Package com.broadleafcommerce.auth.passcode.service

Class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>

java.lang.Object
com.broadleafcommerce.auth.passcode.service.DefaultPasscodeService<P,U,D>
All Implemented Interfaces:
PasscodeService<P,U>
public class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable> extends Object implements PasscodeService<P,U>

  • Field Details

    • RANDOM

      protected static final Random RANDOM

  • Constructor Details

  • Method Details

    • createPasscode

      public P createPasscode(U user, String purpose)
      Description copied from interface: PasscodeService
      Create a new token for a User with a specific purpose.
      Specified by:
      createPasscode in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      user - The User who will own the token.
      purpose - The purpose for this token.
      Returns:
      A new PasswordToken object with the new plaintext passcode on the token field.

    • consume

      public Optional<P> consume(U user, String purpose, String passcode)
      Description copied from interface: PasscodeService
      Consume a passcode.
      Specified by:
      consume in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      user - The User that owns the token.
      purpose - The purpose of the token. This will be validated against the purpose stored with the token.
      passcode - The passcode String to consume.
      Returns:
      An optional containing the used token if successful, empty if unsuccessful.

    • invalidate

      public boolean invalidate(String passcodeId)
      Description copied from interface: PasscodeService
      Invalidate an active passcode.
      Specified by:
      invalidate in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      passcodeId - The id of the PasswordToken.
      Returns:
      True if the passcode was invalidated, false otherwise.

    • status

      public boolean status(String passcodeId)
      Description copied from interface: PasscodeService
      Get the status of a PasswordToken.
      Specified by:
      status in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      passcodeId - The id of the PasswordToken.
      Returns:
      True if the token is valid, false otherwise.

    • readTokensForUser

      public List<P> readTokensForUser(U user, String purpose)
      Description copied from interface: PasscodeService
      Return all of a user's tokens for a particular purpose. The token fields of the returned objects will contain the encoded passcode.
      Specified by:
      readTokensForUser in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      user - The User that owns the tokens.
      purpose - The purpose of the tokens.
      Returns:
      A List of PasswordToken.

    • generateSecureToken

      public String generateSecureToken()
      Description copied from interface: PasscodeService
      Generate a new random token String with only letters and numbers. This String is not persisted.
      Specified by:
      generateSecureToken in interface PasscodeService<P extends PasswordToken,U extends User>
      Returns:
      A secure random String.

    • generateSecureToken

      public String generateSecureToken(boolean includeSpecialCharacters)
      Description copied from interface: PasscodeService
      Generate a new random token String that may special characters. The String is not persisted.
      Specified by:
      generateSecureToken in interface PasscodeService<P extends PasswordToken,U extends User>
      Parameters:
      includeSpecialCharacters - True if special characters should be included in the token. If false, only letters and numbers will be used.
      Returns:
      A secure random String.

    • findActiveUserToken

      protected Optional<P> findActiveUserToken(U user, String purpose, String token)
      Find saved token for the given user & purpose that is not expired.
      Parameters:
      user - The user that owns the token
      purpose - The purpose of the token
      token - The token to match
      Returns:
      An unused, non-expired <P extends PasswordToken>, or empty

    • matchesToken

      protected boolean matchesToken(String token, P savedToken)
      Determine if the given token String matches the saved token PasswordToken.
      Parameters:
      token - The unencoded String to match
      savedToken - The saved token with the encoded value
      Returns:
      True if the encoded token matches the saved value, false otherwise

    • readUnusedTokensForUser

      protected List<P> readUnusedTokensForUser(U user, String purpose)
      Find all unused tokens for the given user and purpose.
      Parameters:
      user - The user that owns the token
      purpose - The purpose of the token
      Returns:
      A list of unused <P extends PasswordToken> for the given user and purpose

    • createPasswordToken

      protected P createPasswordToken(U user, String purpose, String encodedToken)
      Create a new <P extends PasswordToken> from a User, purpose, and encoded token.
      Parameters:
      user - The user that will own the token
      purpose - The purpose of the token
      encodedToken - The encoded token value
      Returns:
      A new non-persisted <P extends PasswordToken>

    • isTokenExpired

      protected boolean isTokenExpired(P token)
      Determine if the given token is expired. A zero value for TTL indicates that the token never expires. See PasswordTokenProperties.getTtl().
      Parameters:
      token - The saved token to test
      Returns:
      True if the token is expired, false otherwise.

    • markTokenAsUsed

      protected boolean markTokenAsUsed(P token)
      Mark a token as used, set the used date, and save the token.
      Parameters:
      token - The token to update.
      Returns:
      True if successful, false otherwise

    • getTokenChars

      protected char[] getTokenChars()
      Returns:
      An array of characters that can be used to generate a passcode.

    • getTokenLength

      protected int getTokenLength()
      Returns:
      How long of a String to generate for a passcode.

    • getTokenDuration

      protected Duration getTokenDuration()
      Returns:
      How long a passcode is valid

    • getMapper

      protected SimplePayloadMapper getMapper()

    • getPasswordTokenRepository

      protected PasswordTokenRepository<D> getPasswordTokenRepository()

    • getPasswordEncoder

      protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()

    • getPasswordTokenProperties

      protected PasswordTokenProperties getPasswordTokenProperties()