Class DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
- java.lang.Object
-
- com.broadleafcommerce.auth.user.service.password.DefaultUserPasswordService<P,U,D>
-
- All Implemented Interfaces:
UserPasswordService<P,U>
,org.springframework.security.core.userdetails.UserDetailsPasswordService
public class DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable> extends Object implements UserPasswordService<P,U>
- Author:
- Chad Harchar (charchar)
-
-
Field Summary
Fields Modifier and Type Field Description static String
RESET_PASSWORD_PURPOSE
-
Constructor Summary
Constructors Constructor Description DefaultUserPasswordService(UserService<U> userService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, UserMessagingService<U> messageService, ResetPasswordFormValidator<P> resetPasswordFormValidator, ChangePasswordFormValidator changePasswordFormValidator, UserLockoutService userLockoutService, PasscodeService<P,U> passcodeService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
changePassword(ChangePasswordForm changePasswordForm, org.springframework.validation.BindingResult errors)
From the providedChangePasswordForm
, attempt to change the user's password.boolean
createResetPasswordToken(String clientId, String username)
Creates a reset password token for the specified user, if they exist.protected boolean
createResetPasswordTokenForUser(U user, String clientId)
boolean
createTokenForUser(String clientId, String username)
Creates a token for the specified user, if they exist.protected ChangePasswordFormValidator
getChangePasswordFormValidator()
protected U
getCurrentlyAuthenticatedUser()
Retrieve the current (already authenticated) user who is attempting to change their passwordprotected UserMessagingService<U>
getMessageService()
protected PasscodeService<P,U>
getPasscodeService()
protected org.springframework.security.crypto.password.PasswordEncoder
getPasswordEncoder()
protected ResetPasswordFormValidator<P>
getResetPasswordFormValidator()
protected Optional<U>
getUserByClientIdAndUsername(String clientId, String username)
protected UserLockoutService
getUserLockoutService()
protected UserService<U>
getUserService()
boolean
resetPassword(ResetPasswordForm resetPasswordForm, org.springframework.validation.BindingResult errors)
From the providedResetPasswordForm
, attempt to reset the user's password.org.springframework.security.core.userdetails.UserDetails
updatePassword(org.springframework.security.core.userdetails.UserDetails user, String encodedPassword)
U
updatePasswordForUser(U user, String password, String clientId)
Send a password change notification email and update the user's password.protected Optional<P>
useToken(U user, String token)
Defer to the PasscodeService to validate the password reset token.
-
-
-
Field Detail
-
RESET_PASSWORD_PURPOSE
public static final String RESET_PASSWORD_PURPOSE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultUserPasswordService
public DefaultUserPasswordService(UserService<U> userService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, UserMessagingService<U> messageService, ResetPasswordFormValidator<P> resetPasswordFormValidator, ChangePasswordFormValidator changePasswordFormValidator, UserLockoutService userLockoutService, PasscodeService<P,U> passcodeService)
-
-
Method Detail
-
resetPassword
public boolean resetPassword(ResetPasswordForm resetPasswordForm, org.springframework.validation.BindingResult errors)
Description copied from interface:UserPasswordService
From the providedResetPasswordForm
, attempt to reset the user's password. If a failure occurs, errors will be populated onBindingResult
and `false` is returned. Otherwise, return `true`.- Specified by:
resetPassword
in interfaceUserPasswordService<P extends PasswordToken,U extends User>
- Parameters:
resetPasswordForm
- The form to use to reset the user's password.errors
- The object to hold any errors that might occur.- Returns:
- Whether the provided
ResetPasswordForm
passed validation in order for the password to be reset.
-
changePassword
public boolean changePassword(ChangePasswordForm changePasswordForm, org.springframework.validation.BindingResult errors)
Description copied from interface:UserPasswordService
From the providedChangePasswordForm
, attempt to change the user's password. If a failure occurs, errors will be populated onBindingResult
and `false` is returned. Otherwise, return `true`.- Specified by:
changePassword
in interfaceUserPasswordService<P extends PasswordToken,U extends User>
- Parameters:
changePasswordForm
- The form to use to change the user's password.errors
- The object to hold any errors that might occur.- Returns:
- Whether the provided
ChangePasswordForm
passed validation in order for the password to be changed.
-
createTokenForUser
public boolean createTokenForUser(String clientId, String username) throws AccountLockedException
Description copied from interface:UserPasswordService
Creates a token for the specified user, if they exist.- Specified by:
createTokenForUser
in interfaceUserPasswordService<P extends PasswordToken,U extends User>
- Parameters:
clientId
- TheAuthorizedClient.getId()
to verify againstusername
- The username of the user for which to validate and create a token.- Returns:
- true if token successfully created, else false.
- Throws:
AccountLockedException
- if user is locked and unable to reset their password
-
createResetPasswordToken
public boolean createResetPasswordToken(String clientId, String username) throws AccountLockedException
Description copied from interface:UserPasswordService
Creates a reset password token for the specified user, if they exist.- Specified by:
createResetPasswordToken
in interfaceUserPasswordService<P extends PasswordToken,U extends User>
- Parameters:
clientId
- TheAuthorizedClient.getId()
to verify againstusername
- The username of the user for which to validate and create a token.- Returns:
- true if token successfully created, else false.
- Throws:
AccountLockedException
- if user is locked and unable to reset their password
-
createResetPasswordTokenForUser
protected boolean createResetPasswordTokenForUser(U user, String clientId) throws AccountLockedException
- Throws:
AccountLockedException
-
useToken
protected Optional<P> useToken(U user, String token)
Defer to the PasscodeService to validate the password reset token. If the user has no tokens matching the one provided, this method will returnOptional.empty()
.- Parameters:
user
- The user on which to validate and use the tokentoken
- The token to validate against a password reset
-
updatePassword
public org.springframework.security.core.userdetails.UserDetails updatePassword(org.springframework.security.core.userdetails.UserDetails user, String encodedPassword)
- Specified by:
updatePassword
in interfaceorg.springframework.security.core.userdetails.UserDetailsPasswordService
-
updatePasswordForUser
public U updatePasswordForUser(U user, String password, String clientId)
Description copied from interface:UserPasswordService
Send a password change notification email and update the user's password.- Specified by:
updatePasswordForUser
in interfaceUserPasswordService<P extends PasswordToken,U extends User>
- Parameters:
user
- The user who's password to update.password
- The new password for the user.clientId
- The clientId from the request.- Returns:
- The updated user.
-
getCurrentlyAuthenticatedUser
protected U getCurrentlyAuthenticatedUser()
Retrieve the current (already authenticated) user who is attempting to change their password- Returns:
- the current (already authenticated) user who is attempting to change their password
-
getUserByClientIdAndUsername
protected Optional<U> getUserByClientIdAndUsername(String clientId, String username)
-
getUserService
protected UserService<U> getUserService()
-
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()
-
getMessageService
protected UserMessagingService<U> getMessageService()
-
getResetPasswordFormValidator
protected ResetPasswordFormValidator<P> getResetPasswordFormValidator()
-
getChangePasswordFormValidator
protected ChangePasswordFormValidator getChangePasswordFormValidator()
-
getUserLockoutService
protected UserLockoutService getUserLockoutService()
-
getPasscodeService
protected PasscodeService<P,U> getPasscodeService()
-
-