• Home
• com.github.corydoras
• base
• 1.3.1
• source code
• ActivateAccountUsingToken.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

base.jee.api.sql.ActivateAccountUsingToken Maven / Gradle / Ivy

/**
 * Creative commons Attribution-NonCommercial license.
 *
 * http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
 *
 * NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
 */
package base.jee.api.sql;

import base.Command;
import base.jee.Constants;
import base.json.Json;
import base.security.ResourceUid;
import base.security.User;
import base.text.Password;

import javax.sql.DataSource;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Date;
import java.util.UUID;

import static base.jee.api.sql.util.Log.log;

public class ActivateAccountUsingToken extends Command {

	private DataSource ds;
	private String token;
	private String password;
	private String password2;
	private String ip;

	public ActivateAccountUsingToken() {
	}

	public ActivateAccountUsingToken(DataSource ds, String token, String password, String password2, String ip) {
		if(ds == null) {
			throw new IllegalArgumentException("Invalid parameter: ds");
		}
		if(token == null || token.trim().length() == 0 || token.length() > Constants.MAX_TOKEN_LENGTH) {
			throw new IllegalArgumentException("Invalid parameter: token");
		}
		if(password == null || password.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: password");
		}
		if(password2 == null || password2.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: password2");
		}
		if(ip == null || ip.trim().length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: ip");
		}

		if(password.length() > Constants.MAX_PASSWORD_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter password. Passwords should not have more than " + Constants.MAX_PASSWORD_LENGTH + " characters.");
		}
		if(password.length() < Constants.MIN_PASSWORD_LENGTH) {
			throw new IllegalArgumentException("Please choose a shorter password. Passwords should contain at least " + Constants.MIN_PASSWORD_LENGTH + " characters.");
		}
		if(!password.equals(password2)) {
			throw new IllegalArgumentException("Passwords must match.");
		}

		this.ds = ds;
		this.token = token;
		this.password = password;
		this.password2 = password2;
		this.ip = ip;
	}

	@Override
	protected void execute() throws IOException {
		Connection c = null;
		PreparedStatement s = null;
		PreparedStatement t = null;
		ResultSet r = null;

		try {
			c = ds.getConnection();
			c.setAutoCommit(false);

			s = c.prepareStatement("select person_uuid from request_token where type='account_activation' and token=?");
			s.setString(1, token);
			r = s.executeQuery();
			if(!r.next()) {
				throw new IllegalArgumentException("Invalid request token.");
			}
			UUID uuid = UUID.fromString(r.getString(1));
			r.close();
			r = null;
			s.close();
			s = null;

			s = c.prepareStatement("select expiry, first_name, last_name from person where uuid=?");
			s.setString(1, uuid.toString());
			r = s.executeQuery();
			if(!r.next()) {
				throw new IllegalArgumentException("Invalid person uuid.");
			}
			if(r.getLong(1) > 0 && new Date(r.getLong(1)).getTime() < new Date().getTime()) {
				throw new IllegalStateException("Activating an expired account is not allowed.");
			}
			String firstName = r.getString(2);
			String lastName = r.getString(3);
			r.close();
			r = null;
			s.close();
			s = null;

			t = c.prepareStatement("update person set password=?, updated=? where uuid=?");
			t.setString(1, Password.encode(password));
			t.setLong(2, new Date().getTime());
			t.setString(3, uuid.toString());
			t.executeUpdate();
			t.close();
			t = null;

			log(c, "INFO", User.userWithUuidAndIp(uuid, ip), "Activated account for person " + firstName + " " + lastName, new ResourceUid("Person", uuid));

			c.commit();
			c.close();
			c = null;
		} catch(NoSuchAlgorithmException | SQLException e) {
			throw new IOException(e);
		} finally {
			if(r != null) { try { r.close(); } catch(SQLException e) { } }
			if(s != null) { try { s.close(); } catch(SQLException e) { } }
			if(t != null) { try { t.close(); } catch(SQLException e) { } }
			if(c != null) {
				try { c.rollback(); } catch (SQLException e) { }
				try { c.close(); } catch (SQLException e) { }
			}
		}
	}

	@Override
	public String getJsonParameters() {
		return "{" +
				"\"token\":\"" + Json.escape(token)+ "\"," +
				"\"password\":\"" + Json.escape(password)+ "\"," +
				"\"password2\":\"" + Json.escape(password2)+ "\"" +
				"}";
	}

}