argos/dmp-backend/web/src/main/java/eu/eudat/logic/managers/EmailConfirmationManager.java

package eu.eudat.logic.managers;

import eu.eudat.data.entities.Credential;
import eu.eudat.data.entities.EmailConfirmation;
import eu.eudat.data.entities.UserInfo;
import eu.eudat.data.entities.UserToken;
import eu.eudat.exceptions.emailconfirmation.HasConfirmedEmailException;
import eu.eudat.exceptions.emailconfirmation.TokenExpiredException;
import eu.eudat.logic.services.ApiContext;
import eu.eudat.logic.services.operations.DatabaseRepository;
import eu.eudat.models.data.security.Principal;
import eu.eudat.queryable.QueryableList;
import eu.eudat.queryable.jpa.predicates.OrderByPredicate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.Date;
import java.util.List;
import java.util.UUID;

@Component
public class EmailConfirmationManager {
	private ApiContext apiContext;
	private DatabaseRepository databaseRepository;

	@Autowired
	public EmailConfirmationManager(ApiContext apiContext) {
		this.apiContext = apiContext;
		this.databaseRepository = apiContext.getOperationsContext().getDatabaseRepository();
	}

	public void confirmEmail(String token) throws TokenExpiredException, HasConfirmedEmailException {
		EmailConfirmation loginConfirmationEmail = apiContext.getOperationsContext()
				.getDatabaseRepository().getLoginConfirmationEmailDao().asQueryable()
				.where((builder, root) -> builder.equal(root.get("token"), UUID.fromString(token))).getSingle();

		UserInfo user = databaseRepository.getUserInfoDao().asQueryable()
				.where((builder, root) -> builder.equal(root.get("id"), loginConfirmationEmail.getUserId())).getSingle();

		if (user.getEmail() != null)
			throw new HasConfirmedEmailException("User already has confirmed his Email.");

		if (loginConfirmationEmail.getExpiresAt().compareTo(new Date()) < 0)
			throw new TokenExpiredException("Token has expired.");

		loginConfirmationEmail.setIsConfirmed(true);

		// Checks if mail is used by another user. If it is, merges the new the old.
		Long existingUsers = databaseRepository.getUserInfoDao().asQueryable().where((builder, root) -> builder.equal(root.get("email"), loginConfirmationEmail.getEmail())).count();
		if (existingUsers > 0) {
			UserInfo oldUser = databaseRepository.getUserInfoDao().asQueryable().where((builder, root) -> builder.equal(root.get("email"), loginConfirmationEmail.getEmail())).getSingle();
			mergeNewUserToOld(user, oldUser);
			expireUserToken(user);
			databaseRepository.getLoginConfirmationEmailDao().createOrUpdate(loginConfirmationEmail);
			return;
		}

		user.setEmail(loginConfirmationEmail.getEmail());
		databaseRepository.getUserInfoDao().createOrUpdate(user);
		databaseRepository.getLoginConfirmationEmailDao().createOrUpdate(loginConfirmationEmail);
	}

	public void sendConfirmationEmail(String email, Principal principal) throws HasConfirmedEmailException {
		UserInfo user = apiContext.getOperationsContext().getDatabaseRepository().getUserInfoDao().find(principal.getId());
		if (user.getEmail() != null)
			throw new HasConfirmedEmailException("User already has confirmed his Email.");

		apiContext.getUtilitiesService().getConfirmationEmailService().createConfirmationEmail(
				databaseRepository.getLoginConfirmationEmailDao(),
				apiContext.getUtilitiesService().getMailService(),
				email,
				principal.getId()
		);
	}

	private void mergeNewUserToOld(UserInfo newUser, UserInfo oldUser) {
		Credential credential = databaseRepository.getCredentialDao().asQueryable().where((builder, root) -> builder.equal(root.get("userInfo"), newUser)).getSingle();
		credential.setUserInfo(oldUser);
		databaseRepository.getCredentialDao().createOrUpdate(credential);
	}

	private void expireUserToken(UserInfo user) {
		UserToken userToken = databaseRepository.getUserTokenDao().asQueryable()
				.where((builder, root) -> builder.equal(root.get("user"), user))
				.orderBy((builder, root) -> builder.desc(root.get("issuedAt")))
				.take(1)
				.getSingle();
		userToken.setExpiresAt(new Date());
		databaseRepository.getUserTokenDao().createOrUpdate(userToken);
	}
}