001// -------------------------------------------------------------------------------- 002// Copyright 2002-2025 Echo Three, LLC 003// 004// Licensed under the Apache License, Version 2.0 (the "License"); 005// you may not use this file except in compliance with the License. 006// You may obtain a copy of the License at 007// 008// http://www.apache.org/licenses/LICENSE-2.0 009// 010// Unless required by applicable law or agreed to in writing, software 011// distributed under the License is distributed on an "AS IS" BASIS, 012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013// See the License for the specific language governing permissions and 014// limitations under the License. 015// -------------------------------------------------------------------------------- 016 017package com.echothree.control.user.authentication.server.command; 018 019import com.echothree.control.user.authentication.common.form.EmployeeLoginForm; 020import com.echothree.model.control.employee.common.workflow.EmployeeStatusConstants; 021import com.echothree.model.control.party.common.PartyRelationshipTypes; 022import com.echothree.model.control.party.common.PartyTypes; 023import com.echothree.model.control.party.common.RoleTypes; 024import com.echothree.model.control.party.server.control.PartyControl; 025import com.echothree.model.control.party.server.logic.LockoutPolicyLogic; 026import com.echothree.model.control.party.server.logic.PartyLogic; 027import com.echothree.model.control.user.server.logic.UserLoginLogic; 028import com.echothree.model.control.workflow.server.logic.WorkflowStepLogic; 029import com.echothree.model.data.user.common.pk.UserVisitPK; 030import com.echothree.util.common.command.BaseResult; 031import com.echothree.util.common.message.ExecutionErrors; 032import com.echothree.util.common.validation.FieldDefinition; 033import com.echothree.util.common.validation.FieldType; 034import com.echothree.util.server.persistence.Session; 035import java.util.Arrays; 036import java.util.Collections; 037import java.util.List; 038import javax.enterprise.context.RequestScoped; 039 040@RequestScoped 041public class EmployeeLoginCommand 042 extends BaseLoginCommand<EmployeeLoginForm> { 043 044 // No COMMAND_SECURITY_DEFINITION, anyone may execute this command. 045 private final static List<FieldDefinition> FORM_FIELD_DEFINITIONS; 046 047 static { 048 FORM_FIELD_DEFINITIONS = Collections.unmodifiableList(Arrays.asList( 049 new FieldDefinition("Username", FieldType.STRING, true, 1L, 80L), 050 new FieldDefinition("Password", FieldType.STRING, true, 1L, 40L), 051 new FieldDefinition("RemoteInet4Address", FieldType.INET_4_ADDRESS, false, null, null), 052 new FieldDefinition("CompanyName", FieldType.ENTITY_NAME, true, null, null) 053 )); 054 } 055 056 /** Creates a new instance of EmployeeLoginCommand */ 057 public EmployeeLoginCommand() { 058 super(null, FORM_FIELD_DEFINITIONS); 059 } 060 061 @Override 062 protected BaseResult execute() { 063 var userLogin = UserLoginLogic.getInstance().getUserLoginByUsername(this, form.getUsername()); 064 065 if(!hasExecutionErrors()) { 066 var party = userLogin.getParty(); 067 var partyDetail = party.getLastDetail(); 068 069 PartyLogic.getInstance().checkPartyType(this, party, PartyTypes.EMPLOYEE.name()); 070 071 if(!hasExecutionErrors()) { 072 var userControl = getUserControl(); 073 var userLoginStatus = userControl.getUserLoginStatusForUpdate(party); 074 075 if(!WorkflowStepLogic.getInstance().isEntityInWorkflowSteps(this, EmployeeStatusConstants.Workflow_EMPLOYEE_STATUS, party, 076 EmployeeStatusConstants.WorkflowStep_ACTIVE).isEmpty()) { 077 LockoutPolicyLogic.getInstance().checkUserLogin(session, this, party, userLoginStatus); 078 079 if(!hasExecutionErrors()) { 080 var partyControl = Session.getModelController(PartyControl.class); 081 082 if(checkPasswords(userLoginStatus, form.getPassword(), party, true)) { 083 var partyCompanyName = form.getCompanyName(); 084 var partyCompany = partyControl.getPartyCompanyByName(partyCompanyName); 085 086 if(partyCompany != null) { 087 var partyCompanyParty = partyCompany.getParty(); 088 var partyRelationshipType = partyControl.getPartyRelationshipTypeByName(PartyRelationshipTypes.EMPLOYMENT.name()); 089 var fromRoleType = partyControl.getRoleTypeByName(RoleTypes.EMPLOYER.name()); 090 var toRoleType = partyControl.getRoleTypeByName(RoleTypes.EMPLOYEE.name()); 091 var partyRelationship = partyControl.getPartyRelationship(partyRelationshipType, partyCompanyParty, 092 fromRoleType, party, toRoleType); 093 094 if(partyRelationship != null) { 095 var strRemoteInet4Address = form.getRemoteInet4Address(); 096 var remoteInet4Address = strRemoteInet4Address == null ? null : Integer.valueOf(form.getRemoteInet4Address()); 097 098 successfulLogin(userLoginStatus, party, partyRelationship, remoteInet4Address); 099 } else { 100 addExecutionError(ExecutionErrors.UnknownPartyRelationship.name(), PartyRelationshipTypes.EMPLOYMENT.name(), 101 partyCompanyParty.getLastDetail().getPartyName(), RoleTypes.EMPLOYER.name(), partyDetail.getPartyName(), 102 RoleTypes.EMPLOYEE.name()); 103 } 104 } else { 105 addExecutionError(ExecutionErrors.UnknownPartyCompanyName.name(), partyCompanyName); 106 } 107 } 108 } 109 } else { 110 addExecutionError(ExecutionErrors.EmployeeNotActive.name(), partyDetail.getPartyName()); 111 } 112 113 if(hasExecutionErrors()) { 114 unsuccessfulLogin(userLoginStatus); 115 } 116 } 117 } 118 119 return null; 120 } 121 122}