• Home
• com.github.corydoras
• base
• 1.1
• source code
• SignUp.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

base.jee.api.sql.SignUp Maven / Gradle / Ivy

/**
 * Creative commons Attribution-NonCommercial license.
 *
 * http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
 *
 * NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
 */
package base.jee.api.sql;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;

import javax.sql.DataSource;

import base.KeyValue;
import base.jee.api.Settings;
import base.template.TemplateManager;
import org.stringtemplate.v4.ST;

import base.Query;
import base.jee.Constants;
import base.jee.api.model.Email;
import base.json.Json;
import base.email.EmailAddressParse;
import base.security.PermissionException;
import base.security.User;

import static base.jee.api.sql.util.Log.log;

public class SignUp extends Query {

	private DataSource ds;
	private TemplateManager templateManager;
	private Settings settings;
	private String firstName;
	private String lastName;
	private String email;
	private String username;
	private String password;
	private String ip;
	private User user;

	public SignUp(DataSource ds, TemplateManager templateManager, Settings settings, User user, String firstName, String lastName, String email, String username, String password, String ip) throws PermissionException {

		if(ds == null) {
			throw new IllegalArgumentException("Invalid parameter: ds");
		}
		if(templateManager == null) {
			throw new IllegalArgumentException("Invalid parameter: templateManager");
		}
		if(settings == null) {
			throw new IllegalArgumentException("Invalid parameter: settings");
		}
		if(user == null) {
			throw new IllegalArgumentException("Invalid parameter: user");
		}
		if(firstName == null || firstName.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: firstName");
		}
		if(lastName == null || lastName.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: lastName");
		}
		if(email == null || email.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: email");
		}
		if(password == null || password.length() == 0) {
			throw new IllegalArgumentException("Must specify a password.");
		}
		if(ip == null || ip.length() == 0) {
			throw new IllegalArgumentException("Must specify a IP.");
		}

		if(username != null && username.trim().length() > Constants.MAX_USERNAME_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter username. Usernames should not have more than " + Constants.MAX_USERNAME_LENGTH + " characters.");
		}
		if(password.trim().length() > Constants.MAX_PASSWORD_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter password. Passwords should not have more than " + Constants.MAX_PASSWORD_LENGTH + " characters.");
		}
		if(firstName.trim().length() > Constants.MAX_FIRST_NAME_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter first name. First name should not have more than " + Constants.MAX_FIRST_NAME_LENGTH + " characters.");
		}
		if(lastName.trim().length() > Constants.MAX_LAST_NAME_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter last name. Last name should not have more than " + Constants.MAX_FIRST_NAME_LENGTH + " characters.");
		}
		if(email.trim().length() > Constants.MAX_EMAIL_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter email address. Email should not have more than " + Constants.MAX_EMAIL_LENGTH + " characters.");
		}

		this.ds = ds;
		this.templateManager = templateManager;
		this.settings = settings;
		this.firstName = firstName.trim();
		this.lastName = lastName.trim();
		this.email = email.trim().toLowerCase();
		this.password = password;
		this.user = user;
		this.ip = ip;

		if(username != null) {
			this.username = username.trim().toLowerCase();
		}
	}

	public SignUp() {
	}

	@Override
	public Query newWithParameters(Map parameters) throws IOException, PermissionException {
		return new SignUp(
				((SqlAPI)parameters.get("api")).getDataSource(),
				(TemplateManager)parameters.get("template_manager"),
				(Settings)parameters.get("settings"),
				(User)parameters.get("user"),
				(String)parameters.get("first_name"),
				(String)parameters.get("last_name"),
				(String)parameters.get("email"),
				(String)parameters.get("username"),
				(String)parameters.get("password"),
				((User)parameters.get("user")).getIp());
	}

	@Override
	protected List execute() throws IOException {
		List results = new LinkedList<>();
		Connection c = null;
		PreparedStatement q = null;
		ResultSet r = null;

		try {
			c = ds.getConnection();
			c.setAutoCommit(false);

			// Self sign up must be enabled.
			boolean selfSignup = false;
			String supportTeam = null;
			String supportEmail = null;
			q = c.prepareStatement(
					"select " +
					"(select value from setting where name='support_team.name'), " +
					"(select value from setting where name='support_team.email'), " +
					"(select value from setting where name='self.signup')");
			r = q.executeQuery();
			if(r.next()) {
				supportTeam = r.getString(1);
				supportEmail = r.getString(2);
				selfSignup = r.getString(3).equals("true");
			}
			r.close();
			q.close();

			if(!selfSignup) {
				c.rollback();
				log(c, "WARN", user, "Self sign up attempted while self sign up is disabled. Email: " + email);
				c.commit();
				results.add(new KeyValue("error", "Self sign up is not available at this time."));
				return results;
			}

			// Check email address is an allowed form of email address
			EmailAddressParse parse = new EmailAddressParse();
			if(!parse.isValid(email)) {
				results.add(new KeyValue("error", "Invalid email address. " + parse.getError()));
				return results;
			}

			q = c.prepareStatement("select email,username from person where email=? or username=?");
			q.setString(1, email);
			q.setString(2, username);
			r = q.executeQuery();
			if(r.next() && (email.equals(r.getString(1)) || (username != null && username.length() > 0 && username.equals(r.getString(2))))) {
				if(email.equals(r.getString(1))) {
					results.add(new KeyValue("error", "Person already exists with this email address."));
					return results;
				} else {
					results.add(new KeyValue("error", "Person already exists with this username."));
					return results;
				}
			}
			r.close();
			r = null;
			q.close();
			q = null;

			// Generate and store an authorisation token to verify this email accounts identity.
			String token = UUID.randomUUID().toString();
			log(c, "FINEST", user, "Storing sign up confirmation token " + token + " for person " + email);
			q = c.prepareStatement("insert into request_token (token, person_uuid, type, ip, expiry, data) values(?,?,'signup_confirmation',?,?,?)");
			q.setString(1, token);
			q.setLong(2, 0);
			q.setString(3, ip);
			q.setLong(4, (new Date()).getTime()/1000);
			q.setString(5,
					"{\"first_name\":\""+Json.escape(firstName)+"\"," +
						"\"last_name\":\""+Json.escape(lastName)+"\"," +
						"\"email\":\""+Json.escape(this.email)+"\"," +
						(username != null && username.length() > 0 ?"\"username\":\""+Json.escape(username)+"\",":"") +
						"\"password\":\""+Json.escape(password)+"\"}");
			q.executeUpdate();
			q.close();
			q = null;

			ST html = templateManager.getCurrentTemplate().getInstanceOf("signup_confirmation_email_html");
			html.add("first_name", firstName);
			html.add("last_name", lastName);
			html.add("email", this.email);
			html.add("token", token);
			html.add("formurl", settings.get("base.url"));

			ST text = templateManager.getCurrentTemplate().getInstanceOf("signup_confirmation_email_text");
			text.add("first_name", firstName);
			text.add("last_name", lastName);
			text.add("email", this.email);
			text.add("token", token);
			text.add("formurl", settings.get("base.url"));

			Email email = new Email();
			email.setTo(firstName + " " + lastName + " <" + this.email + ">");
			email.setFrom(supportTeam + " <" + supportEmail + ">");
			email.setText(text.render());
			email.setHtml(html.render());
			email.setSubject("Signup confirmation");

			// Schedule the email to be delivered via the email delivery queue
			q = c.prepareStatement("insert into email (to_address,email,retries,attempt_at,in_progress) values(?,?,0,?,0)");
			q.setString(1, email.getTo());
			q.setString(2, email.toJson());
			q.setLong(3, new Date().getTime());
			q.execute();
			q.close();
			q = null;

			c.commit();
		} catch(SQLException e) {
			throw new IOException(e);
		} finally {
			if(r != null) { try { r.close(); } catch (SQLException e) { } }
			if(q != null) { try { q.close(); } catch (SQLException e) { } }
			if(c != null) {
				try { c.rollback(); } catch (SQLException e) { }
				try { c.close(); } catch (SQLException e) { }
			}
		}

		results.add(new KeyValue("success", "ok"));
		return results;
	}

	@Override
	public String getJsonParameters() {
		return "{" +
				"\"first_name\":\"" + Json.escape(firstName)+ "\"," +
				"\"last_name\":\"" + Json.escape(lastName)+ "\"," +
				(username != null && username.length() > 0 ? "\"username\":\"" + Json.escape(email)+ "\",":"") +
				"\"email\":\"" + Json.escape(email)+ "\"" +
				"}";
	}

}