/*
* Copyright 2012 Nick Stuart
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.bittheory.business;
import com.bittheory.domain.User;
import com.bittheory.stripes.util.PasswordHasher;
import com.google.common.base.Strings;
import java.util.Arrays;
import java.util.Date;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceContext;
import org.slf4j.Logger;
/**
*
* @author nick
*/
@Stateless
public class UserService {
@Inject
private DomainDao<User> userDao;
@PersistenceContext
private EntityManager em;
@Inject
private PasswordHasher hasher;
@Inject
private Logger log;
public void createUser(User user) {
setPassword(user);
userDao.create(user);
}
/**
*
*/
@TransactionAttribute(TransactionAttributeType.MANDATORY)
public void update(User user) {
setPassword(user);
}
public void setLastLogin(User user) {
em.createQuery("UPDATE User u SET u.lastLogin = :lastLogin WHERE u = :user").
setParameter("user", user).
setParameter("lastLogin", new Date()).
executeUpdate();
}
public boolean validPassword(String userName, String password) {
try {
Object[] info = (Object[]) em.createNamedQuery(User.QRY_LOGIN_INFO).
setParameter("userName", userName).
getSingleResult();
String givenHash = hasher.encrypt(password, String.valueOf(info[1]));
final boolean matches = givenHash.equals(info[0]);
if (matches) {
log.debug("User supplied correct login credientials for [{}]", userName);
} else {
log.debug("User supplied INCORRECT login credientials for [{}]", userName);
}
return matches;
} catch (NoResultException nre) {
log.info("User supplied invalid username [{}]", userName);
return false;
}
}
public User loadByUserName(String userName) {
return em.createNamedQuery(User.QRY_BY_USER_NAME, User.class).
setParameter("userName", userName).
getSingleResult();
}
/**
* Generates a new password and salt only if the uesr.password value is not
* empty.
*
* @param user
*/
private void setPassword(User user) {
if (user != null && !Strings.isNullOrEmpty(user.getPassword())) {
String salt = hasher.getRandomSalt();
user.setHashedPassword(hasher.encrypt(user.getPassword(), salt));
user.setSalt(salt);
}
}
}