Package com.broadleafcommerce.auth.user.service

Interface UserLockoutService

All Known Implementing Classes:
DefaultUserLockoutService
public interface UserLockoutService
Service responsible for handling login attempts. This service handles the creation, locking, unlocking, etc. of user accounts.

  • Method Details

    • createLoginAttempt

      void createLoginAttempt(User user, String loginAttemptResult)
      Create a user login attempt.
      Parameters:
      user - The user to create a login attempt for
      loginAttemptResult - The login attempt result.
      Throws:
      org.springframework.security.authentication.LockedException - if the user is locked out

    • createLoginAttempt

      void createLoginAttempt(String username, String loginAttemptResult, String clientId)
      Create a user login attempt
      Parameters:
      username - The username to create an attempt for
      loginAttemptResult - The login attempt result
      clientId - The client ID

    • createResetPasswordAttempt

      void createResetPasswordAttempt(String username, @Nullable String userId, String resetPasswordAttemptResult, String authServerId)
      Creates a UserResetPasswordAttempt.
      Parameters:
      username - The username to create an attempt for
      userId - The user ID of the user who attempted to reset their password. This is nullable, as an attempt could be made to reset the password using a specific username, but no user exists for that username.
      resetPasswordAttemptResult - The reset password attempt result
      authServerId - The authentication server ID that contains the property configurations to be applied to this attempt
      See Also:

    • createChangePasswordAttempt

      void createChangePasswordAttempt(String username, String userId, String changePasswordAttemptResult, String authServerId)
      Creates a UserChangePasswordAttempt.
      Parameters:
      username - The username to create an attempt for
      userId - The user ID of the user who attempted to change their password. This should be non-null since a user can only change a password when they are logged in.
      changePasswordAttemptResult - The change password attempt result
      authServerId - The authentication server ID that contains the property configurations to be applied to this attempt
      See Also:

    • validateMaximumResetPasswordAttempts

      void validateMaximumResetPasswordAttempts(String username, @Nullable String userId, String authServerId)
      Validates whether current number of reset password attempts for a user have exceeded the maximum attempt limit. This method can be used in conjunction with createResetPasswordAttempt(String, String, String, String) to pre-validate the current state before performing outside actions that require attempt to be valid, such as resetting the password on the user or consuming a one-time token.
      Parameters:
      username - Username of the user to validate
      userId - User ID of the user to validate reset password attempts for
      authServerId - Authentication server ID containing property configurations to be referenced for this attempt

    • validateMaximumChangePasswordAttempts

      void validateMaximumChangePasswordAttempts(String username, String userId, String authServerId)
      Validates whether current number of change password attempts for a user have exceeded the maximum attempt limit. This method can be used in conjunction with createChangePasswordAttempt(String, String, String, String) to pre-validate the current state before performing outside actions that require attempt to be valid, such as changing the password on the user.
      Parameters:
      username - Username of the user to validate
      userId - User ID of the user to validate change password attempts on
      authServerId - Authentication server ID containing property configurations to be referenced for this attempt

    • unlockUser

      User unlockUser(User user)
      Manually unlock a user
      Parameters:
      user - The user to unlock

    • lockUser

      User lockUser(User user)
      Manually lock a user
      Parameters:
      user - The user to lock

    • unlockUserIfEligible

      Optional<User> unlockUserIfEligible(String username, String clientId)
      If a user is eligible for unlocking, unlock them.
      Parameters:
      username - The username
      clientId - The client ID
      Returns:
      The user, if they exist

    • canResetPassword

      boolean canResetPassword(User user)
      Return true if this user can reset their password.

      See AuthorizationServer.getLockedUserCanResetPassword() and UserLockoutProperties.isLockedUserCanResetPassword()

      Parameters:
      user - The user to check
      Returns:
      true if the user can reset their password, otherwise false.

    • unlockUserOnPasswordResetIfEligible

      @Nullable Boolean unlockUserOnPasswordResetIfEligible(User user)
      After a password reset, unlock the user if they're eligible.

      See AuthorizationServer.getResetPasswordUnlocksUser() and UserLockoutProperties.isResetPasswordUnlocksUser()

      Parameters:
      user - The user to unlock, if eligible
      Returns:
      true if the user has been unlocked, false if the user is still locked, or null if no action was taken