@Transactional public class ForgottenLoginManagerImpl extends Object implements ForgottenLoginManager
DEFAULT_TOKEN_EXPIRY_SECONDS
Constructor and Description |
---|
ForgottenLoginManagerImpl(ApplicationService applicationService,
DirectoryManager directoryManager,
PermissionManager permissionManager,
ExpirableUserTokenDao expirableUserTokenDao,
com.atlassian.security.random.SecureTokenGenerator tokenGenerator,
com.atlassian.event.api.EventPublisher eventPublisher,
com.atlassian.sal.api.ApplicationProperties applicationProperties,
Clock clock) |
Modifier and Type | Method and Description |
---|---|
ExpirableUserToken |
createAndStoreResetToken(long directoryId,
String username,
String email,
int tokenExpirySeconds)
Creates an
ExpirableUserToken for a given username in the given directory. |
Optional<ExpirableUserToken> |
getToken(long directoryId,
String username)
Returns password reset token for given user.
|
boolean |
isUserActive(long directoryId,
String username)
Check if user is active
|
boolean |
isValidResetToken(long directoryId,
String username,
String token)
Returns true if the password reset token for the user with the specified username and directory ID are
valid and not expired.
|
boolean |
removeByDirectoryAndUsername(long directoryId,
String username)
Removes the password reset tokens associated to a username in a directory.
|
void |
resetUserCredential(long directoryId,
String username,
PasswordCredential credential,
String token)
Resets the user credentials and invalidates the token.
|
void |
sendResetLink(Application application,
String username,
int tokenExpirySeconds)
Sends a reset link to the first user with the matching username from all the active directories assigned
to the application.
|
void |
sendResetLink(long directoryId,
String username,
int tokenExpirySeconds)
Sends a reset link to the user with specified username and directory ID.
|
boolean |
sendUsernames(Application application,
String email)
Sends the usernames associated with the given email address.
|
public ForgottenLoginManagerImpl(ApplicationService applicationService, DirectoryManager directoryManager, PermissionManager permissionManager, ExpirableUserTokenDao expirableUserTokenDao, com.atlassian.security.random.SecureTokenGenerator tokenGenerator, com.atlassian.event.api.EventPublisher eventPublisher, com.atlassian.sal.api.ApplicationProperties applicationProperties, Clock clock)
public void sendResetLink(Application application, String username, int tokenExpirySeconds) throws UserNotFoundException, InvalidEmailAddressException, ApplicationPermissionException
ForgottenLoginManager
sendResetLink
in interface ForgottenLoginManager
application
- user is searched in application's assigned directoriesusername
- username of the user to send the password reset linktokenExpirySeconds
- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDSUserNotFoundException
- if no user with the supplied username existsInvalidEmailAddressException
- if the user does not have a valid email address to send the password reset email toApplicationPermissionException
- if the application does not have permission to modify the userpublic boolean sendUsernames(Application application, String email) throws InvalidEmailAddressException
ForgottenLoginManager
Sends the usernames associated with the given email address. No email will be sent if there are no usernames
associated with a given email
.
The method returns a boolean, which should only ever be passed to authenticated applications to avoid leaking information.
sendUsernames
in interface ForgottenLoginManager
application
- search application's assigned directories for usernames associated with the email
email
- email address of the usertrue
if any users with that address were found.InvalidEmailAddressException
- if the email
is not validpublic void sendResetLink(long directoryId, String username, int tokenExpirySeconds) throws DirectoryNotFoundException, InvalidEmailAddressException, UserNotFoundException, OperationFailedException
ForgottenLoginManager
Similar to ForgottenLoginManager.sendResetLink(Application, String, int)
except applying to a directory-specific
user.
sendResetLink
in interface ForgottenLoginManager
directoryId
- directory ID of the user to modifyusername
- username of the user to send the password reset linktokenExpirySeconds
- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDSDirectoryNotFoundException
- if the directory specified by directoryId could not be foundInvalidEmailAddressException
- if the user does not have a valid email address to send the password reset email toUserNotFoundException
- if the user specified by username could not be foundOperationFailedException
public boolean isValidResetToken(long directoryId, String username, String token)
ForgottenLoginManager
ForgottenLoginManager.sendResetLink(com.atlassian.crowd.model.application.Application, java.lang.String, int)
.isValidResetToken
in interface ForgottenLoginManager
directoryId
- directory ID of the user to validateusername
- username of the user to verify the tokentoken
- password reset tokenpublic void resetUserCredential(long directoryId, String username, PasswordCredential credential, String token) throws DirectoryNotFoundException, UserNotFoundException, InvalidResetPasswordTokenException, OperationFailedException, InvalidCredentialException, DirectoryPermissionException
ForgottenLoginManager
resetUserCredential
in interface ForgottenLoginManager
directoryId
- directory ID of the userusername
- user name of the user to perform a credential resetcredential
- new credentialstoken
- password reset tokenDirectoryNotFoundException
- if the directory could not be found.UserNotFoundException
- if the user could not be found in the given directory.InvalidResetPasswordTokenException
- if the reset token is not valid.OperationFailedException
- if there was an error performing the operation or instantiating the backend directory.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.DirectoryPermissionException
- if the directory is not allowed to perform the operationpublic ExpirableUserToken createAndStoreResetToken(long directoryId, String username, String email, int tokenExpirySeconds)
ForgottenLoginManager
ExpirableUserToken
for a given username in the given directory.
Note: no check is done to verify that the user actually exists in the given directory;
if this is not the case, the returned token will be useless.createAndStoreResetToken
in interface ForgottenLoginManager
directoryId
- the directory id associated with the userusername
- the username of the user to create the token foremail
- the email of the user to create the token fortokenExpirySeconds
- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDSpublic boolean removeByDirectoryAndUsername(long directoryId, String username)
ForgottenLoginManager
removeByDirectoryAndUsername
in interface ForgottenLoginManager
directoryId
- directory where the user livesusername
- usernamepublic boolean isUserActive(long directoryId, String username)
ForgottenLoginManager
isUserActive
in interface ForgottenLoginManager
directoryId
- directory where the user livesusername
- usernamepublic Optional<ExpirableUserToken> getToken(long directoryId, String username)
ForgottenLoginManager
getToken
in interface ForgottenLoginManager
Copyright © 2020 Atlassian. All rights reserved.