/*
 *  Copyright 2012 Anyware Services
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.ametys.web.usermanagement;

import java.sql.Timestamp;
import java.time.LocalDate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;

import javax.mail.MessagingException;

import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.ibatis.session.SqlSession;

import org.ametys.cms.repository.Content;
import org.ametys.cms.transformation.URIResolver;
import org.ametys.cms.transformation.URIResolverExtensionPoint;
import org.ametys.core.datasource.AbstractMyBatisDAO;
import org.ametys.core.user.InvalidModificationException;
import org.ametys.core.user.User;
import org.ametys.core.user.UserManager;
import org.ametys.core.user.directory.ModifiableUserDirectory;
import org.ametys.core.user.directory.NotUniqueUserException;
import org.ametys.core.user.directory.UserDirectory;
import org.ametys.core.user.population.PopulationContextHelper;
import org.ametys.core.user.population.UserPopulation;
import org.ametys.core.user.population.UserPopulationDAO;
import org.ametys.core.util.I18nUtils;
import org.ametys.core.util.URIUtils;
import org.ametys.core.util.mail.SendMailHelper;
import org.ametys.plugins.repository.AmetysObjectIterable;
import org.ametys.plugins.repository.AmetysObjectResolver;
import org.ametys.plugins.repository.AmetysRepositoryException;
import org.ametys.plugins.repository.query.expression.Expression;
import org.ametys.plugins.repository.query.expression.Expression.Operator;
import org.ametys.runtime.i18n.I18nizableTextParameter;
import org.ametys.runtime.i18n.I18nizableText;
import org.ametys.runtime.parameter.Errors;
import org.ametys.web.repository.page.Page;
import org.ametys.web.repository.page.PageQueryHelper;
import org.ametys.web.repository.page.ZoneItem;
import org.ametys.web.repository.site.Site;
import org.ametys.web.repository.site.SiteManager;
import org.ametys.web.site.SiteConfigurationExtensionPoint;
import org.ametys.web.tags.TagExpression;

import com.google.common.collect.Multimap;

/**
 * Manages registration and password recovery of users.
 */
public class UserSignupManager extends AbstractMyBatisDAO
{

    /** The component role. */
    public static final String ROLE = UserSignupManager.class.getName();

    /** Return code which indicates no error. */
    public static final int SIGNUP_NO_ERROR = 0;

    /** Temporary signup return code: a user tried to sign-up but the e-mail already exists in the temporary table. */
    public static final int SIGNUP_ERROR_TEMP_EMAIL_ALREADY_EXISTS = 1;

    /** Temporary signup return code: a user tried to sign-up but the FO UsersManager already possesses a user with this e-mail as login. */
    public static final int SIGNUP_ERROR_USER_ALREADY_EXISTS = 2;

    /** Token return code: a user provided a token, but it doesn't exist. */
    public static final int SIGNUP_TOKEN_UNKNOWN = 3;

    /** Token return code: a user provided a token, but it isn't valid anymore. */
    public static final int SIGNUP_TOKEN_EXPIRED = 4;
    
    /** Token return code: undefined error. */
    public static final int SIGNUP_ERROR = 5;
    
    /** Reset token return code: a user asked for a new token, but no subscription request can be found with this e-mail. */
    public static final int SIGNUP_RESET_ERROR_EMAIL_UNKNOWN = 5;

    /** The user manager. */
    protected UserManager _userManager;
    
    /** The DAO for user populations */
    protected UserPopulationDAO _userPopulationDAO;

    /** The site manager. */
    protected SiteManager _siteManager;

    /** The site configuration extension point. */
    protected SiteConfigurationExtensionPoint _siteConf;

    /** The ametys object resolver. */
    protected AmetysObjectResolver _resolver;

    /** The ametys object resolver. */
    protected URIResolverExtensionPoint _uriResolverEP;

    /** The page URI resolver. */
    protected URIResolver _pageUriResolver;

    /** The i18n utils. */
    protected I18nUtils _i18nUtils;

    /** The user sign up configuration */
    protected UserSignUpConfiguration _userSignUpConfiguration;
    
    /** The temporary users table. */
    protected String _tempUsersTable;

    /** The password change table. */
    protected String _pwdChangeTable;

    /** The population context helper. */
    protected PopulationContextHelper _populationContextHelper;

    /** Enumeration for different cases of lost password errors */
    public enum LostPasswordError
    {
        /** User not connected */
        NOT_CONNECTED,
        /** Lost password return code: the login or e-mail the user provided doesn't correspond to a population. */
        USER_UNKNOWN,
        /** Lost password return code: the population the user provided doesn't correspond to a user. */
        POPULATION_UNKNOWN,
        /** Lost password return code: the user provided belongs to an unmodifiable user directory */
        UNMODIFIABLE_USER_DIRECTORY,
        /** Lost password return code: the user provided have an empty email */
        EMPTY_EMAIL,
        /** Lost password return code: the informations the user provided match several users */
        SEVERAL_USERS,
        /** Token return code: a user provided a token, but it doesn't exist. */
        TOKEN_UNKNOWN,
        /** Token return code: a user provided a token, but it isn't valid anymore. */
        TOKEN_EXPIRED;
    }
    
    @Override
    public void service(ServiceManager serviceManager) throws ServiceException
    {
        super.service(serviceManager);
        
        _userManager = (UserManager) serviceManager.lookup(UserManager.ROLE);
        _userPopulationDAO = (UserPopulationDAO) serviceManager.lookup(UserPopulationDAO.ROLE);
        _siteManager = (SiteManager) serviceManager.lookup(SiteManager.ROLE);
        _siteConf = (SiteConfigurationExtensionPoint) serviceManager.lookup(SiteConfigurationExtensionPoint.ROLE);
        _resolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
        _uriResolverEP = (URIResolverExtensionPoint) serviceManager.lookup(URIResolverExtensionPoint.ROLE);
        _i18nUtils = (I18nUtils) serviceManager.lookup(I18nUtils.ROLE);
        _userSignUpConfiguration = (UserSignUpConfiguration) serviceManager.lookup(UserSignUpConfiguration.ROLE);
        _populationContextHelper = (PopulationContextHelper) serviceManager.lookup(PopulationContextHelper.ROLE);
    }

    @Override
    public void configure(Configuration configuration) throws ConfigurationException
    {
        super.configure(configuration);
        
        // Configure pool and tables.
        _tempUsersTable = configuration.getChild("temp-users-table").getValue();
        _pwdChangeTable = configuration.getChild("pwd-change-table").getValue();
    }

    /**
     * Test if public signup is allowed in a site.
     * @param siteName the site to test.
     * @return true if public signup is allowed, false otherwise.
     */
    public boolean isPublicSignupAllowed(String siteName)
    {
        Site site = _siteManager.getSite(siteName);
        return site.getValue("public-signup", false, false);
    }

    /**
     * Get the sign-up page in a given site and sitemap.<br>
     * If more than one page are tagged "sign-up", return the first.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return the sign-up page or null if not found.
     */
    public Page getSignupPage(String siteName, String language)
    {
        Page page = null;

        try (AmetysObjectIterable<Page> pages = getSignupPages(siteName, language);)
        {
            Iterator<Page> it = pages.iterator();
            if (it.hasNext())
            {
                page = it.next();
            }
        }

        return page;
    }

    /**
     * Get all the pages tagged "sign-up".
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return an iterable on all the pages tagged "sign-up".
     */
    public AmetysObjectIterable<Page> getSignupPages(String siteName, String language)
    {
        Expression expression = new TagExpression(Operator.EQ, "USER_SIGNUP");
        String query = PageQueryHelper.getPageXPathQuery(siteName, language, null, expression, null);

        return _resolver.query(query);
    }

    /**
     * Get the password change page in a given site and sitemap.
     * If more than one page are tagged "password change", return the first.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return the password change page or null if not found.
     */
    public Page getPwdChangePage(String siteName, String language)
    {
        Page page = null;

        try (AmetysObjectIterable<Page> pages = getPwdChangePages(siteName, language);)
        {
            Iterator<Page> it = pages.iterator();
            if (it.hasNext())
            {
                page = it.next();
            }
        }

        return page;
    }
    
    /**
     * Get the GTU page
     * Returns null if not found or empty
     * @param zoneItem the zone item
     * @return the GTU page or null.
     */
    public Page getGTUPage(ZoneItem zoneItem)
    {
        Page page = null;

        try
        {
            String tosMode = zoneItem.getServiceParameters().getValue("terms-of-service-mode");
            if ("PAGE".equals(tosMode))
            {
                String tosPageId = zoneItem.getServiceParameters().getValue("terms-of-service-page");
                if (StringUtils.isNotEmpty(tosPageId))
                {
                    page = _resolver.resolveById(tosPageId);
                }
            }
        }
        catch (AmetysRepositoryException e)
        {
            // Nothing
        }

        return page;
    }
    
    /**
     * Get the GTU content
     * Returns null if not found or empty
     * @param zoneItem the zone item
     * @return the GTU content or null.
     */
    public Content getGTUContent(ZoneItem zoneItem)
    {
        Content content = null;

        try
        {
            String tosMode = zoneItem.getServiceParameters().getValue("terms-of-service-mode");
            if ("CONTENT".equals(tosMode))
            {
                String tosContentId = zoneItem.getServiceParameters().getValue("terms-of-service-content");
                if (StringUtils.isNotEmpty(tosContentId))
                {
                    content = _resolver.resolveById(tosContentId);
                }
            }
            
        }
        catch (AmetysRepositoryException e)
        {
            // Nothing
        }

        return content;
    }
    
    /**
     * Get the GTU page
     * Returns null if not found or empty
     * @param zoneItem the zone item
     * @return the success page or null.
     */
    public Page getSuccessPage(ZoneItem zoneItem)
    {
        Page page = null;

        try
        {
            String successMode = zoneItem.getServiceParameters().getValue("success-mode");
            if ("PAGE".equals(successMode))
            {
                String successPageId = zoneItem.getServiceParameters().getValue("success-page");
                if (StringUtils.isNotEmpty(successPageId))
                {
                    page = _resolver.resolveById(successPageId);
                }
            }
        }
        catch (AmetysRepositoryException e)
        {
            // Nothing
        }

        return page;
    }
    
    /**
     * Get the success content
     * Returns null if not found or empty
     * @param zoneItem the zone item
     * @return the success content or null.
     */
    public Content getSuccessContent(ZoneItem zoneItem)
    {
        Content content = null;

        try
        {
            String successMode = zoneItem.getServiceParameters().getValue("success-mode");
            if ("CONTENT".equals(successMode))
            {
                String successContentId = zoneItem.getServiceParameters().getValue("success-content");
                if (StringUtils.isNotEmpty(successContentId))
                {
                    content = _resolver.resolveById(successContentId);
                }
            }
        }
        catch (AmetysRepositoryException e)
        {
            // Nothing
        }

        return content;
    }

    /**
     * Get all the pages tagged "password change".
     * @param siteName the site name.
     * @param language the sitemap name.
     * @return an iterable on all the pages tagged "password change".
     */
    public AmetysObjectIterable<Page> getPwdChangePages(String siteName, String language)
    {
        Expression expression = new TagExpression(Operator.EQ, "USER_PASSWORD_CHANGE");
        String query = PageQueryHelper.getPageXPathQuery(siteName, language, null, expression, null);

        return _resolver.query(query);
    }
    
    /**
     * Tests if the user already exists in the populations 
     * @param email the e-mail to test.
     * @param siteName The site name
     * @return true if the user exists, false otherwise.
     * @throws UserManagementException if an error occurs.
     */
    public boolean userExists(String email, String siteName) throws UserManagementException
    {
        try
        {
            Set<String> populationIds = _populationContextHelper.getUserPopulationsOnContexts(Arrays.asList("/sites/" + siteName, "/sites-fo/" + siteName), false, false);
            for (String population : populationIds)
            {
                if (_userManager.getUser(population, email) != null || _userManager.getUserByEmail(population, email) != null)
                {
                    return true;
                }
            }
            
            return false;
        }
        catch (NotUniqueUserException e)
        {
            return true;
        }
    }

    /**
     * Validate the user subscription data.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param additionalValues the additional user values.
     * @return a Map of the Errors by field.
     * @throws UserManagementException if an error occurs.
     */
    public Map<String, Errors> validate(String siteName, String email, Map<String, String> additionalValues) throws UserManagementException
    {
        Map<String, String> userInfos = new HashMap<>();
        
        userInfos.putAll(additionalValues);
        
        // Standard info for user (provide a dummy password, as we do not know it yet).
        userInfos.put("login", email);
        userInfos.put("email", email);
        userInfos.put("password", "password");

        Map<String, Errors> usersManagerErrors = new HashMap<>(); //foUsersManager.validate(userInfos);
        Map<String, Errors> errors = new HashMap<>(usersManagerErrors);

        // If there are errors on the login, do not return it except if
        if (errors.containsKey("login"))
        {
            if (!errors.containsKey("email"))
            {
                errors.put("email", errors.get("login"));
            }
            errors.remove("login");
        }

        return errors;
    }

    /**
     * Validate the user password.
     * @param siteName the site name.
     * @param password the password to validate.
     * @param login the login of the user
     * @param population The id of the population
     * @return a Map of the Errors by field.
     * @throws UserManagementException if an error occurs.
     */
    public Map<String, Errors> validatePassword(String siteName, String password, String login, String population) throws UserManagementException
    {
        Map<String, String> userInfos = new HashMap<>();

        userInfos.put("password", password);

        UserDirectory userDirectory = _userManager.getUserDirectory(population, login);
        if (!(userDirectory instanceof ModifiableUserDirectory))
        {
            throw new UserManagementException("The user subscription feature can't be used, as the UserDirectory is not modifiable.");
        }
        Map<String, Errors> usersManagerErrors = ((ModifiableUserDirectory) userDirectory).validate(userInfos);
        Map<String, Errors> errors = new HashMap<>();

        // Keep only errors related to the password field.
        if (usersManagerErrors.containsKey("password"))
        {
            errors.put("password", usersManagerErrors.get("password"));
        }

        return errors;
    }

    /**
     * Validate and store a sign-up request and send a confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param email the user e-mail address.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int temporarySignup(String siteName, String language, String email, String population, String userDirectoryId) throws UserManagementException
    {
        return temporarySignup(siteName, language, email, population, userDirectoryId, true);
    }
    
    /**
     * Validate and store a sign-up request and send a confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param email the user e-mail address.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @param sendMail Set to false to not send mail at end of process
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int temporarySignup(String siteName, String language, String email, String population, String userDirectoryId, boolean sendMail) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("A user is requesting a sign-up: " + email);
        }

        // Generate unique token.
        String token = UUID.randomUUID().toString().replace("-", "");

        int status = addTemporaryUser(siteName, email, token, population, userDirectoryId);

        // Send validation e-mail with token.
        if (status == SIGNUP_NO_ERROR && sendMail)
        {
            sendSignupConfirmMail(siteName, language, email, token);
        }

        return status;
    }
    
    /**
     * Get a token for temp user
     * @param siteName the site name.
     * @param email the user e-mail address.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return the user token or null if not found
     * @throws UserManagementException if an error occurs.
     */
    public String getToken(String siteName, String email, String population, String userDirectoryId) throws UserManagementException
    {
        TempUser tempUser = getTempUser(siteName, email, population, userDirectoryId);
        if (tempUser != null)
        {
            return tempUser.getToken();
        }
        
        return null;
    }

    /**
     * Reset a sign-up request: generate a new token and re-send the confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param email the user e-mail address.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int resetTempSignup(String siteName, String language, String email, String population, String userDirectoryId) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Resetting temporary signup for email: " + email + " in site " + siteName);
        }

        // Generate a new token.
        String newToken = UUID.randomUUID().toString().replace("-", "");

        // Test if the subscription request really exists.
        TempUser tempUser = getTempUser(siteName, email, population, userDirectoryId);

        if (tempUser == null)
        {
            // No subscription request with this e-mail.
            return SIGNUP_RESET_ERROR_EMAIL_UNKNOWN;
        }

        updateTempToken(siteName, email, newToken, population, userDirectoryId);

        sendSignupConfirmMail(siteName, language, email, newToken);

        return SIGNUP_NO_ERROR;
    }


    /**
     * Create the user in the FO UsersManager from his temporary request.
     * @param siteName the site name.
     * @param language the current language
     * @param firstname the user firstname
     * @param lastname the user lastname
     * @param email the user e-mail address.
     * @param token the request token.
     * @param password the user password.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @param errors the errors
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int signup(String siteName, String language, String firstname, String lastname, String email, String token, String password, String population, String userDirectoryId, Multimap<String, I18nizableText> errors) throws UserManagementException
    {
        // Verify that public sign-up is allowed and throw an exception otherwise.
        checkPublicSignup(siteName);

        Map<String, String> userInfos = new HashMap<>();

        TempUser tempUser = getTempUser(siteName, email, token, population, userDirectoryId);

        if (tempUser == null)
        {
            return SIGNUP_TOKEN_UNKNOWN;
        }
        
        // Generate login
        String login = RandomStringUtils.randomNumeric(10);

        // Standard info for user.
        userInfos.put("login", login);
        userInfos.put("email", email);
        userInfos.put("firstname", firstname);
        userInfos.put("lastname", lastname);
        userInfos.put("password", password);

        try
        {
            validationBeforeSignup(errors);
            
            if (errors.isEmpty())
            {
                // Add the user.
                ModifiableUserDirectory userDirectory = (ModifiableUserDirectory) _userPopulationDAO.getUserPopulation(population).getUserDirectory(userDirectoryId);
                userDirectory.add(userInfos);

                // Remove the temporary user.
                removeTempUser(siteName, email, token, population, userDirectoryId);
                
                User createdUser = userDirectory.getUser(login);
                
                // Do additional operations after signup
                additionalSignupOperations(createdUser, errors);
                
                if (errors.isEmpty())
                {
                    sendSignupValidatedMail(siteName, language, createdUser);
                    return SIGNUP_NO_ERROR;
                }
            }
            
            return SIGNUP_ERROR;
        }
        catch (InvalidModificationException e)
        {
            throw new UserManagementException("An error occurred signing up the user.", e);
        }
    }
    
    /**
     * Do some validation before signup
     * @param errors the map of errors to fill in cause of errors during validation
     */
    public void validationBeforeSignup(Multimap<String, I18nizableText> errors)
    {
        // Nothing
    }
    
    /**
     * Process additional operations after creation of user
     * @param createdUser the created user
     * @param errors the map of errors to fill in case of errors during additional operations
     * @throws UserManagementException if an error occurs.
     */
    public void additionalSignupOperations(User createdUser, Multimap<String, I18nizableText> errors) throws UserManagementException
    {
        // Nothing
    }
    

    /**
     * Create a reset password request and send a confirmation e-mail.
     * @param siteName the site name.
     * @param language the sitemap name.
     * @param loginOrEmail the user login or email.
     * @param populationId the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public LostPasswordError resetPassword(String siteName, String language, String loginOrEmail, String populationId) throws UserManagementException
    {
        // Check if the population exists
        UserPopulation population = _userPopulationDAO.getUserPopulation(populationId);
        if (population == null)
        {
            return LostPasswordError.POPULATION_UNKNOWN;
        }
        
        // Check if the user exists and get it
        User user = _userManager.getUser(populationId, loginOrEmail);
        if (user == null)
        {
            try
            {
                user = _userManager.getUserByEmail(populationId, loginOrEmail);
                if (user == null)
                {
                    // No user with this e-mail or login.
                    return LostPasswordError.USER_UNKNOWN;
                }
            }
            catch (NotUniqueUserException e)
            {
                return LostPasswordError.SEVERAL_USERS;
            }
        }
        
        // Check if the user directory is modifiable
        if (!(user.getUserDirectory() instanceof ModifiableUserDirectory))
        {
            return LostPasswordError.UNMODIFIABLE_USER_DIRECTORY;
        }
        
        if (StringUtils.isEmpty(user.getEmail()))
        {
            return LostPasswordError.EMPTY_EMAIL;
        }

        // Generate a new token.
        String token = UUID.randomUUID().toString().replace("-", "");

        // Insert the token in the database.
        addPasswordToken(siteName, user.getIdentity().getLogin(), token, populationId);

        // Send the e-mail.
        sendResetPasswordMail(siteName, language, user, token);

        return null;
    }

    /**
     * Change the user password.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the password change request token.
     * @param newPassword the new password.
     * @param population the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int changeUserPassword(String siteName, String login, String token, String newPassword, String population) throws UserManagementException
    {
        int tokenStatus = checkPasswordToken(siteName, login, token, population);

        if (tokenStatus != SIGNUP_NO_ERROR)
        {
            return tokenStatus;
        }

        Map<String, String> userInfos = new HashMap<>();

        userInfos.put("login", login);
        userInfos.put("password", newPassword);

        try
        {
            UserDirectory userDirectory = _userManager.getUserDirectory(population, login);
            if (!(userDirectory instanceof ModifiableUserDirectory))
            {
                throw new UserManagementException("The user's password can't be changed, as the UserDirectory is not modifiable.");
            }
            ((ModifiableUserDirectory) userDirectory).update(userInfos);

            removePasswordToken(siteName, login, token, population);

            return SIGNUP_NO_ERROR;
        }
        catch (InvalidModificationException e)
        {
            throw new UserManagementException("An error occurred signing up the user.", e);
        }
    }
    
    /**
     * Check the sign-up request token.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param token the sign-up request token.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int checkToken(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        removeExpiredTokens();

        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.getSubscriptionDate";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("token", token);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            Date rawSubscriptionDate = sqlSession.selectOne(stmtId, params);

            // Date verification.
            if (rawSubscriptionDate == null)
            {
                return SIGNUP_TOKEN_UNKNOWN;
            }
            
            // The validity limit
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            ZonedDateTime subscriptionDate = rawSubscriptionDate.toInstant().atZone(ZoneId.systemDefault());

            if (subscriptionDate.isBefore(limit))
            {
                return SIGNUP_TOKEN_EXPIRED;
            }

            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while testing the token for user [" + email + "]", e);
        }
    }

    /**
     * Check the password change request token.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the password change request token.
     * @param population the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    public int checkPasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        removeExpiredPasswordTokens();

        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.getRequestDate";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("token", token);
            params.put("population", population);
            
            Date rawRequestDate = sqlSession.selectOne(stmtId, params);

            // Date verification.
            if (rawRequestDate == null)
            {
                return SIGNUP_TOKEN_UNKNOWN;
            }

            // Check the validity.
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            ZonedDateTime requestDate = rawRequestDate.toInstant().atZone(ZoneId.systemDefault());

            if (requestDate.isBefore(limit))
            {
                return SIGNUP_TOKEN_EXPIRED;
            }

            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while testing the password token for user " + login, e);
        }
    }

    /**
     * Remove the expired sign-up request tokens.
     * @throws UserManagementException if an error occurs.
     */
    public void removeExpiredTokens() throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.deleteExpiredTokens";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            Timestamp limitTimestamp = Timestamp.from(limit.toInstant());
            params.put("threshold", limitTimestamp);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the expired tokens.", e);
        }
    }

    /**
     * Remove the expired change password request tokens.
     * @throws UserManagementException if an error occurs.
     */
    public void removeExpiredPasswordTokens() throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.deleteExpiredPasswordTokens";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            ZonedDateTime limit = LocalDate.now().atStartOfDay(ZoneId.systemDefault()).minusDays(_userSignUpConfiguration.getTokenValidity());
            Timestamp limitTimestamp = Timestamp.from(limit.toInstant());
            params.put("threshold", limitTimestamp);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the expired tokens.", e);
        }
    }

    /**
     * Verify that public sign-up is allowed. If not, throw an exception.
     * @param siteName the site name.
     * @throws UserManagementException if public sign-up is not enabled.
     */
    protected void checkPublicSignup(String siteName) throws UserManagementException
    {
        if (!isPublicSignupAllowed(siteName))
        {
            throw new UserManagementException("Public signup is disabled for this site.");
        }
    }

    /**
     * Create a user sign-up request ("temporary" user) in the database.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param token the generated token.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return a status code indicating success or error.
     * @throws UserManagementException if an error occurs.
     */
    protected int addTemporaryUser(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            // Does this email already exists
            String stmtId = "UserSignupManager.tempEmailExists";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            List<String> emails = sqlSession.selectList(stmtId, params);
            
            if (!emails.isEmpty())
            {
                return SIGNUP_ERROR_TEMP_EMAIL_ALREADY_EXISTS;
            }
            
            // Add temp user
            stmtId = "UserSignupManager.addTempUser";
            params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            Timestamp now = new Timestamp(System.currentTimeMillis());
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            params.put("subscription_date", now);
            params.put("token", token);
            
            sqlSession.insert(stmtId, params);
            sqlSession.commit();
            
            return SIGNUP_NO_ERROR;
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while signing up a new user [" + email + "]", e);
        }
    }

    /**
     * Send a sign-up confirmation link by e-mail.
     * @param siteName the site name.
     * @param language the e-mail language.
     * @param email the user e-mail.
     * @param token the generated token.
     * @throws UserManagementException if an error occurs.
     */
    protected void sendSignupConfirmMail(String siteName, String language, String email, String token) throws UserManagementException
    {
        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Sending signup confirmation e-mail to " + email);
        }

        Site site = _siteManager.getSite(siteName);
        String from = site.getValue("site-mail-from");

        // Prepare mail.
        Map<String, I18nizableTextParameter> i18nParams = new HashMap<>();
        i18nParams.put("siteName", new I18nizableText(siteName));
        i18nParams.put("email", new I18nizableText(email));
        i18nParams.put("token", new I18nizableText(token));

        Page signupPage = getSignupPage(siteName, language);
        if (signupPage != null)
        {
            if (_pageUriResolver == null)
            {
                _pageUriResolver = _uriResolverEP.getResolverForType("page");
            }

            String encodedEmail = URIUtils.encodeParameter(email);

            // Compute the confirmation URI and add it to the parameters.
            String confirmUri = _pageUriResolver.resolve(signupPage.getId(), false, true, false);
            confirmUri = confirmUri + "?email=" + encodedEmail + "&token=" + token;

            i18nParams.put("confirmUri", new I18nizableText(confirmUri));
        }

        // Add site information in the parameters.
        i18nParams.put("siteTitle", new I18nizableText(site.getTitle()));
        i18nParams.put("siteUrl", new I18nizableText(site.getUrl()));

        String subject = _userSignUpConfiguration.getSubjectForSignUpEmail(i18nParams, language);
        String textBody = _userSignUpConfiguration.getTextBodyForSignUpEmail(i18nParams, language);
        String htmlBody = _userSignUpConfiguration.getHtmlBodyForSignUpEmail(i18nParams, language);

        try
        {
            // Send the e-mail.
            SendMailHelper.sendMail(subject, htmlBody, textBody, email, from);
        }
        catch (MessagingException e)
        {
            throw new UserManagementException("Error sending the sign-up confirmation mail.", e);
        }
    }
    
    /**
     * Send a sign-up confirmation link by e-mail.
     * @param siteName the site name.
     * @param language the e-mail language.
     * @param user the created user
     * @throws UserManagementException if an error occurs.
     */
    protected void sendSignupValidatedMail(String siteName, String language, User user) throws UserManagementException
    {
        Site site = _siteManager.getSite(siteName);
        String from = site.getValue("site-mail-from");
        String email = user.getEmail();

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Sending signup validation e-mail to " + email);
        }
        
        // Prepare mail.
        Map<String, I18nizableTextParameter> i18nParams = new HashMap<>();
        i18nParams.put("siteName", new I18nizableText(siteName));
        i18nParams.put("fullName", new I18nizableText(user.getFullName()));
        i18nParams.put("email", new I18nizableText(user.getEmail()));
        i18nParams.put("login", new I18nizableText(user.getIdentity().getLogin()));

        // Add site information in the parameters.
        i18nParams.put("siteTitle", new I18nizableText(site.getTitle()));
        i18nParams.put("siteUrl", new I18nizableText(site.getUrl()));

        String subject = _userSignUpConfiguration.getSubjectForSignUpValidatedEmail(i18nParams, language);
        String textBody = _userSignUpConfiguration.getTextBodyForSignUpValidatedEmail(i18nParams, language);
        String htmlBody = _userSignUpConfiguration.getHtmlBodyForSignUpValidatedEmail(i18nParams, language);

        try
        {
            // Send the e-mail.
            SendMailHelper.sendMail(subject, htmlBody, textBody, email, from);
        }
        catch (MessagingException e)
        {
            throw new UserManagementException("Error sending the sign-up validation mail.", e);
        }
    }

    /**
     * Update the sign-up request token: reset the date and set a new token.
     * @param siteName the site name.
     * @param email the user e-mail.
     * @param newToken the new token.
     * @param population The id of the population
     * @param userDirectoryId The id of the user directory of the population
     * @throws UserManagementException if an error occurs.
     */
    protected void updateTempToken(String siteName, String email, String newToken, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.updateTempToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            Timestamp now = new Timestamp(System.currentTimeMillis());
            params.put("subscription_date", now);
            params.put("token", newToken);
            params.put("site", siteName);
            params.put("email", email);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            sqlSession.update(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while resetting the subscription for user [" + email + "]", e);
        }
    }

    /**
     * Create a user password change request in the database.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the generated token.
     * @param population the population
     * @throws UserManagementException if an error occurs.
     */
    protected void addPasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.hasToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("population", population);
            
            List<Object> pwdEntries = sqlSession.selectList(stmtId, params);
            
            if (pwdEntries.isEmpty())
            {
                // Insert a new token.
                stmtId = "UserSignupManager.addPasswordToken";
                params = new HashMap<>();
                params.put("pwdChangeTable", _pwdChangeTable);
                
                Timestamp now = new Timestamp(System.currentTimeMillis());
                params.put("site", siteName);
                params.put("login", login);
                params.put("request_date", now);
                params.put("token", token);
                params.put("population", population);
                
                sqlSession.insert(stmtId, params);
            }
            else
            {
                // Update the existing token.
                stmtId = "UserSignupManager.updatePasswordToken";
                params = new HashMap<>();
                params.put("pwdChangeTable", _pwdChangeTable);
                
                Timestamp now = new Timestamp(System.currentTimeMillis());
                params.put("request_date", now);
                params.put("token", token);
                params.put("site", siteName);
                params.put("login", login);
                params.put("population", population);
                
                sqlSession.update(stmtId, params);
            }
            
            // commit insert or update
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while inserting a password change token for " + login, e);
        }
    }

    /**
     * Get a temporary user from his site name and e-mail.
     * @param siteName the site name.
     * @param email The temporary user e-mail. Cannot be null.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @return the temporary user or null if not found.
     * @throws UserManagementException if an error occurs.
     */
    protected TempUser getTempUser(String siteName, String email, String population, String userDirectoryId) throws UserManagementException
    {
        return getTempUser(siteName, email, null, population, userDirectoryId);
    }

    /**
     * Get a temporary user from his site name, e-mail and/or token.
     * At least one of e-mail and token must be provided.
     * @param siteName the site name.
     * @param email The temporary user e-mail. Can be null.
     * @param token The temporary user token. Can be null.
     * @param population the population. Must be not null if email is not null
     * @param userDirectoryId the id of the user directory of the population. Must be not null if email is not null
     * @return the temporary user or null if not found.
     * @throws UserManagementException if an error occurs.
     */
    protected TempUser getTempUser(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        if (StringUtils.isEmpty(email) && StringUtils.isEmpty(token))
        {
            throw new UserManagementException("Either e-mail or token must be provided.");
        }
        
        try (SqlSession sqlSession = getSession())
        {
            // Does this email already exists
            String stmtId = "UserSignupManager.getTempUser";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            if (StringUtils.isNotEmpty(email))
            {
                params.put("email", email);
                params.put("population", population);
                params.put("userDirectory", userDirectoryId);
            }
            if (StringUtils.isNotEmpty(token))
            {
                params.put("token", token);
            }
            
            return sqlSession.selectOne(stmtId, params);
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while getting the request for user [" + email + "] and token [" + token + "]", e);
        }
    }

    /**
     * Remove the temporary .
     * @param siteName the site name.
     * @param email the user e-mail address.
     * @param token the request token.
     * @param population the population
     * @param userDirectoryId the id of the user directory of the population
     * @throws UserManagementException if an error occurs.
     */
    protected void removeTempUser(String siteName, String email, String token, String population, String userDirectoryId) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.removeTempUser";
            
            Map<String, Object> params = new HashMap<>();
            params.put("tempUsersTable", _tempUsersTable);
            
            params.put("site", siteName);
            params.put("email", email);
            params.put("token", token);
            params.put("population", population);
            params.put("userDirectory", userDirectoryId);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the token of user " + email, e);
        }
    }

    /**
     * Remove the password change request.
     * @param siteName the site name.
     * @param login the user login.
     * @param token the request token.
     * @param population the population
     * @throws UserManagementException if an error occurs.
     */
    protected void removePasswordToken(String siteName, String login, String token, String population) throws UserManagementException
    {
        try (SqlSession sqlSession = getSession())
        {
            String stmtId = "UserSignupManager.removePasswordToken";
            
            Map<String, Object> params = new HashMap<>();
            params.put("pwdChangeTable", _pwdChangeTable);
            
            params.put("site", siteName);
            params.put("login", login);
            params.put("token", token);
            params.put("population", population);
            
            sqlSession.delete(stmtId, params);
            sqlSession.commit();
        }
        catch (Exception e)
        {
            throw new UserManagementException("Database error while removing the token of user " + login, e);
        }
    }

    /**
     * Send a sign-up confirmation link by e-mail.
     * @param siteName the site name.
     * @param language the e-mail language.
     * @param user the user object.
     * @param token the generated token.
     * @throws UserManagementException if an error occurs.
     */
    protected void sendResetPasswordMail(String siteName, String language, User user, String token) throws UserManagementException
    {
        String login = user.getIdentity().getLogin();
        String population = user.getIdentity().getPopulationId();

        if (getLogger().isDebugEnabled())
        {
            getLogger().debug("Sending reset password e-mail to " + login);
        }

        Site site = _siteManager.getSite(siteName);
        String from = site.getValue("site-mail-from");

        // Prepare mail
        Map<String, I18nizableTextParameter> i18nParams = new HashMap<>();
        i18nParams.put("siteName", new I18nizableText(siteName));
        i18nParams.put("login", new I18nizableText(login));
        i18nParams.put("email", new I18nizableText(user.getEmail()));
        i18nParams.put("fullName", new I18nizableText(user.getFullName()));
        i18nParams.put("token", new I18nizableText(token));

        Page passwordPage = getPwdChangePage(siteName, language);
        if (passwordPage != null)
        {
            if (_pageUriResolver == null)
            {
                _pageUriResolver = _uriResolverEP.getResolverForType("page");
            }

            String encodedLogin = URIUtils.encodeParameter(login);
            String encodedPopulation = URIUtils.encodeParameter(population);

            // Compute the confirmation URI and add it to the parameters.
            String confirmUri = _pageUriResolver.resolve(passwordPage.getId(), false, true, false);
            confirmUri = confirmUri + "?login=" + encodedLogin + "&population=" + encodedPopulation + "&token=" + token;

            i18nParams.put("confirmUri", new I18nizableText(confirmUri));
        }

        // Add site information in the parameters.
        i18nParams.put("siteTitle", new I18nizableText(site.getTitle()));
        i18nParams.put("siteUrl", new I18nizableText(site.getUrl()));

        String subject = _userSignUpConfiguration.getSubjectForResetPwdEmail(i18nParams, language);
        String textBody = _userSignUpConfiguration.getTextBodyForResetPwdEmail(i18nParams, language);
        String htmlBody = _userSignUpConfiguration.getHtmlBodyForResetPwdEmail(i18nParams, language);

        try
        {
            // Send the e-mail.
            SendMailHelper.sendMail(subject, htmlBody, textBody, user.getEmail(), from);
        }
        catch (MessagingException e)
        {
            throw new UserManagementException("Error sending a password reset e-mail.", e);
        }
    }

    /**
     * Bean representing a user sign-up request.
     */
    public static class TempUser
    {
        /** The site name. */
        protected String _site;
        
        /** The user e-mail. */
        protected String _email;

        /** The user subscription date. */
        protected Date _subscriptionDate;

        /** The request token. */
        protected String _token;

        /** The id of the population */
        protected String _population;

        /** The id of the user directory of the population */
        protected String _userDirectoryId;

        /**
         * Constructor.
         * @param site the site
         * @param email the user's email
         * @param subscriptionDate the date of subscription
         * @param token the user's token
         * @param population The id of the population
         * @param userDirectoryId The id of the user directory of the population
         */
        public TempUser(String site, String email, Date subscriptionDate, String token, String population, String userDirectoryId)
        {
            this._site = site;
            this._email = email;
            this._subscriptionDate = subscriptionDate;
            this._token = token;
            this._population = population;
            this._userDirectoryId = userDirectoryId;
        }
        /**
         * Get the site.
         * @return the site
         */
        public String getSite()
        {
            return _site;
        }
        /**
         * Set the site.
         * @param site the site to set
         */
        public void setSite(String site)
        {
            this._site = site;
        }
        /**
         * Get the email.
         * @return _the email
         */
        public String getEmail()
        {
            return _email;
        }
        /**
         * Set the email.
         * @param email the email to set
         */
        public void setEmail(String email)
        {
            this._email = email;
        }
        /**
         * Get the subscriptionDate.
         * @return _the subscriptionDate
         */
        public Date getSubscriptionDate()
        {
            return _subscriptionDate;
        }
        /**
         * Set the subscriptionDate.
         * @param subscriptionDate the subscriptionDate to set
         */
        public void setSubscriptionDate(Date subscriptionDate)
        {
            this._subscriptionDate = subscriptionDate;
        }
        /**
         * Get the token.
         * @return _the token
         */
        public String getToken()
        {
            return _token;
        }
        /**
         * Set the token.
         * @param token the token to set
         */
        public void setToken(String token)
        {
            this._token = token;
        }
        /**
         * Get the population.
         * @return the population
         */
        public String getPopulation()
        {
            return _population;
        }
        /**
         * Set the population.
         * @param population the population to set
         */
        public void setPopulation(String population)
        {
            this._population = population;
        }
        /**
         * Get the user directory id.
         * @return the user directory id
         */
        public String getUserDirectoryId()
        {
            return _userDirectoryId;
        }
        /**
         * Set the user directory index.
         * @param userDirectoryId the user directory id to set
         */
        public void setUserDirectoryIndex(String userDirectoryId)
        {
            this._userDirectoryId = userDirectoryId;
        }

    }

}