Updated to allow proper user status login checking.

git-svn-id: http://locode01.ad.dom/svn/WEBMIP/trunk@2906 248e525c-4dfb-0310-94bc-949c084e9493
2007-11-29 11:33:48 +00:00
parent ab9471a85f
commit 5ee8961d58
1 changed files with 62 additions and 26 deletions
--- a/Modules/mip_parties.pck
+++ b/Modules/mip_parties.pck
@@ -1,5 +1,5 @@
 CREATE OR REPLACE PACKAGE mip_parties AS
-  
+

  /*
   PROCEDURE add_party
@@ -10,8 +10,17 @@ CREATE OR REPLACE PACKAGE mip_parties AS
  */
  FUNCTION get_user_id(p_username IN VARCHAR2)
    RETURN NUMBER;
-  FUNCTION get_user_role(p_username IN VARCHAR2) 
+  FUNCTION get_user_role(p_username IN VARCHAR2)
    return varchar2;
+  --
+  /** get the password created date for the given username and password
+  
+  %return DATE the date the password was created for authenticated username and password combination
+
+  */
+  FUNCTION get_user_password_created(p_username IN VARCHAR2
+                            ,p_password IN VARCHAR2) RETURN DATE;
+  --
  FUNCTION has_supplier(p_username IN VARCHAR2, p_supplierid IN VARCHAR) return boolean;
  PROCEDURE add_address(p_address addresses%ROWTYPE);
  PROCEDURE add_partyaddress(p_addr_code IN VARCHAR2, p_prty_id IN INTEGER);
@@ -45,7 +54,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
   - gets the primary key for a supplied username.  This function searches the parties
   - table for a matching username, if the name is found the users id is returned.
   %param p_username - the name of the user you want to get the id for.
-   
+
   UPDATES
     20-Nov-2007 - MM- Upper ing the username check as APEX passes an uppered :APP_USER
  */
@@ -59,7 +68,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
   exception
    when others then return null;
  end get_user_id;
-  
+
  /*
   FUNCTION get_user_role
   - gets the role keycode for a supplied username.  This function searches the parties
@@ -78,14 +87,41 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
    when others then return null;
  end get_user_role;

+  --
+  /** get the password created date for the given username and password
+  
+  %return DATE the date the password was created for authenticated username and password combination

-
+  */
+  FUNCTION get_user_password_created(p_username IN VARCHAR2
+                            ,p_password IN VARCHAR2) RETURN DATE AS
+    l_password_created_on DATE;
+  BEGIN
+    SELECT created_on
+      INTO l_password_created_on
+      FROM (SELECT pwd.prty_id
+                  ,pwd.password_hash
+                  ,MAX(pwd.created_on) over(PARTITION BY pwd.prty_id) AS latest_pwd_date
+                  ,pwd.created_on
+              FROM passwords pwd
+                  ,parties   prty
+             WHERE upper(prty.username) = upper(p_username)
+               AND pwd.prty_id = prty.id) pwd
+     WHERE pwd.created_on = pwd.latest_pwd_date
+       AND pwd.password_hash = mip_security.get_hash(p_username
+                                       ,p_password);
+                                       
+     RETURN l_password_created_on;
+   END get_user_password_created;
+  --
+ 
+  --
  PROCEDURE add_address(p_address addresses%ROWTYPE) AS
    --
  BEGIN
    --
    --not implemented yet - will allow us to check the password is valid based on rule in the functional spec
-    -- check_password(p_password); 
+    -- check_password(p_password);
    INSERT INTO addresses
      (code, sub_building, building, street, city, postcode)
    VALUES
@@ -95,7 +131,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
       p_address.street,
       p_address.city,
       p_address.postcode);
-  
+
    COMMIT;
    --
  EXCEPTION
@@ -103,8 +139,8 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
      ROLLBACK;
      RAISE;
  END add_address;
-  
-  
+
+
    /*
   PROCEDURE add_party
   - allows an admin user to create new parties for use in the system
@@ -139,7 +175,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
  BEGIN
    --
    --not implemented yet - will allow us to check the password is valid based on rule in the functional spec
-    -- check_password(p_password); 
+    -- check_password(p_password);
    INSERT INTO parties
      (id,
       username,
@@ -198,7 +234,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
    end if;
    --
  END add_party;
- 
+
    /*
   PROCEDURE add_partyaddress
   - allows the association of a party to a number of addresses
@@ -217,7 +253,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
  BEGIN
     l_addr_code := p_addr_code || ':';
    --not implemented yet - will allow us to check the password is valid based on rule in the functional spec
-    -- check_password(p_password); 
+    -- check_password(p_password);
    LOOP
      --
      l_working_code := SUBSTR(l_addr_code, 1, INSTR(l_addr_code, ':')-1);
@@ -232,21 +268,21 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
        (l_working_code, p_prty_id, SYSDATE, SYSDATE, 'The comments field');
      --
      l_addr_code := SUBSTR(l_addr_code, INSTR(l_addr_code, ':')+1);
-      --    
+      --
    END LOOP;
    --
  END add_partyaddress;
-  
+
    PROCEDURE add_partyrole(p_role_code IN VARCHAR2, p_prty_id IN NUMBER) AS
    --
  BEGIN
    --
-  
+
    INSERT INTO party_roles
      (id, rt_code, prty_id, start_date, end_date, description)
    VALUES
      (prty_seq.NEXTVAL, p_role_code, p_prty_id, SYSDATE, SYSDATE, 'createwd via plsql procedure add_partyrole');
-  
+
    COMMIT;
    --
  EXCEPTION
@@ -277,7 +313,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
   -- create a new party contact mech from the partyid and the newly created contact mech
  BEGIN
     l_contact_mech := p_contact_mech || ':';
- 
+
    LOOP
      --
      l_working_code := SUBSTR(l_contact_mech, 1, INSTR(l_contact_mech, ':')-1);
@@ -286,7 +322,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
        EXIT;
      END IF;
      --
-      -- Create the Contact mechanism 
+      -- Create the Contact mechanism
      INSERT INTO contact_mechanisms
      --
        (comt_code, contact_value, id)
@@ -294,11 +330,11 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
        (l_working_code,
         'dunno what this field is for',
          come_seq.nextval) RETURNING contact_mechanisms.id INTO comeid;
-      
+
       /*-- Create the Party contact mechanism role
       --Think this needs to be sorted out much like the contact mechanism listed
       --above, however not sure about the model and what AH intended
-       
+
      INSERT INTO party_contact_mechanism_roles
      --
        (pcmrt_code, pcm_prty_id, start_date, id)
@@ -307,7 +343,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
         p_prty_id,
         sysdate,
         MADEUPSEQPROBABLY CALLED-PCMR_seq.nextval) RETURNING party_contact_mechanism_roles.id INTO pcmr_id;*/
-      
+
      INSERT INTO party_contact_mechanisms
      --should be the come_id i think!
        (come_id, prty_id, start_date, end_date, comments)
@@ -315,7 +351,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
        (comeid, p_prty_id, SYSDATE, SYSDATE, 'The comments field');
      --
      l_contact_mech := SUBSTR(l_contact_mech, INSTR(l_contact_mech, ':')+1);
-      --    
+      --
    END LOOP;
    --
  END add_partycontactmech;
@@ -330,8 +366,8 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
   %param p_username - the name of the user you want to find the supplier for.
   %param p_supplierid - the id of the supplier you want to check the user against.
  */
-  FUNCTION has_supplier(p_username IN VARCHAR2, p_supplierid IN VARCHAR) return boolean as 
-    cursor c_userrole is select ID 
+  FUNCTION has_supplier(p_username IN VARCHAR2, p_supplierid IN VARCHAR) return boolean as
+    cursor c_userrole is select ID
                        from PARTIES p, PARTY_RELATIONSHIPS pr
                        where p.ID = pr.TO_PARL_PRTY_ID
   and pr.FROM_PARL_PRTY_ID = get_user_id(p_username)
@@ -344,7 +380,7 @@ CREATE OR REPLACE PACKAGE BODY mip_parties AS
     end if;
   end loop;
   return false;
-  end has_supplier; 
-  
+  end has_supplier;
+
 END mip_parties;
 /