Author: dimuthul
Date: Sun Dec 16 23:13:13 2007
New Revision: 11209
Log:
Adding validation to Email verifier.
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
trunk/commons/usermanager/modules/verification/src/main/java/org/wso2/usermanager/verification/email/EmailVerifier.java
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
Sun Dec 16 23:13:13 2007
@@ -1,3 +1,4 @@
+duplicateUser = User name already exists. Please select another user name!
exceptionOnConnectionOpen = Error occuered while connecting to Userstore
sqlFileNotFound = SQL file not found for Default Realm
errorModifyingUserStore = Error modifying the database
Modified:
trunk/commons/usermanager/modules/verification/src/main/java/org/wso2/usermanager/verification/email/EmailVerifier.java
==============================================================================
---
trunk/commons/usermanager/modules/verification/src/main/java/org/wso2/usermanager/verification/email/EmailVerifier.java
(original)
+++
trunk/commons/usermanager/modules/verification/src/main/java/org/wso2/usermanager/verification/email/EmailVerifier.java
Sun Dec 16 23:13:13 2007
@@ -29,6 +29,7 @@
import org.wso2.usermanager.UserStoreAdmin;
import org.wso2.usermanager.readwrite.DefaultRealm;
+
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
public class EmailVerifier {
@@ -41,36 +42,41 @@
public static final String DRIVER = "org.apache.derby.jdbc.EmbeddedDriver";
public static final String PROTOCOL = "jdbc:derby:";
public static final String CONF_STRING = "confirmation";
- private static PreparedStatement addUserStmt = null;
- private static PreparedStatement getUserByConfStmt = null;
- private static PreparedStatement deleteUserStmt = null;
- private static PreparedStatement addUserPropertyStmt = null;
- private static PreparedStatement getUserPropertyStmt = null;
- private static PreparedStatement deleteUserPropertyStmt = null;
- private static Connection dbConnection = null;
+ private static final String ADD_USER_SQL = "insert into
PENDING_USERS(username, email_address, password, confirmation) values(?, ?, ?,
?)";
+ private static final String GET_USER_BY_CONF_SQL = "select * from
PENDING_USERS where confirmation=?";
+ private static final String GET_USER_BY_USER_SQL = "select * from
PENDING_USERS where username=?";
+ private static final String DELETE_USER_SQL = "delete from PENDING_USERS
where username=?";
+ private static final String GET_USER_PROPERTY_SQL = "select * from
PENDING_USER_PROPERTIES where username=?";
+ private static final String DELETE_USER_PROPERTY = "delete from
PENDING_USER_PROPERTIES where username=?";
+ private static final String ADD_USER_PROPERTY_SQL = "insert into
PENDING_USER_PROPERTIES(username, property_name, property_value) values(?, ?,
?)";
+
+ private static Connection dbConnection = null;
/**
* Configures the Email Verifier
- * @param realmInstance - The realm instance where the email verifier is
going to call addUser
- * @param verifierConfig - Email Verifierification config
+ *
+ * @param realmInstance -
+ * The realm instance where the email verifier is going to call
+ * addUser
+ * @param verifierConfig -
+ * Email Verifierification config
*/
- public static void init(Realm realmInstance, EmailVerifierConfig
verifierConfig) throws UserManagerException{
+ public static void init(Realm realmInstance,
+ EmailVerifierConfig verifierConfig) throws UserManagerException {
- if((realmInstance==null) && (verifierConfig == null)){
+ if ((realmInstance == null) && (verifierConfig == null)) {
throw new RuntimeException("Invalid or null data provided");
}
realm = realmInstance;
config = verifierConfig;
createDatabase();
- compileStmts();
-
}
/**
- * Returns the user name for matching config string. This can be used to
get the user name
- * at the time where user is confirmed by the email.
+ * Returns the user name for matching config string. This can be used to
get
+ * the user name at the time where user is confirmed by the email.
*
* @param confString
* @return
@@ -79,29 +85,41 @@
public String getUserName(String confString) throws UserManagerException {
try {
+ PreparedStatement getUserByConfStmt =
dbConnection.prepareStatement(GET_USER_BY_CONF_SQL);
getUserByConfStmt.setString(1, confString);
ResultSet rs = getUserByConfStmt.executeQuery();
- if(rs.next()){
- String username = rs.getString("username");
+ if (rs.next()) {
+ String username = rs.getString("username");
+ getUserByConfStmt.close();
return username;
}
} catch (SQLException e) {
- throw new UserManagerException("error",e);
+ throw new UserManagerException("error", e);
}
return null;
}
- public boolean confirmUser(String confString) throws UserManagerException{
- if(realm == null){
+ public boolean confirmUser(String confString) throws UserManagerException {
+ if (realm == null) {
throw new UserManagerException("initVerifier");
}
boolean isConfirmed = false;
+
try {
+ PreparedStatement getUserByConfStmt =
dbConnection.prepareStatement(GET_USER_BY_CONF_SQL);
+ PreparedStatement getUserPropertyStmt = dbConnection
+ .prepareStatement(GET_USER_PROPERTY_SQL);
+
+ PreparedStatement deleteUserStmt = dbConnection
+ .prepareStatement(DELETE_USER_SQL);
+ PreparedStatement deleteUserPropertyStmt = dbConnection
+ .prepareStatement(DELETE_USER_PROPERTY);
+
getUserByConfStmt.setString(1, confString);
ResultSet rs = getUserByConfStmt.executeQuery();
- if(rs.next()){
+ if (rs.next()) {
String username = rs.getString("username");
String password = rs.getString("password");
UserStoreAdmin usAdmin = realm.getUserStoreAdmin();
@@ -111,7 +129,7 @@
getUserPropertyStmt.setString(1, username);
ResultSet propRS = getUserPropertyStmt.executeQuery();
Map props = new HashMap();
- while(propRS.next()){
+ while (propRS.next()) {
String key = propRS.getString("property_name");
String value = propRS.getString("property_value");
props.put(key, value);
@@ -122,21 +140,58 @@
deleteUserPropertyStmt.executeUpdate();
deleteUserStmt.setString(1, username);
deleteUserStmt.executeUpdate();
+
dbConnection.commit();
+
+ getUserByConfStmt.close();
+ getUserPropertyStmt.close();
+ deleteUserStmt.close();
+ deleteUserPropertyStmt.close();
}
} catch (SQLException e) {
- throw new UserManagerException("error",e);
+ throw new UserManagerException("error", e);
}
return isConfirmed;
}
- public void requestUserVerification(String username, String emailAddress,
String password, Map properties) throws UserManagerException{
- if(config == null){
+ public void requestUserVerification(String username, String emailAddress,
+ String password, Map properties) throws UserManagerException {
+ if (config == null) {
throw new UserManagerException("initVerifier");
}
+ if (username == null || emailAddress == null || password == null) {
+ throw new UserManagerException("invalidData");
+ }
+
+ username = username.trim();
+ emailAddress = emailAddress.trim();
+ password = password.trim();
+
+ if (username.length() == 0 || emailAddress.length() == 0
+ || password.length() == 0) {
+ throw new UserManagerException("invalidData");
+ }
+
+ if(realm.getUserStoreReader().isExistingUser(username)){
+ throw new UserManagerException("duplicateUser");
+ }
+
try {
+
+ PreparedStatement getUser =
dbConnection.prepareStatement(GET_USER_BY_USER_SQL);
+ getUser.setString(1, username);
+ ResultSet rs = getUser.executeQuery();
+ if(rs.next()){
+ throw new UserManagerException("duplicateUser");
+ }
+
+ PreparedStatement addUserStmt = dbConnection
+ .prepareStatement(ADD_USER_SQL);
+ PreparedStatement addUserPropertyStmt = dbConnection
+ .prepareStatement(ADD_USER_PROPERTY_SQL);
+
Random random = new Random();
byte[] temp = new byte[16];
random.nextBytes(temp);
@@ -145,41 +200,43 @@
confString = confString.replaceAll("\\+", "b");
confString = confString.replaceAll("=", "c");
confString = confString.trim();
- //TODO check whether user is there
+ // TODO check whether user is there
String epr = config.getRegistrationServiceEPR();
sendEmail(confString, emailAddress, epr);
addUserStmt.setString(1, username);
addUserStmt.setString(2, emailAddress);
addUserStmt.setString(3, password);
addUserStmt.setString(4, confString);
-
+
addUserStmt.executeUpdate();
- if(properties != null){
+ if (properties != null) {
Iterator ite = properties.entrySet().iterator();
- while(ite.hasNext()){
- Entry entry = (Entry)ite.next();
- String key = (String)entry.getKey();
- String value = (String)entry.getValue();
+ while (ite.hasNext()) {
+ Entry entry = (Entry) ite.next();
+ String key = (String) entry.getKey();
+ String value = (String) entry.getValue();
addUserPropertyStmt.setString(1, username);
addUserPropertyStmt.setString(2, key);
addUserPropertyStmt.setString(3, value);
addUserPropertyStmt.executeUpdate();
}
-
+
dbConnection.commit();
+ addUserStmt.close();
+ addUserPropertyStmt.close();
}
} catch (SQLException e) {
- throw new UserManagerException("pendingAdd",e);
+ throw new UserManagerException("pendingAdd", e);
}
}
+ protected void sendEmail(String confString, String emailAddr, String epr)
+ throws UserManagerException {
+ // TODO :: Use a java thread here
- protected void sendEmail(String confString, String emailAddr, String epr)
throws UserManagerException{
- //TODO :: Use a java thread here
-
Properties props = new Properties();
props.put(EmailVerifierConfig.HOST, config.getHost());
props.put(EmailVerifierConfig.PORT,
Integer.toString(config.getPort()));
@@ -189,7 +246,8 @@
// Construct the message
Message msg = new MimeMessage(session);
msg.setFrom(new InternetAddress(config.getFromAddress()));
- msg.setRecipient(Message.RecipientType.TO, new
InternetAddress(emailAddr));
+ msg.setRecipient(Message.RecipientType.TO, new InternetAddress(
+ emailAddr));
msg.setSubject("EmailVerification");
String responseMessage = getResponseMessage(confString, epr);
@@ -207,18 +265,17 @@
}
}
-
- protected static void createDatabase() throws UserManagerException{
+ protected static void createDatabase() throws UserManagerException {
try {
Class clazz = Class.forName(DRIVER);
Driver driver = (Driver) clazz.newInstance();
Properties props = new Properties();
- String connectionURL = PROTOCOL +
"UnVerifiedUserDatabase;create=true";
+ String connectionURL = PROTOCOL
+ + "UnVerifiedUserDatabase;create=true";
dbConnection = driver.connect(connectionURL, props);
-
Statement stmt = dbConnection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_UPDATABLE);
@@ -226,47 +283,36 @@
DatabaseMetaData dbmd = dbConnection.getMetaData();
ResultSet rs = dbmd.getTables(null, null, "PENDING_USERS", null);
- if(rs.next() == false){
+ if (rs.next() == false) {
log.debug("Creating a new table in the database.");
stmt = dbConnection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_UPDATABLE);
- stmt.executeUpdate("create table PENDING_USERS(username
varchar(255) not null, email_address varchar(255) not null, password
varchar(255) not null, confirmation varchar(255) not null unique, primary key
(username))");
- stmt.executeUpdate("create table
PENDING_USER_PROPERTIES(username varchar(255) not null, property_name
varchar(255) not null, property_value varchar(255) not null, primary key
(username, property_name))");
-
- stmt.executeUpdate("insert into PENDING_USERS(username,
email_address, password, confirmation) values('admin', 'admin', 'dummyPass',
'adminConfirmation')");
- stmt.executeUpdate("insert into PENDING_USERS(username,
email_address, password, confirmation) values('root', 'root', 'dummyPass',
'rootConfirmation')");
+ stmt
+ .executeUpdate("create table PENDING_USERS(username
varchar(255) not null, email_address varchar(255) not null, password
varchar(255) not null, confirmation varchar(255) not null unique, primary key
(username))");
+ stmt
+ .executeUpdate("create table
PENDING_USER_PROPERTIES(username varchar(255) not null, property_name
varchar(255) not null, property_value varchar(255) not null, primary key
(username, property_name))");
+
+ stmt
+ .executeUpdate("insert into PENDING_USERS(username,
email_address, password, confirmation) values('admin', 'admin', 'dummyPass',
'adminConfirmation')");
+ stmt
+ .executeUpdate("insert into PENDING_USERS(username,
email_address, password, confirmation) values('root', 'root', 'dummyPass',
'rootConfirmation')");
dbConnection.commit();
- }else{
+ } else {
log.debug("Database and table already found.");
}
dbConnection.commit();
} catch (Exception e) {
- throw new UserManagerException("verifierUserDatabaseInit",e);
+ throw new UserManagerException("verifierUserDatabaseInit", e);
}
}
- protected static void compileStmts() throws UserManagerException{
- try {
- addUserStmt = dbConnection.prepareStatement("insert into
PENDING_USERS(username, email_address, password, confirmation) values(?, ?, ?,
?)");
- addUserPropertyStmt = dbConnection.prepareStatement("insert into
PENDING_USER_PROPERTIES(username, property_name, property_value) values(?, ?,
?)");
- getUserByConfStmt = dbConnection.prepareStatement("select * from
PENDING_USERS where confirmation=?");
- getUserPropertyStmt = dbConnection.prepareStatement("select * from
PENDING_USER_PROPERTIES where username=?");
-
- deleteUserStmt = dbConnection.prepareStatement("delete from
PENDING_USERS where username=?");
- deleteUserPropertyStmt = dbConnection.prepareStatement("delete
from PENDING_USER_PROPERTIES where username=?");
-
- } catch (SQLException e) {
- throw new UserManagerException("error",e);
- }
- }
+
private String getResponseMessage(String confString, String epr) {
- return "Please point your browser to : " + epr +"?"+CONF_STRING+"="
+confString;
+ return "Please point your browser to : " + epr + "?" + CONF_STRING
+ + "=" + confString;
}
-
-
-
}
_______________________________________________
Commons-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/commons-dev
