View Javadoc
1   /*
2    * Copyright (c) 2002-2015, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.user.authentication;
35  
36  import fr.paris.lutece.portal.service.util.AppException;
37  import fr.paris.lutece.util.password.IPassword;
38  import fr.paris.lutece.util.password.IPasswordFactory;
39  import fr.paris.lutece.util.sql.DAOUtil;
40  
41  import java.sql.Timestamp;
42  
43  import javax.inject.Inject;
44  
45  
46  /**
47   * This class provides Data Access methods for LuteceDefaultAdminUser objects
48   */
49  public class LuteceDefaultAdminUserDAO implements ILuteceDefaultAdminUserDAO
50  {
51      private static final String SQL_QUERY_LOAD_PASSWORD = "SELECT password FROM core_admin_user WHERE  access_code = ? ";
52      private static final String SQL_QUERY_LOAD_USER = " SELECT access_code, id_user, password_max_valid_date, account_max_valid_date, email FROM core_admin_user WHERE access_code = ? ";
53      private static final String SQL_QUERY_UPDATE_PASSWORD_RESET = "UPDATE core_admin_user set reset_password = ? WHERE id_user = ? ";
54      private static final String SQL_QUERY_UPDATE_PASSWORD = "UPDATE core_admin_user SET password = ? WHERE access_code = ?";
55  
56      @Inject
57      private IPasswordFactory _passwordFactory;
58  
59      // /////////////////////////////////////////////////////////////////////////////////////
60      // Access methods to data
61  
62      /**
63       * load the data of an user from the table provided by the database authentication module This only provides data specific to the database authentication module.
64       *
65       * @param strAccessCode The access code of user
66       * @param authenticationService The AdminAuthentication
67       * @return user The instance of an LuteceDefaultAdminUser's object
68       */
69      public LuteceDefaultAdminUser load( String strAccessCode, AdminAuthentication authenticationService )
70      {
71          DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_USER );
72          daoUtil.setString( 1, strAccessCode );
73          daoUtil.executeQuery(  );
74  
75          if ( !daoUtil.next(  ) )
76          {
77              daoUtil.free(  );
78              throw new AppException( "The line doesn't exist " );
79          }
80  
81          String strUserName = daoUtil.getString( 1 );
82          LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( strUserName, authenticationService );
83          user.setUserId( daoUtil.getInt( 2 ) );
84          user.setPasswordMaxValidDate( daoUtil.getTimestamp( 3 ) );
85  
86          long accountMaxValidDate = daoUtil.getLong( 4 );
87  
88          if ( accountMaxValidDate > 0 )
89          {
90              user.setAccountMaxValidDate( new Timestamp( accountMaxValidDate ) );
91          }
92  
93          user.setEmail( daoUtil.getString( 5 ) );
94          daoUtil.free(  );
95  
96          return user;
97      }
98  
99      /**
100      * Set the reset password attribute of the user
101      * @param user User to update
102      * @param bIsPasswordReset New value of the reset password attribute
103      */
104     public void updateResetPassword( LuteceDefaultAdminUser user, boolean bIsPasswordReset )
105     {
106         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD_RESET );
107         daoUtil.setBoolean( 1, bIsPasswordReset );
108         daoUtil.setInt( 2, user.getUserId(  ) );
109         daoUtil.executeUpdate(  );
110         daoUtil.free(  );
111     }
112 
113     @Override
114     public IPassword loadPassword( String strAccessCode )
115     {
116         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_LOAD_PASSWORD );
117         daoUtil.setString( 1, strAccessCode );
118         daoUtil.executeQuery(  );
119 
120         IPassword storedPassword;
121         try
122         {
123             if ( daoUtil.next(  ) )
124             {
125                 storedPassword = _passwordFactory.getPassword( daoUtil.getString( 1 ) );
126             } else
127             {
128                 // timing resistance
129                 storedPassword = _passwordFactory.getDummyPassword(  );
130             }
131         } finally
132         {
133             daoUtil.free(  );
134         }
135 
136         return storedPassword;
137     }
138 
139     @Override
140     public void store( String strAccessCode, IPassword password )
141     {
142         if ( password.isLegacy( ) )
143         {
144             throw new IllegalArgumentException( "Should not store password in legacy format " + password.getClass( ).getCanonicalName( ) );
145         }
146         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_PASSWORD );
147         try
148         {
149             daoUtil.setString( 1, password.getStorableRepresentation(  ) );
150             daoUtil.setString( 2, strAccessCode );
151             daoUtil.executeUpdate(  );
152         } finally
153         {
154             daoUtil.free(  );
155         }
156     }
157 }