Class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
java.lang.Object
com.broadleafcommerce.auth.passcode.service.DefaultPasscodeService<P,U,D>
- All Implemented Interfaces:
PasscodeService<P,
U>
public class DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
extends Object
implements PasscodeService<P,U>
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefaultPasscodeService
(SimplePayloadMapper mapper, PasswordTokenRepository<D> passwordTokenRepository, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, PasswordTokenProperties passwordTokenProperties) -
Method Summary
Modifier and TypeMethodDescriptionConsume a passcode.createPasscode
(U user, String purpose) Create a new token for a User with a specific purpose.protected P
createPasswordToken
(U user, String purpose, String encodedToken) Create a new<P extends PasswordToken>
from a User, purpose, and encoded token.findActiveUserToken
(U user, String purpose, String token) Find saved token for the given user & purpose that is not expired.Generate a new random token String with only letters and numbers.generateSecureToken
(boolean includeSpecialCharacters) Generate a new random token String that may special characters.protected SimplePayloadMapper
protected org.springframework.security.crypto.password.PasswordEncoder
protected PasswordTokenProperties
protected PasswordTokenRepository<D>
protected char[]
protected Duration
protected int
boolean
invalidate
(String passcodeId) Invalidate an active passcode.protected boolean
isTokenExpired
(P token) Determine if the given token is expired.protected boolean
markTokenAsUsed
(P token) Mark a token as used, set the used date, and save the token.protected boolean
matchesToken
(String token, P savedToken) Determine if the given token String matches the saved token PasswordToken.readTokensForUser
(U user, String purpose) Return all of a user's tokens for a particular purpose.readUnusedTokensForUser
(U user, String purpose) Find all unused tokens for the given user and purpose.boolean
Get the status of aPasswordToken
.
-
Field Details
-
RANDOM
-
-
Constructor Details
-
DefaultPasscodeService
public DefaultPasscodeService(SimplePayloadMapper mapper, PasswordTokenRepository<D> passwordTokenRepository, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, PasswordTokenProperties passwordTokenProperties)
-
-
Method Details
-
createPasscode
Description copied from interface:PasscodeService
Create a new token for a User with a specific purpose.- Specified by:
createPasscode
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
user
- The User who will own the token.purpose
- The purpose for this token.- Returns:
- A new
PasswordToken
object with the new plaintext passcode on the token field.
-
consume
Description copied from interface:PasscodeService
Consume a passcode.- Specified by:
consume
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
user
- The User that owns the token.purpose
- The purpose of the token. This will be validated against the purpose stored with the token.passcode
- The passcode String to consume.- Returns:
- An optional containing the used token if successful, empty if unsuccessful.
-
invalidate
Description copied from interface:PasscodeService
Invalidate an active passcode.- Specified by:
invalidate
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
passcodeId
- The id of thePasswordToken
.- Returns:
- True if the passcode was invalidated, false otherwise.
-
status
Description copied from interface:PasscodeService
Get the status of aPasswordToken
.- Specified by:
status
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
passcodeId
- The id of thePasswordToken
.- Returns:
- True if the token is valid, false otherwise.
-
readTokensForUser
Description copied from interface:PasscodeService
Return all of a user's tokens for a particular purpose. The token fields of the returned objects will contain the encoded passcode.- Specified by:
readTokensForUser
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
user
- The User that owns the tokens.purpose
- The purpose of the tokens.- Returns:
- A List of
PasswordToken
.
-
generateSecureToken
Description copied from interface:PasscodeService
Generate a new random token String with only letters and numbers. This String is not persisted.- Specified by:
generateSecureToken
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Returns:
- A secure random String.
-
generateSecureToken
Description copied from interface:PasscodeService
Generate a new random token String that may special characters. The String is not persisted.- Specified by:
generateSecureToken
in interfacePasscodeService<P extends PasswordToken,
U extends User> - Parameters:
includeSpecialCharacters
- True if special characters should be included in the token. If false, only letters and numbers will be used.- Returns:
- A secure random String.
-
findActiveUserToken
Find saved token for the given user & purpose that is not expired.- Parameters:
user
- The user that owns the tokenpurpose
- The purpose of the tokentoken
- The token to match- Returns:
- An unused, non-expired
<P extends PasswordToken>
, or empty
-
matchesToken
Determine if the given token String matches the saved token PasswordToken.- Parameters:
token
- The unencoded String to matchsavedToken
- The saved token with the encoded value- Returns:
- True if the encoded token matches the saved value, false otherwise
-
readUnusedTokensForUser
Find all unused tokens for the given user and purpose.- Parameters:
user
- The user that owns the tokenpurpose
- The purpose of the token- Returns:
- A list of unused
<P extends PasswordToken>
for the given user and purpose
-
createPasswordToken
Create a new<P extends PasswordToken>
from a User, purpose, and encoded token.- Parameters:
user
- The user that will own the tokenpurpose
- The purpose of the tokenencodedToken
- The encoded token value- Returns:
- A new non-persisted
<P extends PasswordToken>
-
isTokenExpired
Determine if the given token is expired. A zero value for TTL indicates that the token never expires. SeePasswordTokenProperties.getTtl()
.- Parameters:
token
- The saved token to test- Returns:
- True if the token is expired, false otherwise.
-
markTokenAsUsed
Mark a token as used, set the used date, and save the token.- Parameters:
token
- The token to update.- Returns:
- True if successful, false otherwise
-
getTokenChars
protected char[] getTokenChars()- Returns:
- An array of characters that can be used to generate a passcode.
-
getTokenLength
protected int getTokenLength()- Returns:
- How long of a String to generate for a passcode.
-
getTokenDuration
- Returns:
- How long a passcode is valid
-
getMapper
-
getPasswordTokenRepository
-
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder() -
getPasswordTokenProperties
-