/*
|
* Nutzerverwaltung - User and role management in your browser
|
* Copyright (C) 2011-2017 Ulrich Hilger, http://uhilger.de
|
*
|
* This program is free software: you can redistribute it and/or modify
|
* it under the terms of the GNU General Public License as published by
|
* the Free Software Foundation, either version 3 of the License, or
|
* (at your option) any later version.
|
*
|
* This program is distributed in the hope that it will be useful,
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
* GNU General Public License for more details.
|
*
|
* You should have received a copy of the GNU General Public License
|
* along with this program. If not, see http://www.gnu.org/licenses/
|
*/
|
|
|
package de.uhilger.um.api;
|
|
import de.uhilger.baselink.PersistenceManager;
|
import de.uhilger.baselink.Record;
|
import de.uhilger.um.Digester;
|
import static de.uhilger.um.api.UserMgr.MP_USER;
|
import static de.uhilger.um.api.UserMgr.P_DIGESTER;
|
import de.uhilger.um.daten.User;
|
import java.util.List;
|
import java.util.logging.Level;
|
import java.util.logging.Logger;
|
|
/**
|
* API-Methoden fuer die Aenderung der eigenen Nutzerdaten
|
*/
|
public class Profil extends Api {
|
private static final Logger logger = Logger.getLogger(Profil.class.getName());
|
|
public static final String SQL_GET_USER = "getUser";
|
|
public String setUserPw(String userId, String currentPw, String newPw) {
|
String result = "Kennwort nicht geƤndert";
|
try {
|
|
String digesterClassName = getServletContext().getInitParameter(P_DIGESTER);
|
Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
|
/*
|
MD5 geht nicht mehr,
|
vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
|
*/
|
String digestedCurrentPw = digester.digest(currentPw, Digester.SHA256, null);
|
PersistenceManager pm = getDb();
|
logger.fine(getSql(SQL_GET_USER));
|
List list = pm.select(getSql(SQL_GET_USER), getMapper(MP_USER), Record.WITHOUT_BLOBS, userId);
|
if(list != null && list.size() > 0) {
|
Object o = list.get(0);
|
if(o instanceof User) {
|
User u = (User) o;
|
if(u.getPw().equals(digestedCurrentPw)) {
|
String digestedNewPw = digester.digest(newPw, Digester.SHA256, null);
|
u.setPw(digestedNewPw);
|
pm.update(u, getMapper(MP_USER));
|
result = "Kennwort geaendert";
|
} else {
|
result = "Das Kennwort ist falsch";
|
}
|
}
|
} else {
|
result = "Benutzer " + userId + " nicht gefunden";
|
}
|
} catch (ClassNotFoundException|InstantiationException|IllegalAccessException ex) {
|
logger.log(Level.SEVERE, ex.getLocalizedMessage(), ex);
|
}
|
return result;
|
}
|
}
|