/*
 *  Copyright 2012 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.web.usermanagement;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.sql.Timestamp;
import java.time.LocalDate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;

import javax.mail.MessagingException;

import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.commons.lang.StringUtils;
import org.apache.ibatis.session.SqlSession;

import org.ametys.cms.transformation.URIResolver;
import org.ametys.cms.transformation.URIResolverExtensionPoint;
import org.ametys.core.datasource.AbstractMyBatisDAO;
import org.ametys.core.user.InvalidModificationException;
import org.ametys.core.user.User;
import org.ametys.core.user.UserManager;
import org.ametys.core.user.directory.ModifiableUserDirectory;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.core.user.population.UserPopulation;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.core.util.I18nUtils;
import org.ametys.core.util.mail.SendMailHelper;
import org.ametys.plugins.repository.AmetysObjectIterable;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.repository.query.expression.Expression;
import org.ametys.plugins.repository.query.expression.Expression.Operator;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.parameter.Errors;
import org.ametys.web.repository.page.Page;
import org.ametys.web.repository.page.PageQueryHelper;
import org.ametys.web.repository.site.Site;
import org.ametys.web.repository.site.SiteManager;
import org.ametys.web.site.SiteConfigurationExtensionPoint;
import org.ametys.web.tags.TagExpression;

/**
 * Manages registration and password recovery of users.
 */
public class UserSignupManager extends AbstractMyBatisDAO
{

    /** The component role. */
    public static final String ROLE = UserSignupManager.class.getName();

    /** Return code which indicates no error. */
    public static final int SIGNUP_NO_ERROR = 0;

    /** Temporary signup return code: a user tried to sign-up but the e-mail already exists in the temporary table. */
    public static final int SIGNUP_ERROR_TEMP_EMAIL_ALREADY_EXISTS = 1;

    /** Temporary signup return code: a user tried to sign-up but the FO UsersManager already possesses a user with this e-mail as login. */
    public static final int SIGNUP_ERROR_USER_ALREADY_EXISTS = 2;

    /** Token return code: a user provided a token, but it doesn't exist. */
    public static final int SIGNUP_TOKEN_UNKNOWN = 3;

    /** Token return code: a user provided a token, but it itn't valid anymore. */
    public static final int SIGNUP_TOKEN_EXPIRED = 4;

    /** Reset token return code: a user asked for a new token, but no subscription request can be found with this e-mail. */
    public static final int SIGNUP_RESET_ERROR_EMAIL_UNKNOWN = 5;

    /** Lost password return code: the login or e-mail the user provided doesn't correspond to a population. */
    public static final int LOST_PASSWORD_USER_UNKNOWN = 5;

    /** Lost password return code: the population the user provided doesn't correspond to a user. */
    public static final int LOST_PASSWORD_POPULATION_UNKNOWN = 6;
    
    /** Lost password return code: the user provided belongs to an unmodifiable user directory */
    public static final int LOST_PASSWORD_UNMODIFIABLE_USER_DIRECTORY = 7;
    
    /** Lost password return code: the user provided have an empty email */
    public static final int LOST_PASSWORD_EMPTY_EMAIL = 8;
    
    /** The user manager. */
    protected UserManager _userManager;
    
    /** The DAO for user populations */
    protected UserPopulationDAO _userPopulationDAO;

    /** The site manager. */
    protected SiteManager _siteManager;

    /** The site configuration extension point. */
    protected SiteConfigurationExtensionPoint _siteConf;

    /** The ametys object resolver. */
    protected AmetysObjectResolver _resolver;

    /** The ametys object resolver. */
    protected URIResolverExtensionPoint _uriResolverEP;

    /** The page URI resolver. */
    protected URIResolver _pageUriResolver;

    /** The i18n utils. */
    protected I18nUtils _i18nUtils;

    /** The user sign up configuration */
    protected UserSignUpConfiguration _userSignUpConfiguration;
    
    /** The temporary users table. */
    protected String _tempUsersTable;

    /** The password change table. */
    protected String _pwdChangeTable;
    
    @Override
    public void service(ServiceManager serviceManager) throws ServiceException
    {
        super.service(serviceManager);
        
        _userManager = (UserManager) serviceManager.lookup(UserManager.ROLE);
        _userPopulationDAO = (UserPopulationDAO) serviceManager.lookup(UserPopulationDAO.ROLE);
        _siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
        _siteConf = (SiteConfigurationExtensionPoint) serviceManager.lookup(SiteConfigurationExtensionPoint.ROLE);
        _resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        _uriResolverEP = (URIResolverExtensionPoint) serviceManager.lookup(URIResolverExtensionPoint.ROLE);
        _i18nUtils = (I18nUtils) serviceManager.lookup(I18nUtils.ROLE);
        _userSignUpConfiguration = (UserSignUpConfiguration) serviceManager.lookup(UserSignUpConfiguration.ROLE);
    }

    @Override
    public void configure(Configuration configuration) throws ConfigurationException
    {
        super.configure(configuration);
        
        // Configure pool and tables.
        _tempUsersTable = configuration.getChild("temp-users-table").getValue();
        _pwdChangeTable = configuration.getChild("pwd-change-table").getValue();
    }

    /**
     * Test if public signup is allowed in a site.
     * @param siteName the site to test.
     * @return true if public signup is allowed, false otherwise.
     */
    public boolean isPublicSignupAllowed(String siteName)
    {
        Boolean publicSignup = _siteConf.getValueAsBoolean(siteName, "public-signup");

        return publicSignup != null && publicSignup;
    }

    /**
     * Get the sign-up page in a given site and sitemap.<br>
     * If more than one page are tagged "sign-up", return the first.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return the sign-up page or null if not found.
     */
    public Page getSignupPage(String siteName, String language)
    {
        Page page = null;

        try (AmetysObjectIterable<Page> pages = getSignupPages(siteName, language);)
        {
            Iterator<Page> it = pages.iterator();
            if (it.hasNext())
            {
                page = it.next();
            }
        }

        return page;
    }

    /**
     * Get all the pages tagged "sign-up".
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return an iterable on all the pages tagged "sign-up".
     */
    public AmetysObjectIterable<Page> getSignupPages(String siteName, String language)
    {
        Expression expression = new TagExpression(Operator.EQ, "USER_SIGNUP");
        String query = PageQueryHelper.getPageXPathQuery(siteName, language, null, expression, null);

        return _resolver.query(query);
    }

    /**
     * Get the password change page in a given site and sitemap.
     * If more than one page are tagged "password change", return the first.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return the password change page or null if not found.
     */
    public Page getPwdChangePage(String siteName, String language)
    {
        Page page = null;

        try (AmetysObjectIterable<Page> pages = getPwdChangePages(siteName, language);)
        {
            Iterator<Page> it = pages.iterator();
            if (it.hasNext())
            {
                page = it.next();
            }
        }

        return page;
    }

    /**
     * Get all the pages tagged "password change".
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return an iterable on all the pages tagged "password change".
     */
    public AmetysObjectIterable<Page> getPwdChangePages(String siteName, String language)
    {
        Expression expression = new TagExpression(Operator.EQ, "USER_PASSWORD_CHANGE");
        String query = PageQueryHelper.getPageXPathQuery(siteName, language, null, expression, null);

        return _resolver.query(query);
    }

    /**
     * Get the user main preferences page in a given site and sitemap.
     * If more than one page are tagged "user main preferences", return the first.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return the user main preferences page or null if not found.
     */
    public Page getUserMainPrefsPage(String siteName, String language)
    {
        Page page = null;

        try (AmetysObjectIterable<Page> pages = getUserMainPrefsPages(siteName, language);)
        { 
            Iterator<Page> it = pages.iterator();
            if (it.hasNext())
            {
                page = it.next();
            }
        }

        return page;
    }

    /**
     * Get all the pages tagged "user main preferences".
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return an iterable on all the pages tagged "user main preferences".
     */
    public AmetysObjectIterable<Page> getUserMainPrefsPages(String siteName, String language)
    {
        Expression expression = new TagExpression(Operator.EQ, "USER_PREFS_MAIN");
        String query = PageQueryHelper.getPageXPathQuery(siteName, language, null, expression, null);

        return _resolver.query(query);
    }

    /**
     * Tests if the FO users manager knows of the user with the given e-mail as the login.
     * @param email the e-mail to test.
     * @param population The id of the population
     * @return true if the user exists, false otherwise.
     * @throws UserManagementException if an error occurs.
     */
    public boolean userExists(String email, String population) throws UserManagementException
    {
        return _userManager.getUser(population, email) != null;
    }

    /**
     * Validate the user subscription data.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param firstName the user first name.
     * @param lastName the user last name.
     * @param additionalValues the additional user values.
     * @return a Map of the Errors by field.
     * @throws UserManagementException if an error occurs.
     */
    public Map<String, Errors> validate(String siteName, String email, String firstName, String lastName, Map<String, String> additionalValues) throws UserManagementException
    {
        Map<String, String> userInfos = new HashMap<>();
        
        userInfos.putAll(additionalValues);
        
        // Standard info for user (provide a dummy password, as we do not know it yet).
        userInfos.put("login", email);
        userInfos.put("email", email);
        userInfos.put("firstname", firstName);
        userInfos.put("lastname", lastName);
        userInfos.put("password", "password");

        Map<String, Errors> usersManagerErrors = new HashMap<>(); //foUsersManager.validate(userInfos);
        Map<String, Errors> errors = new HashMap<>(usersManagerErrors);

        // If there are errors on the login, do not return it except if
        if (errors.containsKey("login"))
        {
            if (!errors.containsKey("email"))
            {
                errors.put("email", errors.get("login"));
            }
            errors.remove("login");
        }

        return errors;
    }

    /**
     * Validate the user password.
     * @param siteName the site name.
     * @param password the password to validate.
     * @param login the login of the user
     * @param population The id of the population
     * @return a Map of the Errors by field.
     * @throws UserManagementException if an error occurs.
     */
    public Map<String, Errors> validatePassword(String siteName, String password, String login, String population) throws UserManagementException
    {
        Map<String, String> userInfos = new HashMap<>();

        userInfos.put("password", password);

        UserDirectory userDirectory = _userManager.getUserDirectory(population, login);
        if (!(userDirectory instanceof ModifiableUserDirectory))
        {
            throw new UserManagementException("The user subscription feature can't be used, as the UserDirectory is not modifiable.");
        }
        Map<String, Errors> usersManagerErrors = ((ModifiableUserDirectory) userDirectory).validate(userInfos);
        Map<String, Errors> errors = new HashMap<>();

        // Keep only errors related to the password field.
        if (usersManagerErrors.containsKey("password"))
        {
            errors.put("password", usersManagerErrors.get("password"));
        }

        return errors;
    }

    /**
     * Validate and store a sign-up request and send a confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param email the user e-mail address.
     * @param firstName the user first name.
     * @param lastName the user last name.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int temporarySignup(String siteName, String language, String email, String firstName, String lastName, String population, String userDirectoryId) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("A user is requesting a sign-up: " + firstName + " " + lastName + " (" + email + ").");
        }

        // Generate unique token.
        String token = UUID.randomUUID().toString().replace("-", "");

        int status = addTemporaryUser(siteName, email, firstName, lastName, token, population, userDirectoryId);

        // Send validation e-mail with token.
        if (status == SIGNUP_NO_ERROR)
        {
            sendSignupConfirmMail(siteName, language, email, firstName, lastName, token);
        }

        return status;
    }

    /**
     * Reset a sign-up request: generate a new token and re-send the confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param email the user e-mail address.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int resetTempSignup(String siteName, String language, String email, String population, String userDirectoryId) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Resetting temporary signup for email: " + email + " in site " + siteName);
        }

        // Generate a new token.
        String newToken = UUID.randomUUID().toString().replace("-", "");

        // Test if the subscription request really exists.
        TempUser tempUser = getTempUser(siteName, email, population, userDirectoryId);

        if (tempUser == null)
        {
            // No subscription request with this e-mail.
            return SIGNUP_RESET_ERROR_EMAIL_UNKNOWN;
        }

        updateTempToken(siteName, email, newToken, population, userDirectoryId);

        sendSignupConfirmMail(siteName, language, email, tempUser.getFirstname(), tempUser.getLastname(), newToken);

        return SIGNUP_NO_ERROR;
    }


    /**
     * Create the user in the FO UsersManager from his temporary request.
     * @param siteName the site name.
     * @param email the user e-mail address.
     * @param token the request token.
     * @param password the user password.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int signup(String siteName, String email, String token, String password, String population, String userDirectoryId) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        Map<String, String> userInfos = new HashMap<>();

        TempUser tempUser = getTempUser(siteName, email, token, population, userDirectoryId);

        if (tempUser == null)
        {
            return SIGNUP_TOKEN_UNKNOWN;
        }

        // Standard info for user.
        userInfos.put("login", email);
        userInfos.put("email", email);
        userInfos.put("firstname", tempUser.getFirstname());
        userInfos.put("lastname", tempUser.getLastname());
        userInfos.put("password", password);

        try
        {
            // Add the user.
            ModifiableUserDirectory userDirectory = (ModifiableUserDirectory) _userPopulationDAO.getUserPopulation(population).getUserDirectory(userDirectoryId);
            userDirectory.add(userInfos);

            // Remove the temporary user.
            removeTempUser(siteName, email, token, population, userDirectoryId);

            return SIGNUP_NO_ERROR;
        }
        catch (InvalidModificationException e)
        {
            throw new UserManagementException("An error occurred signing up the user.", e);
        }
    }

    /**
     * Create a reset password request and send a confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param login the user login.
     * @param populationId the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int resetPassword(String siteName, String language, String login, String populationId) throws UserManagementException
    {
        // Check if the population exists
        UserPopulation population = _userPopulationDAO.getUserPopulation(populationId);
        if (population == null)
        {
            return LOST_PASSWORD_POPULATION_UNKNOWN;
        }

        // Check if the user exists and get it
        User user = _userManager.getUser(populationId, login);
        if (user == null)
        {
            // No user with this e-mail as login.
            return LOST_PASSWORD_USER_UNKNOWN;
        }

        // Check if the user directory is modifiable
        if (!(user.getUserDirectory() instanceof ModifiableUserDirectory))
        {
            return LOST_PASSWORD_UNMODIFIABLE_USER_DIRECTORY;
        }
        
        if (StringUtils.isEmpty(user.getEmail()))
        {
            return LOST_PASSWORD_EMPTY_EMAIL;
        }
        
        // Generate a new token.
        String token = UUID.randomUUID().toString().replace("-", "");

        // Insert the token in the database.
        addPasswordToken(siteName, login, token, populationId);

        // Send the e-mail.
        sendResetPasswordMail(siteName, language, user, token);

        return SIGNUP_NO_ERROR;
    }

    /**
     * Change the user password.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the password change request token.
     * @param newPassword the new password.
     * @param population the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int changeUserPassword(String siteName, String login, String token, String newPassword, String population) throws UserManagementException
    {
        int tokenStatus = checkPasswordToken(siteName, login, token, population);

        if (tokenStatus != SIGNUP_NO_ERROR)
        {
            return tokenStatus;
        }

        Map<String, String> userInfos = new HashMap<>();

        userInfos.put("login", login);
        userInfos.put("password", newPassword);

        try
        {
            UserDirectory userDirectory = _userManager.getUserDirectory(population, login);
            if (!(userDirectory instanceof ModifiableUserDirectory))
            {
                throw new UserManagementException("The user's password can't be changed, as the UserDirectory is not modifiable.");
            }
            ((ModifiableUserDirectory) userDirectory).update(userInfos);

            removePasswordToken(siteName, login, token, population);

            return SIGNUP_NO_ERROR;
        }
        catch (InvalidModificationException e)
        {
            throw new UserManagementException("An error occurred signing up the user.", e);
        }
    }

    /**
     * Check the sign-up request token.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param token the sign-up request token.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int checkToken(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        removeExpiredTokens();

        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.getSubscriptionDate";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("token", token);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            Date rawSubscriptionDate = sqlSession.selectOne(stmtId, params);

            // Date verification.
            if (rawSubscriptionDate == null)
            {
                return SIGNUP_TOKEN_UNKNOWN;
            }
            
            // The validity limit
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            ZonedDateTime subscriptionDate = rawSubscriptionDate.toInstant().atZone(ZoneId.systemDefault());

            if (subscriptionDate.isBefore(limit))
            {
                return SIGNUP_TOKEN_EXPIRED;
            }

            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while testing the token for user [" + email + "]", e);
        }
    }

    /**
     * Check the password change request token.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the password change request token.
     * @param population the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int checkPasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        removeExpiredPasswordTokens();

        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.getRequestDate";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("token", token);
            params.put("population", population);
            
            Date rawRequestDate = sqlSession.selectOne(stmtId, params);

            // Date verification.
            if (rawRequestDate == null)
            {
                return SIGNUP_TOKEN_UNKNOWN;
            }

            // Check the validity.
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            ZonedDateTime requestDate = rawRequestDate.toInstant().atZone(ZoneId.systemDefault());

            if (requestDate.isBefore(limit))
            {
                return SIGNUP_TOKEN_EXPIRED;
            }

            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while testing the password token for user " + login, e);
        }
    }

    /**
     * Remove the expired sign-up request tokens.
     * @throws UserManagementException if an error occurs.
     */
    public void removeExpiredTokens() throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.deleteExpiredTokens";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            Timestamp limitTimestamp = Timestamp.from(limit.toInstant());
            params.put("threshold", limitTimestamp);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the expired tokens.", e);
        }
    }

    /**
     * Remove the expired change password request tokens.
     * @throws UserManagementException if an error occurs.
     */
    public void removeExpiredPasswordTokens() throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.deleteExpiredPasswordTokens";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            Timestamp limitTimestamp = Timestamp.from(limit.toInstant());
            params.put("threshold", limitTimestamp);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the expired tokens.", e);
        }
    }

    /**
     * Verify that public sign-up is allowed. If not, throw an exception.
     * @param siteName the site name.
     * @throws UserManagementException if public sign-up is not enabled.
     */
    protected void checkPublicSignup(String siteName) throws UserManagementException
    {
        if (!isPublicSignupAllowed(siteName))
        {
            throw new UserManagementException("Public signup is disabled for this site.");
        }
    }

    /**
     * Create a user sign-up request ("temporary" user) in the database.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param firstName the user first name.
     * @param lastName the user last name.
     * @param token the generated token.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    protected int addTemporaryUser(String siteName, String email, String firstName, String lastName, String token, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            // Does this email already exists
            String stmtId = "UserSignupManager.tempEmailExists";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            List<String> emails = sqlSession.selectList(stmtId, params);
            
            if (!emails.isEmpty())
            {
                return SIGNUP_ERROR_TEMP_EMAIL_ALREADY_EXISTS;
            }
            
            // Add temp user
            stmtId = "UserSignupManager.addTempUser";
            params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            Timestamp now = new Timestamp(System.currentTimeMillis());
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            params.put("firstname", firstName);
            params.put("lastname", lastName);
            params.put("subscription_date", now);
            params.put("token", token);
            
            sqlSession.insert(stmtId, params);
            sqlSession.commit();
            
            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while signing up a new user [" + email + "]", e);
        }
    }

    /**
     * Send a sign-up confirmation link by e-mail.
     * @param siteName the site name.
     * @param language the e-mail language.
     * @param email the user e-mail.
     * @param firstName the user first name.
     * @param lastName the user last name.
     * @param token the generated token.
     * @throws UserManagementException if an error occurs.
     */
    protected void sendSignupConfirmMail(String siteName, String language, String email, String firstName, String lastName, String token) throws UserManagementException
    {
        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Sending signup confirmation e-mail to " + email);
        }

        String from = _siteConf.getValueAsString(siteName, "site-mail-from");

        // Prepare mail.
        Map<String, I18nizableText> i18nParams = new HashMap<>();
        i18nParams.put("siteName", new I18nizableText(siteName));
        i18nParams.put("email", new I18nizableText(email));
        i18nParams.put("firstName", new I18nizableText(firstName));
        i18nParams.put("lastName", new I18nizableText(lastName));
        i18nParams.put("token", new I18nizableText(token));

        Page signupPage = getSignupPage(siteName, language);
        if (signupPage != null)
        {
            if (_pageUriResolver == null)
            {
                _pageUriResolver = _uriResolverEP.getResolverForType("page");
            }

            String encodedEmail;
            try
            {
                encodedEmail = URLEncoder.encode(email, "UTF-8");
            }
            catch (UnsupportedEncodingException e)
            {
                // Should never happen.
                throw new UserManagementException("Encoding error while sending a sign-up confirmation e-mail.", e);
            }

            // Compute the confirmation URI and add it to the parameters.
            String confirmUri = _pageUriResolver.resolve(signupPage.getId(), false, true, false);
            confirmUri = confirmUri + "?email=" + encodedEmail + "&token=" + token;

            i18nParams.put("confirmUri", new I18nizableText(confirmUri));
        }

        // Add site information in the parameters.
        Site site = _siteManager.getSite(siteName);
        if (site != null)
        {
            i18nParams.put("siteTitle", new I18nizableText(site.getTitle()));
            i18nParams.put("siteUrl", new I18nizableText(site.getUrl()));
        }

        String subject = _userSignUpConfiguration.getSubjectForSignUpEmail(i18nParams, language);
        String textBody = _userSignUpConfiguration.getTextBodyForSignUpEmail(i18nParams, language);
        String htmlBody = _userSignUpConfiguration.getHtmlBodyForSignUpEmail(i18nParams, language);

        try
        {
            // Send the e-mail.
            SendMailHelper.sendMail(subject, htmlBody, textBody, email, from);
        }
        catch (MessagingException e)
        {
            throw new UserManagementException("Error sending the sign-up confirmation mail.", e);
        }
    }

    /**
     * Update the sign-up request token: reset the date and set a new token.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param newToken the new token.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @throws UserManagementException if an error occurs.
     */
    protected void updateTempToken(String siteName, String email, String newToken, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.updateTempToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            Timestamp now = new Timestamp(System.currentTimeMillis());
            params.put("subscription_date", now);
            params.put("token", newToken);
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            sqlSession.update(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while resetting the subscription for user [" + email + "]", e);
        }
    }

    /**
     * Create a user password change request in the database.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the generated token.
     * @param population the population
     * @throws UserManagementException if an error occurs.
     */
    protected void addPasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.hasToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("population", population);
            
            List<Object> pwdEntries = sqlSession.selectList(stmtId, params);
            
            if (pwdEntries.isEmpty())
            {
                // Insert a new token.
                stmtId = "UserSignupManager.addPasswordToken";
                params = new HashMap<>();
                params.put("pwdChangeTable", _pwdChangeTable);
                
                Timestamp now = new Timestamp(System.currentTimeMillis());
                params.put("site", siteName);
                params.put("login", login);
                params.put("request_date", now);
                params.put("token", token);
                params.put("population", population);
                
                sqlSession.insert(stmtId, params);
            }
            else
            {
                // Update the existing token.
                stmtId = "UserSignupManager.updatePasswordToken";
                params = new HashMap<>();
                params.put("pwdChangeTable", _pwdChangeTable);
                
                Timestamp now = new Timestamp(System.currentTimeMillis());
                params.put("request_date", now);
                params.put("token", token);
                params.put("site", siteName);
                params.put("login", login);
                params.put("population", population);
                
                sqlSession.update(stmtId, params);
            }
            
            // commit insert or update
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while inserting a password change token for " + login, e);
        }
    }

    /**
     * Get a temporary user from his site name and e-mail.
     * @param siteName the site name.
     * @param email The temporary user e-mail. Cannot be null.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return the temporary user or null if not found.
     * @throws UserManagementException if an error occurs.
     */
    protected TempUser getTempUser(String siteName, String email, String population, String userDirectoryId) throws UserManagementException
    {
        return getTempUser(siteName, email, null, population, userDirectoryId);
    }

    /**
     * Get a temporary user from his site name, e-mail and/or token.
     * At least one of e-mail and token must be provided.
     * @param siteName the site name.
     * @param email The temporary user e-mail. Can be null.
     * @param token The temporary user token. Can be null.
     * @param population the population. Must be not null if email is not null
     * @param userDirectoryId the id of the user directory of the population. Must be not null if email is not null
     * @return the temporary user or null if not found.
     * @throws UserManagementException if an error occurs.
     */
    protected TempUser getTempUser(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        if (StringUtils.isEmpty(email) && StringUtils.isEmpty(token))
        {
            throw new UserManagementException("Either e-mail or token must be provided.");
        }
        
        try (SqlSession sqlSession = getSession())
        {
            // Does this email already exists
            String stmtId = "UserSignupManager.getTempUser";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            if (StringUtils.isNotEmpty(email))
            {
                params.put("email", email);
                params.put("population", population);
                params.put("userDirectory", userDirectoryId);
            }
            if (StringUtils.isNotEmpty(token))
            {
                params.put("token", token);
            }
            
            return sqlSession.selectOne(stmtId, params);
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while getting the request for user [" + email + "] and token [" + token + "]", e);
        }
    }

    /**
     * Remove the temporary .
     * @param siteName the site name.
     * @param email the user e-mail address.
     * @param token the request token.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @throws UserManagementException if an error occurs.
     */
    protected void removeTempUser(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.removeTempUser";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("token", token);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the token of user " + email, e);
        }
    }

    /**
     * Remove the password change request.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the request token.
     * @param population the population
     * @throws UserManagementException if an error occurs.
     */
    protected void removePasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.removePasswordToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("token", token);
            params.put("population", population);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the token of user " + login, e);
        }
    }

    /**
     * Send a sign-up confirmation link by e-mail.
     * @param siteName the site name.
     * @param language the e-mail language.
     * @param user the user object.
     * @param token the generated token.
     * @throws UserManagementException if an error occurs.
     */
    protected void sendResetPasswordMail(String siteName, String language, User user, String token) throws UserManagementException
    {
        String login = user.getIdentity().getLogin();
        String population = user.getIdentity().getPopulationId();

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Sending reset password e-mail to " + login);
        }

        String from = _siteConf.getValueAsString(siteName, "site-mail-from");

        // Prepare mail
        Map<String, I18nizableText> i18nParams = new HashMap<>();
        i18nParams.put("siteName", new I18nizableText(siteName));
        i18nParams.put("login", new I18nizableText(login));
        i18nParams.put("email", new I18nizableText(user.getEmail()));
        i18nParams.put("fullName", new I18nizableText(user.getFullName()));
        i18nParams.put("token", new I18nizableText(token));

        Page passwordPage = getPwdChangePage(siteName, language);
        if (passwordPage != null)
        {
            if (_pageUriResolver == null)
            {
                _pageUriResolver = _uriResolverEP.getResolverForType("page");
            }

            String encodedLogin;
            String encodedPopulation;
            try
            {
                encodedLogin = URLEncoder.encode(login, "UTF-8");
                encodedPopulation = URLEncoder.encode(population, "UTF-8");
            }
            catch (UnsupportedEncodingException e)
            {
                // Should never happen.
                throw new UserManagementException("Encoding error while sending a password reset confirmation e-mail.", e);
            }

            // Compute the confirmation URI and add it to the parameters.
            String confirmUri = _pageUriResolver.resolve(passwordPage.getId(), false, true, false);
            confirmUri = confirmUri + "?login=" + encodedLogin + "&population=" + encodedPopulation + "&token=" + token;

            i18nParams.put("confirmUri", new I18nizableText(confirmUri));
        }

        // Add site information in the parameters.
        Site site = _siteManager.getSite(siteName);
        if (site != null)
        {
            i18nParams.put("siteTitle", new I18nizableText(site.getTitle()));
            i18nParams.put("siteUrl", new I18nizableText(site.getUrl()));
        }

        String subject = _userSignUpConfiguration.getSubjectForResetPwdEmail(i18nParams, language);
        String textBody = _userSignUpConfiguration.getTextBodyForResetPwdEmail(i18nParams, language);
        String htmlBody = _userSignUpConfiguration.getHtmlBodyForResetPwdEmail(i18nParams, language);

        try
        {
            // Send the e-mail.
            SendMailHelper.sendMail(subject, htmlBody, textBody, user.getEmail(), from);
        }
        catch (MessagingException e)
        {
            throw new UserManagementException("Error sending a password reset e-mail.", e);
        }
    }

    /**
     * Bean representing a user sign-up request.
     */
    public static class TempUser
    {
        /** The site name. */
        protected String _site;
        
        /** The user e-mail. */
        protected String _email;

        /** The user first name. */
        protected String _firstname;

        /** The user last name. */
        protected String _lastname;

        /** The user subscription date. */
        protected Date _subscriptionDate;

        /** The request token. */
        protected String _token;

        /** The id of the population */
        protected String _population;

        /** The id of the user directory of the population */
        protected String _userDirectoryId;

        /**
         * Constructor.
         * @param site the site
         * @param email the user's email
         * @param firstname the user's firstname
         * @param lastname the user's lastname
         * @param subscriptionDate the date of subscription
         * @param token the user's token
         * @param population The id of the population
         * @param userDirectoryId The id of the user directory of the population
         */
        public TempUser(String site, String email, String firstname, String lastname, Date subscriptionDate, String token, String population, String userDirectoryId)
        {
            this._site = site;
            this._email = email;
            this._firstname = firstname;
            this._lastname = lastname;
            this._subscriptionDate = subscriptionDate;
            this._token = token;
            this._population = population;
            this._userDirectoryId = userDirectoryId;
        }
        /**
         * Get the site.
         * @return the site
         */
        public String getSite()
        {
            return _site;
        }
        /**
         * Set the site.
         * @param site the site to set
         */
        public void setSite(String site)
        {
            this._site = site;
        }
        /**
         * Get the email.
         * @return _the email
         */
        public String getEmail()
        {
            return _email;
        }
        /**
         * Set the email.
         * @param email the email to set
         */
        public void setEmail(String email)
        {
            this._email = email;
        }
        /**
         * Get the firstname.
         * @return _the firstname
         */
        public String getFirstname()
        {
            return _firstname;
        }
        /**
         * Set the firstname.
         * @param firstname the firstname to set
         */
        public void setFirstname(String firstname)
        {
            this._firstname = firstname;
        }
        /**
         * Get the lastname.
         * @return _the lastname
         */
        public String getLastname()
        {
            return _lastname;
        }
        /**
         * Set the lastname.
         * @param lastname the lastname to set
         */
        public void setLastname(String lastname)
        {
            this._lastname = lastname;
        }
        /**
         * Get the subscriptionDate.
         * @return _the subscriptionDate
         */
        public Date getSubscriptionDate()
        {
            return _subscriptionDate;
        }
        /**
         * Set the subscriptionDate.
         * @param subscriptionDate the subscriptionDate to set
         */
        public void setSubscriptionDate(Date subscriptionDate)
        {
            this._subscriptionDate = subscriptionDate;
        }
        /**
         * Get the token.
         * @return _the token
         */
        public String getToken()
        {
            return _token;
        }
        /**
         * Set the token.
         * @param token the token to set
         */
        public void setToken(String token)
        {
            this._token = token;
        }
        /**
         * Get the population.
         * @return the population
         */
        public String getPopulation()
        {
            return _population;
        }
        /**
         * Set the population.
         * @param population the population to set
         */
        public void setPopulation(String population)
        {
            this._population = population;
        }
        /**
         * Get the user directory id.
         * @return the user directory id
         */
        public String getUserDirectoryId()
        {
            return _userDirectoryId;
        }
        /**
         * Set the user directory index.
         * @param userDirectoryId the user directory id to set
         */
        public void setUserDirectoryIndex(String userDirectoryId)
        {
            this._userDirectoryId = userDirectoryId;
        }

    }

}