X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=eeb79dfdbaa4d3bb03abafe68122c8f44923443c;hp=37d18aaf20634fd2662c78ebdfae23dbec625d67;hb=673e3f834a719f3b1bfceedfd801a21ca7842cf2;hpb=f09fbb946ab28d1b445c99224b3f24d0d24c1ca8

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index 37d18aaf..eeb79dfd 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -27,11 +27,13 @@ public class User extends CertificateOwner {
 
     private String email;
 
-    private Assurance[] receivedAssurances, madeAssurances;
+    private Assurance[] receivedAssurances;
+
+    private Assurance[] madeAssurances;
 
     private Locale locale;
 
-    private Set<Group> groups = new HashSet<>();
+    private final Set<Group> groups = new HashSet<>();
 
     protected User(GigiResultSet rs) {
         super(rs.getInt("id"));
@@ -42,56 +44,52 @@ public class User extends CertificateOwner {
         name = new Name(rs.getString("fname"), rs.getString("lname"), rs.getString("mname"), rs.getString("suffix"));
         dob = rs.getDate("dob");
         email = rs.getString("email");
+
         String localeStr = rs.getString("language");
         if (localeStr == null || localeStr.equals("")) {
             locale = Locale.getDefault();
         } else {
             locale = Language.getLocaleFromString(localeStr);
         }
-        GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT permission FROM user_groups WHERE user=? AND deleted is NULL");
-        psg.setInt(1, rs.getInt("id"));
-        GigiResultSet rs2 = psg.executeQuery();
-        while (rs2.next()) {
-            groups.add(Group.getByString(rs2.getString(1)));
-        }
-        rs2.close();
-    }
-
-    public User() {}
 
-    public String getFname() {
-        return name.fname;
-    }
+        GigiPreparedStatement psg = DatabaseConnection.getInstance().prepare("SELECT `permission` FROM `user_groups` WHERE `user`=? AND `deleted` is NULL");
+        psg.setInt(1, rs.getInt("id"));
 
-    public String getLname() {
-        return name.lname;
+        try (GigiResultSet rs2 = psg.executeQuery()) {
+            while (rs2.next()) {
+                groups.add(Group.getByString(rs2.getString(1)));
+            }
+        }
     }
 
-    public String getMname() {
-        return name.mname;
+    public User(String email, String password, Name name, Date dob, Locale locale) throws GigiApiException {
+        this.email = email;
+        this.dob = dob;
+        this.name = name;
+        this.locale = locale;
+        GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("INSERT INTO `users` SET `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `language`=?, id=?");
+        query.setString(1, email);
+        query.setString(2, PasswordHash.hash(password));
+        query.setString(3, name.getFname());
+        query.setString(4, name.getMname());
+        query.setString(5, name.getLname());
+        query.setString(6, name.getSuffix());
+        query.setDate(7, dob);
+        query.setString(8, locale.toString());
+        query.setInt(9, getId());
+        query.execute();
+        new EmailAddress(this, email, locale);
     }
 
     public Name getName() {
         return name;
     }
 
-    public void setMname(String mname) {
-        this.name.mname = mname;
-    }
-
-    public String getSuffix() {
-        return name.suffix;
-    }
-
-    public void setSuffix(String suffix) {
-        this.name.suffix = suffix;
-    }
-
-    public Date getDob() {
+    public Date getDoB() {
         return dob;
     }
 
-    public void setDob(Date dob) {
+    public void setDoB(Date dob) {
         this.dob = dob;
     }
 
@@ -103,41 +101,19 @@ public class User extends CertificateOwner {
         this.email = email;
     }
 
-    public void setFname(String fname) {
-        this.name.fname = fname;
-    }
-
-    public void setLname(String lname) {
-        this.name.lname = lname;
-    }
-
-    public void insert(String password) {
-        int id = super.insert();
-        GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("insert into `users` set `email`=?, `password`=?, " + "`fname`=?, `mname`=?, `lname`=?, " + "`suffix`=?, `dob`=?, `language`=?, id=?");
-        query.setString(1, email);
-        query.setString(2, PasswordHash.hash(password));
-        query.setString(3, name.fname);
-        query.setString(4, name.mname);
-        query.setString(5, name.lname);
-        query.setString(6, name.suffix);
-        query.setDate(7, new java.sql.Date(dob.getTime()));
-        query.setString(8, locale.toString());
-        query.setInt(9, id);
-        query.execute();
-    }
-
     public void changePassword(String oldPass, String newPass) throws GigiApiException {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM users WHERE id=?");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password` FROM `users` WHERE `id`=?");
         ps.setInt(1, getId());
-        GigiResultSet rs = ps.executeQuery();
-        if ( !rs.next()) {
-            throw new GigiApiException("User not found... very bad.");
-        }
-        if (PasswordHash.verifyHash(oldPass, rs.getString(1)) == null) {
-            throw new GigiApiException("Old password does not match.");
+        try (GigiResultSet rs = ps.executeQuery()) {
+            if ( !rs.next()) {
+                throw new GigiApiException("User not found... very bad.");
+            }
+            if (PasswordHash.verifyHash(oldPass, rs.getString(1)) == null) {
+                throw new GigiApiException("Old password does not match.");
+            }
         }
-        rs.close();
-        PasswordStrengthChecker.assertStrongPassword(newPass, this);
+
+        PasswordStrengthChecker.assertStrongPassword(newPass, getName(), getEmail());
         ps = DatabaseConnection.getInstance().prepare("UPDATE users SET `password`=? WHERE id=?");
         ps.setString(1, PasswordHash.hash(newPass));
         ps.setInt(2, getId());
@@ -163,36 +139,43 @@ public class User extends CertificateOwner {
     public boolean hasPassedCATS() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `cats_passed` where `user_id`=?");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        if (rs.next()) {
-            return true;
-        } else {
-            return false;
+        try (GigiResultSet rs = query.executeQuery()) {
+            if (rs.next()) {
+                return true;
+            } else {
+                return false;
+            }
         }
     }
 
     public int getAssurancePoints() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT sum(points) FROM `notary` where `to`=? AND `deleted` is NULL");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        int points = 0;
-        if (rs.next()) {
-            points = rs.getInt(1);
+
+        try (GigiResultSet rs = query.executeQuery()) {
+            int points = 0;
+
+            if (rs.next()) {
+                points = rs.getInt(1);
+            }
+
+            return points;
         }
-        rs.close();
-        return points;
     }
 
     public int getExperiencePoints() {
         GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT count(*) FROM `notary` where `from`=? AND `deleted` is NULL");
         query.setInt(1, getId());
-        GigiResultSet rs = query.executeQuery();
-        int points = 0;
-        if (rs.next()) {
-            points = rs.getInt(1) * 2;
+
+        try (GigiResultSet rs = query.executeQuery()) {
+            int points = 0;
+
+            if (rs.next()) {
+                points = rs.getInt(1) * 2;
+            }
+
+            return points;
         }
-        rs.close();
-        return points;
     }
 
     /**
@@ -224,6 +207,7 @@ public class User extends CertificateOwner {
         if (exp >= 50) {
             points += 5;
         }
+
         return points;
     }
 
@@ -243,33 +227,34 @@ public class User extends CertificateOwner {
     }
 
     public void updateDefaultEmail(EmailAddress newMail) throws GigiApiException {
-        EmailAddress[] adrs = getEmails();
-        for (int i = 0; i < adrs.length; i++) {
-            if (adrs[i].getAddress().equals(newMail.getAddress())) {
-                if ( !adrs[i].isVerified()) {
+        for (EmailAddress email : getEmails()) {
+            if (email.getAddress().equals(newMail.getAddress())) {
+                if ( !email.isVerified()) {
                     throw new GigiApiException("Email not verified.");
                 }
+
                 GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE users SET email=? WHERE id=?");
                 ps.setString(1, newMail.getAddress());
                 ps.setInt(2, getId());
                 ps.execute();
-                email = newMail.getAddress();
+
+                this.email = newMail.getAddress();
                 return;
             }
         }
+
         throw new GigiApiException("Given address not an address of the user.");
     }
 
-    public void deleteEmail(EmailAddress mail) throws GigiApiException {
-        if (getEmail().equals(mail.getAddress())) {
+    public void deleteEmail(EmailAddress delMail) throws GigiApiException {
+        if (getEmail().equals(delMail.getAddress())) {
             throw new GigiApiException("Can't delete user's default e-mail.");
         }
-        EmailAddress[] emails = getEmails();
-        for (int i = 0; i < emails.length; i++) {
-            if (emails[i].getId() == mail.getId()) {
-                GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE emails SET deleted=? WHERE id=?");
-                ps.setDate(1, new Date(System.currentTimeMillis()));
-                ps.setInt(2, mail.getId());
+
+        for (EmailAddress email : getEmails()) {
+            if (email.getId() == delMail.getId()) {
+                GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `emails` SET `deleted`=CURRENT_TIMESTAMP WHERE `id`=?");
+                ps.setInt(1, delMail.getId());
                 ps.execute();
                 return;
             }
@@ -277,66 +262,73 @@ public class User extends CertificateOwner {
         throw new GigiApiException("Email not one of user's email addresses.");
     }
 
-    public Assurance[] getReceivedAssurances() {
+    public synchronized Assurance[] getReceivedAssurances() {
         if (receivedAssurances == null) {
-            GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `to`=? AND deleted IS NULL");
+            GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM `notary` WHERE `to`=? AND `deleted` IS NULL");
             query.setInt(1, getId());
-            GigiResultSet res = query.executeQuery();
-            res.last();
-            Assurance[] assurances = new Assurance[res.getRow()];
-            res.beforeFirst();
-            for (int i = 0; i < assurances.length; i++) {
-                res.next();
-                assurances[i] = new Assurance(res);
+
+            try (GigiResultSet res = query.executeQuery()) {
+                List<Assurance> assurances = new LinkedList<Assurance>();
+
+                while (res.next()) {
+                    assurances.add(new Assurance(res));
+                }
+
+                this.receivedAssurances = assurances.toArray(new Assurance[0]);
             }
-            this.receivedAssurances = assurances;
-            return assurances;
         }
+
         return receivedAssurances;
     }
 
-    public Assurance[] getMadeAssurances() {
+    public synchronized Assurance[] getMadeAssurances() {
         if (madeAssurances == null) {
             GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT * FROM notary WHERE `from`=? AND deleted is NULL");
             query.setInt(1, getId());
-            GigiResultSet res = query.executeQuery();
-            res.last();
-            Assurance[] assurances = new Assurance[res.getRow()];
-            res.beforeFirst();
-            for (int i = 0; i < assurances.length; i++) {
-                res.next();
-                assurances[i] = new Assurance(res);
+
+            try (GigiResultSet res = query.executeQuery()) {
+                List<Assurance> assurances = new LinkedList<Assurance>();
+
+                while (res.next()) {
+                    assurances.add(new Assurance(res));
+                }
+
+                this.madeAssurances = assurances.toArray(new Assurance[0]);
             }
-            this.madeAssurances = assurances;
-            return assurances;
         }
+
         return madeAssurances;
     }
 
-    public void invalidateMadeAssurances() {
+    public synchronized void invalidateMadeAssurances() {
         madeAssurances = null;
     }
 
-    public void invalidateReceivedAssurances() {
+    public synchronized void invalidateReceivedAssurances() {
         receivedAssurances = null;
     }
 
     public void updateUserData() throws GigiApiException {
         synchronized (Notary.class) {
+            // FIXME: No assurance, not no points.
             if (getAssurancePoints() != 0) {
                 throw new GigiApiException("No change after assurance allowed.");
             }
-            GigiPreparedStatement update = DatabaseConnection.getInstance().prepare("UPDATE users SET fname=?, lname=?, mname=?, suffix=?, dob=? WHERE id=?");
-            update.setString(1, getFname());
-            update.setString(2, getLname());
-            update.setString(3, getMname());
-            update.setString(4, getSuffix());
-            update.setDate(5, getDob());
-            update.setInt(6, getId());
-            update.executeUpdate();
+            rawUpdateUserData();
         }
     }
 
+    protected void rawUpdateUserData() {
+        GigiPreparedStatement update = DatabaseConnection.getInstance().prepare("UPDATE users SET fname=?, lname=?, mname=?, suffix=?, dob=? WHERE id=?");
+        update.setString(1, name.getFname());
+        update.setString(2, name.getLname());
+        update.setString(3, name.getMname());
+        update.setString(4, name.getSuffix());
+        update.setDate(5, getDoB());
+        update.setInt(6, getId());
+        update.executeUpdate();
+    }
+
     public Locale getPreferredLocale() {
         return locale;
     }
@@ -349,17 +341,19 @@ public class User extends CertificateOwner {
     public boolean wantsDirectoryListing() {
         GigiPreparedStatement get = DatabaseConnection.getInstance().prepare("SELECT listme FROM users WHERE id=?");
         get.setInt(1, getId());
-        GigiResultSet exec = get.executeQuery();
-        exec.next();
-        return exec.getBoolean("listme");
+        try (GigiResultSet exec = get.executeQuery()) {
+            return exec.next() && exec.getBoolean("listme");
+        }
     }
 
     public String getContactInformation() {
         GigiPreparedStatement get = DatabaseConnection.getInstance().prepare("SELECT contactinfo FROM users WHERE id=?");
         get.setInt(1, getId());
-        GigiResultSet exec = get.executeQuery();
-        exec.next();
-        return exec.getString("contactinfo");
+
+        try (GigiResultSet exec = get.executeQuery()) {
+            exec.next();
+            return exec.getString("contactinfo");
+        }
     }
 
     public void setDirectoryListing(boolean on) {
@@ -386,7 +380,7 @@ public class User extends CertificateOwner {
 
     public void grantGroup(User granter, Group toGrant) {
         groups.add(toGrant);
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO user_groups SET user=?, permission=?, grantedby=?");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?");
         ps.setInt(1, getId());
         ps.setString(2, toGrant.getDatabaseName());
         ps.setInt(3, granter.getId());
@@ -395,7 +389,7 @@ public class User extends CertificateOwner {
 
     public void revokeGroup(User revoker, Group toRevoke) {
         groups.remove(toRevoke);
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE user_groups SET deleted=CURRENT_TIMESTAMP, revokedby=? WHERE deleted is NULL AND permission=? AND user=?");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `user_groups` SET `deleted`=CURRENT_TIMESTAMP, `revokedby`=? WHERE `deleted` IS NULL AND `permission`=?::`userGroup` AND `user`=?");
         ps.setInt(1, revoker.getId());
         ps.setString(2, toRevoke.getDatabaseName());
         ps.setInt(3, getId());
@@ -404,14 +398,15 @@ public class User extends CertificateOwner {
 
     public List<Organisation> getOrganisations() {
         List<Organisation> orgas = new ArrayList<>();
-        GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT orgid FROM org_admin WHERE `memid`=? AND deleted is NULL");
+        GigiPreparedStatement query = DatabaseConnection.getInstance().prepare("SELECT `orgid` FROM `org_admin` WHERE `memid`=? AND `deleted` IS NULL");
         query.setInt(1, getId());
-        GigiResultSet res = query.executeQuery();
+        try (GigiResultSet res = query.executeQuery()) {
+            while (res.next()) {
+                orgas.add(Organisation.getById(res.getInt(1)));
+            }
 
-        while (res.next()) {
-            orgas.add(Organisation.getById(res.getInt(1)));
+            return orgas;
         }
-        return orgas;
     }
 
     public static synchronized User getById(int id) {
@@ -419,44 +414,58 @@ public class User extends CertificateOwner {
         if (co instanceof User) {
             return (User) co;
         }
+
         return null;
     }
 
     public static User getByEmail(String mail) {
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE email=? AND deleted is null");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `users`.`id` FROM `users` INNER JOIN `certOwners` ON `certOwners`.`id` = `users`.`id` WHERE `email`=? AND `deleted` IS NULL");
         ps.setString(1, mail);
-        GigiResultSet rs = ps.executeQuery();
-        if ( !rs.next()) {
-            return null;
+        try (GigiResultSet rs = ps.executeQuery()) {
+            if ( !rs.next()) {
+                return null;
+            }
+
+            return User.getById(rs.getInt(1));
         }
-        return User.getById(rs.getInt(1));
     }
 
     public static User[] findByEmail(String mail) {
         LinkedList<User> results = new LinkedList<User>();
-        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT users.id FROM users inner join certOwners on certOwners.id=users.id WHERE users.email LIKE ? AND deleted is null GROUP BY users.id ASC LIMIT 100");
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `users`.`id` FROM `users` INNER JOIN `certOwners` ON `certOwners`.`id` = `users`.`id` WHERE `users`.`email` LIKE ? AND `deleted` IS NULL GROUP BY `users`.`id` LIMIT 100");
         ps.setString(1, mail);
-        GigiResultSet rs = ps.executeQuery();
-        while (rs.next()) {
-            results.add(User.getById(rs.getInt(1)));
+        try (GigiResultSet rs = ps.executeQuery()) {
+            while (rs.next()) {
+                results.add(User.getById(rs.getInt(1)));
+            }
+            return results.toArray(new User[results.size()]);
         }
-        return results.toArray(new User[results.size()]);
-    }
-
-    public boolean canIssue(CertificateProfile p) {
-        switch (p.getCAId()) {
-        case 0:
-            return true;
-        case 1:
-            return getAssurancePoints() > 50;
-        case 2:
-            return getAssurancePoints() > 50 && isInGroup(Group.getByString("codesigning"));
-        case 3:
-        case 4:
-            return getOrganisations().size() > 0;
-        default:
-            return false;
+    }
+
+    public EmailAddress[] getEmails() {
+        GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `id` FROM `emails` WHERE `memid`=? AND `deleted` IS NULL");
+        ps.setInt(1, getId());
+
+        try (GigiResultSet rs = ps.executeQuery()) {
+            LinkedList<EmailAddress> data = new LinkedList<EmailAddress>();
+
+            while (rs.next()) {
+                data.add(EmailAddress.getById(rs.getInt(1)));
+            }
+
+            return data.toArray(new EmailAddress[0]);
         }
     }
 
+    @Override
+    public boolean isValidEmail(String email) {
+        for (EmailAddress em : getEmails()) {
+            if (em.getAddress().equals(email)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
 }