UserService.java

/*
 * Copyright 2012 Nick Stuart
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.bittheory.business;

import com.bittheory.domain.User;
import com.bittheory.stripes.util.PasswordHasher;
import com.google.common.base.Strings;
import java.util.Arrays;
import java.util.Date;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceContext;
import org.slf4j.Logger;

/**
 *
 * @author nick
 */
@Stateless
public class UserService {

    @Inject
    private DomainDao<User> userDao;
    @PersistenceContext
    private EntityManager em;
    @Inject
    private PasswordHasher hasher;
    @Inject
    private Logger log;

    public void createUser(User user) {
        setPassword(user);
        userDao.create(user);
    }

    /**
     *
     */
    @TransactionAttribute(TransactionAttributeType.MANDATORY)
    public void update(User user) {
        setPassword(user);
    }

    public void setLastLogin(User user) {
        em.createQuery("UPDATE User u SET u.lastLogin = :lastLogin WHERE u = :user").
                setParameter("user", user).
                setParameter("lastLogin", new Date()).
                executeUpdate();
    }

    public boolean validPassword(String userName, String password) {
        try {
            Object[] info = (Object[]) em.createNamedQuery(User.QRY_LOGIN_INFO).
                    setParameter("userName", userName).
                    getSingleResult();
            String givenHash = hasher.encrypt(password, String.valueOf(info[1]));
            final boolean matches = givenHash.equals(info[0]);
            if (matches) {
                log.debug("User supplied correct login credientials for [{}]", userName);
            } else {
                log.debug("User supplied INCORRECT login credientials for [{}]", userName);
            }
            return matches;
        } catch (NoResultException nre) {
            log.info("User supplied invalid username [{}]", userName);
            return false;
        }
    }

    public User loadByUserName(String userName) {
        return em.createNamedQuery(User.QRY_BY_USER_NAME, User.class).
                setParameter("userName", userName).
                getSingleResult();
    }

    /**
     * Generates a new password and salt only if the uesr.password value is not
     * empty.
     *
     * @param user
     */
    private void setPassword(User user) {
        if (user != null && !Strings.isNullOrEmpty(user.getPassword())) {
            String salt = hasher.getRandomSalt();
            user.setHashedPassword(hasher.encrypt(user.getPassword(), salt));
            user.setSalt(salt);
        }
    }
}