X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FUser.java;h=010df4a9773cd48ee705d79d4a50c0f6491c16f8;hb=11cd210415b857684a9ec7edf057bf7bfe41af8f;hp=055ac8384fe376e65771e5aaff1a8d52459beec4;hpb=41277f3156ec60c230d670b7f0b18b5646019522;p=gigi.git diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java index 055ac838..010df4a9 100644 --- a/src/org/cacert/gigi/User.java +++ b/src/org/cacert/gigi/User.java @@ -1,20 +1,20 @@ package org.cacert.gigi; +import java.sql.Date; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; -import java.util.Date; +import java.util.Calendar; import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.util.PasswordHash; +import org.cacert.gigi.util.PasswordStrengthChecker; public class User { private int id; - String fname; - String mname; - String lname; - String suffix; + Name name = new Name(null, null, null, null); + Date dob; String email; @@ -22,81 +22,321 @@ public class User { this.id = id; try { PreparedStatement ps = DatabaseConnection.getInstance().prepare( - "SELECT `fname`, `lname`, `dob` FROM `users` WHERE id=?"); + "SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email` FROM `users` WHERE id=?"); ps.setInt(1, id); ResultSet rs = ps.executeQuery(); if (rs.next()) { - fname = rs.getString(1); - lname = rs.getString(2); - dob = rs.getDate(3); + name = new Name(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4)); + dob = rs.getDate(5); + email = rs.getString(6); } rs.close(); } catch (SQLException e) { e.printStackTrace(); } } + public User() { } + public int getId() { return id; } + public String getFname() { - return fname; + return name.fname; } + public String getLname() { - return lname; + return name.lname; } + public String getMname() { - return mname; + return name.mname; } + + public Name getName() { + return name; + } + public void setMname(String mname) { - this.mname = mname; + this.name.mname = mname; } + public String getSuffix() { - return suffix; + return name.suffix; } + public void setSuffix(String suffix) { - this.suffix = suffix; + this.name.suffix = suffix; } + public Date getDob() { return dob; } + public void setDob(Date dob) { this.dob = dob; } + public String getEmail() { return email; } + public void setEmail(String email) { this.email = email; } + public void setId(int id) { this.id = id; } + public void setFname(String fname) { - this.fname = fname; + this.name.fname = fname; } + public void setLname(String lname) { - this.lname = lname; + this.name.lname = lname; } + public void insert(String password) throws SQLException { if (id != 0) { throw new Error("refusing to insert"); } PreparedStatement query = DatabaseConnection.getInstance().prepare( - "insert into `users` set `email`=?, `password`=?, " - + "`fname`=?, `mname`=?, `lname`=?, " - + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0"); + "insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0"); query.setString(1, email); query.setString(2, PasswordHash.hash(password)); - query.setString(3, fname); - query.setString(4, mname); - query.setString(5, lname); - query.setString(6, suffix); + query.setString(3, name.fname); + query.setString(4, name.mname); + query.setString(5, name.lname); + query.setString(6, name.suffix); query.setDate(7, new java.sql.Date(dob.getTime())); query.execute(); id = DatabaseConnection.lastInsertId(query); - System.out.println("Inserted: " + id); } + public void changePassword(String oldPass, String newPass) throws GigiApiException { + try { + PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?"); + ps.setInt(1, id); + ResultSet rs = ps.executeQuery(); + if (!rs.next()) { + throw new GigiApiException("User not found... very bad."); + } + if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) { + throw new GigiApiException("Old password does not match."); + } + rs.close(); + PasswordStrengthChecker.assertStrongPassword(newPass, this); + ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?"); + ps.setString(1, PasswordHash.hash(newPass)); + ps.setInt(2, id); + if (ps.executeUpdate() != 1) { + throw new GigiApiException("Password update failed."); + } + } catch (SQLException e) { + throw new GigiApiException(e); + } + } + + public boolean canAssure() throws SQLException { + if (getAssurancePoints() < 100) { + return false; + } + + return hasPassedCATS(); + + } + + public boolean hasPassedCATS() throws SQLException { + PreparedStatement query = DatabaseConnection.getInstance().prepare( + "SELECT 1 FROM `cats_passed` where `user_id`=?"); + query.setInt(1, id); + ResultSet rs = query.executeQuery(); + if (rs.next()) { + return true; + } else { + return false; + } + } + + public int getAssurancePoints() throws SQLException { + PreparedStatement query = DatabaseConnection.getInstance().prepare( + "SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0"); + query.setInt(1, id); + ResultSet rs = query.executeQuery(); + int points = 0; + if (rs.next()) { + points = rs.getInt(1); + } + rs.close(); + return points; + } + + public int getExperiencePoints() throws SQLException { + PreparedStatement query = DatabaseConnection.getInstance().prepare( + "SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0"); + query.setInt(1, id); + ResultSet rs = query.executeQuery(); + int points = 0; + if (rs.next()) { + points = rs.getInt(1) * 2; + } + rs.close(); + return points; + } + + @Override + public boolean equals(Object obj) { + if (!(obj instanceof User)) { + return false; + } + User s = (User) obj; + return name.equals(s.name) && email.equals(s.email) && dob.toString().equals(s.dob.toString()); // This + // is + // due + // to + // day + // cutoff + } + + /** + * Gets the maximum allowed points NOW. Note that an assurance needs to + * re-check PoJam as it has taken place in the past. + * + * @return the maximal points + * @throws SQLException + */ + public int getMaxAssurePoints() throws SQLException { + int exp = getExperiencePoints(); + int points = 10; + Calendar c = Calendar.getInstance(); + c.setTime(dob); + int year = c.get(Calendar.YEAR); + int month = c.get(Calendar.MONTH); + int day = c.get(Calendar.DAY_OF_MONTH); + c.set(year + 18, month, day); + if (System.currentTimeMillis() < c.getTime().getTime()) { + return points; // not 18 Years old. + } + + if (exp >= 10) { + points += 5; + } + if (exp >= 20) { + points += 5; + } + if (exp >= 30) { + points += 5; + } + if (exp >= 40) { + points += 5; + } + if (exp >= 50) { + points += 5; + } + return points; + } + + public static User getById(int id) { + return new User(id); + } + + public EmailAddress[] getEmails() { + try { + PreparedStatement ps = DatabaseConnection.getInstance().prepare( + "SELECT id FROM email WHERE memid=? AND deleted=0"); + ps.setInt(1, id); + ResultSet rs = ps.executeQuery(); + rs.last(); + int count = rs.getRow(); + EmailAddress[] data = new EmailAddress[count]; + rs.beforeFirst(); + for (int i = 0; i < data.length; i++) { + if (!rs.next()) { + throw new Error("Internal sql api violation."); + } + data[i] = EmailAddress.getById(rs.getInt(1)); + } + rs.close(); + return data; + } catch (SQLException e) { + e.printStackTrace(); + } + + return null; + } + + public Domain[] getDomains() { + try { + PreparedStatement ps = DatabaseConnection.getInstance().prepare( + "SELECT id FROM domain WHERE memid=? AND deleted IS NULL"); + ps.setInt(1, id); + ResultSet rs = ps.executeQuery(); + rs.last(); + int count = rs.getRow(); + Domain[] data = new Domain[count]; + rs.beforeFirst(); + for (int i = 0; i < data.length; i++) { + if (!rs.next()) { + throw new Error("Internal sql api violation."); + } + data[i] = Domain.getById(rs.getInt(1)); + } + rs.close(); + return data; + } catch (SQLException e) { + e.printStackTrace(); + } + + return null; + } + + public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException { + try { + EmailAddress[] adrs = getEmails(); + for (int i = 0; i < adrs.length; i++) { + if (adrs[i].getAddress().equals(newMail.getAddress())) { + if (!adrs[i].isVerified()) { + throw new GigiApiException("Email not verified."); + } + PreparedStatement ps = DatabaseConnection.getInstance().prepare( + "UPDATE users SET email=? WHERE id=?"); + ps.setString(1, newMail.getAddress()); + ps.setInt(2, getId()); + ps.execute(); + email = newMail.getAddress(); + return; + } + } + throw new GigiApiException("Given address not an address of the user."); + } catch (SQLException e) { + throw new GigiApiException(e); + } + } + + public void deleteEmail(EmailAddress mail) throws GigiApiException { + if (getEmail().equals(mail.getAddress())) { + throw new GigiApiException("Can't delete user's default e-mail."); + } + EmailAddress[] emails = getEmails(); + for (int i = 0; i < emails.length; i++) { + if (emails[i].getId() == mail.getId()) { + try { + PreparedStatement ps = DatabaseConnection.getInstance().prepare( + "UPDATE email SET deleted=? WHERE id=?"); + ps.setDate(1, new Date(System.currentTimeMillis())); + ps.setInt(2, mail.getId()); + ps.execute(); + } catch (SQLException e) { + e.printStackTrace(); + throw new GigiApiException(e); + } + return; + } + } + throw new GigiApiException("Email not one user's mail addresses."); + } }