import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
public class User {
id = DatabaseConnection.lastInsertId(query);
}
+ public void changePassword(String oldPass, String newPass) throws GigiApiException {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+ ps.setInt(1, id);
+ ResultSet rs = ps.executeQuery();
+ if (!rs.next()) {
+ throw new GigiApiException("User not found... very bad.");
+ }
+ if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+ throw new GigiApiException("Old password does not match.");
+ }
+ rs.close();
+ PasswordStrengthChecker.assertStrongPassword(newPass, this);
+ ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+ ps.setString(1, PasswordHash.hash(newPass));
+ ps.setInt(2, id);
+ if (ps.executeUpdate() != 1) {
+ throw new GigiApiException("Password update failed.");
+ }
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
public boolean canAssure() throws SQLException {
if (getAssurancePoints() < 100) {
return false;
return null;
}
- public void updateDefaultEmail(EmailAddress newMail) {
+ public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
try {
EmailAddress[] adrs = getEmails();
for (int i = 0; i < adrs.length; i++) {
if (adrs[i].getAddress().equals(newMail.getAddress())) {
+ if (!adrs[i].isVerified()) {
+ throw new GigiApiException("Email not verified.");
+ }
PreparedStatement ps = DatabaseConnection.getInstance().prepare(
"UPDATE users SET email=? WHERE id=?");
ps.setString(1, newMail.getAddress());
return;
}
}
- throw new IllegalArgumentException("Given address not an address of the user.");
+ throw new GigiApiException("Given address not an address of the user.");
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
+ public void deleteEmail(EmailAddress mail) {
+ if (getEmail().equals(mail.getAddress())) {
+ throw new IllegalArgumentException("Can't delete user's default e-mail.");
+ }
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("DELETE FROM email WHERE id=?");
+ ps.setInt(1, mail.getId());
+ ps.execute();
} catch (SQLException e) {
e.printStackTrace();
}