public boolean saveUser(BeanFieldGroup<User> fieldGroup, String clearPass)
throws FieldGroup.CommitException, BLException {
fieldGroup.commit();
BeanItem<User> item = fieldGroup.getItemDataSource();
try {
return (boolean)
DB.execWithTransaction(
(db) -> {
User u = item.getBean();
db.save(u);
if (clearPass != null && !clearPass.isEmpty()) {
UserManager mgr = new UserManager(db);
try {
mgr.setPassword(u, clearPass);
} catch (BLException e) {
return false;
}
addRevisionCreated(
db, getEntityName(), item.getItemProperty("id").getValue().toString());
u.setForcePasswordChange(true);
db.session().update(u);
return true;
}
return false;
});
} catch (Exception e) {
getApp().getLog().error(e);
return false;
}
}
public Message startAuthentication(AuthenticationMessage msg)
throws AuthenticationException, GeneralSecurityException {
if (msg instanceof RequestLoginMessage) {
RequestLoginMessage rlm = (RequestLoginMessage) msg;
username = rlm.getLogin();
if (!allowRoot && username.equals("root")) {
throw new AuthenticationException("Must authenticate as a regular user first.");
}
// generate challange
byte[] passhash = UserManager.v().getPassHash(username);
if (passhash == null) {
throw new AuthenticationException("User has no password");
}
ChallangeMessage cm = new ChallangeMessage();
SecureRandom rand = new SecureRandom();
rand.nextBytes(randNumber);
cm.setChallange(randNumber, passhash);
state = CL_CHALLANGE_SENT;
// send the challange
return cm;
} else if (msg instanceof ChallangeCheckStatusMessage) {
// After authentication is complete the client sends this message
// It can be safely ignored. We don't care that the client has
// actually authenticated us.
return null;
}
throw new AuthenticationException("State Error");
}
public Message updateState(AuthenticationMessage msg)
throws AuthenticationException, GeneralSecurityException {
switch (state) {
case CL_CHALLANGE_SENT:
{
ChallangeResponseMessage crm = null;
byte[] resp;
if (msg instanceof ChallangeResponseMessage) {
crm = (ChallangeResponseMessage) msg;
resp = crm.getResponse();
} else {
throw new AuthenticationException("State Error");
}
if (!Arrays.equals(randNumber, resp)) {
throw new AuthenticationException("Authentication Failed");
}
state = SR_AUTH_SERVER;
// wait for challenge
ChallangeCheckStatusMessage check = new ChallangeCheckStatusMessage();
check.setOk(true);
return check;
}
case SR_AUTH_SERVER:
{
ChallangeMessage cm = null;
if (msg instanceof ChallangeMessage) {
cm = (ChallangeMessage) msg;
} else {
throw new AuthenticationException("State Error");
}
// send reponse
ChallangeResponseMessage crm = new ChallangeResponseMessage();
byte[] passhash = UserManager.v().getPassHash(username);
if (passhash == null) {
throw new AuthenticationException("User has no password");
}
crm.produceResponse(cm.getChallange(), passhash);
authenticated = true;
logger.info("User " + username + " logged in");
state = DONE_STATE;
// complete the challenege-response
return crm;
}
default:
{
if (msg instanceof ChallangeCheckStatusMessage) {
return null;
}
}
}
throw new AuthenticationException("State Incomplete");
}
public void doPost(HttpServletRequest req, HttpServletResponse resp)
throws IOException, ServletException {
log.info("########## START EDIT EVENT POST ###########");
// Check for valid user session
lpo.User user = UserManager.GetUser();
if (user == null) resp.sendRedirect("WelcomePage.jsp");
// get event from datastore
String eventKey = req.getParameter("k");
// pull the event object out
lpo.Event event = EventManager.GetEvent(eventKey);
String eventName = req.getParameter("eventName").trim();
String description = req.getParameter("description").trim();
boolean formIsComplete = true;
int minParticipants = 0;
try {
minParticipants = Integer.parseInt(req.getParameter("minParticipants"));
} catch (Exception e) {
log.info("ERROR PARSING MIN PARTICIPANTS: " + e.toString());
formIsComplete = false;
}
log.info("FORM VARS : " + eventName + " " + description + " " + minParticipants);
if (eventName == null
|| eventName.isEmpty()
|| description == null
|| description.isEmpty()
|| minParticipants < 1) {
formIsComplete = false;
}
if (formIsComplete) {
// create event and populate available attributes
event.setName(eventName);
event.setDescription(description);
event.setMinParticipants(minParticipants);
// persist to database
DataAccessManager.UpdateEvent(event);
resp.sendRedirect("/Menu");
} else {
// reshow the same jsp page with error message :
req.getRequestDispatcher("/WEB-INF/EditEvent.jsp").forward(req, resp);
}
return;
}
public String resetUserPassword(User user) {
String generatedPassword = PasswordGenerator.generateRandomPassword();
try {
DB.execWithTransaction(
(db) -> {
db.session().refresh(user);
user.getPasswordhistory(); // hack to avoid LazyInitialization
UserManager mgr = new UserManager(db);
try {
mgr.setPassword(user, generatedPassword);
} catch (BLException e) {
getApp().displayNotification("errorMessage.resetPassword");
return false;
}
user.setForcePasswordChange(true);
db.session().saveOrUpdate(user);
return true;
});
} catch (Exception e) {
getApp().getLog().error(e);
return null;
}
return generatedPassword;
}
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
log.info("########## START EDIT EVENT GET ###########");
// Check for valid user session
lpo.User user = UserManager.GetUser();
if (user == null) resp.sendRedirect("WelcomePage.jsp");
// get event from datastore
String eventKey = req.getParameter("k");
// pull the event object out
lpo.Event event = EventManager.GetEvent(eventKey);
req.setAttribute("event", event);
// build display page
req.getRequestDispatcher("/WEB-INF/EditEvent.jsp").forward(req, resp);
}
public void execute() throws Exception {
// TODO Auto-generated method stub
Long key = (Long) getView().getAllValues().get("id");
System.out.println("\n\n\n\n\n\n\n\n\n\n The value sent===" + getView().getAllValues());
Map payingAcct = (Map) getView().getAllValues().get("payingAccount");
PaymentBatch batch = XPersistence.getManager().find(PaymentBatch.class, key);
TransitAccount debitAccount = batch.getPayingAccount();
if (payingAcct.get("id") != null) {
debitAccount = (TransitAccount) MapFacade.findEntity("TransitAccount", payingAcct);
batch.setPayingAccount(debitAccount);
XPersistence.getManager().merge(batch);
}
if (UserManager.loginUserHasRole("funder") && debitAccount == null) {
addError("As funder, You Need to Attach Debit Account", null);
return;
}
Long transId = (Long) getView().getObject("transId");
Boolean fina = (Boolean) getView().getObject("final");
if (fina) {
if (debitAccount == null) {
addError(" Debit Account Yet To be Attached", null);
return;
}
String token = (String) getView().getObject("token");
String softToken = (String) getView().getValue("softToken");
if (Is.empty(softToken)) {
addError("Soft Token Is Required", null);
return;
}
DateTime dT = (DateTime) getView().getObject("fiveMinutes");
DateTime presentTime = new DateTime(Dates.withTime(Dates.createCurrent()));
if (!Is.equalAsStringIgnoreCase(token, softToken)) {
addError("Incorrect Soft Token", null);
return;
}
if (dT.getMillis() < presentTime.getMillis()) {
addError("Token Has Expired", null);
return;
}
System.out.println(
"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n The sent object to this place ===" + transId);
}
Transaction transaction = XPersistence.getManager().find(Transaction.class, transId);
AsyncEventBus eventBus = new AsyncEventBus(Executors.newCachedThreadPool());
eventBus.register(transaction);
System.out.println(" 1111111approve already commented out......... ");
eventBus.post(new Object());
// transaction.approve();
closeDialog();
setNextMode(LIST);
}
private String _createUndefinedName() {
UserManager u = UserManager.getInstance();
String name = "undefined" + u.getUserNum();
return name;
}
/**
* Displays a given Meeting page for a HTTP Get, or creates a new Meeting for a HTTP Post
*
* <p>- Requires a cookie for the session user - Requires a meetingId request parameter for a GET
* - Requires description, createdByUserId, datepicker, meetingTime, groupId request parameters
* for a POST
*
* @param req The HTTP Request
* @param res The HTTP Response
*/
public void meetingAction(HttpServletRequest req, HttpServletResponse res) {
// Ensure there is a cookie for the session user
if (AccountController.redirectIfNoCookie(req, res)) return;
Map<String, Object> viewData = new HashMap<String, Object>();
viewData.put("title", "Meeting");
// Initialise Manager connections
MeetingManager meetingMan = new MeetingManager();
GroupManager groupMan = new GroupManager();
if (req.getMethod() == HttpMethod.Get) {
// Get request parameter
int meetingId = Integer.parseInt(req.getParameter("meetingId"));
Meeting meeting = meetingMan.get(meetingId);
if (meeting != null) {
List<User> meetingUsers = groupMan.getGroupUsers(meeting.getGroupId());
viewData.put("meetingUsers", meetingUsers);
viewData.put("meeting", meeting);
view(req, res, "/views/group/Meeting.jsp", viewData);
} else {
httpNotFound(req, res);
}
} else if (req.getMethod() == HttpMethod.Post) {
// Get details from request
String description = req.getParameter("description");
int createdByUserId = Integer.parseInt(req.getParameter("createdByUserId"));
Date dateCreated = new Date();
String meetingDate = req.getParameter("datepicker");
String meetingTime = req.getParameter("meetingTime");
// Parse meeting date time details
DateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm");
Date dateDue = new Date();
try {
dateDue = format.parse(meetingDate + " " + meetingTime);
} catch (ParseException e) {
// Unable to parse date. This shouldn't happen since we are
// performing javascript validation.
}
int groupId = Integer.parseInt(req.getParameter("groupId"));
// Create a Meeting
Meeting meeting = new Meeting();
meeting.setDescription(description);
meeting.setCreatedByUserId(createdByUserId);
meeting.setDateCreated(dateCreated);
meeting.setDateDue(dateDue);
meeting.setGroupId(groupId);
meetingMan.createMeeting(meeting);
int meetingId = meetingMan.getIdFor(meeting);
meeting.setId(meetingId);
UserManager userMan = new UserManager();
User createdByUser = userMan.get(createdByUserId);
// Create a notification for all users in group
NotificationManager notificationMan = new NotificationManager();
List<User> users = groupMan.getGroupUsers(groupId);
for (User u : users) {
Notification notification =
new Notification(
u.getId(),
u,
groupId,
null,
"Meeting " + description + " was created by " + createdByUser.getFullName(),
"/group/meeting?meetingId=" + meetingId);
notificationMan.createNotification(notification);
}
// Update the User Session to show new meeting
HttpSession session = req.getSession();
Session userSession = (Session) session.getAttribute("userSession");
User admin = userSession.getUser();
admin.getMeetings().add(meeting);
// Show meeting page
viewData.put("meetingUsers", users);
viewData.put("meeting", meeting);
view(req, res, "/views/group/Meeting.jsp", viewData);
}
}
/** 回复短信 */
public String reply() {
User user = userManager.getById(Integer.parseInt(noteSend.getSendid()));
getRequest().setAttribute("user", user);
return NOTE_NEW_JSP;
}
public boolean updateUser(
BeanFieldGroup<User> fieldGroup, String currentPass, String newClearPass)
throws BLException, FieldGroup.CommitException, CloneNotSupportedException {
BeanItem<User> old = fieldGroup.getItemDataSource();
Object oldUser = old.getBean().clone();
fieldGroup.commit();
BeanItem<User> item = fieldGroup.getItemDataSource();
User u = item.getBean();
boolean userUpdated = false;
try {
userUpdated =
(boolean)
DB.execWithTransaction(
(db) -> {
User user = (User) db.session().merge(u);
UserManager mgr = new UserManager(db);
boolean updated = false;
if (!newClearPass.isEmpty()) {
boolean passwordOK = false;
boolean newPasswordOK = false;
try {
passwordOK = mgr.checkPassword(user, currentPass);
newPasswordOK = mgr.checkNewPassword(user, newClearPass);
if (passwordOK && newPasswordOK) {
mgr.setPassword(user, newClearPass);
updated = true;
} else if (!newPasswordOK) {
throw new BLException("This password has already been used");
}
} catch (BLException e) {
// do nothing
return false;
}
}
updated =
updated
|| addRevisionUpdated(
db,
getEntityName(),
String.valueOf(u.getId()),
oldUser,
u,
new String[] {
"nick", "name", "email", "active", "roles", "password"
});
return updated;
});
} catch (Exception e) {
getApp().getLog().error(e);
return false;
}
if (userUpdated && u.equals(getApp().getUser())) {
try {
DB.exec(
(db) -> {
db.session().refresh(getApp().getUser());
return null;
});
} catch (Exception e) {
getApp().getLog().error(e);
}
}
return userUpdated;
}
