Source code

001// --------------------------------------------------------------------------------
002// Copyright 2002-2025 Echo Three, LLC
003//
004// Licensed under the Apache License, Version 2.0 (the "License");
005// you may not use this file except in compliance with the License.
006// You may obtain a copy of the License at
007//
008//     http://www.apache.org/licenses/LICENSE-2.0
009//
010// Unless required by applicable law or agreed to in writing, software
011// distributed under the License is distributed on an "AS IS" BASIS,
012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013// See the License for the specific language governing permissions and
014// limitations under the License.
015// --------------------------------------------------------------------------------
016
017package com.echothree.control.user.authentication.server.command;
018
019import com.echothree.control.user.authentication.common.form.RecoverPasswordForm;
020import com.echothree.control.user.party.common.result.PartyResultFactory;
021import com.echothree.model.control.party.server.logic.PartyChainLogic;
022import com.echothree.model.control.party.server.logic.PartyLogic;
023import com.echothree.model.control.user.common.UserConstants;
024import com.echothree.model.control.user.server.control.UserControl;
025import com.echothree.model.control.user.server.logic.UserLoginLogic;
026import com.echothree.model.data.party.server.entity.Party;
027import com.echothree.util.common.command.BaseResult;
028import com.echothree.util.common.message.ExecutionErrors;
029import com.echothree.util.common.validation.FieldDefinition;
030import com.echothree.util.common.validation.FieldType;
031import com.echothree.util.server.control.BaseSimpleCommand;
032import com.echothree.util.server.persistence.Session;
033import com.echothree.util.server.string.PasswordGeneratorUtils;
034import java.util.Arrays;
035import java.util.Collections;
036import java.util.List;
037import javax.enterprise.context.RequestScoped;
038
039@RequestScoped
040public class RecoverPasswordCommand
041        extends BaseSimpleCommand<RecoverPasswordForm> {
042
043    private final static List<FieldDefinition> FORM_FIELD_DEFINITIONS;
044
045    static {
046        FORM_FIELD_DEFINITIONS = Collections.unmodifiableList(Arrays.asList(
047                new FieldDefinition("PartyName", FieldType.ENTITY_NAME, false, null, null),
048                new FieldDefinition("Username", FieldType.STRING, false, 1L, 80L),
049                new FieldDefinition("Answer", FieldType.STRING, false, 1L, 40L)
050                ));
051    }
052
053    /** Creates a new instance of RecoverPasswordCommand */
054    public RecoverPasswordCommand() {
055        super(null, FORM_FIELD_DEFINITIONS, true);
056    }
057
058    @Override
059    protected BaseResult execute() {
060        var result = PartyResultFactory.getGetPartyResult();
061        var partyName = form.getPartyName();
062        var username = form.getUsername();
063        var parameterCount = (partyName == null ? 0 : 1) + (username == null ? 0 : 1);
064
065        if(parameterCount == 1) {
066            Party party = null;
067
068            if(partyName != null) {
069                party = PartyLogic.getInstance().getPartyByName(this, partyName);
070            }
071
072            if(username != null) {
073                var userLogin = UserLoginLogic.getInstance().getUserLoginByUsername(this, username);
074
075                if(!hasExecutionErrors()) {
076                    party = userLogin.getParty();
077                }
078            }
079
080            if(!hasExecutionErrors()) {
081                var userControl = Session.getModelController(UserControl.class);
082                var recoveryAnswer = userControl.getRecoveryAnswer(party);
083                var answer = form.getAnswer();
084                
085                if(recoveryAnswer == null) {
086                    if(answer != null) {
087                        addExecutionError(ExecutionErrors.MissingRequiredAnswer.name());
088                    }
089                } else {
090                    if(answer == null) {
091                        addExecutionError(ExecutionErrors.InvalidParameterCount.name());
092                    } else if(!answer.equals(recoveryAnswer.getLastDetail().getAnswer())) {
093                        addExecutionError(ExecutionErrors.IncorrectAnswer.name());
094                    }
095                }
096                
097                if(!hasExecutionErrors()) {
098                    var userLoginPasswordType = userControl.getUserLoginPasswordTypeByName(UserConstants.UserLoginPasswordType_RECOVERED_STRING);
099                    var password = PasswordGeneratorUtils.getInstance().getPassword(party.getLastDetail().getPartyType());
100                    var createdBy = getPartyPK();
101
102                    // If it already exists, delete the previous attempt at recovery.
103                    if(userControl.countUserLoginPasswords(party, userLoginPasswordType) != 0) {
104                        userControl.deleteUserLoginPassword(userControl.getUserLoginPasswordForUpdate(party, userLoginPasswordType), createdBy);
105                    }
106
107                    var userLoginPassword = userControl.createUserLoginPassword(party, userLoginPasswordType, createdBy);
108                    userControl.createUserLoginPasswordString(userLoginPassword, password, session.START_TIME_LONG, false, createdBy);
109                    
110                    // ExecutionErrorAccumulator is passed in as null so that an Exception will be thrown if there is an error.
111                    PartyChainLogic.getInstance().createPartyPasswordRecoveryChainInstance(null, party, createdBy);
112                }
113            }
114        } else {
115            addExecutionError(ExecutionErrors.InvalidParameterCount.name());
116        }
117        
118        return result;
119    }
120
121}