UserPasswordManagement (Communote 3.5 API)

All Known Implementing Classes:

UserPasswordManagementImpl
```
public interface UserPasswordManagement
```
Manage the passwords of users stored in the database.

Since:

3.5

Author:

Communote Team - https://github.com/Communote

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`void`	`changePassword(Long userId, String newPassword)` Change the password of a user.
`void`	`changePassword(String securityCode, String newPassword)` Change the password of a user who used the forgotten password feature (`requestPasswordChange(String)`) to request a new password.
`void`	`changePassword(User user, String newPassword)` Change the password of a user.
`boolean`	`checkAndUpdatePassword(User user, String password)` Check that the (hashed) password of the user matches the given clear text password.
`boolean`	`checkPassword(Long userId, String password)` Check that the (hashed) password of the user matches the given clear text password.
`boolean`	`checkPassword(User user, String password)` Check that the (hashed) password of the user matches the given clear text password.
`void`	`register(PasswordHashFunction hashFunction)` Register a hash function for generating and checking password hashes.
`void`	`requestPasswordChange(String email)` Request a new password for the given user.
`void`	`unregister(PasswordHashFunction hashFunction)` Remove a previously registered password hash function.
`void`	`validatePassword(String newPassword)` Validate that a password matches the minimum security requirements to be used in user accounts

- Method Detail
  - changePassword
```
void changePassword(Long userId,
                    String newPassword)
             throws PasswordValidationException,
                    UserNotFoundException,
                    AuthorizationException,
                    ExternalUserPasswordChangeNotAllowedException
```
    Change the password of a user.
    
    Parameters:
    
    userId - the ID of the user for whom the password should be changed
    
    newPassword - the new clear text password
    
    Throws:
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    UserNotFoundException - in case the user with the given ID does not exist
    
    AuthorizationException - in case the current user is not the user with the userId or the current user is not client admin or internal system user
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - changePassword
```
void changePassword(String securityCode,
                    String newPassword)
             throws SecurityCodeNotFoundException,
                    PasswordValidationException,
                    ExternalUserPasswordChangeNotAllowedException
```
    Change the password of a user who used the forgotten password feature (requestPasswordChange(String)) to request a new password.
    
    Parameters:
    
    securityCode - security code created by the forgotten password feature
    
    newPassword - the new clear text password
    
    Throws:
    
    SecurityCodeNotFoundException - in case the security code does not exist or does not belong to a forgotten password security code
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - changePassword
```
void changePassword(User user,
                    String newPassword)
             throws PasswordValidationException,
                    ExternalUserPasswordChangeNotAllowedException
```
    Change the password of a user.
    
    Note: this method does not check whether the current user is allowed to change the password. Moreover, an existing transaction is required.
    
    Parameters:
    
    user - the user whose password should be changed
    
    newPassword - the new clear text password
    
    Throws:
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - checkAndUpdatePassword
```
boolean checkAndUpdatePassword(User user,
                               String password)
```
    Check that the (hashed) password of the user matches the given clear text password. If the password matches it will be checked whether the password should be updated to meet the current security requirements. An update will be necessary if the user's password was created with a hash function other than the current hash function or if the hash function didn't change but was reconfigured to produce a stronger hash value.
    
    Note: if an update of password is necessary the given clear text password is not validated with validatePassword(String). Moreover, an existing transaction is required.
    
    Parameters:
    
    user - the user whose password should be checked and updated
    
    password - the clear text password to test against
    
    Returns:
    
    true if the password matches
  - checkPassword
```
boolean checkPassword(Long userId,
                      String password)
```
    Check that the (hashed) password of the user matches the given clear text password.
    
    Parameters:
    
    userId - the ID of the user whose password should be checked
    
    password - the clear text password to test against
    
    Returns:
    
    false if the password doesn't match or the user doesn't exist
  - checkPassword
```
boolean checkPassword(User user,
                      String password)
```
    Check that the (hashed) password of the user matches the given clear text password.
    
    Parameters:
    
    user - the user whose password should be checked
    
    password - the clear text password to test against
    
    Returns:
    
    true if the password matches
  - register
```
void register(PasswordHashFunction hashFunction)
```
    Register a hash function for generating and checking password hashes.
    
    Parameters:
    
    hashFunction - the function to register
  - requestPasswordChange
```
void requestPasswordChange(String email)
                    throws UserNotFoundException,
                           ExternalUserPasswordChangeNotAllowedException
```
    Request a new password for the given user. A mail with a security code will be sent to the user. The code can be used in changePassword(String, String).
    
    Parameters:
    
    email - the email of the user requesting the password change
    
    Throws:
    
    UserNotFoundException - in case there is no user with that email
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - unregister
```
void unregister(PasswordHashFunction hashFunction)
```
    Remove a previously registered password hash function. If the given function is not registered nothing will happen.
    
    Parameters:
    
    hashFunction - the hash function to remove
    
    Throws:
    
    IllegalArgumentException - in case the the built-in default hash function should be removed
  - validatePassword
```
void validatePassword(String newPassword)
               throws PasswordValidationException
```
    Validate that a password matches the minimum security requirements to be used in user accounts
    
    Parameters:
    
    newPassword - the password to validate
    
    Throws:
    
    PasswordValidationException - in case the password is not valid

Interface UserPasswordManagement

Method Summary

Method Detail

changePassword

changePassword

changePassword

checkAndUpdatePassword

checkPassword

checkPassword

register

requestPasswordChange

unregister

validatePassword