import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.util.Notary;
import org.cacert.gigi.util.PasswordHash;
import org.cacert.gigi.util.PasswordStrengthChecker;
private Locale locale;
- private Set<Group> groups = new HashSet<>();
+ private final Set<Group> groups = new HashSet<>();
protected User(GigiResultSet rs) {
super(rs.getInt("id"));
locale = Language.getLocaleFromString(localeStr);
}
- GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT permission FROM user_groups WHERE user=? AND deleted is NULL");
+ GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT `permission` FROM `user_groups` WHERE `user`=? AND `deleted` is NULL");
psg.setInt(1, rs.getInt("id"));
try (GigiResultSet rs2 = psg.executeQuery()) {
}
}
- public User() {}
-
- public String getFName() {
- return name.fname;
- }
-
- public String getLName() {
- return name.lname;
- }
-
- public String getMName() {
- return name.mname;
+ public User(String email, String password, Name name, Date dob, Locale locale) throws GigiApiException {
+ this.email = email;
+ this.dob = dob;
+ this.name = name;
+ this.locale = locale;
+ GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("INSERT INTO `users` SET `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `language`=?, id=?");
+ query.setString(1, email);
+ query.setString(2, PasswordHash.hash(password));
+ query.setString(3, name.getFname());
+ query.setString(4, name.getMname());
+ query.setString(5, name.getLname());
+ query.setString(6, name.getSuffix());
+ query.setDate(7, dob);
+ query.setString(8, locale.toString());
+ query.setInt(9, getId());
+ query.execute();
+ new EmailAddress(this, email, locale);
}
public Name getName() {
return name;
}
- public void setMName(String mname) {
- this.name.mname = mname;
- }
-
- public String getSuffix() {
- return name.suffix;
- }
-
- public void setSuffix(String suffix) {
- this.name.suffix = suffix;
- }
-
public Date getDoB() {
return dob;
}
return email;
}
- public void setEmail(String email) {
- this.email = email;
- }
-
- public void setFName(String fname) {
- this.name.fname = fname;
- }
-
- public void setLName(String lname) {
- this.name.lname = lname;
- }
-
- public void insert(String password) {
- int id = super.insert();
- GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `language`=?, id=?");
- query.setString(1, email);
- query.setString(2, PasswordHash.hash(password));
- query.setString(3, name.fname);
- query.setString(4, name.mname);
- query.setString(5, name.lname);
- query.setString(6, name.suffix);
- query.setDate(7, new java.sql.Date(dob.getTime()));
- query.setString(8, locale.toString());
- query.setInt(9, id);
- query.execute();
- }
-
public void changePassword(String oldPass, String newPass) throws GigiApiException {
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM `users` WHERE `id`=?");
ps.setInt(1, getId());
try (GigiResultSet rs = ps.executeQuery()) {
if ( !rs.next()) {
throw new GigiApiException("Old password does not match.");
}
}
+ setPassword(newPass);
+ }
- PasswordStrengthChecker.assertStrongPassword(newPass, this);
+ private void setPassword(String newPass) throws GigiApiException {
+ GigiPreparedStatement ps;
+ PasswordStrengthChecker.assertStrongPassword(newPass, getName(), getEmail());
ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
ps.setString(1, PasswordHash.hash(newPass));
ps.setInt(2, getId());
}
public boolean hasPassedCATS() {
- GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=?");
+ GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=?");
query.setInt(1, getId());
+ query.setInt(2, CATS.ASSURER_CHALLANGE_ID);
try (GigiResultSet rs = query.executeQuery()) {
if (rs.next()) {
return true;
for (EmailAddress email : getEmails()) {
if (email.getId() == delMail.getId()) {
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE emails SET deleted=? WHERE id=?");
- ps.setDate(1, new Date(System.currentTimeMillis()));
- ps.setInt(2, delMail.getId());
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `emails` SET `deleted`=CURRENT_TIMESTAMP WHERE `id`=?");
+ ps.setInt(1, delMail.getId());
ps.execute();
return;
}
public synchronized Assurance[] getReceivedAssurances() {
if (receivedAssurances == null) {
- GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `to`=? AND deleted IS NULL");
+ GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM `notary` WHERE `to`=? AND `deleted` IS NULL");
query.setInt(1, getId());
try (GigiResultSet res = query.executeQuery()) {
if (getAssurancePoints() != 0) {
throw new GigiApiException("No change after assurance allowed.");
}
-
- GigiPreparedStatement update = DatabaseConnection.getInstance().prepare("UPDATE users SET fname=?, lname=?, mname=?, suffix=?, dob=? WHERE id=?");
- update.setString(1, getFName());
- update.setString(2, getLName());
- update.setString(3, getMName());
- update.setString(4, getSuffix());
- update.setDate(5, getDoB());
- update.setInt(6, getId());
- update.executeUpdate();
+ rawUpdateUserData();
}
}
+ protected void rawUpdateUserData() {
+ GigiPreparedStatement update = DatabaseConnection.getInstance().prepare("UPDATE users SET fname=?, lname=?, mname=?, suffix=?, dob=? WHERE id=?");
+ update.setString(1, name.getFname());
+ update.setString(2, name.getLname());
+ update.setString(3, name.getMname());
+ update.setString(4, name.getSuffix());
+ update.setDate(5, getDoB());
+ update.setInt(6, getId());
+ update.executeUpdate();
+ }
+
public Locale getPreferredLocale() {
return locale;
}
public void grantGroup(User granter, Group toGrant) {
groups.add(toGrant);
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO user_groups SET user=?, permission=?, grantedby=?");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?");
ps.setInt(1, getId());
ps.setString(2, toGrant.getDatabaseName());
ps.setInt(3, granter.getId());
public void revokeGroup(User revoker, Group toRevoke) {
groups.remove(toRevoke);
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE user_groups SET deleted=CURRENT_TIMESTAMP, revokedby=? WHERE deleted is NULL AND permission=? AND user=?");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `user_groups` SET `deleted`=CURRENT_TIMESTAMP, `revokedby`=? WHERE `deleted` IS NULL AND `permission`=?::`userGroup` AND `user`=?");
ps.setInt(1, revoker.getId());
ps.setString(2, toRevoke.getDatabaseName());
ps.setInt(3, getId());
public List<Organisation> getOrganisations() {
List<Organisation> orgas = new ArrayList<>();
- GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT orgid FROM org_admin WHERE `memid`=? AND deleted is NULL");
+ GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL");
query.setInt(1, getId());
try (GigiResultSet res = query.executeQuery()) {
while (res.next()) {
}
public static User getByEmail(String mail) {
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users INNER JOIN certOwners ON certOwners.id = users.id WHERE email=? AND deleted IS NULL");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `users`.`id` FROM `users` INNER JOIN `certOwners` ON `certOwners`.`id` = `users`.`id` WHERE `email`=? AND `deleted` IS NULL");
ps.setString(1, mail);
try (GigiResultSet rs = ps.executeQuery()) {
if ( !rs.next()) {
public static User[] findByEmail(String mail) {
LinkedList<User> results = new LinkedList<User>();
- GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users INNER JOIN certOwners ON certOwners.id = users.id WHERE users.email LIKE ? AND deleted IS NULL GROUP BY users.id ASC LIMIT 100");
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `users`.`id` FROM `users` INNER JOIN `certOwners` ON `certOwners`.`id` = `users`.`id` WHERE `users`.`email` LIKE ? AND `deleted` IS NULL GROUP BY `users`.`id` LIMIT 100");
ps.setString(1, mail);
try (GigiResultSet rs = ps.executeQuery()) {
while (rs.next()) {
}
}
- public boolean canIssue(CertificateProfile p) {
- // FIXME: Use descriptive constants
- switch (p.getCAId()) {
- case 0:
- return true;
- case 1:
- return getAssurancePoints() > 50;
- case 2:
- return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning"));
- case 3:
- case 4:
- return getOrganisations().size() > 0;
- default:
- return false;
+ public EmailAddress[] getEmails() {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `id` FROM `emails` WHERE `memid`=? AND `deleted` IS NULL");
+ ps.setInt(1, getId());
+
+ try (GigiResultSet rs = ps.executeQuery()) {
+ LinkedList<EmailAddress> data = new LinkedList<EmailAddress>();
+
+ while (rs.next()) {
+ data.add(EmailAddress.getById(rs.getInt(1)));
+ }
+
+ return data.toArray(new EmailAddress[0]);
+ }
+ }
+
+ @Override
+ public boolean isValidEmail(String email) {
+ for (EmailAddress em : getEmails()) {
+ if (em.getAddress().equals(email)) {
+ return em.isVerified();
+ }
+ }
+
+ return false;
+ }
+
+ public String[] getTrainings() {
+ GigiPreparedStatement prep = DatabaseConnection.getInstance().prepare("SELECT `pass_date`, `type_text` FROM `cats_passed` LEFT JOIN `cats_type` ON `cats_type`.`id`=`cats_passed`.`variant_id` WHERE `user_id`=? ORDER BY `pass_date` ASC");
+ prep.setInt(1, getId());
+ GigiResultSet res = prep.executeQuery();
+ List<String> entries = new LinkedList<String>();
+
+ while (res.next()) {
+
+ entries.add(DateSelector.getDateFormat().format(res.getTimestamp(1)) + " (" + res.getString(2) + ")");
+ }
+
+ return entries.toArray(new String[0]);
+ }
+
+ public int generatePasswordResetTicket(User actor, String token, String privateToken) {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `passwordResetTickets` SET `memid`=?, `creator`=?, `token`=?, `private_token`=?");
+ ps.setInt(1, getId());
+ ps.setInt(2, getId());
+ ps.setString(3, token);
+ ps.setString(4, PasswordHash.hash(privateToken));
+ ps.execute();
+ return ps.lastInsertId();
+ }
+
+ public static User getResetWithToken(int id, String token) {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL");
+ ps.setInt(1, id);
+ ps.setString(2, token);
+ GigiResultSet res = ps.executeQuery();
+ if ( !res.next()) {
+ return null;
+ }
+ return User.getById(res.getInt(1));
+ }
+
+ public synchronized void consumePasswordResetTicket(int id, String private_token, String newPassword) throws GigiApiException {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `private_token` FROM `passwordResetTickets` WHERE `id`=? AND `memid`=? AND `used` IS NULL");
+ ps.setInt(1, id);
+ ps.setInt(2, getId());
+ try (GigiResultSet rs = ps.executeQuery()) {
+ if ( !rs.next()) {
+ throw new GigiApiException("Token not found... very bad.");
+ }
+ ps = DatabaseConnection.getInstance().prepare("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `id`=?");
+ ps.setInt(1, id);
+ ps.executeUpdate();
+ if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) {
+ throw new GigiApiException("Private token does not match.");
+ }
+ setPassword(newPassword);
}
}