X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=c453465b505c36c460626c3ff149b83202225463;hp=6de799aeacb4e7a5461e1482b112ebf3bff59643;hb=2c4fc7cce080ad0186c3bfd11cbc840a71645b81;hpb=3e123160ad59a2e1162518923965562ff947b6d1 diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index 6de799ae..c453465b 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -1,9 +1,12 @@ package org.cacert.gigi.dbObjects; import java.sql.Date; +import java.util.ArrayList; import java.util.Calendar; import java.util.Collections; import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; import java.util.Locale; import java.util.Set; @@ -16,9 +19,7 @@ import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PasswordHash; import org.cacert.gigi.util.PasswordStrengthChecker; -public class User implements IdCachable { - - private int id; +public class User extends CertificateOwner { private Name name = new Name(null, null, null, null); @@ -32,29 +33,23 @@ public class User implements IdCachable { private Set groups = new HashSet<>(); - private User(int id) { - this.id = id; - updateName(id); + protected User(GigiResultSet rs) { + super(rs.getInt("id")); + updateName(rs); } - private void updateName(int id) { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `fname`, `lname`,`mname`, `suffix`, `dob`, `email`, `language` FROM `users` WHERE id=?"); - ps.setInt(1, id); - GigiResultSet rs = ps.executeQuery(); - if (rs.next()) { - name = new Name(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4)); - dob = rs.getDate(5); - email = rs.getString(6); - String localeStr = rs.getString(7); - if (localeStr == null || localeStr.equals("")) { - locale = Locale.getDefault(); - } else { - locale = Language.getLocaleFromString(localeStr); - } + private void updateName(GigiResultSet rs) { + name = new Name(rs.getString("fname"), rs.getString("lname"), rs.getString("mname"), rs.getString("suffix")); + dob = rs.getDate("dob"); + email = rs.getString("email"); + String localeStr = rs.getString("language"); + if (localeStr == null || localeStr.equals("")) { + locale = Locale.getDefault(); + } else { + locale = Language.getLocaleFromString(localeStr); } - rs.close(); GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT permission FROM user_groups WHERE user=? AND deleted is NULL"); - psg.setInt(1, id); + psg.setInt(1, rs.getInt("id")); GigiResultSet rs2 = psg.executeQuery(); while (rs2.next()) { groups.add(Group.getByString(rs2.getString(1))); @@ -64,10 +59,6 @@ public class User implements IdCachable { public User() {} - public int getId() { - return id; - } - public String getFname() { return name.fname; } @@ -112,10 +103,6 @@ public class User implements IdCachable { this.email = email; } - public void setId(int id) { - this.id = id; - } - public void setFname(String fname) { this.name.fname = fname; } @@ -125,10 +112,8 @@ public class User implements IdCachable { } public void insert(String password) { - if (id != 0) { - throw new Error("refusing to insert"); - } - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `created`=NOW(), locked=0, `language`=?"); + int id = super.insert(); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `language`=?, id=?"); query.setString(1, email); query.setString(2, PasswordHash.hash(password)); query.setString(3, name.fname); @@ -137,33 +122,34 @@ public class User implements IdCachable { query.setString(6, name.suffix); query.setDate(7, new java.sql.Date(dob.getTime())); query.setString(8, locale.toString()); - synchronized (User.class) { - query.execute(); - id = query.lastInsertId(); - myCache.put(this); - } + query.setInt(9, id); + query.execute(); } public void changePassword(String oldPass, String newPass) throws GigiApiException { GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?"); - ps.setInt(1, id); + ps.setInt(1, getId()); GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { throw new GigiApiException("User not found... very bad."); } - if ( !PasswordHash.verifyHash(oldPass, rs.getString(1))) { + if (PasswordHash.verifyHash(oldPass, rs.getString(1)) == null) { throw new GigiApiException("Old password does not match."); } rs.close(); PasswordStrengthChecker.assertStrongPassword(newPass, this); ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?"); ps.setString(1, PasswordHash.hash(newPass)); - ps.setInt(2, id); + ps.setInt(2, getId()); if (ps.executeUpdate() != 1) { throw new GigiApiException("Password update failed."); } } + public void setName(Name name) { + this.name = name; + } + public boolean canAssure() { if ( !isOfAge(14)) { // PoJAM return false; @@ -178,7 +164,7 @@ public class User implements IdCachable { public boolean hasPassedCATS() { GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=?"); - query.setInt(1, id); + query.setInt(1, getId()); GigiResultSet rs = query.executeQuery(); if (rs.next()) { return true; @@ -188,8 +174,8 @@ public class User implements IdCachable { } public int getAssurancePoints() { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT sum(points) FROM `notary` where `to`=? AND `deleted`=0"); - query.setInt(1, id); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT sum(points) FROM `notary` where `to`=? AND `deleted` is NULL"); + query.setInt(1, getId()); GigiResultSet rs = query.executeQuery(); int points = 0; if (rs.next()) { @@ -200,8 +186,8 @@ public class User implements IdCachable { } public int getExperiencePoints() { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT count(*) FROM `notary` where `from`=? AND `deleted`=0"); - query.setInt(1, id); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT count(*) FROM `notary` where `from`=? AND `deleted` is NULL"); + query.setInt(1, getId()); GigiResultSet rs = query.executeQuery(); int points = 0; if (rs.next()) { @@ -268,82 +254,6 @@ public class User implements IdCachable { return System.currentTimeMillis() >= c.getTime().getTime(); } - public EmailAddress[] getEmails() { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM emails WHERE memid=? AND deleted=0"); - ps.setInt(1, id); - GigiResultSet rs = ps.executeQuery(); - rs.last(); - int count = rs.getRow(); - EmailAddress[] data = new EmailAddress[count]; - rs.beforeFirst(); - for (int i = 0; i < data.length; i++) { - if ( !rs.next()) { - throw new Error("Internal sql api violation."); - } - data[i] = EmailAddress.getById(rs.getInt(1)); - } - rs.close(); - return data; - - } - - public Domain[] getDomains() { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM domains WHERE memid=? AND deleted IS NULL"); - ps.setInt(1, id); - GigiResultSet rs = ps.executeQuery(); - rs.last(); - int count = rs.getRow(); - Domain[] data = new Domain[count]; - rs.beforeFirst(); - for (int i = 0; i < data.length; i++) { - if ( !rs.next()) { - throw new Error("Internal sql api violation."); - } - data[i] = Domain.getById(rs.getInt(1)); - } - rs.close(); - return data; - - } - - public Certificate[] getCertificates() { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT serial FROM certs WHERE memid=? AND revoked=0"); - ps.setInt(1, id); - GigiResultSet rs = ps.executeQuery(); - rs.last(); - int count = rs.getRow(); - Certificate[] data = new Certificate[count]; - rs.beforeFirst(); - for (int i = 0; i < data.length; i++) { - if ( !rs.next()) { - throw new Error("Internal sql api violation."); - } - data[i] = Certificate.getBySerial(rs.getString(1)); - } - rs.close(); - return data; - - } - - public boolean isValidDomain(String domainname) { - for (Domain d : getDomains()) { - String sfx = d.getSuffix(); - if (domainname.equals(sfx) || domainname.endsWith("." + sfx)) { - return true; - } - } - return false; - } - - public boolean isValidEmail(String email) { - for (EmailAddress em : getEmails()) { - if (em.getAddress().equals(email)) { - return true; - } - } - return false; - } - public boolean isValidName(String name) { return getName().matches(name); } @@ -385,7 +295,7 @@ public class User implements IdCachable { public Assurance[] getReceivedAssurances() { if (receivedAssurances == null) { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `to`=? AND deleted=0"); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `to`=? AND deleted IS NULL"); query.setInt(1, getId()); GigiResultSet res = query.executeQuery(); res.last(); @@ -403,7 +313,7 @@ public class User implements IdCachable { public Assurance[] getMadeAssurances() { if (madeAssurances == null) { - GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `from`=? AND deleted=0"); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `from`=? AND deleted is NULL"); query.setInt(1, getId()); GigiResultSet res = query.executeQuery(); res.last(); @@ -490,7 +400,7 @@ public class User implements IdCachable { return Collections.unmodifiableSet(groups); } - public void grantGroup(User granter, Group toGrant) throws GigiApiException { + public void grantGroup(User granter, Group toGrant) { groups.add(toGrant); GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO user_groups SET user=?, permission=?, grantedby=?"); ps.setInt(1, getId()); @@ -499,7 +409,7 @@ public class User implements IdCachable { ps.execute(); } - public void revokeGroup(User revoker, Group toRevoke) throws GigiApiException { + public void revokeGroup(User revoker, Group toRevoke) { groups.remove(toRevoke); GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE user_groups SET deleted=CURRENT_TIMESTAMP, revokedby=? WHERE deleted is NULL AND permission=? AND user=?"); ps.setInt(1, revoker.getId()); @@ -508,13 +418,61 @@ public class User implements IdCachable { ps.execute(); } - private static ObjectCache myCache = new ObjectCache<>(); + public List getOrganisations() { + List orgas = new ArrayList<>(); + GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT orgid FROM org_admin WHERE `memid`=? AND deleted is NULL"); + query.setInt(1, getId()); + GigiResultSet res = query.executeQuery(); + + while (res.next()) { + orgas.add(Organisation.getById(res.getInt(1))); + } + return orgas; + } public static synchronized User getById(int id) { - User u = myCache.get(id); - if (u == null) { - myCache.put(u = new User(id)); + CertificateOwner co = CertificateOwner.getById(id); + if (co instanceof User) { + return (User) co; } - return u; + return null; } + + public static User getByEmail(String mail) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE email=? AND deleted is null"); + ps.setString(1, mail); + GigiResultSet rs = ps.executeQuery(); + if ( !rs.next()) { + return null; + } + return User.getById(rs.getInt(1)); + } + + public static User[] findByEmail(String mail) { + LinkedList results = new LinkedList(); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE users.email LIKE ? AND deleted is null GROUP BY users.id ASC LIMIT 100"); + ps.setString(1, mail); + GigiResultSet rs = ps.executeQuery(); + while (rs.next()) { + results.add(User.getById(rs.getInt(1))); + } + return results.toArray(new User[results.size()]); + } + + public boolean canIssue(CertificateProfile p) { + switch (p.getCAId()) { + case 0: + return true; + case 1: + return getAssurancePoints() > 50; + case 2: + return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning")); + case 3: + case 4: + return false; // has an orga + default: + return false; + } + } + }