View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.user.authentication;
35  
36  import fr.paris.lutece.portal.service.util.AppException;
37  import fr.paris.lutece.util.password.IPassword;
38  import fr.paris.lutece.util.password.IPasswordFactory;
39  import fr.paris.lutece.util.sql.DAOUtil;
40  
41  import java.sql.Timestamp;
42  
43  import javax.inject.Inject;
44  
45  /**
46   * This class provides Data Access methods for LuteceDefaultAdminUser objects
47   */
48  public class LuteceDefaultAdminUserDAO implements ILuteceDefaultAdminUserDAO
49  {
50      private static final String SQL_QUERY_LOAD_PASSWORD = "SELECT password FROM core_admin_user WHERE  access_code = ? ";
51      private static final String SQL_QUERY_LOAD_USER = " SELECT access_code, id_user, password_max_valid_date, account_max_valid_date, email FROM core_admin_user WHERE access_code = ? ";
52      private static final String SQL_QUERY_UPDATE_PASSWORD_RESET = "UPDATE core_admin_user set reset_password = ? WHERE id_user = ? ";
53      private static final String SQL_QUERY_UPDATE_PASSWORD = "UPDATE core_admin_user SET password = ? WHERE access_code = ?";
54  
55      @Inject
56      private IPasswordFactory _passwordFactory;
57  
58      // /////////////////////////////////////////////////////////////////////////////////////
59      // Access methods to data
60  
61      /**
62       * load the data of an user from the table provided by the database authentication module This only provides data specific to the database authentication
63       * module.
64       *
65       * @param strAccessCode
66       *            The access code of user
67       * @param authenticationService
68       *            The AdminAuthentication
69       * @return user The instance of an LuteceDefaultAdminUser's object
70       */
71      public LuteceDefaultAdminUser load( String strAccessCode, AdminAuthentication authenticationService )
72      {
73          LuteceDefaultAdminUserser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
74          try ( DAOUtilsql/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER ) )
75          {
76              daoUtil.setString( 1, strAccessCode );
77              daoUtil.executeQuery( );
78  
79              if ( !daoUtil.next( ) )
80              {
81                  daoUtil.free( );
82                  throw new AppException( "The line doesn't exist " );
83              }
84  
85              String strUserName = daoUtil.getString( 1 );
86              user.setAccessCode( strUserName );
87              user.setAuthenticationService( authenticationService.getAuthServiceName( ) );
88              user.setUserId( daoUtil.getInt( 2 ) );
89              user.setPasswordMaxValidDate( daoUtil.getTimestamp( 3 ) );
90  
91              long accountMaxValidDate = daoUtil.getLong( 4 );
92  
93              if ( accountMaxValidDate > 0 )
94              {
95                  user.setAccountMaxValidDate( new Timestamp( accountMaxValidDate ) );
96              }
97  
98              user.setEmail( daoUtil.getString( 5 ) );
99          }
100 
101         return user;
102     }
103 
104     /**
105      * Set the reset password attribute of the user
106      * 
107      * @param user
108      *            User to update
109      * @param bIsPasswordReset
110      *            New value of the reset password attribute
111      */
112     public void updateResetPassword( LuteceDefaultAdminUser user, boolean bIsPasswordReset )
113     {
114         try ( DAOUtilsql/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD_RESET ) )
115         {
116             daoUtil.setBoolean( 1, bIsPasswordReset );
117             daoUtil.setInt( 2, user.getUserId( ) );
118             daoUtil.executeUpdate( );
119         }
120     }
121 
122     @Override
123     public IPassword loadPassword( String strAccessCode )
124     {
125         IPassword storedPassword;
126         try ( DAOUtilsql/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_PASSWORD ) )
127         {
128             daoUtil.setString( 1, strAccessCode );
129             daoUtil.executeQuery( );
130 
131             if ( daoUtil.next( ) )
132             {
133                 storedPassword = _passwordFactory.getPassword( daoUtil.getString( 1 ) );
134             }
135             else
136             {
137                 // timing resistance
138                 storedPassword = _passwordFactory.getDummyPassword( );
139             }
140         }
141 
142         return storedPassword;
143     }
144 
145     @Override
146     public void store( String strAccessCode, IPassword password )
147     {
148         if ( password.isLegacy( ) )
149         {
150             throw new IllegalArgumentException( "Should not store password in legacy format " + password.getClass( ).getCanonicalName( ) );
151         }
152         try ( DAOUtilsql/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD ) )
153         {
154             daoUtil.setString( 1, password.getStorableRepresentation( ) );
155             daoUtil.setString( 2, strAccessCode );
156             daoUtil.executeUpdate( );
157         }
158     }
159 }