com.broadleafcommerce.auth.user.service.password

Class DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>

java.lang.Object

com.broadleafcommerce.auth.user.service.password.DefaultUserPasswordService<P,U,D>

All Implemented Interfaces:

UserPasswordService<P,U>, org.springframework.security.core.userdetails.UserDetailsPasswordService

public class DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
extends Object
implements UserPasswordService<P,U>

Author:

Chad Harchar (charchar)

Field Summary

Fields

Modifier and Type	Field and Description
static String	RESET_PASSWORD_PURPOSE

Constructor Summary

Constructors

Constructor and Description
DefaultUserPasswordService(UserService<U> userService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, UserMessagingService<U> messageService, ResetPasswordFormValidator<P> resetPasswordFormValidator, ChangePasswordFormValidator changePasswordFormValidator, UserLockoutService userLockoutService, PasscodeService<P,U> passcodeService)

Method Summary

Modifier and Type	Method and Description
boolean	changePassword(ChangePasswordForm changePasswordForm, org.springframework.validation.BindingResult errors) From the provided ChangePasswordForm, attempt to change the user's password.
boolean	createResetPasswordToken(String clientId, String username) Creates a reset password token for the specified user, if they exist.
protected boolean	createResetPasswordTokenForUser(U user, String clientId)
boolean	createTokenForUser(String clientId, String username) Creates a token for the specified user, if they exist.
protected ChangePasswordFormValidator	getChangePasswordFormValidator()
protected U	getCurrentlyAuthenticatedUser() Retrieve the current (already authenticated) user who is attempting to change their password
protected UserMessagingService<U>	getMessageService()
protected PasscodeService<P,U>	getPasscodeService()
protected org.springframework.security.crypto.password.PasswordEncoder	getPasswordEncoder()
protected ResetPasswordFormValidator<P>	getResetPasswordFormValidator()
protected Optional<U>	getUserByClientIdAndUsername(String clientId, String username)
protected UserLockoutService	getUserLockoutService()
protected UserService<U>	getUserService()
boolean	resetPassword(ResetPasswordForm resetPasswordForm, org.springframework.validation.BindingResult errors) From the provided ResetPasswordForm, attempt to reset the user's password.
org.springframework.security.core.userdetails.UserDetails	updatePassword(org.springframework.security.core.userdetails.UserDetails user, String encodedPassword)
U	updatePasswordForUser(U user, String password, String clientId) Send a password change notification email and update the user's password.
protected Optional<P>	useToken(U user, String token) Defer to the PasscodeService to validate the password reset token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESET_PASSWORD_PURPOSE

public static final String RESET_PASSWORD_PURPOSE

See Also:

Constant Field Values

Constructor Detail

DefaultUserPasswordService

public DefaultUserPasswordService(UserService<U> userService,
                                  org.springframework.security.crypto.password.PasswordEncoder passwordEncoder,
                                  UserMessagingService<U> messageService,
                                  ResetPasswordFormValidator<P> resetPasswordFormValidator,
                                  ChangePasswordFormValidator changePasswordFormValidator,
                                  UserLockoutService userLockoutService,
                                  PasscodeService<P,U> passcodeService)

Method Detail

resetPassword

public boolean resetPassword(ResetPasswordForm resetPasswordForm,
                             org.springframework.validation.BindingResult errors)

Description copied from interface: UserPasswordService

From the provided ResetPasswordForm, attempt to reset the user's password. If a failure occurs, errors will be populated on BindingResult and `false` is returned. Otherwise, return `true`.

Specified by:

resetPassword in interface UserPasswordService<P extends PasswordToken,U extends User>

Parameters:

resetPasswordForm - The form to use to reset the user's password.

errors - The object to hold any errors that might occur.

Returns:

Whether the provided ResetPasswordForm passed validation in order for the password to be reset.

changePassword

public boolean changePassword(ChangePasswordForm changePasswordForm,
                              org.springframework.validation.BindingResult errors)

Description copied from interface: UserPasswordService

From the provided ChangePasswordForm, attempt to change the user's password. If a failure occurs, errors will be populated on BindingResult and `false` is returned. Otherwise, return `true`.

Specified by:

changePassword in interface UserPasswordService<P extends PasswordToken,U extends User>

Parameters:

changePasswordForm - The form to use to change the user's password.

errors - The object to hold any errors that might occur.

Returns:

Whether the provided ChangePasswordForm passed validation in order for the password to be changed.

createTokenForUser

public boolean createTokenForUser(String clientId,
                                  String username)
                           throws AccountLockedException

Description copied from interface: UserPasswordService

Creates a token for the specified user, if they exist.

Specified by:

createTokenForUser in interface UserPasswordService<P extends PasswordToken,U extends User>

Parameters:

clientId - The AuthorizedClient.getId() to verify against

username - The username of the user for which to validate and create a token.

Returns:

true if token successfully created, else false.

Throws:

AccountLockedException - if user is locked and unable to reset their password

createResetPasswordToken

public boolean createResetPasswordToken(String clientId,
                                        String username)
                                 throws AccountLockedException

Description copied from interface: UserPasswordService

Creates a reset password token for the specified user, if they exist.

Specified by:

createResetPasswordToken in interface UserPasswordService<P extends PasswordToken,U extends User>

Parameters:

clientId - The AuthorizedClient.getId() to verify against

username - The username of the user for which to validate and create a token.

Returns:

true if token successfully created, else false.

Throws:

AccountLockedException - if user is locked and unable to reset their password

createResetPasswordTokenForUser

protected boolean createResetPasswordTokenForUser(U user,
                                                  String clientId)
                                           throws AccountLockedException

Throws:

AccountLockedException

useToken

protected Optional<P> useToken(U user,
                               String token)

Defer to the PasscodeService to validate the password reset token. If the user has no tokens matching the one provided, this method will return Optional.empty().

Parameters:

user - The user on which to validate and use the token

token - The token to validate against a password reset

updatePassword

public org.springframework.security.core.userdetails.UserDetails updatePassword(org.springframework.security.core.userdetails.UserDetails user,
                                                                                String encodedPassword)

Specified by:

updatePassword in interface org.springframework.security.core.userdetails.UserDetailsPasswordService

updatePasswordForUser

public U updatePasswordForUser(U user,
                               String password,
                               String clientId)

Description copied from interface: UserPasswordService

Send a password change notification email and update the user's password.

Specified by:

updatePasswordForUser in interface UserPasswordService<P extends PasswordToken,U extends User>

Parameters:

user - The user who's password to update.

password - The new password for the user.

clientId - The clientId from the request.

Returns:

The updated user.

getCurrentlyAuthenticatedUser

protected U getCurrentlyAuthenticatedUser()

Retrieve the current (already authenticated) user who is attempting to change their password

Returns:

the current (already authenticated) user who is attempting to change their password

getUserByClientIdAndUsername

protected Optional<U> getUserByClientIdAndUsername(String clientId,
                                                   String username)

getUserService

protected UserService<U> getUserService()

getPasswordEncoder

protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()

getMessageService

protected UserMessagingService<U> getMessageService()

getResetPasswordFormValidator

protected ResetPasswordFormValidator<P> getResetPasswordFormValidator()

getChangePasswordFormValidator

protected ChangePasswordFormValidator getChangePasswordFormValidator()

getUserLockoutService

protected UserLockoutService getUserLockoutService()

getPasscodeService

protected PasscodeService<P,U> getPasscodeService()