X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=e6afc79666c60f1cf07540b893f08d309a3a4b3a;hb=015c8d2f7b87950f21d6078299f5d0ab3ea1c5ea;hp=f12002334566923764067289aa1f9cb39c281d12;hpb=47c7ef9db6c7a688853f338495ba61e3d827b2d2;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index f1200233..e6afc796 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -98,10 +98,6 @@ public class User extends CertificateOwner { return email; } - public void setEmail(String email) { - this.email = email; - } - public void changePassword(String oldPass, String newPass) throws GigiApiException { GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM `users` WHERE `id`=?"); ps.setInt(1, getId()); @@ -113,7 +109,11 @@ public class User extends CertificateOwner { throw new GigiApiException("Old password does not match."); } } + setPassword(newPass); + } + private void setPassword(String newPass) throws GigiApiException { + GigiPreparedStatement ps; PasswordStrengthChecker.assertStrongPassword(newPass, getName(), getEmail()); ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?"); ps.setString(1, PasswordHash.hash(newPass)); @@ -138,8 +138,9 @@ public class User extends CertificateOwner { } public boolean hasPassedCATS() { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=1"); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=?"); query.setInt(1, getId()); + query.setInt(2, CATS.ASSURER_CHALLANGE_ID); try (GigiResultSet rs = query.executeQuery()) { if (rs.next()) { return true; @@ -311,8 +312,7 @@ public class User extends CertificateOwner { public void updateUserData() throws GigiApiException { synchronized (Notary.class) { - // FIXME: No assurance, not no points. - if (getAssurancePoints() != 0) { + if (getReceivedAssurances().length != 0) { throw new GigiApiException("No change after assurance allowed."); } rawUpdateUserData(); @@ -469,30 +469,57 @@ public class User extends CertificateOwner { return false; } - public String[] getAdminLog() { - GigiPreparedStatement prep = DatabaseConnection.getInstance().prepare("SELECT `when`, type, information FROM `adminLog` WHERE uid=? ORDER BY `when` ASC"); + public String[] getTrainings() { + GigiPreparedStatement prep = DatabaseConnection.getInstance().prepare("SELECT `pass_date`, `type_text` FROM `cats_passed` LEFT JOIN `cats_type` ON `cats_type`.`id`=`cats_passed`.`variant_id` WHERE `user_id`=? ORDER BY `pass_date` ASC"); prep.setInt(1, getId()); GigiResultSet res = prep.executeQuery(); List entries = new LinkedList(); while (res.next()) { - entries.add(res.getString(2) + " (" + res.getString(3) + ")"); + + entries.add(DateSelector.getDateFormat().format(res.getTimestamp(1)) + " (" + res.getString(2) + ")"); } return entries.toArray(new String[0]); } - public String[] getTrainings() { - GigiPreparedStatement prep = DatabaseConnection.getInstance().prepare("SELECT `pass_date`, `type_text` FROM `cats_passed` LEFT JOIN `cats_type` ON `cats_type`.`id`=`cats_passed`.`variant_id` WHERE `user_id`=? ORDER BY `pass_date` ASC"); - prep.setInt(1, getId()); - GigiResultSet res = prep.executeQuery(); - List entries = new LinkedList(); - - while (res.next()) { + public int generatePasswordResetTicket(User actor, String token, String privateToken) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `passwordResetTickets` SET `memid`=?, `creator`=?, `token`=?, `private_token`=?"); + ps.setInt(1, getId()); + ps.setInt(2, getId()); + ps.setString(3, token); + ps.setString(4, PasswordHash.hash(privateToken)); + ps.execute(); + return ps.lastInsertId(); + } - entries.add(DateSelector.getDateFormat().format(res.getTimestamp(1)) + " (" + res.getString(2) + ")"); + public static User getResetWithToken(int id, String token) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL"); + ps.setInt(1, id); + ps.setString(2, token); + GigiResultSet res = ps.executeQuery(); + if ( !res.next()) { + return null; } + return User.getById(res.getInt(1)); + } - return entries.toArray(new String[0]); + public synchronized void consumePasswordResetTicket(int id, String private_token, String newPassword) throws GigiApiException { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `private_token` FROM `passwordResetTickets` WHERE `id`=? AND `memid`=? AND `used` IS NULL"); + ps.setInt(1, id); + ps.setInt(2, getId()); + try (GigiResultSet rs = ps.executeQuery()) { + if ( !rs.next()) { + throw new GigiApiException("Token not found... very bad."); + } + if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) { + throw new GigiApiException("Private token does not match."); + } + setPassword(newPassword); + ps = DatabaseConnection.getInstance().prepare("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `id`=?"); + ps.setInt(1, id); + ps.executeUpdate(); + } } + }