1 /*
2 * Copyright (c) 2002-2025, City of Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.portal.business.user;
35
36 import fr.paris.lutece.portal.business.rbac.RBACRole;
37 import fr.paris.lutece.portal.business.right.Right;
38 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
39 import fr.paris.lutece.portal.service.spring.SpringContextService;
40 import fr.paris.lutece.portal.service.util.CryptoService;
41 import fr.paris.lutece.util.password.IPassword;
42
43 import java.sql.Timestamp;
44
45 import java.util.Collection;
46 import java.util.Date;
47 import java.util.List;
48 import java.util.Map;
49
50 /**
51 * This class provides instances management methods (create, find, ...) for AdminUser objects
52 */
53 public final class AdminUserHome
54 {
55 // Static variable pointed at the DAO instance
56 private static IAdminUserDAO _dao = SpringContextService.getBean( "adminUserDAO" );
57
58 /**
59 * Private constructor
60 */
61 private AdminUserHome( )
62 {
63 }
64
65 /**
66 * Get the user infos from the access code.
67 *
68 * @param strUserLogin
69 * the login
70 * @return user info
71 */
72 public static AdminUser findUserByLogin( String strUserLogin )
73 {
74 return _dao.selectUserByAccessCode( strUserLogin );
75 }
76
77 /**
78 * Get the user infos from the access code.
79 *
80 * @param strUserLogin
81 * the login
82 * @param user the user to load
83 * @return user info
84 */
85 public static <T extends AdminUser> T findUserByLogin( String strUserLogin,T user )
86 {
87 return _dao.selectUserByAccessCode( strUserLogin ,user);
88 }
89
90
91 /**
92 * Get the user access code from its email.
93 *
94 * @param strEmail
95 * The email
96 * @return The access code of the user with the given email, or null if no user has been found
97 */
98 public static String findUserByEmail( String strEmail )
99 {
100 return _dao.selectUserByEmail( strEmail );
101 }
102
103 /**
104 * Get the user infos from user id
105 *
106 * @param nUserId
107 * the user identifier
108 * @return The user
109 */
110 public static AdminUser findByPrimaryKey( int nUserId )
111 {
112 return _dao.load( nUserId );
113 }
114
115 /**
116 * @return the user list
117 */
118 public static Collection<AdminUser> findUserList( )
119 {
120 return _dao.selectUserList( );
121 }
122
123 /**
124 * @param user
125 * The AdminUser
126 */
127 public static void create( AdminUser user )
128 {
129 _dao.insert( user );
130 }
131
132 /**
133 * @param user
134 * The AdminUser
135 */
136 public static void update( AdminUser user )
137 {
138 _dao.store( user );
139 }
140
141 /**
142 * @param nUserId
143 * the user identifier
144 */
145 public static void remove( int nUserId )
146 {
147 _dao.delete( nUserId );
148 }
149
150 /**
151 * Get the right list associated to a given user id
152 *
153 * @param nUserId
154 * the id of the user to retrieve rights
155 * @return the right list
156 */
157 public static Map<String, Right> getRightsListForUser( int nUserId )
158 {
159 return _dao.selectRightsListForUser( nUserId );
160 }
161
162 /**
163 * @param nUserId
164 * The user identifier
165 * @param strRightId
166 * The right identifier
167 */
168 public static void createRightForUser( int nUserId, String strRightId )
169 {
170 _dao.insertRightsListForUser( nUserId, strRightId );
171 }
172
173 /**
174 * @param nUserId
175 * The user identifier
176 */
177 public static void removeAllRightsForUser( int nUserId )
178 {
179 _dao.deleteAllRightsForUser( nUserId );
180 }
181
182 /**
183 * @param user
184 * The Admin User object
185 */
186 public static void removeAllDelegatedRightsForUser( AdminUser user )
187 {
188 _dao.deleteAllDelegatedRightsForUser( user.getUserId( ), user.getUserLevel( ) );
189 }
190
191 /**
192 * @param user
193 * The Admin User object
194 */
195 public static void removeAllOwnRightsForUser( AdminUser user )
196 {
197 _dao.deleteAllOwnRightsForUser( user.getUserId( ), user.getUserLevel( ) );
198 }
199
200 /**
201 * Get the role list associated to a given user id
202 *
203 * @param nUserId
204 * the id of the user to retrieve rights
205 * @return the role list
206 */
207 public static Map<String, RBACRole> getRolesListForUser( int nUserId )
208 {
209 return _dao.selectRolesListForUser( nUserId );
210 }
211
212 /**
213 * @param nUserId
214 * the id of the user
215 * @param strRightId
216 * the right identifier
217 */
218 public static void createRoleForUser( int nUserId, String strRightId )
219 {
220 _dao.insertRolesListForUser( nUserId, strRightId );
221 }
222
223 /**
224 * @param nUserId
225 * the user identifier
226 */
227 public static void removeAllRolesForUser( int nUserId )
228 {
229 _dao.deleteAllRolesForUser( nUserId );
230 }
231
232 /**
233 * Checks wether the role is in use or not
234 *
235 * @param strRoleKey
236 * the role key to check
237 * @return true if the role is attributed, false otherwise
238 */
239 public static boolean checkRoleAttributed( String strRoleKey )
240 {
241 return _dao.checkRoleAttributed( strRoleKey );
242 }
243
244 /**
245 * Checks if a given login is already in use
246 *
247 * @param strAccessCode
248 * The login
249 * @return user ID if the access code is already used by another user, -1 otherwise
250 */
251 public static int checkAccessCodeAlreadyInUse( String strAccessCode )
252 {
253 return _dao.checkAccessCodeAlreadyInUse( strAccessCode );
254 }
255
256 /**
257 * Checks if a given email is already in use
258 *
259 * @param strEmail
260 * The email
261 * @return user ID if the email is already used by another user, -1 otherwise
262 */
263 public static int checkEmailAlreadyInUse( String strEmail )
264 {
265 return _dao.checkEmailAlreadyInUse( strEmail );
266 }
267
268 /**
269 * Check if the user has the role
270 *
271 * @param user
272 * The AdminUser
273 * @param strRoleKey
274 * The role Key
275 * @return true if the user has the role
276 */
277 public static boolean hasRole( AdminUser user, String strRoleKey )
278 {
279 return _dao.hasRole( user.getUserId( ), strRoleKey );
280 }
281
282 /**
283 * Remove role for an user
284 *
285 * @param nUserId
286 * The ID of the user
287 * @param strRoleKey
288 * The role key
289 */
290 public static void removeRoleForUser( int nUserId, String strRoleKey )
291 {
292 _dao.deleteRoleForUser( nUserId, strRoleKey );
293 }
294
295 // ////////////////////////////////////////////////////////////////
296 // / for no-module mode
297
298 /**
299 * @param user
300 * the LuteceDefaultAdminUSer
301 */
302 public static void create( LuteceDefaultAdminUser user )
303 {
304 _dao.insert( user );
305 }
306
307 /**
308 * @param user
309 * the LuteceDefaultAdminUSer
310 */
311 public static void update( LuteceDefaultAdminUser user )
312 {
313 update( user, PasswordUpdateMode.UPDATE );
314 }
315
316 /**
317 * @param user
318 * the LuteceDefaultAdminUSer
319 * @param passwordMode
320 * should the password be updated or not
321 */
322 public static void update( LuteceDefaultAdminUser user, PasswordUpdateMode passwordMode )
323 {
324 _dao.store( user, passwordMode );
325 }
326
327 /**
328 * Get the user infos from user id
329 *
330 * @param nUserId
331 * the user identifier
332 * @return the delfault admin user
333 */
334 public static LuteceDefaultAdminUser findLuteceDefaultAdminUserByPrimaryKey( int nUserId )
335 {
336 return _dao.loadDefaultAdminUser( nUserId );
337 }
338
339 /**
340 * Get all users having a given role
341 *
342 * @param strRoleKey
343 * The role key
344 * @return A collection of AdminUser
345 */
346 public static Collection<AdminUser> findByRole( String strRoleKey )
347 {
348 return _dao.selectUsersByRole( strRoleKey );
349 }
350
351 /**
352 * Get all users having a given level
353 *
354 * @param nIdLevel
355 * The level
356 * @return A collection of AdminUser
357 */
358 public static Collection<AdminUser> findByLevel( int nIdLevel )
359 {
360 return _dao.selectUsersByLevel( nIdLevel );
361 }
362
363 /**
364 * Update role key if role key name has change
365 *
366 * @param strOldRoleKey
367 * The old role key name
368 * @param role
369 * The new role
370 */
371 public static void updateUsersRole( String strOldRoleKey, RBACRole role )
372 {
373 _dao.storeUsersRole( strOldRoleKey, role );
374 }
375
376 /**
377 * Get all users by using a filter.
378 *
379 * @param auFilter
380 * The filter
381 * @return A collection of AdminUser
382 */
383 public static Collection<AdminUser> findUserByFilter( AdminUserFilter auFilter )
384 {
385 return _dao.selectUsersByFilter( auFilter );
386 }
387
388 /**
389 * Get all users having a given right
390 *
391 * @param strIdRight
392 * The ID right
393 * @return A collection of AdminUser
394 */
395 public static Collection<AdminUser> findByRight( String strIdRight )
396 {
397 return _dao.selectUsersByRight( strIdRight );
398 }
399
400 /**
401 * Check if the user has the given right
402 *
403 * @param user
404 * The Admin User
405 * @param strIdRight
406 * The ID right
407 * @return true if the user has the right
408 */
409 public static boolean hasRight( AdminUser user, String strIdRight )
410 {
411 return _dao.hasRight( user.getUserId( ), strIdRight );
412 }
413
414 /**
415 * Remove a right for an user
416 *
417 * @param nUserId
418 * The user ID
419 * @param strIdRight
420 * The right ID
421 */
422 public static void removeRightForUser( int nUserId, String strIdRight )
423 {
424 _dao.deleteRightForUser( nUserId, strIdRight );
425 }
426
427 /**
428 * Gets the history of password of the given user
429 *
430 * @param nUserID
431 * Id of the user
432 * @return The collection of recent passwords used by the user.
433 */
434 public static List<IPassword> selectUserPasswordHistory( int nUserID )
435 {
436 return _dao.selectUserPasswordHistory( nUserID );
437 }
438
439 /**
440 * Get the number of password change done by a user since the given date.
441 *
442 * @param minDate
443 * Minimum date to consider.
444 * @param nUserId
445 * Id of the user
446 * @return The number of password change done by the user since the given date.
447 */
448 public static int countUserPasswordHistoryFromDate( Timestamp minDate, int nUserId )
449 {
450 return _dao.countUserPasswordHistoryFromDate( minDate, nUserId );
451 }
452
453 /**
454 * Log a password change in the password history
455 *
456 * @param password
457 * New password of the user
458 * @param nUserId
459 * Id of the user
460 */
461 public static void insertNewPasswordInHistory( IPassword password, int nUserId )
462 {
463 _dao.insertNewPasswordInHistory( password, nUserId );
464 }
465
466 /**
467 * Remove every password saved in the password history for a user.
468 *
469 * @param nUserId
470 * Id of the user
471 */
472 public static void removeAllPasswordHistoryForUser( int nUserId )
473 {
474 _dao.removeAllPasswordHistoryForUser( nUserId );
475 }
476
477 /**
478 * Get a map of anonymization status of a user field.
479 *
480 * @return A map containing the associations of user field name and a boolean describing whether the field should be anonymized.
481 */
482 public static Map<String, Boolean> getAnonymizationStatusUserStaticField( )
483 {
484 return _dao.selectAnonymizationStatusUserStaticField( );
485 }
486
487 /**
488 * Update the anonymization status of a user field.
489 *
490 * @param strFieldName
491 * Name of the field to update
492 * @param bAnonymizeFiled
493 * True if the field should be anonymize, false otherwise
494 */
495 public static void updateAnonymizationStatusUserStaticField( String strFieldName, boolean bAnonymizeFiled )
496 {
497 _dao.updateAnonymizationStatusUserStaticField( strFieldName, bAnonymizeFiled );
498 }
499
500 /**
501 * Get the list of id of user with the expired status.
502 *
503 * @return The list of if of user with the expired status.
504 */
505 public static List<Integer> findAllExpiredUserId( )
506 {
507 return _dao.findAllExpiredUserId( );
508 }
509
510 /**
511 * Get the list of id of users that have an expired time life but not the expired status
512 *
513 * @param currentTimestamp
514 * Timestamp describing the current time.
515 * @return the list of id of users with expired time life
516 */
517 public static List<Integer> getIdUsersWithExpiredLifeTimeList( Timestamp currentTimestamp )
518 {
519 return _dao.getIdUsersWithExpiredLifeTimeList( currentTimestamp );
520 }
521
522 /**
523 * Get the list of id of users that need to receive their first alert
524 *
525 * @param firstAlertMaxDate
526 * The maximum expiration date to send first alert.
527 * @return the list of id of users that need to receive their first alert
528 */
529 public static List<Integer> getIdUsersToSendFirstAlert( Timestamp firstAlertMaxDate )
530 {
531 return _dao.getIdUsersToSendFirstAlert( firstAlertMaxDate );
532 }
533
534 /**
535 * Get the list of id of users that need to receive their first alert
536 *
537 * @param alertMaxDate
538 * The maximum date to send alerts.
539 * @param timeBetweenAlerts
540 * Timestamp describing the time between two alerts.
541 * @param maxNumberAlerts
542 * Maximum number of alerts to send to a user
543 * @return the list of id of users that need to receive their first alert
544 */
545 public static List<Integer> getIdUsersToSendOtherAlert( Timestamp alertMaxDate, Timestamp timeBetweenAlerts, int maxNumberAlerts )
546 {
547 return _dao.getIdUsersToSendOtherAlert( alertMaxDate, timeBetweenAlerts, maxNumberAlerts );
548 }
549
550 /**
551 * Get the list of id of users that have an expired password but not the change password flag
552 *
553 * @param currentTimestamp
554 * Timestamp describing the current time.
555 * @return the list of id of users with expired passwords
556 */
557 public static List<Integer> getIdUsersWithExpiredPasswordsList( Timestamp currentTimestamp )
558 {
559 return _dao.getIdUsersWithExpiredPasswordsList( currentTimestamp );
560 }
561
562 /**
563 * Update status of a list of user accounts
564 *
565 * @param listIdUser
566 * List of user accounts to update
567 * @param nNewStatus
568 * New status of the user
569 */
570 public static void updateUserStatus( List<Integer> listIdUser, int nNewStatus )
571 {
572 _dao.updateUserStatus( listIdUser, nNewStatus );
573 }
574
575 /**
576 * Increment the number of alert send to users by 1
577 *
578 * @param listIdUser
579 * The list of users to update
580 */
581 public static void updateNbAlert( List<Integer> listIdUser )
582 {
583 _dao.updateNbAlert( listIdUser );
584 }
585
586 /**
587 * Set the "change password" flag of users to true
588 *
589 * @param listIdUser
590 * The list of users to update
591 */
592 public static void updateChangePassword( List<Integer> listIdUser )
593 {
594 _dao.updateChangePassword( listIdUser );
595 }
596
597 /**
598 * Update the admin user expiration date with the new values. Also update his alert account to 0
599 *
600 * @param nIdUser
601 * Id of the admin user to update
602 * @param newExpirationDate
603 * Id of the user to update
604 */
605 public static void updateUserExpirationDate( int nIdUser, Timestamp newExpirationDate )
606 {
607 _dao.updateUserExpirationDate( nIdUser, newExpirationDate );
608 }
609
610 /**
611 * Update the admin user last login date.
612 *
613 * @param nIdUser
614 * Id of the admin user to update
615 * @param dateLastLogin
616 * New last login date of the user
617 */
618 public static void updateDateLastLogin( int nIdUser, Timestamp dateLastLogin )
619 {
620 _dao.updateDateLastLogin( nIdUser, dateLastLogin );
621 }
622
623 /**
624 * Construct a password reset token. Use the numerical userId as it does not change. Use the stored password, so that the token is invalidated if the
625 * password is changed. Use a timestamp to allow limiting the validity of the token in time. Optionally bind the token to the user session. Finally return
626 * an HMAC of this info using the application crypto key.
627 *
628 * @param nIdUser
629 * the user ID
630 * @param timestamp
631 * the timestamp
632 * @param strSessionId
633 * the session ID
634 * @return the password reset token
635 */
636 public static String getUserPasswordResetToken( int nIdUser, Date timestamp, String strSessionId )
637 {
638 LuteceDefaultAdminUser user = _dao.loadDefaultAdminUser( nIdUser );
639 StringBuilder builder = new StringBuilder( );
640 builder.append( "userId:" ).append( nIdUser );
641 IPassword password = user.getPassword( );
642 if ( password != null )
643 {
644 builder.append( ":password:" );
645 if ( password.isLegacy( ) )
646 {
647 builder.append( "legacy" );
648 }
649 else
650 {
651 builder.append( password.getStorableRepresentation( ) );
652 }
653 }
654 builder.append( ":timestamp:" ).append( timestamp.getTime( ) );
655 if ( strSessionId != null )
656 {
657 builder.append( ":sessionId:" ).append( strSessionId );
658 }
659 return CryptoService.hmacSHA256( builder.toString( ) );
660 }
661 }