View Javadoc
1   /*
2    * Copyright (c) 2002-2017, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.adminauthenticationdatabase;
35  
36  import fr.paris.lutece.portal.business.user.AdminUser;
37  import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
38  import fr.paris.lutece.portal.service.util.AppException;
39  import fr.paris.lutece.util.sql.DAOUtil;
40  
41  import java.util.ArrayList;
42  import java.util.Collection;
43  
44  
45  /**
46   * This class provides Data Access methods for AdminDatabaseUser objects
47   */
48  public class AdminDatabaseUserDAO
49  {
50      public static final int USER_NOTFOUND = -1;
51      public static final int INVALID_PASSWORD = -2;
52      public static final int USER_OK = 0;
53      public static final String SQL_QUERY_CHECK_PASSWORD = "SELECT password FROM admin_auth_db_module WHERE  access_code = ? ";
54      public static final String SQL_QUERY_LOAD_USER = " SELECT last_name, first_name, email FROM admin_auth_db_module WHERE access_code = ? ";
55      private static final String SQL_QUERY_SELECT_ALL_DATABASE_USERS = "SELECT access_code, last_name, first_name, email * FROM admin_auth_db_module";
56  
57      /** This class implements the Singleton design pattern. */
58      private static AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO(  );
59  
60      /**
61       * Returns the unique instance of the singleton.
62       *
63       * @return the instance
64       */
65      static AdminDatabaseUserDAO getInstance(  )
66      {
67          return _dao;
68      }
69  
70      ///////////////////////////////////////////////////////////////////////////////////////
71      //Access methods to data
72  
73      /**
74       * Check the password of a given user into the table provided by the database authentication module
75       * @param strAccessCode The name of the user
76       * @param strPassword the user password
77       * @return the the error number
78       */
79      public int checkPassword( String strAccessCode, String strPassword )
80      {
81          DAOUtil daoUtil = new DAOUtil( SQL_QUERY_CHECK_PASSWORD );
82          daoUtil.setString( 1, strAccessCode );
83          daoUtil.executeQuery(  );
84  
85          if ( !daoUtil.next(  ) )
86          {
87              daoUtil.free(  );
88  
89              return USER_NOTFOUND;
90          }
91  
92          String strStoredPassword = daoUtil.getString( 1 );
93          daoUtil.free(  );
94  
95          if ( !strStoredPassword.equals( strPassword ) )
96          {
97              daoUtil.free(  );
98  
99              return INVALID_PASSWORD;
100         }
101 
102         return USER_OK;
103     }
104 
105     /**
106      * load the data of an user from the table provided by the database authentication module
107      * This only provides data specific to the database authentication module.
108      *
109      * @param strAccessCode The access code of user
110      * @param authenticationService The AdminAuthentication
111      * @return user The instance of an AdminDatabaseUser's object
112      */
113     public AdminDatabaseUser load( String strAccessCode, AdminAuthentication authenticationService )
114     {
115         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER );
116         daoUtil.setString( 1, strAccessCode );
117         daoUtil.executeQuery(  );
118 
119         if ( !daoUtil.next(  ) )
120         {
121             daoUtil.free(  );
122             throw new AppException( "The line doesn't exist " );
123         }
124 
125         String strUserName = daoUtil.getString( 1 );
126         AdminDatabaseUser user = new AdminDatabaseUser( strUserName, authenticationService );
127         user.setDateValidityPassword( daoUtil.getDate( 3 ) );
128         user.setLastPassword( daoUtil.getString( 4 ) );
129 
130         daoUtil.free(  );
131 
132         return user;
133     }
134 
135     /**
136      * load the data of an user from the table provided by the database authentication module with criterias
137      *
138      * @param strLastName The last name of user
139      * @param strFirstName The first name of user
140      * @param strEmail The email of user
141      * @param authenticationService The AdminAuthentication
142      * @return user The instance of an AdminDatabaseUser's object
143      */
144     public Collection<AdminDatabaseUser> selectAllDatabaseUsers( String strLastName, String strFirstName,
145         String strEmail, AdminAuthentication authenticationService )
146     {
147         Collection<AdminDatabaseUser> userList = new ArrayList<AdminDatabaseUser>(  );
148 
149         String strSql = SQL_QUERY_SELECT_ALL_DATABASE_USERS;
150         int nCountCriterias = 0;
151 
152         // last name criteria
153         if ( ( strLastName != null ) && ( !strLastName.equals( "" ) ) )
154         {
155             strSql += ( ( nCountCriterias > 0 ) ? "AND " : "WHERE " );
156             strSql += "last_name LIKE ? ";
157             nCountCriterias++;
158         }
159 
160         // first name criteria
161         if ( ( strFirstName != null ) && ( !strFirstName.equals( "" ) ) )
162         {
163             strSql += ( ( nCountCriterias > 0 ) ? "AND " : "WHERE " );
164             strSql += "first_name LIKE ? ";
165             nCountCriterias++;
166         }
167 
168         // email criteria
169         if ( ( strEmail != null ) && ( !strEmail.equals( "" ) ) )
170         {
171             strSql += ( ( nCountCriterias > 0 ) ? "AND " : "WHERE " );
172             strSql += "email LIKE ? ";
173             nCountCriterias++;
174         }
175 
176         DAOUtil daoUtil = new DAOUtil( strSql );
177 
178         if ( ( strEmail != null ) && ( !strEmail.equals( "" ) ) )
179         {
180             daoUtil.setString( nCountCriterias, strEmail + '%' );
181             nCountCriterias--;
182         }
183 
184         if ( ( strFirstName != null ) && ( !strFirstName.equals( "" ) ) )
185         {
186             daoUtil.setString( nCountCriterias, strFirstName + '%' );
187             nCountCriterias--;
188         }
189 
190         if ( ( strLastName != null ) && ( !strLastName.equals( "" ) ) )
191         {
192             daoUtil.setString( nCountCriterias, strLastName + '%' );
193             nCountCriterias--;
194         }
195 
196         daoUtil.executeQuery(  );
197 
198         while ( daoUtil.next(  ) )
199         {
200             String strLogin = daoUtil.getString( 1 );
201             AdminDatabaseUser user = new AdminDatabaseUser( strLogin, authenticationService );
202             user.setLastName( daoUtil.getString( 2 ) );
203             user.setFirstName( daoUtil.getString( 3 ) );
204             user.setEmail( daoUtil.getString( 4 ) );
205             userList.add( user );
206         }
207 
208         daoUtil.free(  );
209 
210         return userList;
211     }
212 
213     /**
214      * load the data of an user from the table provided by the database authentication module
215      * This provides public data specific to the database authentication module.
216      *
217      * @param strAccessCode The access code of user
218      * @param authenticationService The AdminAuthentication
219      * @return user The instance of an AdminDatabaseUser's object
220      */
221     public AdminUser selectUserPublicData( String strAccessCode, AdminAuthentication authenticationService )
222     {
223         AdminUser user = null;
224         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER );
225         daoUtil.setString( 1, strAccessCode );
226         daoUtil.executeQuery(  );
227 
228         if ( daoUtil.next(  ) )
229         {
230             user = new AdminUser( strAccessCode, authenticationService );
231             user.setLastName( daoUtil.getString( 1 ) );
232             user.setFirstName( daoUtil.getString( 2 ) );
233             user.setEmail( daoUtil.getString( 3 ) );
234         }
235 
236         daoUtil.free(  );
237 
238         return user;
239     }
240 }