src/main/java/com/enterprisepasswordsafe/ui/web/servlets/DeleteUser.java
/*
* Copyright (c) 2017 Carbon Security Ltd. <opensource@carbonsecurity.co.uk>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
package com.enterprisepasswordsafe.ui.web.servlets;
import com.enterprisepasswordsafe.database.TamperproofEventLog;
import com.enterprisepasswordsafe.database.TamperproofEventLogDAO;
import com.enterprisepasswordsafe.database.User;
import com.enterprisepasswordsafe.database.UserDAO;
import com.enterprisepasswordsafe.engine.users.UserClassifier;
import com.enterprisepasswordsafe.ui.web.utils.SecurityUtils;
import com.enterprisepasswordsafe.ui.web.utils.ServletUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.sql.SQLException;
public final class DeleteUser extends HttpServlet {
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response)
throws ServletException, IOException {
try {
User thisUser = SecurityUtils.getRemoteUser(request);
if(!new UserClassifier().isAdministrator(thisUser)) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
String userId = request.getParameter("id");
if(userId == null || userId.isEmpty()) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
ServletUtils servletUtils = ServletUtils.getInstance();
UserDAO uDAO = UserDAO.getInstance();
User theUser = uDAO.getById(userId);
if(theUser == null) {
servletUtils.generateErrorMessage(request, "The user could not be found.");
} else {
UserDAO.getInstance().delete(theUser);
servletUtils.generateMessage(request, "The user " + theUser + " has been deleted");
TamperproofEventLogDAO.getInstance().create(TamperproofEventLog.LOG_LEVEL_USER_MANIPULATION,
thisUser, null, "Deleted the user {user:" + theUser.getId() + "}",
true);
}
} catch (GeneralSecurityException | SQLException e) {
throw new ServletException(e);
}
response.sendRedirect(request.getContextPath()+"/admin/ViewUsers");
}
@Override
public String getServletInfo() {
return "Delete the specified user";
}
}