X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=e6afc79666c60f1cf07540b893f08d309a3a4b3a;hb=015c8d2f7b87950f21d6078299f5d0ab3ea1c5ea;hp=f67e81928a6dfc92b1bef81f71b8dc6ad8d65fe1;hpb=e9625bad15becfac8c9e0a616986c85f32b31dd9;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index f67e8192..e6afc796 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -109,7 +109,11 @@ public class User extends CertificateOwner { throw new GigiApiException("Old password does not match."); } } + setPassword(newPass); + } + private void setPassword(String newPass) throws GigiApiException { + GigiPreparedStatement ps; PasswordStrengthChecker.assertStrongPassword(newPass, getName(), getEmail()); ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?"); ps.setString(1, PasswordHash.hash(newPass)); @@ -134,8 +138,9 @@ public class User extends CertificateOwner { } public boolean hasPassedCATS() { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=1"); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=?"); query.setInt(1, getId()); + query.setInt(2, CATS.ASSURER_CHALLANGE_ID); try (GigiResultSet rs = query.executeQuery()) { if (rs.next()) { return true; @@ -307,8 +312,7 @@ public class User extends CertificateOwner { public void updateUserData() throws GigiApiException { synchronized (Notary.class) { - // FIXME: No assurance, not no points. - if (getAssurancePoints() != 0) { + if (getReceivedAssurances().length != 0) { throw new GigiApiException("No change after assurance allowed."); } rawUpdateUserData(); @@ -478,4 +482,44 @@ public class User extends CertificateOwner { return entries.toArray(new String[0]); } + + public int generatePasswordResetTicket(User actor, String token, String privateToken) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `passwordResetTickets` SET `memid`=?, `creator`=?, `token`=?, `private_token`=?"); + ps.setInt(1, getId()); + ps.setInt(2, getId()); + ps.setString(3, token); + ps.setString(4, PasswordHash.hash(privateToken)); + ps.execute(); + return ps.lastInsertId(); + } + + public static User getResetWithToken(int id, String token) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL"); + ps.setInt(1, id); + ps.setString(2, token); + GigiResultSet res = ps.executeQuery(); + if ( !res.next()) { + return null; + } + return User.getById(res.getInt(1)); + } + + public synchronized void consumePasswordResetTicket(int id, String private_token, String newPassword) throws GigiApiException { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `private_token` FROM `passwordResetTickets` WHERE `id`=? AND `memid`=? AND `used` IS NULL"); + ps.setInt(1, id); + ps.setInt(2, getId()); + try (GigiResultSet rs = ps.executeQuery()) { + if ( !rs.next()) { + throw new GigiApiException("Token not found... very bad."); + } + if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) { + throw new GigiApiException("Private token does not match."); + } + setPassword(newPassword); + ps = DatabaseConnection.getInstance().prepare("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `id`=?"); + ps.setInt(1, id); + ps.executeUpdate(); + } + } + }