package org.cacert.gigi;
+import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Date;
import java.util.Calendar;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.PasswordStrengthChecker;
public class User {
id = DatabaseConnection.lastInsertId(query);
}
+ public void changePassword(String oldPass, String newPass) throws GigiApiException {
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+ ps.setInt(1, id);
+ ResultSet rs = ps.executeQuery();
+ if (!rs.next()) {
+ throw new GigiApiException("User not found... very bad.");
+ }
+ if (!PasswordHash.verifyHash(oldPass, rs.getString(1))) {
+ throw new GigiApiException("Old password does not match.");
+ }
+ rs.close();
+ PasswordStrengthChecker.assertStrongPassword(newPass, this);
+ ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
+ ps.setString(1, PasswordHash.hash(newPass));
+ ps.setInt(2, id);
+ if (ps.executeUpdate() != 1) {
+ throw new GigiApiException("Password update failed.");
+ }
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
public boolean canAssure() throws SQLException {
if (getAssurancePoints() < 100) {
return false;
public EmailAddress[] getEmails() {
try {
- PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM email WHERE memid=?");
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT id FROM email WHERE memid=? AND deleted=0");
ps.setInt(1, id);
ResultSet rs = ps.executeQuery();
rs.last();
return null;
}
+
+ public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
+ try {
+ EmailAddress[] adrs = getEmails();
+ for (int i = 0; i < adrs.length; i++) {
+ if (adrs[i].getAddress().equals(newMail.getAddress())) {
+ if (!adrs[i].isVerified()) {
+ throw new GigiApiException("Email not verified.");
+ }
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "UPDATE users SET email=? WHERE id=?");
+ ps.setString(1, newMail.getAddress());
+ ps.setInt(2, getId());
+ ps.execute();
+ email = newMail.getAddress();
+ return;
+ }
+ }
+ throw new GigiApiException("Given address not an address of the user.");
+ } catch (SQLException e) {
+ throw new GigiApiException(e);
+ }
+ }
+
+ public void deleteEmail(EmailAddress mail) throws GigiApiException {
+ if (getEmail().equals(mail.getAddress())) {
+ throw new GigiApiException("Can't delete user's default e-mail.");
+ }
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE email SET deleted=? WHERE id=?");
+ ps.setDate(1, new Date(System.currentTimeMillis()));
+ ps.setInt(2, mail.getId());
+ ps.execute();
+ } catch (SQLException e) {
+ e.printStackTrace();
+ throw new GigiApiException(e);
+ }
+ }
}