fix: SQL change database call pattern

[gigi.git] / src / org / cacert / gigi / dbObjects / EmailAddress.java

diff --git a/src/org/cacert/gigi/dbObjects/EmailAddress.java b/src/org/cacert/gigi/dbObjects/EmailAddress.java
index f91881800e919acda4a0978f2d7e1c9a5d935aac..cf007312a8067310b33e00c1b6a9ce84efdc6eb7 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/EmailAddress.java
+++ b/src/org/cacert/gigi/dbObjects/EmailAddress.java
@@ -1,9 +1,9 @@
 package org.cacert.gigi.dbObjects;
 
 import java.io.IOException;
+import java.util.Locale;
 
 import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.email.EmailProvider;
@@ -11,7 +11,7 @@ import org.cacert.gigi.email.MailProbe;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.util.RandomToken;
 
-public class EmailAddress implements IdCachable {
+public class EmailAddress implements IdCachable, Verifyable {
 
     private String address;
 
@@ -22,41 +22,48 @@ public class EmailAddress implements IdCachable {
     private String hash = null;
 
     private EmailAddress(int id) {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, email, hash FROM `emails` WHERE id=? AND deleted=0");
-        ps.setInt(1, id);
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid`, `email`, `hash` FROM `emails` WHERE `id`=? AND `deleted` IS NULL")) {
+            ps.setInt(1, id);
 
-        GigiResultSet rs = ps.executeQuery();
-        if ( !rs.next()) {
-            throw new IllegalArgumentException("Invalid email id " + id);
+            GigiResultSet rs = ps.executeQuery();
+            if ( !rs.next()) {
+                throw new IllegalArgumentException("Invalid email id " + id);
+            }
+            this.id = id;
+            owner = User.getById(rs.getInt(1));
+            address = rs.getString(2);
+            hash = rs.getString(3);
         }
-        this.id = id;
-        owner = User.getById(rs.getInt(1));
-        address = rs.getString(2);
-        hash = rs.getString(3);
-        rs.close();
     }
 
-    public EmailAddress(User owner, String address) {
+    public EmailAddress(User owner, String address, Locale mailLocale) throws GigiApiException {
         if ( !EmailProvider.MAIL.matcher(address).matches()) {
             throw new IllegalArgumentException("Invalid email.");
         }
         this.address = address;
         this.owner = owner;
         this.hash = RandomToken.generateToken(16);
+        insert(Language.getInstance(mailLocale));
     }
 
-    public void insert(Language l) {
-        if (id != 0) {
-            throw new IllegalStateException("already inserted.");
-        }
+    private void insert(Language l) throws GigiApiException {
         try {
-            GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `emails` SET memid=?, hash=?, email=?");
-            ps.setInt(1, owner.getId());
-            ps.setString(2, hash);
-            ps.setString(3, address);
             synchronized (EmailAddress.class) {
-                ps.execute();
-                id = ps.lastInsertId();
+                if (id != 0) {
+                    throw new IllegalStateException("already inserted.");
+                }
+                try (GigiPreparedStatement psCheck = new GigiPreparedStatement("SELECT 1 FROM `emails` WHERE email=? AND deleted is NULL"); GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `emails` SET memid=?, hash=?, email=?")) {
+                    ps.setInt(1, owner.getId());
+                    ps.setString(2, hash);
+                    ps.setString(3, address);
+                    psCheck.setString(1, address);
+                    GigiResultSet res = psCheck.executeQuery();
+                    if (res.next()) {
+                        throw new GigiApiException("The email is currently valid");
+                    }
+                    ps.execute();
+                    id = ps.lastInsertId();
+                }
                 myCache.put(this);
             }
             MailProbe.sendMailProbe(l, "email", id, hash, address);
@@ -75,16 +82,18 @@ public class EmailAddress implements IdCachable {
 
     public synchronized void verify(String hash) throws GigiApiException {
         if (this.hash.equals(hash)) {
-            GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `emails` SET hash='' WHERE id=?");
-            ps.setInt(1, id);
-            ps.execute();
+            try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `emails` SET hash='' WHERE id=?")) {
+                ps.setInt(1, id);
+                ps.execute();
+            }
             hash = "";
 
             // Verify user with that primary email
-            GigiPreparedStatement ps2 = DatabaseConnection.getInstance().prepare("update `users` set `verified`='1' where `id`=? and `email`=? and `verified`='0'");
-            ps2.setInt(1, owner.getId());
-            ps2.setString(2, address);
-            ps2.execute();
+            try (GigiPreparedStatement ps2 = new GigiPreparedStatement("update `users` set `verified`='1' where `id`=? and `email`=? and `verified`='0'")) {
+                ps2.setInt(1, owner.getId());
+                ps2.setString(2, address);
+                ps2.execute();
+            }
             this.hash = "";
 
         } else {