Interface ForgottenLoginManager
- All Known Implementing Classes:
ForgottenLoginManagerImpl
public interface ForgottenLoginManager
Manages functionality related to retrieving forgotten usernames or resetting forgotten passwords.
To reset a user's password, clients of ForgottenLoginManager would do the following:
sendResetLinksends the user a unique link to reset their passwordresetUserCredentialverifies that the reset token given by the user is correct usingisValidResetToken, then resets if the user credentials if the token is valid.
- Since:
- v2.1.0
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptioncreateAndStoreResetToken(long directoryId, String username, String email, int tokenExpirySeconds) Creates anExpirableUserTokenfor a given username in the given directory.getResetLink(ExpirableUserToken resetToken) Returns password reset token for given user.booleanisUserActive(long directoryId, String username) Check if user is activebooleanisValidResetToken(long directoryId, String username, String token) Returnstrueif the password reset token for the user with the specified username and directory ID are valid and not expired.booleanremoveByDirectoryAndUsername(long directoryId, String username) Removes the password reset tokens associated to a username in a directory.voidresetUserCredential(long directoryId, String username, PasswordCredential credential, String token) Resets the user credentials and invalidates the token.voidsendResetLink(long directoryId, String username, int tokenExpirySeconds) Sends a reset link to the user with specified username and directory ID.voidsendResetLink(Application application, String username, int tokenExpirySeconds) Sends a reset link to the first user with the matchingusernamefrom all the active directories assigned to the application.booleansendUsernames(Application application, String email) Sends the usernames associated with the given email address.
-
Field Details
-
DEFAULT_TOKEN_EXPIRY
-
-
Method Details
-
sendResetLink
void sendResetLink(Application application, String username, int tokenExpirySeconds) throws UserNotFoundException, InvalidEmailAddressException, ApplicationPermissionException, MailSendException Sends a reset link to the first user with the matchingusernamefrom all the active directories assigned to the application.- Parameters:
application- user is searched inapplication's assigned directoriesusername- username of the user to send the password reset linktokenExpirySeconds- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS- Throws:
UserNotFoundException- if no user with the supplied username existsInvalidEmailAddressException- if the user does not have a valid email address to send the password reset email toApplicationPermissionException- if the application does not have permission to modify the userIllegalArgumentException- if tokenExpirySeconds is less than 0MailSendException
-
sendUsernames
Sends the usernames associated with the given email address. No email will be sent if there are no usernames associated with a given
email.The method returns a boolean, which should only ever be passed to authenticated applications to avoid leaking information.
- Parameters:
application- search application's assigned directories for usernames associated with theemailemail- email address of the user- Returns:
trueif any users with that address were found.- Throws:
InvalidEmailAddressException- if theemailis not valid
-
sendResetLink
void sendResetLink(long directoryId, String username, int tokenExpirySeconds) throws DirectoryNotFoundException, UserNotFoundException, InvalidEmailAddressException, OperationFailedException, MailSendException Sends a reset link to the user with specified username and directory ID.Similar to
sendResetLink(Application, String, int)except applying to a directory-specific user.- Parameters:
directoryId- directory ID of the user to modifyusername- username of the user to send the password reset linktokenExpirySeconds- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS- Throws:
DirectoryNotFoundException- if the directory specified bydirectoryIdcould not be foundUserNotFoundException- if the user specified byusernamecould not be foundInvalidEmailAddressException- if the user does not have a valid email address to send the password reset email toIllegalArgumentException- if tokenExpirySeconds is less than 0OperationFailedExceptionMailSendException
-
isValidResetToken
Returnstrueif the password reset token for the user with the specified username and directory ID are valid and not expired. The valid password reset token is created bysendResetLink(com.atlassian.crowd.model.application.Application, java.lang.String, int).- Parameters:
directoryId- directory ID of the user to validateusername- username of the user to verify thetokentoken- password reset token- Returns:
trueif the username and reset token are a valid combination and the reset token has not expired.
-
resetUserCredential
void resetUserCredential(long directoryId, String username, PasswordCredential credential, String token) throws DirectoryNotFoundException, UserNotFoundException, InvalidResetPasswordTokenException, OperationFailedException, InvalidCredentialException, DirectoryPermissionException Resets the user credentials and invalidates the token.- Parameters:
directoryId- directory ID of the userusername- user name of the user to perform a credential resetcredential- new credentialstoken- password reset token- Throws:
DirectoryNotFoundException- if the directory could not be found.UserNotFoundException- if the user could not be found in the given directory.InvalidResetPasswordTokenException- if the reset token is not valid.OperationFailedException- if there was an error performing the operation or instantiating the backend directory.InvalidCredentialException- if the user's credential does not meet the validation requirements for an associated directory.DirectoryPermissionException- if the directory is not allowed to perform the operation
-
createAndStoreResetToken
ExpirableUserToken createAndStoreResetToken(long directoryId, String username, String email, int tokenExpirySeconds) Creates anExpirableUserTokenfor a given username in the given directory. Note: no check is done to verify that the user actually exists in the given directory; if this is not the case, the returned token will be useless.- Parameters:
directoryId- the directory id associated with the userusername- the username of the user to create the token foremail- the email of the user to create the token fortokenExpirySeconds- number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS- Returns:
- The ExpirableUserToken
- Throws:
IllegalArgumentException- if tokenExpirySeconds is less than 0
-
removeByDirectoryAndUsername
Removes the password reset tokens associated to a username in a directory.- Parameters:
directoryId- directory where the user livesusername- username- Returns:
trueif some tokens were removed
-
isUserActive
Check if user is active- Parameters:
directoryId- directory where the user livesusername- username- Returns:
trueif user is active
-
getResetLink
-
getToken
Returns password reset token for given user. For testing purposes only.
-