com.broadleafcommerce.auth.passcode.service

Class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>

java.lang.Object

com.broadleafcommerce.auth.passcode.service.DefaultPasscodeService<P,U,D>

All Implemented Interfaces:

PasscodeService<P,U>

public class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
extends Object
implements PasscodeService<P,U>

Field Summary

Fields

Modifier and Type	Field and Description
protected static Random	RANDOM

Constructor Summary

Constructors

Constructor and Description
DefaultPasscodeService(SimplePayloadMapper mapper, PasswordTokenRepository<D> passwordTokenRepository, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, PasswordTokenProperties passwordTokenProperties)

Method Summary

Modifier and Type	Method and Description
Optional<P>	consume(U user, String purpose, String passcode) Consume a passcode.
P	createPasscode(U user, String purpose) Create a new token for a User with a specific purpose.
protected P	createPasswordToken(U user, String purpose, String encodedToken) Create a new <P extends PasswordToken> from a User, purpose, and encoded token.
protected Optional<P>	findActiveUserToken(U user, String purpose, String token) Find saved token for the given user & purpose that is not expired.
String	generateSecureToken() Generate a new random token String.
protected SimplePayloadMapper	getMapper()
protected org.springframework.security.crypto.password.PasswordEncoder	getPasswordEncoder()
protected PasswordTokenProperties	getPasswordTokenProperties()
protected PasswordTokenRepository<D>	getPasswordTokenRepository()
protected char[]	getTokenChars()
protected Duration	getTokenDuration()
protected int	getTokenLength()
boolean	invalidate(String passcodeId) Invalidate an active passcode.
protected boolean	isTokenExpired(P token) Determine if the given token is expired.
protected boolean	markTokenAsUsed(P token) Mark a token as used, set the used date, and save the token.
protected boolean	matchesToken(String token, P savedToken) Determine if the given token String matches the saved token PasswordToken.
List<P>	readTokensForUser(U user, String purpose) Return all of a user's tokens for a particular purpose.
protected List<P>	readUnusedTokensForUser(U user, String purpose) Find all unused tokens for the given user and purpose.
boolean	status(String passcodeId) Get the status of a PasswordToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RANDOM

protected static final Random RANDOM

Constructor Detail

DefaultPasscodeService

public DefaultPasscodeService(SimplePayloadMapper mapper,
                              PasswordTokenRepository<D> passwordTokenRepository,
                              org.springframework.security.crypto.password.PasswordEncoder passwordEncoder,
                              PasswordTokenProperties passwordTokenProperties)

Method Detail

createPasscode

public P createPasscode(U user,
                        String purpose)

Description copied from interface: PasscodeService

Create a new token for a User with a specific purpose.

Specified by:

createPasscode in interface PasscodeService<P extends PasswordToken,U extends User>

Parameters:

user - The User who will own the token.

purpose - The purpose for this token.

Returns:

A new PasswordToken object with the new plaintext passcode on the token field.

consume

public Optional<P> consume(U user,
                           String purpose,
                           String passcode)

Description copied from interface: PasscodeService

Consume a passcode.

Specified by:

consume in interface PasscodeService<P extends PasswordToken,U extends User>

Parameters:

user - The User that owns the token.

purpose - The purpose of the token. This will be validated against the purpose stored with the token.

passcode - The passcode String to consume.

Returns:

An optional containing the used token if successful, empty if unsuccessful.

invalidate

public boolean invalidate(String passcodeId)

Description copied from interface: PasscodeService

Invalidate an active passcode.

Specified by:

invalidate in interface PasscodeService<P extends PasswordToken,U extends User>

Parameters:

passcodeId - The id of the PasswordToken.

Returns:

True if the passcode was invalidated, false otherwise.

status

public boolean status(String passcodeId)

Description copied from interface: PasscodeService

Get the status of a PasswordToken.

Specified by:

status in interface PasscodeService<P extends PasswordToken,U extends User>

Parameters:

passcodeId - The id of the PasswordToken.

Returns:

True if the token is valid, false otherwise.

readTokensForUser

public List<P> readTokensForUser(U user,
                                 String purpose)

Description copied from interface: PasscodeService

Return all of a user's tokens for a particular purpose. The token fields of the returned objects will contain the encoded passcode.

Specified by:

readTokensForUser in interface PasscodeService<P extends PasswordToken,U extends User>

Parameters:

user - The User that owns the tokens.

purpose - The purpose of the tokens.

Returns:

A List of PasswordToken.

generateSecureToken

public String generateSecureToken()

Description copied from interface: PasscodeService

Generate a new random token String. This String is not persisted.

Specified by:

generateSecureToken in interface PasscodeService<P extends PasswordToken,U extends User>

Returns:

a secure random String.

findActiveUserToken

protected Optional<P> findActiveUserToken(U user,
                                          String purpose,
                                          String token)

Find saved token for the given user & purpose that is not expired.

Parameters:

user - The user that owns the token

purpose - The purpose of the token

token - The token to match

Returns:

An unused, non-expired <P extends PasswordToken>, or empty

matchesToken

protected boolean matchesToken(String token,
                               P savedToken)

Determine if the given token String matches the saved token PasswordToken.

Parameters:

token - The unencoded String to match

savedToken - The saved token with the encoded value

Returns:

True if the encoded token matches the saved value, false otherwise

readUnusedTokensForUser

protected List<P> readUnusedTokensForUser(U user,
                                          String purpose)

Find all unused tokens for the given user and purpose.

Parameters:

user - The user that owns the token

purpose - The purpose of the token

Returns:

A list of unused <P extends PasswordToken> for the given user and purpose

createPasswordToken

protected P createPasswordToken(U user,
                                String purpose,
                                String encodedToken)

Create a new <P extends PasswordToken> from a User, purpose, and encoded token.

Parameters:

user - The user that will own the token

purpose - The purpose of the token

encodedToken - The encoded token value

Returns:

A new non-persisted <P extends PasswordToken>

isTokenExpired

protected boolean isTokenExpired(P token)

Determine if the given token is expired. A zero value for TTL indicates that the token never expires. See PasswordTokenProperties.getTtl().

Parameters:

token - The saved token to test

Returns:

True if the token is expired, false otherwise.

markTokenAsUsed

protected boolean markTokenAsUsed(P token)

Mark a token as used, set the used date, and save the token.

Parameters:

token - The token to update.

Returns:

True if successful, false otherwise

getTokenChars

protected char[] getTokenChars()

Returns:

An array of characters that can be used to generate a passcode.

getTokenLength

protected int getTokenLength()

Returns:

How long of a String to generate for a passcode.

getTokenDuration

protected Duration getTokenDuration()

Returns:

How long a passcode is valid

getMapper

protected SimplePayloadMapper getMapper()

getPasswordTokenRepository

protected PasswordTokenRepository<D> getPasswordTokenRepository()

getPasswordEncoder

protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()

getPasswordTokenProperties

protected PasswordTokenProperties getPasswordTokenProperties()