View Javadoc
1   /*
2    * Copyright (c) 2002-2021, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.database.authentication.business;
35  
36  import fr.paris.lutece.plugins.mylutece.modules.database.authentication.BaseUser;
37  import fr.paris.lutece.portal.service.plugin.Plugin;
38  import fr.paris.lutece.portal.service.security.LuteceAuthentication;
39  import fr.paris.lutece.portal.service.security.LuteceUser;
40  import fr.paris.lutece.util.sql.DAOUtil;
41  
42  import java.sql.Timestamp;
43  
44  import java.text.DateFormat;
45  import java.text.SimpleDateFormat;
46  
47  import java.util.ArrayList;
48  import java.util.Collection;
49  import java.util.List;
50  
51  /**
52   * This class provides Data Access methods for authentication (role retrieval).
53   *
54   */
55  public class DatabaseDAO implements IDatabaseDAO
56  {
57      private static final String SQL_QUERY_FIND_USER_BY_LOGIN = "SELECT mylutece_database_user_id, login, name_family, name_given, email, last_login"
58              + " FROM mylutece_database_user WHERE login like ? ";
59      private static final String SQL_QUERY_FIND_RESET_PASSWORD = "SELECT reset_password FROM mylutece_database_user WHERE login like ? ";
60      private static final String SQL_QUERY_FIND_ROLES_FROM_LOGIN = "SELECT b.role_key FROM mylutece_database_user a, mylutece_database_user_role b"
61              + " WHERE a.mylutece_database_user_id = b.mylutece_database_user_id AND a.login like ? ";
62      private static final String SQL_QUERY_FIND_LOGINS_FROM_ROLE = "SELECT a.login FROM mylutece_database_user a, mylutece_database_user_role b"
63              + " WHERE  a.mylutece_database_user_id = b.mylutece_database_user_id AND b.role_key = ? ";
64      private static final String SQL_QUERY_DELETE_ROLES_FOR_USER = "DELETE FROM mylutece_database_user_role WHERE mylutece_database_user_id = ?";
65      private static final String SQL_QUERY_INSERT_ROLE_FOR_USER = "INSERT INTO mylutece_database_user_role ( mylutece_database_user_id, role_key ) VALUES ( ?, ? ) ";
66      private static final String SQL_QUERY_FIND_GROUPS_FROM_LOGIN = "SELECT b.group_key FROM mylutece_database_user a, mylutece_database_user_group b"
67              + " WHERE a.mylutece_database_user_id = b.mylutece_database_user_id AND a.login like ? ";
68      private static final String SQL_QUERY_DELETE_GROUPS_FOR_USER = "DELETE FROM mylutece_database_user_group WHERE mylutece_database_user_id = ?";
69      private static final String SQL_QUERY_INSERT_GROUP_FOR_USER = "INSERT INTO mylutece_database_user_group ( mylutece_database_user_id, group_key ) VALUES ( ?, ? ) ";
70      private static final String SQL_QUERY_SELECTALL = " SELECT mylutece_database_user_id, login, name_family, name_given, email FROM mylutece_database_user ";
71      private static final String SQL_QUERY_FIND_USERS_FROM_GROUP_KEY = "SELECT a.mylutece_database_user_id, a.login, a.name_family, a.name_given, a.email FROM mylutece_database_user a "
72              + " INNER JOIN mylutece_database_user_group b ON a.mylutece_database_user_id = b.mylutece_database_user_id WHERE b.group_key = ? ";
73      private static final String SQL_QUERY_FIND_PASSWORD_MAX_VALID_DATE = "SELECT password_max_valid_date FROM mylutece_database_user WHERE login like ? ";
74      private static final String SQL_QUERY_UPDATE_RESET_PASSWORD_FROM_LOGIN = "UPDATE mylutece_database_user SET reset_password = ? WHERE login like ? ";
75      private static final String SQL_QUERY_SELECT_USER_ID_FROM_LOGIN = "SELECT mylutece_database_user_id FROM mylutece_database_user WHERE login like ? ";
76  
77      /**
78       * Find DatabaseUser by login
79       *
80       * @param strLogin
81       *            the login
82       * @param plugin
83       *            The Plugin using this data access service
84       * @param authenticationService
85       *            the LuteceAuthentication object
86       * @return DatabaseUser the user corresponding to the login
87       */
88      @Override
89      public BaseUser selectLuteceUserByLogin( String strLogin, Plugin plugin, LuteceAuthentication authenticationService )
90      {
91          BaseUser user = null;
92          try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_USER_BY_LOGIN, plugin ) )
93          {
94              daoUtil.setString( 1, strLogin );
95              daoUtil.executeQuery( );
96  
97              if ( daoUtil.next( ) )
98              {
99                  String strLastName = daoUtil.getString( 3 );
100                 String strFirstName = daoUtil.getString( 4 );
101                 String strEmail = daoUtil.getString( 5 );
102                 Timestamp dateLastLogin = daoUtil.getTimestamp( 6 );
103 
104                 user = new BaseUser( strLogin, authenticationService );
105 
106                 user.setEmail( strEmail );
107                 user.setLuteceAuthenticationService( authenticationService );
108                 user.setUserInfo( LuteceUser.NAME_FAMILY, strLastName );
109                 user.setUserInfo( LuteceUser.NAME_GIVEN, strFirstName );
110                 user.setUserInfo( LuteceUser.BUSINESS_INFO_ONLINE_EMAIL, strEmail );
111 
112                 if ( ( dateLastLogin != null ) && !dateLastLogin.equals( DatabaseUser.DEFAULT_DATE_LAST_LOGIN ) )
113                 {
114                     DateFormat dateFormat = new SimpleDateFormat( );
115                     user.setUserInfo( LuteceUser.DATE_LAST_LOGIN, dateFormat.format( dateLastLogin ) );
116                 }
117             }
118         }
119         return user;
120     }
121 
122     /**
123      * Check if a user has reset his password from his login
124      *
125      * @param strLogin
126      *            the login
127      * @param plugin
128      *            The Plugin using this data access service
129      * @return boolean true if the password vhas been reset, false otherwise
130      */
131     @Override
132     public boolean selectResetPasswordFromLogin( String strLogin, Plugin plugin )
133     {
134         boolean bResult = false;
135         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_RESET_PASSWORD, plugin ) )
136         {
137             daoUtil.setString( 1, strLogin );
138             daoUtil.executeQuery( );
139 
140             if ( daoUtil.next( ) )
141             {
142                 bResult = daoUtil.getBoolean( 1 );
143             }
144 
145         }
146         return bResult;
147     }
148 
149     /**
150      * Gets the password max valid date of a user from his login.
151      * 
152      * @param strLogin
153      *            the login of the user
154      * @param plugin
155      *            The plugin
156      * @return The date of end of validity of the password of the user, or null if none has been set.
157      */
158     @Override
159     public Timestamp selectPasswordMaxValideDateFromLogin( String strLogin, Plugin plugin )
160     {
161         Timestamp passwordMaxValideDate = null;
162         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_PASSWORD_MAX_VALID_DATE, plugin ) )
163         {
164             daoUtil.setString( 1, strLogin );
165             daoUtil.executeQuery( );
166 
167             if ( daoUtil.next( ) )
168             {
169                 passwordMaxValideDate = daoUtil.getTimestamp( 1 );
170             }
171         }
172 
173         return passwordMaxValideDate;
174     }
175 
176     /**
177      * Load the list of {@link BaseUser}
178      * 
179      * @param plugin
180      *            The Plugin using this data access service
181      * @param authenticationService
182      *            the authentication service
183      * @return The Collection of the {@link BaseUser}
184      */
185     @Override
186     public Collection<BaseUser> selectLuteceUserList( Plugin plugin, LuteceAuthentication authenticationService )
187     {
188         Collection<BaseUser> listBaseUsers = new ArrayList<>( );
189         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECTALL, plugin ) )
190         {
191             daoUtil.executeQuery( );
192 
193             while ( daoUtil.next( ) )
194             {
195                 BaseUserce/plugins/mylutece/modules/database/authentication/BaseUser.html#BaseUser">BaseUser user = new BaseUser( daoUtil.getString( 2 ), authenticationService );
196                 user.setUserInfo( LuteceUser.NAME_FAMILY, daoUtil.getString( 3 ) );
197                 user.setUserInfo( LuteceUser.NAME_GIVEN, daoUtil.getString( 4 ) );
198 
199                 String strEmail = daoUtil.getString( 5 );
200                 user.setUserInfo( LuteceUser.BUSINESS_INFO_ONLINE_EMAIL, strEmail );
201                 user.setEmail( strEmail );
202                 listBaseUsers.add( user );
203             }
204 
205         }
206         return listBaseUsers;
207     }
208 
209     /**
210      * Find user's roles by login
211      *
212      * @param strLogin
213      *            the login
214      * @param plugin
215      *            The Plugin using this data access service
216      * @return ArrayList the roles key list corresponding to the login
217      */
218     @Override
219     public List<String> selectUserRolesFromLogin( String strLogin, Plugin plugin )
220     {
221         List<String> arrayRoles = new ArrayList<>( );
222         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_ROLES_FROM_LOGIN, plugin ) )
223         {
224             daoUtil.setString( 1, strLogin );
225             daoUtil.executeQuery( );
226 
227             while ( daoUtil.next( ) )
228             {
229                 arrayRoles.add( daoUtil.getString( 1 ) );
230             }
231         }
232         return arrayRoles;
233     }
234 
235     /**
236      * Delete roles for a user
237      * 
238      * @param nIdUser
239      *            The id of the user
240      * @param plugin
241      *            The Plugin using this data access service
242      */
243     @Override
244     public void deleteRolesForUser( int nIdUser, Plugin plugin )
245     {
246         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_ROLES_FOR_USER, plugin ) )
247         {
248             daoUtil.setInt( 1, nIdUser );
249 
250             daoUtil.executeUpdate( );
251         }
252     }
253 
254     /**
255      * Assign a role to user
256      * 
257      * @param nIdUser
258      *            The id of the user
259      * @param strRoleKey
260      *            The key of the role
261      * @param plugin
262      *            The Plugin using this data access service
263      */
264     @Override
265     public void createRoleForUser( int nIdUser, String strRoleKey, Plugin plugin )
266     {
267         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_INSERT_ROLE_FOR_USER, plugin ) )
268         {
269             daoUtil.setInt( 1, nIdUser );
270             daoUtil.setString( 2, strRoleKey );
271 
272             daoUtil.executeUpdate( );
273         }
274     }
275 
276     /**
277      * Find user's groups by login
278      *
279      * @param strLogin
280      *            The login
281      * @param plugin
282      *            The Plugin using this data access service
283      * @return ArrayList the group key list corresponding to the login
284      */
285     @Override
286     public List<String> selectUserGroupsFromLogin( String strLogin, Plugin plugin )
287     {
288         List<String> arrayGroups = new ArrayList<>( );
289         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_GROUPS_FROM_LOGIN, plugin ) )
290         {
291             daoUtil.setString( 1, strLogin );
292             daoUtil.executeQuery( );
293 
294             while ( daoUtil.next( ) )
295             {
296                 arrayGroups.add( daoUtil.getString( 1 ) );
297             }
298 
299         }
300         return arrayGroups;
301     }
302 
303     /**
304      * Load the list of DatabaseUsers for a Lutece role
305      * 
306      * @param strRoleKey
307      *            The role key of DatabaseUser
308      * @param plugin
309      *            The Plugin using this data access service
310      * @return The Collection of the DatabaseUsers
311      */
312     @Override
313     public Collection<String> selectLoginListForRoleKey( String strRoleKey, Plugin plugin )
314     {
315         Collection<String> listLogins = new ArrayList<>( );
316         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_LOGINS_FROM_ROLE, plugin ) )
317         {
318             daoUtil.setString( 1, strRoleKey );
319             daoUtil.executeQuery( );
320 
321             while ( daoUtil.next( ) )
322             {
323                 listLogins.add( daoUtil.getString( 1 ) );
324             }
325 
326         }
327 
328         return listLogins;
329     }
330 
331     /**
332      * Delete groups for a user
333      * 
334      * @param nIdUser
335      *            The id of the user
336      * @param plugin
337      *            The Plugin using this data access service
338      */
339     @Override
340     public void deleteGroupsForUser( int nIdUser, Plugin plugin )
341     {
342         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_GROUPS_FOR_USER, plugin ) )
343         {
344             daoUtil.setInt( 1, nIdUser );
345 
346             daoUtil.executeUpdate( );
347         }
348     }
349 
350     /**
351      * Assign a group to user
352      * 
353      * @param nIdUser
354      *            The id of the user
355      * @param strGroupKey
356      *            The key of the group
357      * @param plugin
358      *            The Plugin using this data access service
359      */
360     @Override
361     public void createGroupForUser( int nIdUser, String strGroupKey, Plugin plugin )
362     {
363         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_INSERT_GROUP_FOR_USER, plugin ) )
364         {
365             daoUtil.setInt( 1, nIdUser );
366             daoUtil.setString( 2, strGroupKey );
367 
368             daoUtil.executeUpdate( );
369         }
370     }
371 
372     /**
373      * Find assigned users to the given group
374      * 
375      * @param strGroupKey
376      *            The group key
377      * @param plugin
378      *            Plugin
379      * @return a list of DatabaseUser
380      */
381     @Override
382     public List<DatabaseUser> selectGroupUsersFromGroupKey( String strGroupKey, Plugin plugin )
383     {
384         List<DatabaseUser> listUsers = new ArrayList<>( );
385         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_FIND_USERS_FROM_GROUP_KEY, plugin ) )
386         {
387             daoUtil.setString( 1, strGroupKey );
388             daoUtil.executeQuery( );
389 
390             while ( daoUtil.next( ) )
391             {
392                 DatabaseUser user = DatabaseUserFactory.getFactory( ).newDatabaseUser( );
393                 user.setUserId( daoUtil.getInt( 1 ) );
394                 user.setLogin( daoUtil.getString( 2 ) );
395                 user.setLastName( daoUtil.getString( 3 ) );
396                 user.setFirstName( daoUtil.getString( 4 ) );
397                 user.setEmail( daoUtil.getString( 5 ) );
398                 listUsers.add( user );
399             }
400 
401         }
402 
403         return listUsers;
404     }
405 
406     /**
407      * Update the reset password attribut of a user from his login
408      * 
409      * @param strUserName
410      *            Login of the user to update
411      * @param bNewValue
412      *            New value
413      * @param plugin
414      *            The plugin
415      */
416     @Override
417     public void updateResetPasswordFromLogin( String strUserName, boolean bNewValue, Plugin plugin )
418     {
419         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_RESET_PASSWORD_FROM_LOGIN, plugin ) )
420         {
421 
422             daoUtil.setBoolean( 1, bNewValue );
423             daoUtil.setString( 2, strUserName );
424             daoUtil.executeUpdate( );
425 
426         }
427     }
428 
429     /**
430      * {@inheritDoc}
431      */
432     @Override
433     public int findUserIdFromLogin( String strLogin, Plugin plugin )
434     {
435         int nRes = -1;
436         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_USER_ID_FROM_LOGIN, plugin ) )
437         {
438             daoUtil.setString( 1, strLogin );
439             daoUtil.executeQuery( );
440 
441             if ( daoUtil.next( ) )
442             {
443                 nRes = daoUtil.getInt( 1 );
444             }
445         }
446         return nRes;
447     }
448 }