Package com.broadleafcommerce.auth.user.validation

Interface PasswordRequestValidator

All Known Implementing Classes:

DefaultPasswordRequestValidator

public interface PasswordRequestValidator

This validator uses regex to validate new passwords for registration and password resets. The validation has been broken down into segments that are commonly used:

• Check if the password is too short (default is 8)
• Check if the password is too long (default is 255)
• Check if the password has 'n' uppercase letter(s) (default is 1 unicode uppercase)
• Check if the password has 'n' lowercase letter(s) (default is 1 unicode lowercase)
• Check if the password has 'n' special character(s) (default is 1)
• Check if the password has 'n' digits(s) (default is 1)
• Check if the password has whitespaces
• Check if the password has sequentially repeated characters, i.e. 11, aa, -- (default is none at all)
• Check if the password and the password confirmation fields match

All of which can be configured via properties along with error messages.

Author:

Nathan Moore (nathanmoore), Phillip Verheyden (phillipuniverse)

See Also:

• DefaultPasswordRequestValidator
• PasswordValidatorProperties

Method Summary

Modifier and Type	Method	Description
boolean	doesPasswordConfirmationMatch(String password, String pwdConfirm)	Ensures that both the passwords match, excluding 'null' matches.
boolean	isPasswordReusedInvalidly(User user, String password)	Determines whether the password has been reused by the User invalidly.
PasswordValidation	validate(String password)	Validates the password

Method Details

validate

@NonNull
PasswordValidation validate(@Nullable
 String password)

Validates the password

If this implementation is changed, ensure to also update the PasswordGenerator implementation to remain compliant.

Parameters:

password -

Returns:

the validation result after running through all of the validations

isPasswordReusedInvalidly

boolean isPasswordReusedInvalidly(User user,
 String password)

Determines whether the password has been reused by the User invalidly.

Parameters:

user - The user whose password is changing.

password - The new password. Plaintext.

Returns:

Whether the password was reused invalidly.

See Also:

• PasswordValidatorProperties.getPreviousPasswordsToRemember()

doesPasswordConfirmationMatch

boolean doesPasswordConfirmationMatch(@Nullable
 String password,
 @Nullable
 String pwdConfirm)

Ensures that both the passwords match, excluding 'null' matches. In the case that both are null, this will return false;

Parameters:

password - what the user typed in as the password

pwdConfirm - confirmation dialogue that the user gave

Returns:

true if the passwords match, false otherwise