Class DefaultPasswordRequestValidator

java.lang.Object
com.broadleafcommerce.auth.user.validation.DefaultPasswordRequestValidator
All Implemented Interfaces:
PasswordRequestValidator

@ConfigurationProperties("broadleaf.auth.password.validator") public class DefaultPasswordRequestValidator extends Object implements PasswordRequestValidator
Note - ensure to keep DefaultPasswordGenerator aligned with any changes to validation here.
Author:
Nathan Moore (nathanmoore), Phillip Verheyden (phillipuniverse)
  • Constructor Details

  • Method Details

    • validate

      @NonNull public PasswordValidation validate(@Nullable String password)
      Description copied from interface: PasswordRequestValidator
      Validates the password

      If this implementation is changed, ensure to also update the PasswordGenerator implementation to remain compliant.

      Specified by:
      validate in interface PasswordRequestValidator
      Returns:
      the validation result after running through all of the validations
    • doesPasswordConfirmationMatch

      public boolean doesPasswordConfirmationMatch(@Nullable String password, @Nullable String pwdConfirm)
      Description copied from interface: PasswordRequestValidator
      Ensures that both the passwords match, excluding 'null' matches. In the case that both are null, this will return false;
      Specified by:
      doesPasswordConfirmationMatch in interface PasswordRequestValidator
      Parameters:
      password - what the user typed in as the password
      pwdConfirm - confirmation dialogue that the user gave
      Returns:
      true if the passwords match, false otherwise
    • isPasswordReusedInvalidly

      public boolean isPasswordReusedInvalidly(@NonNull @NonNull User user, String password)
      Description copied from interface: PasswordRequestValidator
      Determines whether the password has been reused by the User invalidly.
      Specified by:
      isPasswordReusedInvalidly in interface PasswordRequestValidator
      Parameters:
      user - The user whose password is changing.
      password - The new password. Plaintext.
      Returns:
      Whether the password was reused invalidly.
      See Also:
    • isTooShort

      protected boolean isTooShort(@Nullable String password)
    • isTooLong

      protected boolean isTooLong(@Nullable String password)
    • hasUppercase

      protected boolean hasUppercase(@Nullable String password)
    • hasLowercase

      protected boolean hasLowercase(@Nullable String password)
    • hasNoWhitespaces

      protected boolean hasNoWhitespaces(@Nullable String password)
    • hasSpecialChar

      protected boolean hasSpecialChar(@Nullable String password)
    • hasDigit

      protected boolean hasDigit(@Nullable String password)
    • matchesCustomRegex

      protected boolean matchesCustomRegex(@Nullable String password)
    • getPATTERN_CACHE

      protected static Map<String,Pattern> getPATTERN_CACHE()
    • getProps

      protected PasswordValidatorProperties getProps()
    • getPasswordEncoder

      protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()
    • setPasswordEncoder

      @Autowired public void setPasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)