public class

PasswordResource

extends Object
java.lang.Object
   ↳ com.atlassian.jira.rest.v2.password.PasswordResource

Class Overview

REST resource for operations related to passwords and the password policy.

Summary

Public Constructors
PasswordResource(PasswordPolicyManager passwordPolicyManager, UserManager userManager)
Public Methods
Response getPasswordPolicy(boolean hasOldPassword)
Returns user-friendly statements governing the system's password policy.
Response policyCheckCreateUser(PasswordPolicyCreateUserBean bean)
Returns user-friendly explanations of why the password policy would disallow a proposed user from being created.
Response policyCheckUpdateUser(PasswordPolicyUpdateUserBean bean)
Returns user-friendly explanations of why the password policy would disallow an existing user's password from being updated.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public PasswordResource (PasswordPolicyManager passwordPolicyManager, UserManager userManager)

Public Methods

public Response getPasswordPolicy (boolean hasOldPassword)

Returns user-friendly statements governing the system's password policy.

Parameters
hasOldPassword whether or not the user will be required to enter their current password. Use false (the default) if this is a new user or if an administrator is forcibly changing another user's password.
Returns
  • a response containing a JSON array of the user-facing messages. If no policy is set, then this will be an empty list.

public Response policyCheckCreateUser (PasswordPolicyCreateUserBean bean)

Returns user-friendly explanations of why the password policy would disallow a proposed user from being created.

This is a "dry run" of the password policy validation that would be performed by the various user creation methods in UserService. The intended use is for a user interface to verify the password on the fly as the user enters it (or upon moving to another input field or delaying for some time period, and so on). At the very least, the username and password must be non-empty to run these validations. Note that this validation is only for the password policy itself; other validations, such as whether or not a user with the same name already exists, are not checked by this request.

Parameters
bean a representation of the intended parameters for the user that would be created.
Returns
  • a response containing a JSON array of the user-facing messages. If no policy is set, then this will be an empty list.

public Response policyCheckUpdateUser (PasswordPolicyUpdateUserBean bean)

Returns user-friendly explanations of why the password policy would disallow an existing user's password from being updated.

This is a "dry run" of the password policy validation that would be performed by the various ways to update a user's password, such as the ChangePassword and ResetPassword web actions. The intended use is for a user interface to verify the password on the fly as the user enters it (or upon moving to another input field or delaying for some time period, and so on). At the very least, the username and new password must be non-empty to run these validations, and the user must actually exist. Note that this validation is only for the password policy itself; other validations that would be performed upon submitting the request are not checked by this request. In particular, the old password (if specified) is deliberately not verified by this request, as doing so could cause security problems.

Parameters
bean a representation of the intended parameters for the update that would be performed
Returns
  • a response containing a JSON array of the user-facing messages. If no policy is set, then this will be an empty list.