import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
public class User {
id = DatabaseConnection.lastInsertId(query);
}
+ public void changePassword(String oldPass, String newPass) throws GigiApiException {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+ ps.setInt(1, id);
+ ResultSet rs = ps.executeQuery();
+ if (!rs.next()) {
+ throw new GigiApiException("User not found... very bad.");
+ }
+ if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+ throw new GigiApiException("Old password does not match.");
+ }
+ rs.close();
+ PasswordStrengthChecker.assertStrongPassword(newPass, this);
+ ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+ ps.setString(1, PasswordHash.hash(newPass));
+ ps.setInt(2, id);
+ if (ps.executeUpdate() != 1) {
+ throw new GigiApiException("Password update failed.");
+ }
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
public boolean canAssure() throws SQLException {
if (getAssurancePoints() < 100) {
return false;
public EmailAddress[] getEmails() {
try {
- PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM email WHERE memid=?");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT id FROM email WHERE memid=? AND deleted=0");
ps.setInt(1, id);
ResultSet rs = ps.executeQuery();
rs.last();
return null;
}
- public void updateDefaultEmail(EmailAddress newMail) {
+ public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
try {
EmailAddress[] adrs = getEmails();
for (int i = 0; i < adrs.length; i++) {
if (adrs[i].getAddress().equals(newMail.getAddress())) {
+ if (!adrs[i].isVerified()) {
+ throw new GigiApiException("Email not verified.");
+ }
PreparedStatement ps = DatabaseConnection.getInstance().prepare(
"UPDATE users SET email=? WHERE id=?");
ps.setString(1, newMail.getAddress());
return;
}
}
- throw new IllegalArgumentException("Given address not an address of the user.");
+ throw new GigiApiException("Given address not an address of the user.");
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
+ public void deleteEmail(EmailAddress mail) throws GigiApiException {
+ if (getEmail().equals(mail.getAddress())) {
+ throw new GigiApiException("Can't delete user's default e-mail.");
+ }
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE email SET deleted=? WHERE id=?");
+ ps.setDate(1, new Date(System.currentTimeMillis()));
+ ps.setInt(2, mail.getId());
+ ps.execute();
} catch (SQLException e) {
e.printStackTrace();
+ throw new GigiApiException(e);
}
}
}