Source code

001// --------------------------------------------------------------------------------
002// Copyright 2002-2026 Echo Three, LLC
003//
004// Licensed under the Apache License, Version 2.0 (the "License");
005// you may not use this file except in compliance with the License.
006// You may obtain a copy of the License at
007//
008//     http://www.apache.org/licenses/LICENSE-2.0
009//
010// Unless required by applicable law or agreed to in writing, software
011// distributed under the License is distributed on an "AS IS" BASIS,
012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013// See the License for the specific language governing permissions and
014// limitations under the License.
015// --------------------------------------------------------------------------------
016
017package com.echothree.control.user.authentication.server.command;
018
019import com.echothree.control.user.authentication.common.form.RecoverPasswordForm;
020import com.echothree.control.user.party.common.result.PartyResultFactory;
021import com.echothree.model.control.party.server.logic.PartyChainLogic;
022import com.echothree.model.control.party.server.logic.PartyLogic;
023import com.echothree.model.control.user.common.UserConstants;
024import com.echothree.model.control.user.server.control.UserControl;
025import com.echothree.model.control.user.server.logic.UserLoginLogic;
026import com.echothree.model.data.party.server.entity.Party;
027import com.echothree.util.common.command.BaseResult;
028import com.echothree.util.common.message.ExecutionErrors;
029import com.echothree.util.common.validation.FieldDefinition;
030import com.echothree.util.common.validation.FieldType;
031import com.echothree.util.server.control.BaseSimpleCommand;
032import com.echothree.util.server.persistence.Session;
033import com.echothree.util.server.string.PasswordGeneratorUtils;
034import java.util.List;
035import javax.enterprise.context.Dependent;
036
037@Dependent
038public class RecoverPasswordCommand
039        extends BaseSimpleCommand<RecoverPasswordForm> {
040
041    private final static List<FieldDefinition> FORM_FIELD_DEFINITIONS;
042
043    static {
044        FORM_FIELD_DEFINITIONS = List.of(
045                new FieldDefinition("PartyName", FieldType.ENTITY_NAME, false, null, null),
046                new FieldDefinition("Username", FieldType.STRING, false, 1L, 80L),
047                new FieldDefinition("Answer", FieldType.STRING, false, 1L, 40L)
048                );
049    }
050
051    /** Creates a new instance of RecoverPasswordCommand */
052    public RecoverPasswordCommand() {
053        super(null, FORM_FIELD_DEFINITIONS, true);
054    }
055
056    @Override
057    protected BaseResult execute() {
058        var result = PartyResultFactory.getGetPartyResult();
059        var partyName = form.getPartyName();
060        var username = form.getUsername();
061        var parameterCount = (partyName == null ? 0 : 1) + (username == null ? 0 : 1);
062
063        if(parameterCount == 1) {
064            Party party = null;
065
066            if(partyName != null) {
067                party = PartyLogic.getInstance().getPartyByName(this, partyName);
068            }
069
070            if(username != null) {
071                var userLogin = UserLoginLogic.getInstance().getUserLoginByUsername(this, username);
072
073                if(!hasExecutionErrors()) {
074                    party = userLogin.getParty();
075                }
076            }
077
078            if(!hasExecutionErrors()) {
079                var userControl = Session.getModelController(UserControl.class);
080                var recoveryAnswer = userControl.getRecoveryAnswer(party);
081                var answer = form.getAnswer();
082                
083                if(recoveryAnswer == null) {
084                    if(answer != null) {
085                        addExecutionError(ExecutionErrors.MissingRequiredAnswer.name());
086                    }
087                } else {
088                    if(answer == null) {
089                        addExecutionError(ExecutionErrors.InvalidParameterCount.name());
090                    } else if(!answer.equals(recoveryAnswer.getLastDetail().getAnswer())) {
091                        addExecutionError(ExecutionErrors.IncorrectAnswer.name());
092                    }
093                }
094                
095                if(!hasExecutionErrors()) {
096                    var userLoginPasswordType = userControl.getUserLoginPasswordTypeByName(UserConstants.UserLoginPasswordType_RECOVERED_STRING);
097                    var password = PasswordGeneratorUtils.getInstance().getPassword(party.getLastDetail().getPartyType());
098                    var createdBy = getPartyPK();
099
100                    // If it already exists, delete the previous attempt at recovery.
101                    if(userControl.countUserLoginPasswords(party, userLoginPasswordType) != 0) {
102                        userControl.deleteUserLoginPassword(userControl.getUserLoginPasswordForUpdate(party, userLoginPasswordType), createdBy);
103                    }
104
105                    var userLoginPassword = userControl.createUserLoginPassword(party, userLoginPasswordType, createdBy);
106                    userControl.createUserLoginPasswordString(userLoginPassword, password, session.getStartTime(), false, createdBy);
107                    
108                    // ExecutionErrorAccumulator is passed in as null so that an Exception will be thrown if there is an error.
109                    PartyChainLogic.getInstance().createPartyPasswordRecoveryChainInstance(null, party, createdBy);
110                }
111            }
112        } else {
113            addExecutionError(ExecutionErrors.InvalidParameterCount.name());
114        }
115        
116        return result;
117    }
118
119}