Class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
- java.lang.Object
-
- com.broadleafcommerce.auth.passcode.service.DefaultPasscodeService<P,U,D>
-
- All Implemented Interfaces:
PasscodeService<P,U>
public class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable> extends Object implements PasscodeService<P,U>
-
-
Constructor Summary
Constructors Constructor Description DefaultPasscodeService(SimplePayloadMapper mapper, PasswordTokenRepository<D> passwordTokenRepository, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, PasswordTokenProperties passwordTokenProperties)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Optional<P>consume(U user, String purpose, String passcode)Consume a passcode.PcreatePasscode(U user, String purpose)Create a new token for a User with a specific purpose.protected PcreatePasswordToken(U user, String purpose, String encodedToken)Create a new<P extends PasswordToken>from a User, purpose, and encoded token.protected Optional<P>findActiveUserToken(U user, String purpose, String token)Find saved token for the given user & purpose that is not expired.StringgenerateSecureToken()Generate a new random token String.protected SimplePayloadMappergetMapper()protected org.springframework.security.crypto.password.PasswordEncodergetPasswordEncoder()protected PasswordTokenPropertiesgetPasswordTokenProperties()protected PasswordTokenRepository<D>getPasswordTokenRepository()protected char[]getTokenChars()protected DurationgetTokenDuration()protected intgetTokenLength()booleaninvalidate(String passcodeId)Invalidate an active passcode.protected booleanisTokenExpired(P token)Determine if the given token is expired.protected booleanmarkTokenAsUsed(P token)Mark a token as used, set the used date, and save the token.protected booleanmatchesToken(String token, P savedToken)Determine if the given token String matches the saved token PasswordToken.List<P>readTokensForUser(U user, String purpose)Return all of a user's tokens for a particular purpose.protected List<P>readUnusedTokensForUser(U user, String purpose)Find all unused tokens for the given user and purpose.booleanstatus(String passcodeId)Get the status of aPasswordToken.
-
-
-
Field Detail
-
RANDOM
protected static final Random RANDOM
-
-
Constructor Detail
-
DefaultPasscodeService
public DefaultPasscodeService(SimplePayloadMapper mapper, PasswordTokenRepository<D> passwordTokenRepository, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, PasswordTokenProperties passwordTokenProperties)
-
-
Method Detail
-
createPasscode
public P createPasscode(U user, String purpose)
Description copied from interface:PasscodeServiceCreate a new token for a User with a specific purpose.- Specified by:
createPasscodein interfacePasscodeService<P extends PasswordToken,U extends User>- Parameters:
user- The User who will own the token.purpose- The purpose for this token.- Returns:
- A new
PasswordTokenobject with the new plaintext passcode on the token field.
-
consume
public Optional<P> consume(U user, String purpose, String passcode)
Description copied from interface:PasscodeServiceConsume a passcode.- Specified by:
consumein interfacePasscodeService<P extends PasswordToken,U extends User>- Parameters:
user- The User that owns the token.purpose- The purpose of the token. This will be validated against the purpose stored with the token.passcode- The passcode String to consume.- Returns:
- An optional containing the used token if successful, empty if unsuccessful.
-
invalidate
public boolean invalidate(String passcodeId)
Description copied from interface:PasscodeServiceInvalidate an active passcode.- Specified by:
invalidatein interfacePasscodeService<P extends PasswordToken,U extends User>- Parameters:
passcodeId- The id of thePasswordToken.- Returns:
- True if the passcode was invalidated, false otherwise.
-
status
public boolean status(String passcodeId)
Description copied from interface:PasscodeServiceGet the status of aPasswordToken.- Specified by:
statusin interfacePasscodeService<P extends PasswordToken,U extends User>- Parameters:
passcodeId- The id of thePasswordToken.- Returns:
- True if the token is valid, false otherwise.
-
readTokensForUser
public List<P> readTokensForUser(U user, String purpose)
Description copied from interface:PasscodeServiceReturn all of a user's tokens for a particular purpose. The token fields of the returned objects will contain the encoded passcode.- Specified by:
readTokensForUserin interfacePasscodeService<P extends PasswordToken,U extends User>- Parameters:
user- The User that owns the tokens.purpose- The purpose of the tokens.- Returns:
- A List of
PasswordToken.
-
generateSecureToken
public String generateSecureToken()
Description copied from interface:PasscodeServiceGenerate a new random token String. This String is not persisted.- Specified by:
generateSecureTokenin interfacePasscodeService<P extends PasswordToken,U extends User>- Returns:
- a secure random String.
-
findActiveUserToken
protected Optional<P> findActiveUserToken(U user, String purpose, String token)
Find saved token for the given user & purpose that is not expired.- Parameters:
user- The user that owns the tokenpurpose- The purpose of the tokentoken- The token to match- Returns:
- An unused, non-expired
<P extends PasswordToken>, or empty
-
matchesToken
protected boolean matchesToken(String token, P savedToken)
Determine if the given token String matches the saved token PasswordToken.- Parameters:
token- The unencoded String to matchsavedToken- The saved token with the encoded value- Returns:
- True if the encoded token matches the saved value, false otherwise
-
readUnusedTokensForUser
protected List<P> readUnusedTokensForUser(U user, String purpose)
Find all unused tokens for the given user and purpose.- Parameters:
user- The user that owns the tokenpurpose- The purpose of the token- Returns:
- A list of unused
<P extends PasswordToken>for the given user and purpose
-
createPasswordToken
protected P createPasswordToken(U user, String purpose, String encodedToken)
Create a new<P extends PasswordToken>from a User, purpose, and encoded token.- Parameters:
user- The user that will own the tokenpurpose- The purpose of the tokenencodedToken- The encoded token value- Returns:
- A new non-persisted
<P extends PasswordToken>
-
isTokenExpired
protected boolean isTokenExpired(P token)
Determine if the given token is expired. A zero value for TTL indicates that the token never expires. SeePasswordTokenProperties.getTtl().- Parameters:
token- The saved token to test- Returns:
- True if the token is expired, false otherwise.
-
markTokenAsUsed
protected boolean markTokenAsUsed(P token)
Mark a token as used, set the used date, and save the token.- Parameters:
token- The token to update.- Returns:
- True if successful, false otherwise
-
getTokenChars
protected char[] getTokenChars()
- Returns:
- An array of characters that can be used to generate a passcode.
-
getTokenLength
protected int getTokenLength()
- Returns:
- How long of a String to generate for a passcode.
-
getTokenDuration
protected Duration getTokenDuration()
- Returns:
- How long a passcode is valid
-
getMapper
protected SimplePayloadMapper getMapper()
-
getPasswordTokenRepository
protected PasswordTokenRepository<D> getPasswordTokenRepository()
-
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()
-
getPasswordTokenProperties
protected PasswordTokenProperties getPasswordTokenProperties()
-
-