1 /*
2  * Copyright (C) 2018 Emeric Poupon
3  *
4  * This file is part of LMS.
5  *
6  * LMS is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * LMS is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with LMS.  If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "UserView.hpp"
21 
22 #include <Wt/WCheckBox.h>
23 #include <Wt/WComboBox.h>
24 #include <Wt/WLineEdit.h>
25 #include <Wt/WPushButton.h>
26 #include <Wt/WTemplateFormView.h>
27 
28 #include <Wt/WFormModel.h>
29 
30 #include "auth/IPasswordService.hpp"
31 #include "database/User.hpp"
32 #include "database/Session.hpp"
33 #include "utils/IConfig.hpp"
34 #include "utils/Exception.hpp"
35 #include "utils/Logger.hpp"
36 #include "utils/Service.hpp"
37 #include "utils/String.hpp"
38 
39 #include "common/LoginNameValidator.hpp"
40 #include "common/PasswordValidator.hpp"
41 #include "LmsApplication.hpp"
42 #include "LmsApplicationException.hpp"
43 
44 namespace UserInterface {
45 
46 using namespace Database;
47 
48 class UserModel : public Wt::WFormModel
49 {
50 
51 	public:
52 		static inline const Field LoginField {"login"};
53 		static inline const Field PasswordField {"password"};
54 		static inline const Field DemoField {"demo"};
55 
UserModel(std::optional<Database::IdType> userId,::Auth::IPasswordService * authPasswordService)56 		UserModel(std::optional<Database::IdType> userId, ::Auth::IPasswordService* authPasswordService)
57 		: _userId {userId}
58 		, _authPasswordService {authPasswordService}
59 		{
60 			if (!_userId)
61 			{
62 				addField(LoginField);
63 				setValidator(LoginField, createLoginNameValidator());
64 			}
65 
66 			if (authPasswordService)
67 			{
68 				addField(PasswordField);
__anonf8d20a510102null69 				setValidator(PasswordField, createPasswordStrengthValidator([this] { return getLoginName(); }));
70 				if (!userId)
71 					validator(PasswordField)->setMandatory(true);
72 			}
73 			addField(DemoField);
74 
75 			loadData();
76 		}
77 
saveData()78 		void saveData()
79 		{
80 			auto transaction {LmsApp->getDbSession().createUniqueTransaction()};
81 
82 			if (_userId)
83 			{
84 				// Update user
85 				Database::User::pointer user {Database::User::getById(LmsApp->getDbSession(), *_userId)};
86 				if (!user)
87 					throw UserNotFoundException {*_userId};
88 
89 				if (_authPasswordService && !valueText(PasswordField).empty())
90 					_authPasswordService->setPassword(LmsApp->getDbSession(), user.id(), valueText(PasswordField).toUTF8());
91 			}
92 			else
93 			{
94 				// Check races with other endpoints (subsonic API...)
95 				Database::User::pointer user {Database::User::getByLoginName(LmsApp->getDbSession(), valueText(LoginField).toUTF8())};
96 				if (user)
97 					throw UserNotAllowedException {};
98 
99 				// Create user
100 				user = Database::User::create(LmsApp->getDbSession(), valueText(LoginField).toUTF8());
101 
102 				if (Wt::asNumber(value(DemoField)))
103 					user.modify()->setType(Database::User::Type::DEMO);
104 
105 				if (_authPasswordService)
106 					_authPasswordService->setPassword(LmsApp->getDbSession(), user.id(), valueText(PasswordField).toUTF8());
107 			}
108 		}
109 
110 	private:
loadData()111 		void loadData()
112 		{
113 			if (!_userId)
114 				return;
115 
116 			auto transaction {LmsApp->getDbSession().createSharedTransaction()};
117 
118 			const Database::User::pointer user {Database::User::getById(LmsApp->getDbSession(), *_userId)};
119 			if (!user)
120 				throw UserNotFoundException {*_userId};
121 			else if (user == LmsApp->getUser())
122 				throw UserNotAllowedException {};
123 		}
124 
getLoginName() const125 		std::string getLoginName() const
126 		{
127 			if (_userId)
128 			{
129 				auto transaction {LmsApp->getDbSession().createSharedTransaction()};
130 
131 				const Database::User::pointer user {Database::User::getById(LmsApp->getDbSession(), *_userId)};
132 				return user->getLoginName();
133 			}
134 			else
135 				return valueText(LoginField).toUTF8();
136 		}
137 
validatePassword(Wt::WString & error) const138 		void validatePassword(Wt::WString& error) const
139 		{
140 			if (!valueText(PasswordField).empty() && Wt::asNumber(value(DemoField)))
141 			{
142 				// Demo account: password must be the same as the login name
143 				if (valueText(PasswordField) != getLoginName())
144 					error = Wt::WString::tr("Lms.Admin.User.demo-password-invalid");
145 			}
146 		}
147 
validateField(Field field)148 		bool validateField(Field field)
149 		{
150 			Wt::WString error;
151 
152 			if (field == LoginField)
153 			{
154 				auto transaction {LmsApp->getDbSession().createSharedTransaction()};
155 
156 				const Database::User::pointer user {Database::User::getByLoginName(LmsApp->getDbSession(), valueText(LoginField).toUTF8())};
157 				if (user)
158 					error = Wt::WString::tr("Lms.Admin.User.user-already-exists");
159 			}
160 			else if (field == PasswordField)
161 			{
162 				validatePassword(error);
163 			}
164 			else if (field == DemoField)
165 			{
166 				auto transaction {LmsApp->getDbSession().createSharedTransaction()};
167 
168 				if (Wt::asNumber(value(DemoField)) && Database::User::getDemo(LmsApp->getDbSession()))
169 					error = Wt::WString::tr("Lms.Admin.User.demo-account-already-exists");
170 			}
171 
172 			if (error.empty())
173 				return Wt::WFormModel::validateField(field);
174 
175 			setValidation(field, Wt::WValidator::Result( Wt::ValidationState::Invalid, error));
176 
177 			return false;
178 		}
179 
180 		std::optional<Database::IdType> _userId;
181 		::Auth::IPasswordService* _authPasswordService {};
182 };
183 
UserView()184 UserView::UserView()
185 {
186 	wApp->internalPathChanged().connect(this, [this]()
187 	{
188 		refreshView();
189 	});
190 
191 	refreshView();
192 }
193 
194 void
refreshView()195 UserView::refreshView()
196 {
197 	if (!wApp->internalPathMatches("/admin/user"))
198 		return;
199 
200 	auto userId = StringUtils::readAs<Database::IdType>(wApp->internalPathNextPart("/admin/user/"));
201 
202 	clear();
203 
204 	Wt::WTemplateFormView* t {addNew<Wt::WTemplateFormView>(Wt::WString::tr("Lms.Admin.User.template"))};
205 
206 	auto* authPasswordService {Service<::Auth::IPasswordService>::get()};
207 	if (authPasswordService && !authPasswordService->canSetPasswords())
208 		authPasswordService = nullptr;
209 
210 	auto model {std::make_shared<UserModel>(userId, authPasswordService)};
211 
212 	if (userId)
213 	{
214 		auto transaction {LmsApp->getDbSession().createSharedTransaction()};
215 
216 		const Database::User::pointer user {Database::User::getById(LmsApp->getDbSession(), *userId)};
217 		if (!user)
218 			throw UserNotFoundException {*userId};
219 
220 		t->bindString("title", Wt::WString::tr("Lms.Admin.User.user-edit").arg(user->getLoginName()), Wt::TextFormat::Plain);
221 		t->setCondition("if-has-last-login", true);
222 		t->bindString("last-login", user->getLastLogin().toString(), Wt::TextFormat::Plain);
223 	}
224 	else
225 	{
226 		// Login
227 		t->setCondition("if-has-login", true);
228 		t->setFormWidget(UserModel::LoginField, std::make_unique<Wt::WLineEdit>());
229 		t->bindString("title", Wt::WString::tr("Lms.Admin.User.user-create"));
230 	}
231 
232 	if (authPasswordService)
233 	{
234 		t->setCondition("if-has-password", true);
235 
236 		// Password
237 		auto passwordEdit = std::make_unique<Wt::WLineEdit>();
238 		passwordEdit->setEchoMode(Wt::EchoMode::Password);
239 		passwordEdit->setAttributeValue("autocomplete", "off");
240 		t->setFormWidget(UserModel::PasswordField, std::move(passwordEdit));
241 	}
242 
243 	// Demo account
244 	t->setFormWidget(UserModel::DemoField, std::make_unique<Wt::WCheckBox>());
245 	if (!userId && Service<IConfig>::get()->getBool("demo", false))
246 		t->setCondition("if-demo", true);
247 
248 	Wt::WPushButton* saveBtn {t->bindNew<Wt::WPushButton>("save-btn", Wt::WString::tr(userId ? "Lms.save" : "Lms.create"))};
249 	saveBtn->clicked().connect([=]()
250 	{
251 		t->updateModel(model.get());
252 
253 		if (model->validate())
254 		{
255 			model->saveData();
256 			LmsApp->notifyMsg(LmsApplication::MsgType::Success, Wt::WString::tr(userId ? "Lms.Admin.User.user-updated" : "Lms.Admin.User.user-created"));
257 			LmsApp->setInternalPath("/admin/users", true);
258 		}
259 		else
260 		{
261 			t->updateView(model.get());
262 		}
263 	});
264 
265 	t->updateView(model.get());
266 }
267 
268 } // namespace UserInterface
269 
270 
271