src/main/java/com/commafeed/backend/services/UserService.java

package com.commafeed.backend.services;

import java.util.Collection;
import java.util.Date;
import java.util.UUID;

import javax.ejb.Stateless;
import javax.inject.Inject;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;

import com.commafeed.backend.dao.FeedCategoryDAO;
import com.commafeed.backend.dao.FeedEntryStatusDAO;
import com.commafeed.backend.dao.UserDAO;
import com.commafeed.backend.dao.UserSettingsDAO;
import com.commafeed.backend.model.User;
import com.commafeed.backend.model.UserRole;
import com.commafeed.backend.model.UserRole.Role;
import com.google.common.base.Preconditions;

@Stateless
public class UserService {

	@Inject
	UserDAO userDAO;

	@Inject
	FeedEntryStatusDAO feedEntryStatusDAO;

	@Inject
	FeedCategoryDAO feedCategoryDAO;

	@Inject
	UserSettingsDAO userSettingsDAO;

	@Inject
	PasswordEncryptionService encryptionService;

	@Inject
	ApplicationSettingsService applicationSettingsService;

	public User login(String name, String password) {
		if (name == null || password == null) {
			return null;
		}

		User user = userDAO.findByName(name);
		if (user != null && !user.isDisabled()) {
			boolean authenticated = encryptionService.authenticate(password,
					user.getPassword(), user.getSalt());
			if (authenticated) {
				Date lastLogin = user.getLastLogin();
				Date now = new Date();
				// only update lastLogin field every hour in order to not
				// invalidate the cache everytime someone logs in
				if (lastLogin == null
						|| lastLogin.before(DateUtils.addHours(now, -1))) {
					user.setLastLogin(now);
					userDAO.saveOrUpdate(user);
				}
				return user;
			}
		}
		return null;
	}

	public User register(String name, String password, String email,
			Collection<Role> roles) {
		return register(name, password, email, roles, false);
	}

	public User register(String name, String password, String email,
			Collection<Role> roles, boolean forceRegistration) {

		Preconditions.checkNotNull(name);
		Preconditions.checkArgument(StringUtils.length(name) <= 32,
				"Name too long (32 characters maximum)");
		Preconditions.checkNotNull(password);

		if (!forceRegistration) {
			Preconditions.checkState(applicationSettingsService.get()
					.isAllowRegistrations(),
					"Registrations are closed on this CommaFeed instance");

			Preconditions.checkNotNull(email);
			Preconditions.checkArgument(StringUtils.length(name) >= 3,
					"Name too short (3 characters minimum)");
			Preconditions.checkArgument(
					forceRegistration || StringUtils.length(password) >= 6,
					"Password too short (6 characters maximum)");
			Preconditions.checkArgument(StringUtils.contains(email, "@"),
					"Invalid email address");
		}

		Preconditions.checkArgument(userDAO.findByName(name) == null,
				"Name already taken");
		if (StringUtils.isNotBlank(email)) {
			Preconditions.checkArgument(userDAO.findByEmail(email) == null,
					"Email already taken");
		}

		User user = new User();
		byte[] salt = encryptionService.generateSalt();
		user.setName(name);
		user.setEmail(email);
		user.setCreated(new Date());
		user.setSalt(salt);
		user.setPassword(encryptionService.getEncryptedPassword(password, salt));
		for (Role role : roles) {
			user.getRoles().add(new UserRole(user, role));
		}
		userDAO.saveOrUpdate(user);
		return user;
	}

	public void unregister(User user) {
		feedCategoryDAO.delete(feedCategoryDAO.findAll(user));
		userSettingsDAO.delete(userSettingsDAO.findByUser(user));
		userDAO.delete(user);
	}

	public String generateApiKey(User user) {
		byte[] key = encryptionService.getEncryptedPassword(UUID.randomUUID()
				.toString(), user.getSalt());
		return DigestUtils.sha1Hex(key);
	}
}
major classes refactoring 2013-04-11 20:49:08 +02:00			`package com.commafeed.backend.services;`
initial commit 2013-03-20 20:33:42 +01:00
partial user administration 2013-03-30 09:22:49 +01:00			`import java.util.Collection;`
use date constructor directly when a calendar is not needed, better performances 2013-06-25 16:57:48 +02:00			`import java.util.Date;`
recover password (wip) 2013-05-20 21:53:13 +02:00			`import java.util.UUID;`
initial commit 2013-03-20 20:33:42 +01:00
added maven embedded deployment with mvn tomee:run 2013-03-22 19:43:19 +01:00			`import javax.ejb.Stateless;`
initial commit 2013-03-20 20:33:42 +01:00			`import javax.inject.Inject;`

recover password (wip) 2013-05-20 21:53:13 +02:00			`import org.apache.commons.codec.digest.DigestUtils;`
registration api (#303) 2013-06-18 12:31:09 +02:00			`import org.apache.commons.lang.StringUtils;`
cache users 2013-06-27 11:10:08 +02:00			`import org.apache.commons.lang.time.DateUtils;`
recover password (wip) 2013-05-20 21:53:13 +02:00
allow users to permanently delete their account 2013-05-08 11:15:50 +02:00			`import com.commafeed.backend.dao.FeedCategoryDAO;`
			`import com.commafeed.backend.dao.FeedEntryStatusDAO;`
major classes refactoring 2013-04-11 20:49:08 +02:00			`import com.commafeed.backend.dao.UserDAO;`
allow users to permanently delete their account 2013-05-08 11:15:50 +02:00			`import com.commafeed.backend.dao.UserSettingsDAO;`
package refactoring 2013-03-23 16:17:19 +01:00			`import com.commafeed.backend.model.User;`
partial user administration 2013-03-30 09:22:49 +01:00			`import com.commafeed.backend.model.UserRole;`
change role to enum 2013-03-30 19:06:32 +01:00			`import com.commafeed.backend.model.UserRole.Role;`
check for nulls before querying the database 2013-04-23 09:06:35 +02:00			`import com.google.common.base.Preconditions;`
initial commit 2013-03-20 20:33:42 +01:00
added maven embedded deployment with mvn tomee:run 2013-03-22 19:43:19 +01:00			`@Stateless`
major classes refactoring 2013-04-11 20:49:08 +02:00			`public class UserService {`
initial commit 2013-03-20 20:33:42 +01:00
			`@Inject`
major classes refactoring 2013-04-11 20:49:08 +02:00			`UserDAO userDAO;`
case insensitive login (fixes #16) 2013-04-06 17:10:38 +02:00
allow users to permanently delete their account 2013-05-08 11:15:50 +02:00			`@Inject`
			`FeedEntryStatusDAO feedEntryStatusDAO;`

			`@Inject`
			`FeedCategoryDAO feedCategoryDAO;`

			`@Inject`
			`UserSettingsDAO userSettingsDAO;`

major classes refactoring 2013-04-11 20:49:08 +02:00			`@Inject`
			`PasswordEncryptionService encryptionService;`
case insensitive login (fixes #16) 2013-04-06 17:10:38 +02:00
registration api (#303) 2013-06-18 12:31:09 +02:00			`@Inject`
			`ApplicationSettingsService applicationSettingsService;`

initial commit 2013-03-20 20:33:42 +01:00			`public User login(String name, String password) {`
jklm initial implementation 2013-05-24 09:21:20 +02:00			`if (name == null \|\| password == null) {`
			`return null;`
			`}`
check for nulls before querying the database 2013-04-23 09:06:35 +02:00
major classes refactoring 2013-04-11 20:49:08 +02:00			`User user = userDAO.findByName(name);`
add a disabled state to users 2013-03-29 12:59:21 +01:00			`if (user != null && !user.isDisabled()) {`
initial commit 2013-03-20 20:33:42 +01:00			`boolean authenticated = encryptionService.authenticate(password,`
			`user.getPassword(), user.getSalt());`
			`if (authenticated) {`
cache users 2013-06-27 11:10:08 +02:00			`Date lastLogin = user.getLastLogin();`
			`Date now = new Date();`
			`// only update lastLogin field every hour in order to not`
			`// invalidate the cache everytime someone logs in`
			`if (lastLogin == null`
			`\|\| lastLogin.before(DateUtils.addHours(now, -1))) {`
			`user.setLastLogin(now);`
			`userDAO.saveOrUpdate(user);`
			`}`
initial commit 2013-03-20 20:33:42 +01:00			`return user;`
			`}`
			`}`
			`return null;`
			`}`
partial user administration 2013-03-30 09:22:49 +01:00
registration api (#303) 2013-06-18 12:31:09 +02:00			`public User register(String name, String password, String email,`
			`Collection<Role> roles) {`
			`return register(name, password, email, roles, false);`
added registration on welcome page 2013-04-06 21:38:18 +02:00			`}`

			`public User register(String name, String password, String email,`
registration api (#303) 2013-06-18 12:31:09 +02:00			`Collection<Role> roles, boolean forceRegistration) {`

check for nulls before querying the database 2013-04-23 09:06:35 +02:00			`Preconditions.checkNotNull(name);`
registration api (#303) 2013-06-18 12:31:09 +02:00			`Preconditions.checkArgument(StringUtils.length(name) <= 32,`
			`"Name too long (32 characters maximum)");`
admin panel should force registrations (#323) 2013-06-22 16:08:33 +02:00			`Preconditions.checkNotNull(password);`

			`if (!forceRegistration) {`
			`Preconditions.checkState(applicationSettingsService.get()`
			`.isAllowRegistrations(),`
			`"Registrations are closed on this CommaFeed instance");`

			`Preconditions.checkNotNull(email);`
			`Preconditions.checkArgument(StringUtils.length(name) >= 3,`
			`"Name too short (3 characters minimum)");`
			`Preconditions.checkArgument(`
			`forceRegistration \|\| StringUtils.length(password) >= 6,`
			`"Password too short (6 characters maximum)");`
			`Preconditions.checkArgument(StringUtils.contains(email, "@"),`
			`"Invalid email address");`
			`}`

registration api (#303) 2013-06-18 12:31:09 +02:00			`Preconditions.checkArgument(userDAO.findByName(name) == null,`
			`"Name already taken");`
admin panel should force registrations (#323) 2013-06-22 16:08:33 +02:00			`if (StringUtils.isNotBlank(email)) {`
			`Preconditions.checkArgument(userDAO.findByEmail(email) == null,`
			`"Email already taken");`
			`}`
registration api (#303) 2013-06-18 12:31:09 +02:00
partial user administration 2013-03-30 09:22:49 +01:00			`User user = new User();`
			`byte[] salt = encryptionService.generateSalt();`
			`user.setName(name);`
added registration on welcome page 2013-04-06 21:38:18 +02:00			`user.setEmail(email);`
use date constructor directly when a calendar is not needed, better performances 2013-06-25 16:57:48 +02:00			`user.setCreated(new Date());`
partial user administration 2013-03-30 09:22:49 +01:00			`user.setSalt(salt);`
			`user.setPassword(encryptionService.getEncryptedPassword(password, salt));`
change role to enum 2013-03-30 19:06:32 +01:00			`for (Role role : roles) {`
partial user administration 2013-03-30 09:22:49 +01:00			`user.getRoles().add(new UserRole(user, role));`
			`}`
hibernate tweaks 2013-06-06 09:54:17 +02:00			`userDAO.saveOrUpdate(user);`
partial user administration 2013-03-30 09:22:49 +01:00			`return user;`
			`}`
allow users to permanently delete their account 2013-05-08 11:15:50 +02:00
			`public void unregister(User user) {`
			`feedCategoryDAO.delete(feedCategoryDAO.findAll(user));`
			`userSettingsDAO.delete(userSettingsDAO.findByUser(user));`
			`userDAO.delete(user);`
			`}`
recover password (wip) 2013-05-20 21:53:13 +02:00
			`public String generateApiKey(User user) {`
			`byte[] key = encryptionService.getEncryptedPassword(UUID.randomUUID()`
			`.toString(), user.getSalt());`
			`return DigestUtils.sha1Hex(key);`
			`}`
initial commit 2013-03-20 20:33:42 +01:00			`}`