import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.util.Notary;
import org.cacert.gigi.util.PasswordHash;
import org.cacert.gigi.util.PasswordStrengthChecker;
return email;
}
- public void setEmail(String email) {
- this.email = email;
- }
-
public void changePassword(String oldPass, String newPass) throws GigiApiException {
GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM `users` WHERE `id`=?");
ps.setInt(1, getId());
throw new GigiApiException("Old password does not match.");
}
}
+ setPassword(newPass);
+ }
+ private void setPassword(String newPass) throws GigiApiException {
+ GigiPreparedStatement ps;
PasswordStrengthChecker.assertStrongPassword(newPass, getName(), getEmail());
ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
ps.setString(1, PasswordHash.hash(newPass));
}
public boolean hasPassedCATS() {
- GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=?");
+ GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=?");
query.setInt(1, getId());
+ query.setInt(2, CATS.ASSURER_CHALLANGE_ID);
try (GigiResultSet rs = query.executeQuery()) {
if (rs.next()) {
return true;
public void updateUserData() throws GigiApiException {
synchronized (Notary.class) {
- // FIXME: No assurance, not no points.
- if (getAssurancePoints() != 0) {
+ if (getReceivedAssurances().length != 0) {
throw new GigiApiException("No change after assurance allowed.");
}
rawUpdateUserData();
public boolean isValidEmail(String email) {
for (EmailAddress em : getEmails()) {
if (em.getAddress().equals(email)) {
- return true;
+ return em.isVerified();
}
}
return false;
}
+ public String[] getTrainings() {
+ GigiPreparedStatement prep = DatabaseConnection.getInstance().prepare("SELECT `pass_date`, `type_text` FROM `cats_passed` LEFT JOIN `cats_type` ON `cats_type`.`id`=`cats_passed`.`variant_id` WHERE `user_id`=? ORDER BY `pass_date` ASC");
+ prep.setInt(1, getId());
+ GigiResultSet res = prep.executeQuery();
+ List<String> entries = new LinkedList<String>();
+
+ while (res.next()) {
+
+ entries.add(DateSelector.getDateFormat().format(res.getTimestamp(1)) + " (" + res.getString(2) + ")");
+ }
+
+ return entries.toArray(new String[0]);
+ }
+
+ public int generatePasswordResetTicket(User actor, String token, String privateToken) {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `passwordResetTickets` SET `memid`=?, `creator`=?, `token`=?, `private_token`=?");
+ ps.setInt(1, getId());
+ ps.setInt(2, getId());
+ ps.setString(3, token);
+ ps.setString(4, PasswordHash.hash(privateToken));
+ ps.execute();
+ return ps.lastInsertId();
+ }
+
+ public static User getResetWithToken(int id, String token) {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL");
+ ps.setInt(1, id);
+ ps.setString(2, token);
+ GigiResultSet res = ps.executeQuery();
+ if ( !res.next()) {
+ return null;
+ }
+ return User.getById(res.getInt(1));
+ }
+
+ public synchronized void consumePasswordResetTicket(int id, String private_token, String newPassword) throws GigiApiException {
+ GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `private_token` FROM `passwordResetTickets` WHERE `id`=? AND `memid`=? AND `used` IS NULL");
+ ps.setInt(1, id);
+ ps.setInt(2, getId());
+ try (GigiResultSet rs = ps.executeQuery()) {
+ if ( !rs.next()) {
+ throw new GigiApiException("Token not found... very bad.");
+ }
+ if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) {
+ throw new GigiApiException("Private token does not match.");
+ }
+ setPassword(newPassword);
+ ps = DatabaseConnection.getInstance().prepare("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `id`=?");
+ ps.setInt(1, id);
+ ps.executeUpdate();
+ }
+ }
+
}