]> WPIA git - gigi.git/blob - src/org/cacert/gigi/User.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
FIX: Additional check before maildeletion
[gigi.git] / src / org / cacert / gigi / User.java
1 package org.cacert.gigi;
2
3 import java.sql.Date;
4 import java.sql.PreparedStatement;
5 import java.sql.ResultSet;
6 import java.sql.SQLException;
7 import java.util.Calendar;
8
9 import org.cacert.gigi.database.DatabaseConnection;
10 import org.cacert.gigi.util.PasswordHash;
11 import org.cacert.gigi.util.PasswordStrengthChecker;
12
13 public class User {
14
15         private int id;
16         Name name = new Name(null, null, null, null);
17
18         Date dob;
19         String email;
20
21         public User(int id) {
22                 this.id = id;
23                 try {
24                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
25                                 "SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email` FROM `users` WHERE id=?");
26                         ps.setInt(1, id);
27                         ResultSet rs = ps.executeQuery();
28                         if (rs.next()) {
29                                 name = new Name(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4));
30                                 dob = rs.getDate(5);
31                                 email = rs.getString(6);
32                         }
33                         rs.close();
34                 } catch (SQLException e) {
35                         e.printStackTrace();
36                 }
37         }
38
39         public User() {
40         }
41
42         public int getId() {
43                 return id;
44         }
45
46         public String getFname() {
47                 return name.fname;
48         }
49
50         public String getLname() {
51                 return name.lname;
52         }
53
54         public String getMname() {
55                 return name.mname;
56         }
57
58         public Name getName() {
59                 return name;
60         }
61
62         public void setMname(String mname) {
63                 this.name.mname = mname;
64         }
65
66         public String getSuffix() {
67                 return name.suffix;
68         }
69
70         public void setSuffix(String suffix) {
71                 this.name.suffix = suffix;
72         }
73
74         public Date getDob() {
75                 return dob;
76         }
77
78         public void setDob(Date dob) {
79                 this.dob = dob;
80         }
81
82         public String getEmail() {
83                 return email;
84         }
85
86         public void setEmail(String email) {
87                 this.email = email;
88         }
89
90         public void setId(int id) {
91                 this.id = id;
92         }
93
94         public void setFname(String fname) {
95                 this.name.fname = fname;
96         }
97
98         public void setLname(String lname) {
99                 this.name.lname = lname;
100         }
101
102         public void insert(String password) throws SQLException {
103                 if (id != 0) {
104                         throw new Error("refusing to insert");
105                 }
106                 PreparedStatement query = DatabaseConnection.getInstance().prepare(
107                         "insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, "
108                                 + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0");
109                 query.setString(1, email);
110                 query.setString(2, PasswordHash.hash(password));
111                 query.setString(3, name.fname);
112                 query.setString(4, name.mname);
113                 query.setString(5, name.lname);
114                 query.setString(6, name.suffix);
115                 query.setDate(7, new java.sql.Date(dob.getTime()));
116                 query.execute();
117                 id = DatabaseConnection.lastInsertId(query);
118         }
119
120         public void changePassword(String oldPass, String newPass) throws GigiApiException {
121                 try {
122                         PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
123                         ps.setInt(1, id);
124                         ResultSet rs = ps.executeQuery();
125                         if (!rs.next()) {
126                                 throw new GigiApiException("User not found... very bad.");
127                         }
128                         if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
129                                 throw new GigiApiException("Old password does not match.");
130                         }
131                         rs.close();
132                         PasswordStrengthChecker.assertStrongPassword(newPass, this);
133                         ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
134                         ps.setString(1, PasswordHash.hash(newPass));
135                         ps.setInt(2, id);
136                         if (ps.executeUpdate() != 1) {
137                                 throw new GigiApiException("Password update failed.");
138                         }
139                 } catch (SQLException e) {
140                         throw new GigiApiException(e);
141                 }
142         }
143
144         public boolean canAssure() throws SQLException {
145                 if (getAssurancePoints() < 100) {
146                         return false;
147                 }
148
149                 return hasPassedCATS();
150
151         }
152
153         public boolean hasPassedCATS() throws SQLException {
154                 PreparedStatement query = DatabaseConnection.getInstance().prepare(
155                         "SELECT 1 FROM `cats_passed` where `user_id`=?");
156                 query.setInt(1, id);
157                 ResultSet rs = query.executeQuery();
158                 if (rs.next()) {
159                         return true;
160                 } else {
161                         return false;
162                 }
163         }
164
165         public int getAssurancePoints() throws SQLException {
166                 PreparedStatement query = DatabaseConnection.getInstance().prepare(
167                         "SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0");
168                 query.setInt(1, id);
169                 ResultSet rs = query.executeQuery();
170                 int points = 0;
171                 if (rs.next()) {
172                         points = rs.getInt(1);
173                 }
174                 rs.close();
175                 return points;
176         }
177
178         public int getExperiencePoints() throws SQLException {
179                 PreparedStatement query = DatabaseConnection.getInstance().prepare(
180                         "SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0");
181                 query.setInt(1, id);
182                 ResultSet rs = query.executeQuery();
183                 int points = 0;
184                 if (rs.next()) {
185                         points = rs.getInt(1) * 2;
186                 }
187                 rs.close();
188                 return points;
189         }
190
191         @Override
192         public boolean equals(Object obj) {
193                 if (!(obj instanceof User)) {
194                         return false;
195                 }
196                 User s = (User) obj;
197                 return name.equals(s.name) && email.equals(s.email) && dob.toString().equals(s.dob.toString()); // This
198                                                                                                                                                                                                                 // is
199                                                                                                                                                                                                                 // due
200                                                                                                                                                                                                                 // to
201                                                                                                                                                                                                                 // day
202                                                                                                                                                                                                                 // cutoff
203         }
204
205         /**
206          * Gets the maximum allowed points NOW. Note that an assurance needs to
207          * re-check PoJam as it has taken place in the past.
208          * 
209          * @return the maximal points
210          * @throws SQLException
211          */
212         public int getMaxAssurePoints() throws SQLException {
213                 int exp = getExperiencePoints();
214                 int points = 10;
215                 Calendar c = Calendar.getInstance();
216                 c.setTime(dob);
217                 int year = c.get(Calendar.YEAR);
218                 int month = c.get(Calendar.MONTH);
219                 int day = c.get(Calendar.DAY_OF_MONTH);
220                 c.set(year + 18, month, day);
221                 if (System.currentTimeMillis() < c.getTime().getTime()) {
222                         return points; // not 18 Years old.
223                 }
224
225                 if (exp >= 10) {
226                         points += 5;
227                 }
228                 if (exp >= 20) {
229                         points += 5;
230                 }
231                 if (exp >= 30) {
232                         points += 5;
233                 }
234                 if (exp >= 40) {
235                         points += 5;
236                 }
237                 if (exp >= 50) {
238                         points += 5;
239                 }
240                 return points;
241         }
242
243         public static User getById(int id) {
244                 return new User(id);
245         }
246
247         public EmailAddress[] getEmails() {
248                 try {
249                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
250                                 "SELECT id FROM email WHERE memid=? AND deleted=0");
251                         ps.setInt(1, id);
252                         ResultSet rs = ps.executeQuery();
253                         rs.last();
254                         int count = rs.getRow();
255                         EmailAddress[] data = new EmailAddress[count];
256                         rs.beforeFirst();
257                         for (int i = 0; i < data.length; i++) {
258                                 if (!rs.next()) {
259                                         throw new Error("Internal sql api violation.");
260                                 }
261                                 data[i] = EmailAddress.getById(rs.getInt(1));
262                         }
263                         rs.close();
264                         return data;
265                 } catch (SQLException e) {
266                         e.printStackTrace();
267                 }
268
269                 return null;
270         }
271
272         public Domain[] getDomains() {
273                 try {
274                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
275                                 "SELECT id FROM domain WHERE memid=? AND deleted IS NULL");
276                         ps.setInt(1, id);
277                         ResultSet rs = ps.executeQuery();
278                         rs.last();
279                         int count = rs.getRow();
280                         Domain[] data = new Domain[count];
281                         rs.beforeFirst();
282                         for (int i = 0; i < data.length; i++) {
283                                 if (!rs.next()) {
284                                         throw new Error("Internal sql api violation.");
285                                 }
286                                 data[i] = Domain.getById(rs.getInt(1));
287                         }
288                         rs.close();
289                         return data;
290                 } catch (SQLException e) {
291                         e.printStackTrace();
292                 }
293
294                 return null;
295         }
296
297         public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
298                 try {
299                         EmailAddress[] adrs = getEmails();
300                         for (int i = 0; i < adrs.length; i++) {
301                                 if (adrs[i].getAddress().equals(newMail.getAddress())) {
302                                         if (!adrs[i].isVerified()) {
303                                                 throw new GigiApiException("Email not verified.");
304                                         }
305                                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
306                                                 "UPDATE users SET email=? WHERE id=?");
307                                         ps.setString(1, newMail.getAddress());
308                                         ps.setInt(2, getId());
309                                         ps.execute();
310                                         email = newMail.getAddress();
311                                         return;
312                                 }
313                         }
314                         throw new GigiApiException("Given address not an address of the user.");
315                 } catch (SQLException e) {
316                         throw new GigiApiException(e);
317                 }
318         }
319
320         public void deleteEmail(EmailAddress mail) throws GigiApiException {
321                 if (getEmail().equals(mail.getAddress())) {
322                         throw new GigiApiException("Can't delete user's default e-mail.");
323                 }
324                 EmailAddress[] emails = getEmails();
325                 for (int i = 0; i < emails.length; i++) {
326                         if (emails[i].getId() == mail.getId()) {
327                                 try {
328                                         PreparedStatement ps = DatabaseConnection.getInstance().prepare(
329                                                 "UPDATE email SET deleted=? WHERE id=?");
330                                         ps.setDate(1, new Date(System.currentTimeMillis()));
331                                         ps.setInt(2, mail.getId());
332                                         ps.execute();
333                                 } catch (SQLException e) {
334                                         e.printStackTrace();
335                                         throw new GigiApiException(e);
336                                 }
337                                 return;
338                         }
339                 }
340                 throw new GigiApiException("Email not one user's mail addresses.");
341         }
342 }
WPIA Certificate Web Issuance Platform