001// -------------------------------------------------------------------------------- 002// Copyright 2002-2024 Echo Three, LLC 003// 004// Licensed under the Apache License, Version 2.0 (the "License"); 005// you may not use this file except in compliance with the License. 006// You may obtain a copy of the License at 007// 008// http://www.apache.org/licenses/LICENSE-2.0 009// 010// Unless required by applicable law or agreed to in writing, software 011// distributed under the License is distributed on an "AS IS" BASIS, 012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013// See the License for the specific language governing permissions and 014// limitations under the License. 015// -------------------------------------------------------------------------------- 016 017package com.echothree.control.user.authentication.server.command; 018 019import com.echothree.control.user.authentication.common.form.RecoverPasswordForm; 020import com.echothree.control.user.party.common.result.GetPartyResult; 021import com.echothree.control.user.party.common.result.PartyResultFactory; 022import com.echothree.model.control.party.server.logic.PartyChainLogic; 023import com.echothree.model.control.party.server.logic.PartyLogic; 024import com.echothree.model.control.user.common.UserConstants; 025import com.echothree.model.control.user.server.control.UserControl; 026import com.echothree.model.control.user.server.logic.UserLoginLogic; 027import com.echothree.model.data.party.common.pk.PartyPK; 028import com.echothree.model.data.party.server.entity.Party; 029import com.echothree.model.data.user.common.pk.UserVisitPK; 030import com.echothree.model.data.user.server.entity.RecoveryAnswer; 031import com.echothree.model.data.user.server.entity.UserLogin; 032import com.echothree.model.data.user.server.entity.UserLoginPassword; 033import com.echothree.model.data.user.server.entity.UserLoginPasswordType; 034import com.echothree.util.common.message.ExecutionErrors; 035import com.echothree.util.common.validation.FieldDefinition; 036import com.echothree.util.common.validation.FieldType; 037import com.echothree.util.common.command.BaseResult; 038import com.echothree.util.server.control.BaseSimpleCommand; 039import com.echothree.util.server.persistence.Session; 040import com.echothree.util.server.string.PasswordGeneratorUtils; 041import java.util.Arrays; 042import java.util.Collections; 043import java.util.List; 044 045public class RecoverPasswordCommand 046 extends BaseSimpleCommand<RecoverPasswordForm> { 047 048 private final static List<FieldDefinition> FORM_FIELD_DEFINITIONS; 049 050 static { 051 FORM_FIELD_DEFINITIONS = Collections.unmodifiableList(Arrays.asList( 052 new FieldDefinition("PartyName", FieldType.ENTITY_NAME, false, null, null), 053 new FieldDefinition("Username", FieldType.STRING, false, 1L, 80L), 054 new FieldDefinition("Answer", FieldType.STRING, false, 1L, 40L) 055 )); 056 } 057 058 /** Creates a new instance of RecoverPasswordCommand */ 059 public RecoverPasswordCommand(UserVisitPK userVisitPK, RecoverPasswordForm form) { 060 super(userVisitPK, form, null, FORM_FIELD_DEFINITIONS, true); 061 } 062 063 @Override 064 protected BaseResult execute() { 065 GetPartyResult result = PartyResultFactory.getGetPartyResult(); 066 String partyName = form.getPartyName(); 067 String username = form.getUsername(); 068 var parameterCount = (partyName == null ? 0 : 1) + (username == null ? 0 : 1); 069 070 if(parameterCount == 1) { 071 Party party = null; 072 073 if(partyName != null) { 074 party = PartyLogic.getInstance().getPartyByName(this, partyName); 075 } 076 077 if(username != null) { 078 UserLogin userLogin = UserLoginLogic.getInstance().getUserLoginByUsername(this, username); 079 080 if(!hasExecutionErrors()) { 081 party = userLogin.getParty(); 082 } 083 } 084 085 if(!hasExecutionErrors()) { 086 var userControl = Session.getModelController(UserControl.class); 087 RecoveryAnswer recoveryAnswer = userControl.getRecoveryAnswer(party); 088 String answer = form.getAnswer(); 089 090 if(recoveryAnswer == null) { 091 if(answer != null) { 092 addExecutionError(ExecutionErrors.MissingRequiredAnswer.name()); 093 } 094 } else { 095 if(answer == null) { 096 addExecutionError(ExecutionErrors.InvalidParameterCount.name()); 097 } else if(!answer.equals(recoveryAnswer.getLastDetail().getAnswer())) { 098 addExecutionError(ExecutionErrors.IncorrectAnswer.name()); 099 } 100 } 101 102 if(!hasExecutionErrors()) { 103 UserLoginPasswordType userLoginPasswordType = userControl.getUserLoginPasswordTypeByName(UserConstants.UserLoginPasswordType_RECOVERED_STRING); 104 String password = PasswordGeneratorUtils.getInstance().getPassword(party.getLastDetail().getPartyType()); 105 PartyPK createdBy = getPartyPK(); 106 107 // If it already exists, delete the previous attempt at recovery. 108 if(userControl.countUserLoginPasswords(party, userLoginPasswordType) != 0) { 109 userControl.deleteUserLoginPassword(userControl.getUserLoginPasswordForUpdate(party, userLoginPasswordType), createdBy); 110 } 111 112 UserLoginPassword userLoginPassword = userControl.createUserLoginPassword(party, userLoginPasswordType, createdBy); 113 userControl.createUserLoginPasswordString(userLoginPassword, password, session.START_TIME_LONG, Boolean.FALSE, createdBy); 114 115 // ExecutionErrorAccumulator is passed in as null so that an Exception will be thrown if there is an error. 116 PartyChainLogic.getInstance().createPartyPasswordRecoveryChainInstance(null, party, createdBy); 117 } 118 } 119 } else { 120 addExecutionError(ExecutionErrors.InvalidParameterCount.name()); 121 } 122 123 return result; 124 } 125 126}