Implement and test change password form.

[gigi.git] / src / org / cacert / gigi / User.java

diff --git a/src/org/cacert/gigi/User.java b/src/org/cacert/gigi/User.java
index 95630394ad862470675662f5e9c1cbf21947e4d1..10a10fd34283e8e03e3940af4bd3db17a736cc76 100644 (file)
--- a/src/org/cacert/gigi/User.java
+++ b/src/org/cacert/gigi/User.java
@@ -8,6 +8,7 @@ import java.util.Calendar;
 
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
 
 public class User {
 
@@ -114,7 +115,30 @@ public class User {
                query.setDate(7, new java.sql.Date(dob.getTime()));
                query.execute();
                id = DatabaseConnection.lastInsertId(query);
-               System.out.println("Inserted: " + id);
+       }
+
+       public void changePassword(String oldPass, String newPass) throws GigiApiException {
+               try {
+                       PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+                       ps.setInt(1, id);
+                       ResultSet rs = ps.executeQuery();
+                       if (!rs.next()) {
+                               throw new GigiApiException("User not found... very bad.");
+                       }
+                       if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+                               throw new GigiApiException("Old password does not match.");
+                       }
+                       rs.close();
+                       PasswordStrengthChecker.assertStrongPassword(newPass, this);
+                       ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+                       ps.setString(1, PasswordHash.hash(newPass));
+                       ps.setInt(2, id);
+                       if (ps.executeUpdate() != 1) {
+                               throw new GigiApiException("Password update failed.");
+                       }
+               } catch (SQLException e) {
+                       throw new GigiApiException(e);
+               }
        }
 
        public boolean canAssure() throws SQLException {
@@ -215,4 +239,32 @@ public class User {
                }
                return points;
        }
+
+       public static User getById(int id) {
+               return new User(id);
+       }
+
+       public EmailAddress[] getEmails() {
+               try {
+                       PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM email WHERE memid=?");
+                       ps.setInt(1, id);
+                       ResultSet rs = ps.executeQuery();
+                       rs.last();
+                       int count = rs.getRow();
+                       EmailAddress[] data = new EmailAddress[count];
+                       rs.beforeFirst();
+                       for (int i = 0; i < data.length; i++) {
+                               if (!rs.next()) {
+                                       throw new Error("Internal sql api violation.");
+                               }
+                               data[i] = EmailAddress.getById(rs.getInt(1));
+                       }
+                       rs.close();
+                       return data;
+               } catch (SQLException e) {
+                       e.printStackTrace();
+               }
+
+               return null;
+       }
 }