UserPasswordManagementImpl (Communote 3.5 API)

java.lang.Object
- com.communote.server.core.user.security.UserPasswordManagementImpl

All Implemented Interfaces:: UserPasswordManagement

@Service(value="userPasswordManagement")
public class UserPasswordManagementImpl
extends Object
implements UserPasswordManagement

Constructor Summary

Constructors
Constructor and Description
`UserPasswordManagementImpl(UserDao userDao, ForgottenPasswordSecurityCodeDao forgottenPasswordSecurityCodeDao, SecurityCodeManagement securityCodeManagement, MailSender mailSender)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`changePassword(Long userId, String newPassword)` Change the password of a user.
`void`	`changePassword(String securityCode, String password)` Change the password of a user who used the forgotten password feature (`UserPasswordManagement.requestPasswordChange(String)`) to request a new password.
`void`	`changePassword(User user, String newPassword)` Change the password of a user.
`boolean`	`checkAndUpdatePassword(User user, String password)` Check that the (hashed) password of the user matches the given clear text password.
`boolean`	`checkPassword(Long userId, String password)` Check that the (hashed) password of the user matches the given clear text password.
`boolean`	`checkPassword(User user, String password)` Check that the (hashed) password of the user matches the given clear text password.
`void`	`register(PasswordHashFunction hashFunction)` Register a hash function for generating and checking password hashes.
`void`	`requestPasswordChange(String email)` Request a new password for the given user.
`void`	`unregister(PasswordHashFunction hashFunction)` Remove a previously registered password hash function.
`void`	`validatePassword(String newPassword)` Validate that a password matches the minimum security requirements to be used in user accounts

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - UserPasswordManagementImpl
```
@Autowired
public UserPasswordManagementImpl(UserDao userDao,
                                             ForgottenPasswordSecurityCodeDao forgottenPasswordSecurityCodeDao,
                                             SecurityCodeManagement securityCodeManagement,
                                             MailSender mailSender)
```
- Method Detail
  - changePassword
```
@Transactional(propagation=REQUIRED)
public void changePassword(Long userId,
                                                                String newPassword)
                                                         throws PasswordValidationException,
                                                                UserNotFoundException,
                                                                AuthorizationException,
                                                                ExternalUserPasswordChangeNotAllowedException
```
    Description copied from interface: UserPasswordManagement
    
    Change the password of a user.
    
    Specified by:
    
    changePassword in interface UserPasswordManagement
    
    Parameters:
    
    userId - the ID of the user for whom the password should be changed
    
    newPassword - the new clear text password
    
    Throws:
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    UserNotFoundException - in case the user with the given ID does not exist
    
    AuthorizationException - in case the current user is not the user with the userId or the current user is not client admin or internal system user
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - changePassword
```
@Transactional(propagation=REQUIRED)
public void changePassword(String securityCode,
                                                                String password)
                                                         throws SecurityCodeNotFoundException,
                                                                PasswordValidationException,
                                                                ExternalUserPasswordChangeNotAllowedException
```
    Description copied from interface: UserPasswordManagement
    
    Change the password of a user who used the forgotten password feature (UserPasswordManagement.requestPasswordChange(String)) to request a new password.
    
    Specified by:
    
    changePassword in interface UserPasswordManagement
    
    Parameters:
    
    securityCode - security code created by the forgotten password feature
    
    password - the new clear text password
    
    Throws:
    
    SecurityCodeNotFoundException - in case the security code does not exist or does not belong to a forgotten password security code
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - changePassword
```
@Transactional(propagation=MANDATORY)
public void changePassword(User user,
                                                                 String newPassword)
                                                          throws PasswordValidationException,
                                                                 ExternalUserPasswordChangeNotAllowedException
```
    Description copied from interface: UserPasswordManagement
    
    Change the password of a user.
    
    Note: this method does not check whether the current user is allowed to change the password. Moreover, an existing transaction is required.
    
    Specified by:
    
    changePassword in interface UserPasswordManagement
    
    Parameters:
    
    user - the user whose password should be changed
    
    newPassword - the new clear text password
    
    Throws:
    
    PasswordValidationException - in case the new password doesn't fulfill the minimum security requirements to be used in user accounts
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - checkAndUpdatePassword
```
@Transactional(propagation=MANDATORY)
public boolean checkAndUpdatePassword(User user,
                                                                            String password)
```
    Description copied from interface: UserPasswordManagement
    
    Check that the (hashed) password of the user matches the given clear text password. If the password matches it will be checked whether the password should be updated to meet the current security requirements. An update will be necessary if the user's password was created with a hash function other than the current hash function or if the hash function didn't change but was reconfigured to produce a stronger hash value.
    
    Note: if an update of password is necessary the given clear text password is not validated with UserPasswordManagement.validatePassword(String). Moreover, an existing transaction is required.
    
    Specified by:
    
    checkAndUpdatePassword in interface UserPasswordManagement
    
    Parameters:
    
    user - the user whose password should be checked and updated
    
    password - the clear text password to test against
    
    Returns:
    
    true if the password matches
  - checkPassword
```
@Transactional(propagation=REQUIRED,
               readOnly=true)
public boolean checkPassword(Long userId,
                                                                                                String password)
```
    Description copied from interface: UserPasswordManagement
    
    Check that the (hashed) password of the user matches the given clear text password.
    
    Specified by:
    
    checkPassword in interface UserPasswordManagement
    
    Parameters:
    
    userId - the ID of the user whose password should be checked
    
    password - the clear text password to test against
    
    Returns:
    
    false if the password doesn't match or the user doesn't exist
  - checkPassword
```
public boolean checkPassword(User user,
                             String password)
```
    Description copied from interface: UserPasswordManagement
    
    Check that the (hashed) password of the user matches the given clear text password.
    
    Specified by:
    
    checkPassword in interface UserPasswordManagement
    
    Parameters:
    
    user - the user whose password should be checked
    
    password - the clear text password to test against
    
    Returns:
    
    true if the password matches
  - register
```
public void register(PasswordHashFunction hashFunction)
```
    Description copied from interface: UserPasswordManagement
    
    Register a hash function for generating and checking password hashes.
    
    Specified by:
    
    register in interface UserPasswordManagement
    
    Parameters:
    
    hashFunction - the function to register
  - requestPasswordChange
```
@Transactional(propagation=REQUIRED)
public void requestPasswordChange(String email)
                                                                throws UserNotFoundException,
                                                                       ExternalUserPasswordChangeNotAllowedException
```
    Description copied from interface: UserPasswordManagement
    
    Request a new password for the given user. A mail with a security code will be sent to the user. The code can be used in UserPasswordManagement.changePassword(String, String).
    
    Specified by:
    
    requestPasswordChange in interface UserPasswordManagement
    
    Parameters:
    
    email - the email of the user requesting the password change
    
    Throws:
    
    UserNotFoundException - in case there is no user with that email
    
    ExternalUserPasswordChangeNotAllowedException - in case the user was provided by the primary external user repository
  - unregister
```
public void unregister(PasswordHashFunction hashFunction)
```
    Description copied from interface: UserPasswordManagement
    
    Remove a previously registered password hash function. If the given function is not registered nothing will happen.
    
    Specified by:
    
    unregister in interface UserPasswordManagement
    
    Parameters:
    
    hashFunction - the hash function to remove
  - validatePassword
```
public void validatePassword(String newPassword)
                      throws PasswordValidationException
```
    Description copied from interface: UserPasswordManagement
    
    Validate that a password matches the minimum security requirements to be used in user accounts
    
    Specified by:
    
    validatePassword in interface UserPasswordManagement
    
    Parameters:
    
    newPassword - the password to validate
    
    Throws:
    
    PasswordValidationException - in case the password is not valid

Class UserPasswordManagementImpl

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

UserPasswordManagementImpl

Method Detail

changePassword

changePassword

changePassword

checkAndUpdatePassword

checkPassword

checkPassword

register

requestPasswordChange

unregister

validatePassword