specific to the database authentication
- * module.
- *
- * @param strAccessCode
- * The access code of user
- * @param authenticationService
- * The AdminAuthentication
- * @return user The instance of an LuteceDefaultAdminUser's object
- */
- public LuteceDefaultAdminUser load( String strAccessCode, AdminAuthentication authenticationService )
- {
- LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
- try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER ) )
- {
- daoUtil.setString( 1, strAccessCode );
- daoUtil.executeQuery( );
- if ( !daoUtil.next( ) )
- {
- daoUtil.free( );
- throw new AppException( "The line doesn't exist " );
- }
- String strUserName = daoUtil.getString( 1 );
- user.setAccessCode( strUserName );
- user.setAuthenticationService( authenticationService.getAuthServiceName( ) );
- user.setUserId( daoUtil.getInt( 2 ) );
- user.setPasswordMaxValidDate( daoUtil.getTimestamp( 3 ) );
- long accountMaxValidDate = daoUtil.getLong( 4 );
- if ( accountMaxValidDate > 0 )
- {
- user.setAccountMaxValidDate( new Timestamp( accountMaxValidDate ) );
- }
- user.setEmail( daoUtil.getString( 5 ) );
- }
- return user;
- }
- /**
- * Set the reset password attribute of the user
- *
- * @param user
- * User to update
- * @param bIsPasswordReset
- * New value of the reset password attribute
- */
- public void updateResetPassword( LuteceDefaultAdminUser user, boolean bIsPasswordReset )
- {
- try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD_RESET ) )
- {
- daoUtil.setBoolean( 1, bIsPasswordReset );
- daoUtil.setInt( 2, user.getUserId( ) );
- daoUtil.executeUpdate( );
- }
- }
- @Override
- public IPassword loadPassword( String strAccessCode )
- {
- IPassword storedPassword;
- try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_PASSWORD ) )
- {
- daoUtil.setString( 1, strAccessCode );
- daoUtil.executeQuery( );
- if ( daoUtil.next( ) )
- {
- storedPassword = _passwordFactory.getPassword( daoUtil.getString( 1 ) );
- }
- else
- {
- // timing resistance
- storedPassword = _passwordFactory.getDummyPassword( );
- }
- }
- return storedPassword;
- }
- @Override
- public void store( String strAccessCode, IPassword password )
- {
- if ( password.isLegacy( ) )
- {
- throw new IllegalArgumentException( "Should not store password in legacy format " + password.getClass( ).getCanonicalName( ) );
- }
- try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD ) )
- {
- daoUtil.setString( 1, password.getStorableRepresentation( ) );
- daoUtil.setString( 2, strAccessCode );
- daoUtil.executeUpdate( );
- }
- }
- }