AdminUserHome.java

  1. /*
  2.  * Copyright (c) 2002-2022, City of Paris
  3.  * All rights reserved.
  4.  *
  5.  * Redistribution and use in source and binary forms, with or without
  6.  * modification, are permitted provided that the following conditions
  7.  * are met:
  8.  *
  9.  *  1. Redistributions of source code must retain the above copyright notice
  10.  *     and the following disclaimer.
  11.  *
  12.  *  2. Redistributions in binary form must reproduce the above copyright notice
  13.  *     and the following disclaimer in the documentation and/or other materials
  14.  *     provided with the distribution.
  15.  *
  16.  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  17.  *     contributors may be used to endorse or promote products derived from
  18.  *     this software without specific prior written permission.
  19.  *
  20.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  24.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30.  * POSSIBILITY OF SUCH DAMAGE.
  31.  *
  32.  * License 1.0
  33.  */
  34. package fr.paris.lutece.portal.business.user;

  36. import fr.paris.lutece.portal.business.rbac.RBACRole;
  37. import fr.paris.lutece.portal.business.right.Right;
  38. import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
  39. import fr.paris.lutece.portal.service.spring.SpringContextService;
  40. import fr.paris.lutece.portal.service.util.CryptoService;
  41. import fr.paris.lutece.util.password.IPassword;

  43. import java.sql.Timestamp;

  45. import java.util.Collection;
  46. import java.util.Date;
  47. import java.util.List;
  48. import java.util.Map;

  50. /**
  51.  * This class provides instances management methods (create, find, ...) for AdminUser objects
  52.  */
  53. public final class AdminUserHome
  54. {
  55.     // Static variable pointed at the DAO instance
  56.     private static IAdminUserDAO _dao = SpringContextService.getBean( "adminUserDAO" );

  58.     /**
  59.      * Private constructor
  60.      */
  61.     private AdminUserHome( )
  62.     {
  63.     }

  65.     /**
  66.      * Get the user infos from the access code.
  67.      * 
  68.      * @param strUserLogin
  69.      *            the login
  70.      * @return user info
  71.      */
  72.     public static AdminUser findUserByLogin( String strUserLogin )
  73.     {
  74.         return _dao.selectUserByAccessCode( strUserLogin );
  75.     }
  76.     
  77.     /**
  78.      * Get the user infos from the access code.
  79.      * 
  80.      * @param strUserLogin
  81.      *            the login
  82.      * @param   user the user to load          
  83.      * @return user info
  84.      */
  85.     public static <T extends AdminUser> T findUserByLogin( String strUserLogin,T user )
  86.     {
  87.         return _dao.selectUserByAccessCode( strUserLogin ,user);
  88.     }
  89.     

  91.     /**
  92.      * Get the user access code from its email.
  93.      * 
  94.      * @param strEmail
  95.      *            The email
  96.      * @return The access code of the user with the given email, or null if no user has been found
  97.      */
  98.     public static String findUserByEmail( String strEmail )
  99.     {
  100.         return _dao.selectUserByEmail( strEmail );
  101.     }

  103.     /**
  104.      * Get the user infos from user id
  105.      * 
  106.      * @param nUserId
  107.      *            the user identifier
  108.      * @return The user
  109.      */
  110.     public static AdminUser findByPrimaryKey( int nUserId )
  111.     {
  112.         return _dao.load( nUserId );
  113.     }

  115.     /**
  116.      * @return the user list
  117.      */
  118.     public static Collection<AdminUser> findUserList( )
  119.     {
  120.         return _dao.selectUserList( );
  121.     }

  123.     /**
  124.      * @param user
  125.      *            The AdminUser
  126.      */
  127.     public static void create( AdminUser user )
  128.     {
  129.         _dao.insert( user );
  130.     }

  132.     /**
  133.      * @param user
  134.      *            The AdminUser
  135.      */
  136.     public static void update( AdminUser user )
  137.     {
  138.         _dao.store( user );
  139.     }

  141.     /**
  142.      * @param nUserId
  143.      *            the user identifier
  144.      */
  145.     public static void remove( int nUserId )
  146.     {
  147.         _dao.delete( nUserId );
  148.     }

  150.     /**
  151.      * Get the right list associated to a given user id
  152.      * 
  153.      * @param nUserId
  154.      *            the id of the user to retrieve rights
  155.      * @return the right list
  156.      */
  157.     public static Map<String, Right> getRightsListForUser( int nUserId )
  158.     {
  159.         return _dao.selectRightsListForUser( nUserId );
  160.     }

  162.     /**
  163.      * @param nUserId
  164.      *            The user identifier
  165.      * @param strRightId
  166.      *            The right identifier
  167.      */
  168.     public static void createRightForUser( int nUserId, String strRightId )
  169.     {
  170.         _dao.insertRightsListForUser( nUserId, strRightId );
  171.     }

  173.     /**
  174.      * @param nUserId
  175.      *            The user identifier
  176.      */
  177.     public static void removeAllRightsForUser( int nUserId )
  178.     {
  179.         _dao.deleteAllRightsForUser( nUserId );
  180.     }

  182.     /**
  183.      * @param user
  184.      *            The Admin User object
  185.      */
  186.     public static void removeAllDelegatedRightsForUser( AdminUser user )
  187.     {
  188.         _dao.deleteAllDelegatedRightsForUser( user.getUserId( ), user.getUserLevel( ) );
  189.     }

  191.     /**
  192.      * @param user
  193.      *            The Admin User object
  194.      */
  195.     public static void removeAllOwnRightsForUser( AdminUser user )
  196.     {
  197.         _dao.deleteAllOwnRightsForUser( user.getUserId( ), user.getUserLevel( ) );
  198.     }

  200.     /**
  201.      * Get the role list associated to a given user id
  202.      * 
  203.      * @param nUserId
  204.      *            the id of the user to retrieve rights
  205.      * @return the role list
  206.      */
  207.     public static Map<String, RBACRole> getRolesListForUser( int nUserId )
  208.     {
  209.         return _dao.selectRolesListForUser( nUserId );
  210.     }

  212.     /**
  213.      * @param nUserId
  214.      *            the id of the user
  215.      * @param strRightId
  216.      *            the right identifier
  217.      */
  218.     public static void createRoleForUser( int nUserId, String strRightId )
  219.     {
  220.         _dao.insertRolesListForUser( nUserId, strRightId );
  221.     }

  223.     /**
  224.      * @param nUserId
  225.      *            the user identifier
  226.      */
  227.     public static void removeAllRolesForUser( int nUserId )
  228.     {
  229.         _dao.deleteAllRolesForUser( nUserId );
  230.     }

  232.     /**
  233.      * Checks wether the role is in use or not
  234.      * 
  235.      * @param strRoleKey
  236.      *            the role key to check
  237.      * @return true if the role is attributed, false otherwise
  238.      */
  239.     public static boolean checkRoleAttributed( String strRoleKey )
  240.     {
  241.         return _dao.checkRoleAttributed( strRoleKey );
  242.     }

  244.     /**
  245.      * Checks if a given login is already in use
  246.      * 
  247.      * @param strAccessCode
  248.      *            The login
  249.      * @return user ID if the access code is already used by another user, -1 otherwise
  250.      */
  251.     public static int checkAccessCodeAlreadyInUse( String strAccessCode )
  252.     {
  253.         return _dao.checkAccessCodeAlreadyInUse( strAccessCode );
  254.     }

  256.     /**
  257.      * Checks if a given email is already in use
  258.      * 
  259.      * @param strEmail
  260.      *            The email
  261.      * @return user ID if the email is already used by another user, -1 otherwise
  262.      */
  263.     public static int checkEmailAlreadyInUse( String strEmail )
  264.     {
  265.         return _dao.checkEmailAlreadyInUse( strEmail );
  266.     }

  268.     /**
  269.      * Check if the user has the role
  270.      * 
  271.      * @param user
  272.      *            The AdminUser
  273.      * @param strRoleKey
  274.      *            The role Key
  275.      * @return true if the user has the role
  276.      */
  277.     public static boolean hasRole( AdminUser user, String strRoleKey )
  278.     {
  279.         return _dao.hasRole( user.getUserId( ), strRoleKey );
  280.     }

  282.     /**
  283.      * Remove role for an user
  284.      * 
  285.      * @param nUserId
  286.      *            The ID of the user
  287.      * @param strRoleKey
  288.      *            The role key
  289.      */
  290.     public static void removeRoleForUser( int nUserId, String strRoleKey )
  291.     {
  292.         _dao.deleteRoleForUser( nUserId, strRoleKey );
  293.     }

  295.     // ////////////////////////////////////////////////////////////////
  296.     // / for no-module mode

  298.     /**
  299.      * @param user
  300.      *            the LuteceDefaultAdminUSer
  301.      */
  302.     public static void create( LuteceDefaultAdminUser user )
  303.     {
  304.         _dao.insert( user );
  305.     }

  307.     /**
  308.      * @param user
  309.      *            the LuteceDefaultAdminUSer
  310.      */
  311.     public static void update( LuteceDefaultAdminUser user )
  312.     {
  313.         update( user, PasswordUpdateMode.UPDATE );
  314.     }

  316.     /**
  317.      * @param user
  318.      *            the LuteceDefaultAdminUSer
  319.      * @param passwordMode
  320.      *            should the password be updated or not
  321.      */
  322.     public static void update( LuteceDefaultAdminUser user, PasswordUpdateMode passwordMode )
  323.     {
  324.         _dao.store( user, passwordMode );
  325.     }

  327.     /**
  328.      * Get the user infos from user id
  329.      * 
  330.      * @param nUserId
  331.      *            the user identifier
  332.      * @return the delfault admin user
  333.      */
  334.     public static LuteceDefaultAdminUser findLuteceDefaultAdminUserByPrimaryKey( int nUserId )
  335.     {
  336.         return _dao.loadDefaultAdminUser( nUserId );
  337.     }

  339.     /**
  340.      * Get all users having a given role
  341.      * 
  342.      * @param strRoleKey
  343.      *            The role key
  344.      * @return A collection of AdminUser
  345.      */
  346.     public static Collection<AdminUser> findByRole( String strRoleKey )
  347.     {
  348.         return _dao.selectUsersByRole( strRoleKey );
  349.     }

  351.     /**
  352.      * Get all users having a given level
  353.      * 
  354.      * @param nIdLevel
  355.      *            The level
  356.      * @return A collection of AdminUser
  357.      */
  358.     public static Collection<AdminUser> findByLevel( int nIdLevel )
  359.     {
  360.         return _dao.selectUsersByLevel( nIdLevel );
  361.     }

  363.     /**
  364.      * Update role key if role key name has change
  365.      * 
  366.      * @param strOldRoleKey
  367.      *            The old role key name
  368.      * @param role
  369.      *            The new role
  370.      */
  371.     public static void updateUsersRole( String strOldRoleKey, RBACRole role )
  372.     {
  373.         _dao.storeUsersRole( strOldRoleKey, role );
  374.     }

  376.     /**
  377.      * Get all users by using a filter.
  378.      * 
  379.      * @param auFilter
  380.      *            The filter
  381.      * @return A collection of AdminUser
  382.      */
  383.     public static Collection<AdminUser> findUserByFilter( AdminUserFilter auFilter )
  384.     {
  385.         return _dao.selectUsersByFilter( auFilter );
  386.     }

  388.     /**
  389.      * Get all users having a given right
  390.      * 
  391.      * @param strIdRight
  392.      *            The ID right
  393.      * @return A collection of AdminUser
  394.      */
  395.     public static Collection<AdminUser> findByRight( String strIdRight )
  396.     {
  397.         return _dao.selectUsersByRight( strIdRight );
  398.     }

  400.     /**
  401.      * Check if the user has the given right
  402.      * 
  403.      * @param user
  404.      *            The Admin User
  405.      * @param strIdRight
  406.      *            The ID right
  407.      * @return true if the user has the right
  408.      */
  409.     public static boolean hasRight( AdminUser user, String strIdRight )
  410.     {
  411.         return _dao.hasRight( user.getUserId( ), strIdRight );
  412.     }

  414.     /**
  415.      * Remove a right for an user
  416.      * 
  417.      * @param nUserId
  418.      *            The user ID
  419.      * @param strIdRight
  420.      *            The right ID
  421.      */
  422.     public static void removeRightForUser( int nUserId, String strIdRight )
  423.     {
  424.         _dao.deleteRightForUser( nUserId, strIdRight );
  425.     }

  427.     /**
  428.      * Gets the history of password of the given user
  429.      * 
  430.      * @param nUserID
  431.      *            Id of the user
  432.      * @return The collection of recent passwords used by the user.
  433.      */
  434.     public static List<IPassword> selectUserPasswordHistory( int nUserID )
  435.     {
  436.         return _dao.selectUserPasswordHistory( nUserID );
  437.     }

  439.     /**
  440.      * Get the number of password change done by a user since the given date.
  441.      * 
  442.      * @param minDate
  443.      *            Minimum date to consider.
  444.      * @param nUserId
  445.      *            Id of the user
  446.      * @return The number of password change done by the user since the given date.
  447.      */
  448.     public static int countUserPasswordHistoryFromDate( Timestamp minDate, int nUserId )
  449.     {
  450.         return _dao.countUserPasswordHistoryFromDate( minDate, nUserId );
  451.     }

  453.     /**
  454.      * Log a password change in the password history
  455.      * 
  456.      * @param password
  457.      *            New password of the user
  458.      * @param nUserId
  459.      *            Id of the user
  460.      */
  461.     public static void insertNewPasswordInHistory( IPassword password, int nUserId )
  462.     {
  463.         _dao.insertNewPasswordInHistory( password, nUserId );
  464.     }

  466.     /**
  467.      * Remove every password saved in the password history for a user.
  468.      * 
  469.      * @param nUserId
  470.      *            Id of the user
  471.      */
  472.     public static void removeAllPasswordHistoryForUser( int nUserId )
  473.     {
  474.         _dao.removeAllPasswordHistoryForUser( nUserId );
  475.     }

  477.     /**
  478.      * Get a map of anonymization status of a user field.
  479.      * 
  480.      * @return A map containing the associations of user field name and a boolean describing whether the field should be anonymized.
  481.      */
  482.     public static Map<String, Boolean> getAnonymizationStatusUserStaticField( )
  483.     {
  484.         return _dao.selectAnonymizationStatusUserStaticField( );
  485.     }

  487.     /**
  488.      * Update the anonymization status of a user field.
  489.      * 
  490.      * @param strFieldName
  491.      *            Name of the field to update
  492.      * @param bAnonymizeFiled
  493.      *            True if the field should be anonymize, false otherwise
  494.      */
  495.     public static void updateAnonymizationStatusUserStaticField( String strFieldName, boolean bAnonymizeFiled )
  496.     {
  497.         _dao.updateAnonymizationStatusUserStaticField( strFieldName, bAnonymizeFiled );
  498.     }

  500.     /**
  501.      * Get the list of id of user with the expired status.
  502.      * 
  503.      * @return The list of if of user with the expired status.
  504.      */
  505.     public static List<Integer> findAllExpiredUserId( )
  506.     {
  507.         return _dao.findAllExpiredUserId( );
  508.     }

  510.     /**
  511.      * Get the list of id of users that have an expired time life but not the expired status
  512.      * 
  513.      * @param currentTimestamp
  514.      *            Timestamp describing the current time.
  515.      * @return the list of id of users with expired time life
  516.      */
  517.     public static List<Integer> getIdUsersWithExpiredLifeTimeList( Timestamp currentTimestamp )
  518.     {
  519.         return _dao.getIdUsersWithExpiredLifeTimeList( currentTimestamp );
  520.     }

  522.     /**
  523.      * Get the list of id of users that need to receive their first alert
  524.      * 
  525.      * @param firstAlertMaxDate
  526.      *            The maximum expiration date to send first alert.
  527.      * @return the list of id of users that need to receive their first alert
  528.      */
  529.     public static List<Integer> getIdUsersToSendFirstAlert( Timestamp firstAlertMaxDate )
  530.     {
  531.         return _dao.getIdUsersToSendFirstAlert( firstAlertMaxDate );
  532.     }

  534.     /**
  535.      * Get the list of id of users that need to receive their first alert
  536.      * 
  537.      * @param alertMaxDate
  538.      *            The maximum date to send alerts.
  539.      * @param timeBetweenAlerts
  540.      *            Timestamp describing the time between two alerts.
  541.      * @param maxNumberAlerts
  542.      *            Maximum number of alerts to send to a user
  543.      * @return the list of id of users that need to receive their first alert
  544.      */
  545.     public static List<Integer> getIdUsersToSendOtherAlert( Timestamp alertMaxDate, Timestamp timeBetweenAlerts, int maxNumberAlerts )
  546.     {
  547.         return _dao.getIdUsersToSendOtherAlert( alertMaxDate, timeBetweenAlerts, maxNumberAlerts );
  548.     }

  550.     /**
  551.      * Get the list of id of users that have an expired password but not the change password flag
  552.      * 
  553.      * @param currentTimestamp
  554.      *            Timestamp describing the current time.
  555.      * @return the list of id of users with expired passwords
  556.      */
  557.     public static List<Integer> getIdUsersWithExpiredPasswordsList( Timestamp currentTimestamp )
  558.     {
  559.         return _dao.getIdUsersWithExpiredPasswordsList( currentTimestamp );
  560.     }

  562.     /**
  563.      * Update status of a list of user accounts
  564.      * 
  565.      * @param listIdUser
  566.      *            List of user accounts to update
  567.      * @param nNewStatus
  568.      *            New status of the user
  569.      */
  570.     public static void updateUserStatus( List<Integer> listIdUser, int nNewStatus )
  571.     {
  572.         _dao.updateUserStatus( listIdUser, nNewStatus );
  573.     }

  575.     /**
  576.      * Increment the number of alert send to users by 1
  577.      * 
  578.      * @param listIdUser
  579.      *            The list of users to update
  580.      */
  581.     public static void updateNbAlert( List<Integer> listIdUser )
  582.     {
  583.         _dao.updateNbAlert( listIdUser );
  584.     }

  586.     /**
  587.      * Set the "change password" flag of users to true
  588.      * 
  589.      * @param listIdUser
  590.      *            The list of users to update
  591.      */
  592.     public static void updateChangePassword( List<Integer> listIdUser )
  593.     {
  594.         _dao.updateChangePassword( listIdUser );
  595.     }

  597.     /**
  598.      * Update the admin user expiration date with the new values. Also update his alert account to 0
  599.      * 
  600.      * @param nIdUser
  601.      *            Id of the admin user to update
  602.      * @param newExpirationDate
  603.      *            Id of the user to update
  604.      */
  605.     public static void updateUserExpirationDate( int nIdUser, Timestamp newExpirationDate )
  606.     {
  607.         _dao.updateUserExpirationDate( nIdUser, newExpirationDate );
  608.     }

  610.     /**
  611.      * Update the admin user last login date.
  612.      * 
  613.      * @param nIdUser
  614.      *            Id of the admin user to update
  615.      * @param dateLastLogin
  616.      *            New last login date of the user
  617.      */
  618.     public static void updateDateLastLogin( int nIdUser, Timestamp dateLastLogin )
  619.     {
  620.         _dao.updateDateLastLogin( nIdUser, dateLastLogin );
  621.     }

  623.     /**
  624.      * Construct a password reset token. Use the numerical userId as it does not change. Use the stored password, so that the token is invalidated if the
  625.      * password is changed. Use a timestamp to allow limiting the validity of the token in time. Optionally bind the token to the user session. Finally return
  626.      * an HMAC of this info using the application crypto key.
  627.      * 
  628.      * @param nIdUser
  629.      *            the user ID
  630.      * @param timestamp
  631.      *            the timestamp
  632.      * @param strSessionId
  633.      *            the session ID
  634.      * @return the password reset token
  635.      */
  636.     public static String getUserPasswordResetToken( int nIdUser, Date timestamp, String strSessionId )
  637.     {
  638.         LuteceDefaultAdminUser user = _dao.loadDefaultAdminUser( nIdUser );
  639.         StringBuilder builder = new StringBuilder( );
  640.         builder.append( "userId:" ).append( nIdUser );
  641.         IPassword password = user.getPassword( );
  642.         if ( password != null )
  643.         {
  644.             builder.append( ":password:" );
  645.             if ( password.isLegacy( ) )
  646.             {
  647.                 builder.append( "legacy" );
  648.             }
  649.             else
  650.             {
  651.                 builder.append( password.getStorableRepresentation( ) );
  652.             }
  653.         }
  654.         builder.append( ":timestamp:" ).append( timestamp.getTime( ) );
  655.         if ( strSessionId != null )
  656.         {
  657.             builder.append( ":sessionId:" ).append( strSessionId );
  658.         }
  659.         return CryptoService.hmacSHA256( builder.toString( ) );
  660.     }
  661. }
Created with JaCoCo 0.8.4.201905082037