AdminUserHome.java

/*
 * Copyright (c) 2002-2022, City of Paris
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *  1. Redistributions of source code must retain the above copyright notice
 *     and the following disclaimer.
 *
 *  2. Redistributions in binary form must reproduce the above copyright notice
 *     and the following disclaimer in the documentation and/or other materials
 *     provided with the distribution.
 *
 *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
 *     contributors may be used to endorse or promote products derived from
 *     this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * License 1.0
 */
package fr.paris.lutece.portal.business.user;

import fr.paris.lutece.portal.business.rbac.RBACRole;
import fr.paris.lutece.portal.business.right.Right;
import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
import fr.paris.lutece.portal.service.spring.SpringContextService;
import fr.paris.lutece.portal.service.util.CryptoService;
import fr.paris.lutece.util.password.IPassword;

import java.sql.Timestamp;

import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;

/**
 * This class provides instances management methods (create, find, ...) for AdminUser objects
 */
public final class AdminUserHome
{
    // Static variable pointed at the DAO instance
    private static IAdminUserDAO _dao = SpringContextService.getBean( "adminUserDAO" );

    /**
     * Private constructor
     */
    private AdminUserHome( )
    {
    }

    /**
     * Get the user infos from the access code.
     * 
     * @param strUserLogin
     *            the login
     * @return user info
     */
    public static AdminUser findUserByLogin( String strUserLogin )
    {
        return _dao.selectUserByAccessCode( strUserLogin );
    }
    
    /**
     * Get the user infos from the access code.
     * 
     * @param strUserLogin
     *            the login
     * @param   user the user to load          
     * @return user info
     */
    public static <T extends AdminUser> T findUserByLogin( String strUserLogin,T user )
    {
        return _dao.selectUserByAccessCode( strUserLogin ,user);
    }
    

    /**
     * Get the user access code from its email.
     * 
     * @param strEmail
     *            The email
     * @return The access code of the user with the given email, or null if no user has been found
     */
    public static String findUserByEmail( String strEmail )
    {
        return _dao.selectUserByEmail( strEmail );
    }

    /**
     * Get the user infos from user id
     * 
     * @param nUserId
     *            the user identifier
     * @return The user
     */
    public static AdminUser findByPrimaryKey( int nUserId )
    {
        return _dao.load( nUserId );
    }

    /**
     * @return the user list
     */
    public static Collection<AdminUser> findUserList( )
    {
        return _dao.selectUserList( );
    }

    /**
     * @param user
     *            The AdminUser
     */
    public static void create( AdminUser user )
    {
        _dao.insert( user );
    }

    /**
     * @param user
     *            The AdminUser
     */
    public static void update( AdminUser user )
    {
        _dao.store( user );
    }

    /**
     * @param nUserId
     *            the user identifier
     */
    public static void remove( int nUserId )
    {
        _dao.delete( nUserId );
    }

    /**
     * Get the right list associated to a given user id
     * 
     * @param nUserId
     *            the id of the user to retrieve rights
     * @return the right list
     */
    public static Map<String, Right> getRightsListForUser( int nUserId )
    {
        return _dao.selectRightsListForUser( nUserId );
    }

    /**
     * @param nUserId
     *            The user identifier
     * @param strRightId
     *            The right identifier
     */
    public static void createRightForUser( int nUserId, String strRightId )
    {
        _dao.insertRightsListForUser( nUserId, strRightId );
    }

    /**
     * @param nUserId
     *            The user identifier
     */
    public static void removeAllRightsForUser( int nUserId )
    {
        _dao.deleteAllRightsForUser( nUserId );
    }

    /**
     * @param user
     *            The Admin User object
     */
    public static void removeAllDelegatedRightsForUser( AdminUser user )
    {
        _dao.deleteAllDelegatedRightsForUser( user.getUserId( ), user.getUserLevel( ) );
    }

    /**
     * @param user
     *            The Admin User object
     */
    public static void removeAllOwnRightsForUser( AdminUser user )
    {
        _dao.deleteAllOwnRightsForUser( user.getUserId( ), user.getUserLevel( ) );
    }

    /**
     * Get the role list associated to a given user id
     * 
     * @param nUserId
     *            the id of the user to retrieve rights
     * @return the role list
     */
    public static Map<String, RBACRole> getRolesListForUser( int nUserId )
    {
        return _dao.selectRolesListForUser( nUserId );
    }

    /**
     * @param nUserId
     *            the id of the user
     * @param strRightId
     *            the right identifier
     */
    public static void createRoleForUser( int nUserId, String strRightId )
    {
        _dao.insertRolesListForUser( nUserId, strRightId );
    }

    /**
     * @param nUserId
     *            the user identifier
     */
    public static void removeAllRolesForUser( int nUserId )
    {
        _dao.deleteAllRolesForUser( nUserId );
    }

    /**
     * Checks wether the role is in use or not
     * 
     * @param strRoleKey
     *            the role key to check
     * @return true if the role is attributed, false otherwise
     */
    public static boolean checkRoleAttributed( String strRoleKey )
    {
        return _dao.checkRoleAttributed( strRoleKey );
    }

    /**
     * Checks if a given login is already in use
     * 
     * @param strAccessCode
     *            The login
     * @return user ID if the access code is already used by another user, -1 otherwise
     */
    public static int checkAccessCodeAlreadyInUse( String strAccessCode )
    {
        return _dao.checkAccessCodeAlreadyInUse( strAccessCode );
    }

    /**
     * Checks if a given email is already in use
     * 
     * @param strEmail
     *            The email
     * @return user ID if the email is already used by another user, -1 otherwise
     */
    public static int checkEmailAlreadyInUse( String strEmail )
    {
        return _dao.checkEmailAlreadyInUse( strEmail );
    }

    /**
     * Check if the user has the role
     * 
     * @param user
     *            The AdminUser
     * @param strRoleKey
     *            The role Key
     * @return true if the user has the role
     */
    public static boolean hasRole( AdminUser user, String strRoleKey )
    {
        return _dao.hasRole( user.getUserId( ), strRoleKey );
    }

    /**
     * Remove role for an user
     * 
     * @param nUserId
     *            The ID of the user
     * @param strRoleKey
     *            The role key
     */
    public static void removeRoleForUser( int nUserId, String strRoleKey )
    {
        _dao.deleteRoleForUser( nUserId, strRoleKey );
    }

    // ////////////////////////////////////////////////////////////////
    // / for no-module mode

    /**
     * @param user
     *            the LuteceDefaultAdminUSer
     */
    public static void create( LuteceDefaultAdminUser user )
    {
        _dao.insert( user );
    }

    /**
     * @param user
     *            the LuteceDefaultAdminUSer
     */
    public static void update( LuteceDefaultAdminUser user )
    {
        update( user, PasswordUpdateMode.UPDATE );
    }

    /**
     * @param user
     *            the LuteceDefaultAdminUSer
     * @param passwordMode
     *            should the password be updated or not
     */
    public static void update( LuteceDefaultAdminUser user, PasswordUpdateMode passwordMode )
    {
        _dao.store( user, passwordMode );
    }

    /**
     * Get the user infos from user id
     * 
     * @param nUserId
     *            the user identifier
     * @return the delfault admin user
     */
    public static LuteceDefaultAdminUser findLuteceDefaultAdminUserByPrimaryKey( int nUserId )
    {
        return _dao.loadDefaultAdminUser( nUserId );
    }

    /**
     * Get all users having a given role
     * 
     * @param strRoleKey
     *            The role key
     * @return A collection of AdminUser
     */
    public static Collection<AdminUser> findByRole( String strRoleKey )
    {
        return _dao.selectUsersByRole( strRoleKey );
    }

    /**
     * Get all users having a given level
     * 
     * @param nIdLevel
     *            The level
     * @return A collection of AdminUser
     */
    public static Collection<AdminUser> findByLevel( int nIdLevel )
    {
        return _dao.selectUsersByLevel( nIdLevel );
    }

    /**
     * Update role key if role key name has change
     * 
     * @param strOldRoleKey
     *            The old role key name
     * @param role
     *            The new role
     */
    public static void updateUsersRole( String strOldRoleKey, RBACRole role )
    {
        _dao.storeUsersRole( strOldRoleKey, role );
    }

    /**
     * Get all users by using a filter.
     * 
     * @param auFilter
     *            The filter
     * @return A collection of AdminUser
     */
    public static Collection<AdminUser> findUserByFilter( AdminUserFilter auFilter )
    {
        return _dao.selectUsersByFilter( auFilter );
    }

    /**
     * Get all users having a given right
     * 
     * @param strIdRight
     *            The ID right
     * @return A collection of AdminUser
     */
    public static Collection<AdminUser> findByRight( String strIdRight )
    {
        return _dao.selectUsersByRight( strIdRight );
    }

    /**
     * Check if the user has the given right
     * 
     * @param user
     *            The Admin User
     * @param strIdRight
     *            The ID right
     * @return true if the user has the right
     */
    public static boolean hasRight( AdminUser user, String strIdRight )
    {
        return _dao.hasRight( user.getUserId( ), strIdRight );
    }

    /**
     * Remove a right for an user
     * 
     * @param nUserId
     *            The user ID
     * @param strIdRight
     *            The right ID
     */
    public static void removeRightForUser( int nUserId, String strIdRight )
    {
        _dao.deleteRightForUser( nUserId, strIdRight );
    }

    /**
     * Gets the history of password of the given user
     * 
     * @param nUserID
     *            Id of the user
     * @return The collection of recent passwords used by the user.
     */
    public static List<IPassword> selectUserPasswordHistory( int nUserID )
    {
        return _dao.selectUserPasswordHistory( nUserID );
    }

    /**
     * Get the number of password change done by a user since the given date.
     * 
     * @param minDate
     *            Minimum date to consider.
     * @param nUserId
     *            Id of the user
     * @return The number of password change done by the user since the given date.
     */
    public static int countUserPasswordHistoryFromDate( Timestamp minDate, int nUserId )
    {
        return _dao.countUserPasswordHistoryFromDate( minDate, nUserId );
    }

    /**
     * Log a password change in the password history
     * 
     * @param password
     *            New password of the user
     * @param nUserId
     *            Id of the user
     */
    public static void insertNewPasswordInHistory( IPassword password, int nUserId )
    {
        _dao.insertNewPasswordInHistory( password, nUserId );
    }

    /**
     * Remove every password saved in the password history for a user.
     * 
     * @param nUserId
     *            Id of the user
     */
    public static void removeAllPasswordHistoryForUser( int nUserId )
    {
        _dao.removeAllPasswordHistoryForUser( nUserId );
    }

    /**
     * Get a map of anonymization status of a user field.
     * 
     * @return A map containing the associations of user field name and a boolean describing whether the field should be anonymized.
     */
    public static Map<String, Boolean> getAnonymizationStatusUserStaticField( )
    {
        return _dao.selectAnonymizationStatusUserStaticField( );
    }

    /**
     * Update the anonymization status of a user field.
     * 
     * @param strFieldName
     *            Name of the field to update
     * @param bAnonymizeFiled
     *            True if the field should be anonymize, false otherwise
     */
    public static void updateAnonymizationStatusUserStaticField( String strFieldName, boolean bAnonymizeFiled )
    {
        _dao.updateAnonymizationStatusUserStaticField( strFieldName, bAnonymizeFiled );
    }

    /**
     * Get the list of id of user with the expired status.
     * 
     * @return The list of if of user with the expired status.
     */
    public static List<Integer> findAllExpiredUserId( )
    {
        return _dao.findAllExpiredUserId( );
    }

    /**
     * Get the list of id of users that have an expired time life but not the expired status
     * 
     * @param currentTimestamp
     *            Timestamp describing the current time.
     * @return the list of id of users with expired time life
     */
    public static List<Integer> getIdUsersWithExpiredLifeTimeList( Timestamp currentTimestamp )
    {
        return _dao.getIdUsersWithExpiredLifeTimeList( currentTimestamp );
    }

    /**
     * Get the list of id of users that need to receive their first alert
     * 
     * @param firstAlertMaxDate
     *            The maximum expiration date to send first alert.
     * @return the list of id of users that need to receive their first alert
     */
    public static List<Integer> getIdUsersToSendFirstAlert( Timestamp firstAlertMaxDate )
    {
        return _dao.getIdUsersToSendFirstAlert( firstAlertMaxDate );
    }

    /**
     * Get the list of id of users that need to receive their first alert
     * 
     * @param alertMaxDate
     *            The maximum date to send alerts.
     * @param timeBetweenAlerts
     *            Timestamp describing the time between two alerts.
     * @param maxNumberAlerts
     *            Maximum number of alerts to send to a user
     * @return the list of id of users that need to receive their first alert
     */
    public static List<Integer> getIdUsersToSendOtherAlert( Timestamp alertMaxDate, Timestamp timeBetweenAlerts, int maxNumberAlerts )
    {
        return _dao.getIdUsersToSendOtherAlert( alertMaxDate, timeBetweenAlerts, maxNumberAlerts );
    }

    /**
     * Get the list of id of users that have an expired password but not the change password flag
     * 
     * @param currentTimestamp
     *            Timestamp describing the current time.
     * @return the list of id of users with expired passwords
     */
    public static List<Integer> getIdUsersWithExpiredPasswordsList( Timestamp currentTimestamp )
    {
        return _dao.getIdUsersWithExpiredPasswordsList( currentTimestamp );
    }

    /**
     * Update status of a list of user accounts
     * 
     * @param listIdUser
     *            List of user accounts to update
     * @param nNewStatus
     *            New status of the user
     */
    public static void updateUserStatus( List<Integer> listIdUser, int nNewStatus )
    {
        _dao.updateUserStatus( listIdUser, nNewStatus );
    }

    /**
     * Increment the number of alert send to users by 1
     * 
     * @param listIdUser
     *            The list of users to update
     */
    public static void updateNbAlert( List<Integer> listIdUser )
    {
        _dao.updateNbAlert( listIdUser );
    }

    /**
     * Set the "change password" flag of users to true
     * 
     * @param listIdUser
     *            The list of users to update
     */
    public static void updateChangePassword( List<Integer> listIdUser )
    {
        _dao.updateChangePassword( listIdUser );
    }

    /**
     * Update the admin user expiration date with the new values. Also update his alert account to 0
     * 
     * @param nIdUser
     *            Id of the admin user to update
     * @param newExpirationDate
     *            Id of the user to update
     */
    public static void updateUserExpirationDate( int nIdUser, Timestamp newExpirationDate )
    {
        _dao.updateUserExpirationDate( nIdUser, newExpirationDate );
    }

    /**
     * Update the admin user last login date.
     * 
     * @param nIdUser
     *            Id of the admin user to update
     * @param dateLastLogin
     *            New last login date of the user
     */
    public static void updateDateLastLogin( int nIdUser, Timestamp dateLastLogin )
    {
        _dao.updateDateLastLogin( nIdUser, dateLastLogin );
    }

    /**
     * Construct a password reset token. Use the numerical userId as it does not change. Use the stored password, so that the token is invalidated if the
     * password is changed. Use a timestamp to allow limiting the validity of the token in time. Optionally bind the token to the user session. Finally return
     * an HMAC of this info using the application crypto key.
     * 
     * @param nIdUser
     *            the user ID
     * @param timestamp
     *            the timestamp
     * @param strSessionId
     *            the session ID
     * @return the password reset token
     */
    public static String getUserPasswordResetToken( int nIdUser, Date timestamp, String strSessionId )
    {
        LuteceDefaultAdminUser user = _dao.loadDefaultAdminUser( nIdUser );
        StringBuilder builder = new StringBuilder( );
        builder.append( "userId:" ).append( nIdUser );
        IPassword password = user.getPassword( );
        if ( password != null )
        {
            builder.append( ":password:" );
            if ( password.isLegacy( ) )
            {
                builder.append( "legacy" );
            }
            else
            {
                builder.append( password.getStorableRepresentation( ) );
            }
        }
        builder.append( ":timestamp:" ).append( timestamp.getTime( ) );
        if ( strSessionId != null )
        {
            builder.append( ":sessionId:" ).append( strSessionId );
        }
        return CryptoService.hmacSHA256( builder.toString( ) );
    }
}