package org.sigmah.server.handler;

/*
 * #%L
 * Sigmah
 * %%
 * Copyright (C) 2010 - 2016 URD
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public
 * License along with this program.  If not, see
 * <http://www.gnu.org/licenses/gpl-3.0.html>.
 * #L%
 */

import com.google.inject.persist.Transactional;
import org.sigmah.server.dispatch.impl.UserDispatch;
import org.sigmah.server.domain.User;
import org.sigmah.server.handler.base.AbstractCommandHandler;
import org.sigmah.server.security.impl.BCrypt;
import org.sigmah.shared.command.ChangePasswordCommand;
import org.sigmah.shared.command.result.VoidResult;
import org.sigmah.shared.dispatch.CommandException;
import org.sigmah.shared.dispatch.FunctionalException;

/**
 *
 * @author Raphaƫl Calabro (rcalabro@ideia.fr)
 */
public class ChangePasswordCommandHandler extends AbstractCommandHandler<ChangePasswordCommand, VoidResult> {

	@Override
	protected VoidResult execute(ChangePasswordCommand command, UserDispatch.UserExecutionContext context) throws CommandException {
		final User user = context.getUser();
		
		if(!command.getNewPassword().equals(command.getConfirmNewPassword())) {
			throw new FunctionalException(FunctionalException.ErrorCode.AUTHENTICATION_FAILURE);
		}
		
		if (!BCrypt.checkpw(command.getCurrentPassword(), user.getHashedPassword())) {
			throw new FunctionalException(FunctionalException.ErrorCode.AUTHENTICATION_FAILURE);
		}
		
		updatePassword(user, command.getNewPassword());
		
		return null;
	}
	
	@Transactional
	public void updatePassword(User user, String newPassword) {
		final String hashedPassword = BCrypt.hashpw(newPassword, BCrypt.gensalt());
		
		user.setHashedPassword(hashedPassword);
		
		// Desactivate password change key.
		user.setChangePasswordKey(null);
		
		em().merge(user);
	}
}