Source code

001// --------------------------------------------------------------------------------
002// Copyright 2002-2026 Echo Three, LLC
003//
004// Licensed under the Apache License, Version 2.0 (the "License");
005// you may not use this file except in compliance with the License.
006// You may obtain a copy of the License at
007//
008//     http://www.apache.org/licenses/LICENSE-2.0
009//
010// Unless required by applicable law or agreed to in writing, software
011// distributed under the License is distributed on an "AS IS" BASIS,
012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013// See the License for the specific language governing permissions and
014// limitations under the License.
015// --------------------------------------------------------------------------------
016
017package com.echothree.control.user.authentication.server.command;
018
019import com.echothree.control.user.authentication.common.form.SetPasswordForm;
020import com.echothree.model.control.customer.server.control.CustomerControl;
021import com.echothree.model.control.employee.server.control.EmployeeControl;
022import com.echothree.model.control.party.common.PartyTypes;
023import com.echothree.model.control.party.server.control.PartyControl;
024import com.echothree.model.control.party.server.logic.PartyLogic;
025import com.echothree.model.control.party.server.logic.PasswordStringPolicyLogic;
026import com.echothree.model.control.user.common.UserConstants;
027import com.echothree.model.control.vendor.server.control.VendorControl;
028import com.echothree.model.data.party.server.entity.Party;
029import com.echothree.util.common.command.BaseResult;
030import com.echothree.util.common.message.ExecutionErrors;
031import com.echothree.util.common.validation.FieldDefinition;
032import com.echothree.util.common.validation.FieldType;
033import com.echothree.util.server.persistence.Session;
034import java.util.List;
035import javax.enterprise.context.Dependent;
036
037@Dependent
038public class SetPasswordCommand
039        extends BaseLoginCommand<SetPasswordForm> {
040    
041    private final static List<FieldDefinition> FORM_FIELD_DEFINITIONS;
042    
043    static {
044        FORM_FIELD_DEFINITIONS = List.of(
045                new FieldDefinition("PartyName", FieldType.ENTITY_NAME, false, null, null),
046                new FieldDefinition("EmployeeName", FieldType.ENTITY_NAME, false, null, null),
047                new FieldDefinition("CustomerName", FieldType.ENTITY_NAME, false, null, null),
048                new FieldDefinition("VendorName", FieldType.ENTITY_NAME, false, null, null),
049                new FieldDefinition("OldPassword", FieldType.STRING, false, 1L, 40L),
050                new FieldDefinition("NewPassword1", FieldType.STRING, true, 1L, 40L),
051                new FieldDefinition("NewPassword2", FieldType.STRING, true, 1L, 40L)
052                );
053    }
054    
055    /** Creates a new instance of SetPasswordCommand */
056    public SetPasswordCommand() {
057        super(null, FORM_FIELD_DEFINITIONS);
058    }
059    
060    @Override
061    protected BaseResult execute() {
062        var partyName = form.getPartyName();
063        var employeeName = form.getEmployeeName();
064        var customerName = form.getCustomerName();
065        var vendorName = form.getVendorName();
066        var parameterCount = (partyName == null ? 0 : 1) + (employeeName == null ? 0 : 1) + (customerName == null ? 0 : 1) + (vendorName == null ? 0 : 1);
067        
068        if(parameterCount < 2) {
069            var userControl = getUserControl();
070            var self = getParty();
071            Party party = null;
072            
073            if(partyName != null) {
074                var partyControl = Session.getModelController(PartyControl.class);
075                
076                party = partyControl.getPartyByName(partyName);
077                if(party == null) {
078                    addExecutionError(ExecutionErrors.UnknownPartyName.name(), partyName);
079                }
080            } else if(employeeName != null) {
081                var employeeControl = Session.getModelController(EmployeeControl.class);
082                var partyEmployee = employeeControl.getPartyEmployeeByName(employeeName);
083                
084                if(partyEmployee != null) {
085                    party = partyEmployee.getParty();
086                } else {
087                    addExecutionError(ExecutionErrors.UnknownEmployeeName.name(), employeeName);
088                }
089            } else if(customerName != null) {
090                var customerControl = Session.getModelController(CustomerControl.class);
091                var customer = customerControl.getCustomerByName(customerName);
092                
093                if(customer != null) {
094                    party = customer.getParty();
095                } else {
096                    addExecutionError(ExecutionErrors.UnknownCustomerName.name(), customerName);
097                }
098            } else if(vendorName != null) {
099                var vendorControl = Session.getModelController(VendorControl.class);
100                var vendor = vendorControl.getVendorByName(vendorName);
101                
102                if(vendor != null) {
103                    party = vendor.getParty();
104                } else {
105                    addExecutionError(ExecutionErrors.UnknownVendorName.name(), vendorName);
106                }
107            } else {
108                party = self;
109            }
110            
111            if(!hasExecutionErrors()) {
112                if(party != null) {
113                    PartyLogic.getInstance().checkPartyType(this, party, PartyTypes.EMPLOYEE.name(), PartyTypes.CUSTOMER.name(),
114                            PartyTypes.VENDOR.name());
115
116                    if(!hasExecutionErrors()) {
117                        var userLoginPasswordType = userControl.getUserLoginPasswordTypeByName(UserConstants.UserLoginPasswordType_STRING);
118                        var userLoginPassword = userControl.getUserLoginPassword(party, userLoginPasswordType);
119
120                        if(userLoginPassword != null) {
121                            var newPassword1 = form.getNewPassword1();
122                            var newPassword2 = form.getNewPassword2();
123
124                            if(newPassword1.equals(newPassword2)) {
125                                var userLoginStatus = userControl.getUserLoginStatusForUpdate(party);
126                                var oldPassword = form.getOldPassword();
127
128                                if(oldPassword != null) {
129                                    if(!checkPasswords(userLoginStatus, oldPassword, party, false)) {
130                                        addExecutionError(ExecutionErrors.IncorrectPassword.name());
131                                    }
132                                } else if(party.equals(self)) {
133                                    addExecutionError(ExecutionErrors.MissingOldPassword.name());
134                                }
135
136                                if(!hasExecutionErrors()) {
137                                    var userLoginPasswordStringValue = userControl.getUserLoginPasswordStringValueForUpdate(userLoginPassword);
138                                    var partyTypePasswordStringPolicy = PasswordStringPolicyLogic.getInstance().checkStringPassword(session,
139                                            getUserVisit(), this, party, userLoginPassword, userLoginPasswordStringValue, newPassword1);
140
141                                    if(!hasExecutionErrors()) {
142                                        var changingForSelf = self.equals(party);
143
144                                        userLoginPasswordStringValue.setPassword(newPassword1);
145                                        userLoginPasswordStringValue.setChangedTime(session.getStartTime());
146                                        userLoginPasswordStringValue.setWasReset(!changingForSelf);
147
148                                        userControl.updateUserLoginPasswordStringFromValue(userLoginPasswordStringValue, self.getPrimaryKey());
149
150                                        userLoginStatus.setExpiredCount(0);
151                                        userLoginStatus.setForceChange(changingForSelf ? false : partyTypePasswordStringPolicy == null? false
152                                                : partyTypePasswordStringPolicy.getLastDetail().getForceChangeAfterReset());
153                                    }
154                                }
155                            } else {
156                                addExecutionError(ExecutionErrors.MismatchedPasswords.name());
157                            }
158                        } else {
159                            addExecutionError(ExecutionErrors.UnknownUserLoginPassword.name());
160                        }
161                    }
162                } else {
163                    addExecutionError(ExecutionErrors.UnknownParty.name());
164                }
165            }
166        } else {
167            addExecutionError(ExecutionErrors.InvalidParameterCount.name());
168        }
169        
170        return null;
171    }
172    
173}