Class DefaultPasswordRequestValidator
java.lang.Object
com.broadleafcommerce.auth.user.validation.DefaultPasswordRequestValidator
- All Implemented Interfaces:
PasswordRequestValidator
@ConfigurationProperties("broadleaf.auth.password.validator")
public class DefaultPasswordRequestValidator
extends Object
implements PasswordRequestValidator
Note - ensure to keep
DefaultPasswordGenerator
aligned with any changes to validation
here.- Author:
- Nathan Moore (nathanmoore), Phillip Verheyden (phillipuniverse)
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
doesPasswordConfirmationMatch
(String password, String pwdConfirm) Ensures that both the passwords match, excluding 'null' matches.protected org.springframework.security.crypto.password.PasswordEncoder
protected PasswordValidatorProperties
getProps()
protected boolean
protected boolean
hasLowercase
(String password) protected boolean
hasNoWhitespaces
(String password) protected boolean
hasSpecialChar
(String password) protected boolean
hasUppercase
(String password) boolean
isPasswordReusedInvalidly
(@NonNull User user, String password) Determines whether the password has been reused by theUser
invalidly.protected boolean
protected boolean
isTooShort
(String password) protected boolean
matchesCustomRegex
(String password) void
setPasswordEncoder
(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder) Validates the password
-
Constructor Details
-
DefaultPasswordRequestValidator
-
-
Method Details
-
validate
Description copied from interface:PasswordRequestValidator
Validates the passwordIf this implementation is changed, ensure to also update the
PasswordGenerator
implementation to remain compliant.- Specified by:
validate
in interfacePasswordRequestValidator
- Returns:
- the validation result after running through all of the validations
-
doesPasswordConfirmationMatch
public boolean doesPasswordConfirmationMatch(@Nullable String password, @Nullable String pwdConfirm) Description copied from interface:PasswordRequestValidator
Ensures that both the passwords match, excluding 'null' matches. In the case that both are null, this will return false;- Specified by:
doesPasswordConfirmationMatch
in interfacePasswordRequestValidator
- Parameters:
password
- what the user typed in as the passwordpwdConfirm
- confirmation dialogue that the user gave- Returns:
- true if the passwords match, false otherwise
-
isPasswordReusedInvalidly
Description copied from interface:PasswordRequestValidator
Determines whether the password has been reused by theUser
invalidly.- Specified by:
isPasswordReusedInvalidly
in interfacePasswordRequestValidator
- Parameters:
user
- The user whose password is changing.password
- The new password. Plaintext.- Returns:
- Whether the password was reused invalidly.
- See Also:
-
isTooShort
-
isTooLong
-
hasUppercase
-
hasLowercase
-
hasNoWhitespaces
-
hasSpecialChar
-
hasDigit
-
matchesCustomRegex
-
getPATTERN_CACHE
-
getProps
-
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder() -
setPasswordEncoder
@Autowired public void setPasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
-