Package com.atlassian.crowd.manager.login

Class ForgottenLoginManagerImpl

java.lang.Object

com.atlassian.crowd.manager.login.ForgottenLoginManagerImpl

All Implemented Interfaces:

ForgottenLoginManager

@Transactional
public class ForgottenLoginManagerImpl
extends Object
implements ForgottenLoginManager

Field Summary

Fields inherited from interface com.atlassian.crowd.manager.login.ForgottenLoginManager

DEFAULT_TOKEN_EXPIRY

Constructor Summary

Constructors

Constructor

Description

ForgottenLoginManagerImpl(ApplicationService applicationService, DirectoryManager directoryManager, PermissionManager permissionManager, ExpirableUserTokenDao expirableUserTokenDao, com.atlassian.security.random.SecureTokenGenerator tokenGenerator, com.atlassian.event.api.EventPublisher eventPublisher, com.atlassian.sal.api.ApplicationProperties applicationProperties, ForgottenLoginMailer forgottenLoginMailer, Clock clock)

Method Summary

Modifier and Type	Method	Description
ExpirableUserToken	createAndStoreResetToken(long directoryId, String username, String email, int tokenExpirySeconds)	Creates an ExpirableUserToken for a given username in the given directory.
String	getResetLink(ExpirableUserToken resetToken)
Optional<ExpirableUserToken>	getToken(long directoryId, String username)	Returns password reset token for given user.
boolean	isUserActive(long directoryId, String username)	Check if user is active
boolean	isValidResetToken(long directoryId, String username, String token)	Returns true if the password reset token for the user with the specified username and directory ID are valid and not expired.
boolean	removeByDirectoryAndUsername(long directoryId, String username)	Removes the password reset tokens associated to a username in a directory.
void	resetUserCredential(long directoryId, String username, PasswordCredential credential, String token)	Resets the user credentials and invalidates the token.
void	sendResetLink(long directoryId, String username, int tokenExpirySeconds)	Sends a reset link to the user with specified username and directory ID.
void	sendResetLink(Application application, String username, int tokenExpirySeconds)	Sends a reset link to the first user with the matching username from all the active directories assigned to the application.
boolean	sendUsernames(Application application, String email)	Sends the usernames associated with the given email address.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ForgottenLoginManagerImpl

public ForgottenLoginManagerImpl(ApplicationService applicationService,
 DirectoryManager directoryManager,
 PermissionManager permissionManager,
 ExpirableUserTokenDao expirableUserTokenDao,
 com.atlassian.security.random.SecureTokenGenerator tokenGenerator,
 com.atlassian.event.api.EventPublisher eventPublisher,
 com.atlassian.sal.api.ApplicationProperties applicationProperties,
 ForgottenLoginMailer forgottenLoginMailer,
 Clock clock)

Method Details

sendResetLink

public void sendResetLink(Application application,
 String username,
 int tokenExpirySeconds)
                   throws UserNotFoundException,
InvalidEmailAddressException,
ApplicationPermissionException,
MailSendException

Description copied from interface: ForgottenLoginManager

Sends a reset link to the first user with the matching username from all the active directories assigned to the application.

Specified by:

sendResetLink in interface ForgottenLoginManager

Parameters:

application - user is searched in application's assigned directories

username - username of the user to send the password reset link

tokenExpirySeconds - number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS

Throws:

UserNotFoundException - if no user with the supplied username exists

InvalidEmailAddressException - if the user does not have a valid email address to send the password reset email to

ApplicationPermissionException - if the application does not have permission to modify the user

MailSendException

sendUsernames

public boolean sendUsernames(Application application,
 String email)
                      throws InvalidEmailAddressException

Description copied from interface: ForgottenLoginManager

Sends the usernames associated with the given email address. No email will be sent if there are no usernames associated with a given email.

The method returns a boolean, which should only ever be passed to authenticated applications to avoid leaking information.

Specified by:

sendUsernames in interface ForgottenLoginManager

Parameters:

application - search application's assigned directories for usernames associated with the email

email - email address of the user

Returns:

true if any users with that address were found.

Throws:

InvalidEmailAddressException - if the email is not valid

sendResetLink

public void sendResetLink(long directoryId,
 String username,
 int tokenExpirySeconds)
                   throws DirectoryNotFoundException,
InvalidEmailAddressException,
UserNotFoundException,
OperationFailedException,
MailSendException

Description copied from interface: ForgottenLoginManager

Sends a reset link to the user with specified username and directory ID.

Similar to ForgottenLoginManager.sendResetLink(Application, String, int) except applying to a directory-specific user.

Specified by:

sendResetLink in interface ForgottenLoginManager

Parameters:

directoryId - directory ID of the user to modify

username - username of the user to send the password reset link

tokenExpirySeconds - number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS

Throws:

DirectoryNotFoundException - if the directory specified by directoryId could not be found

InvalidEmailAddressException - if the user does not have a valid email address to send the password reset email to

UserNotFoundException - if the user specified by username could not be found

OperationFailedException

MailSendException

isValidResetToken

public boolean isValidResetToken(long directoryId,
 String username,
 String token)

Description copied from interface: ForgottenLoginManager

Returns true if the password reset token for the user with the specified username and directory ID are valid and not expired. The valid password reset token is created by ForgottenLoginManager.sendResetLink(com.atlassian.crowd.model.application.Application, java.lang.String, int).

Specified by:

isValidResetToken in interface ForgottenLoginManager

Parameters:

directoryId - directory ID of the user to validate

username - username of the user to verify the token

token - password reset token

Returns:

true if the username and reset token are a valid combination and the reset token has not expired.

getResetLink

public String getResetLink(ExpirableUserToken resetToken)

Specified by:

getResetLink in interface ForgottenLoginManager

getToken

public Optional<ExpirableUserToken> getToken(long directoryId,
 String username)

Description copied from interface: ForgottenLoginManager

Returns password reset token for given user. For testing purposes only.

Specified by:

getToken in interface ForgottenLoginManager

createAndStoreResetToken

public ExpirableUserToken createAndStoreResetToken(long directoryId,
 String username,
 String email,
 int tokenExpirySeconds)

Description copied from interface: ForgottenLoginManager

Creates an ExpirableUserToken for a given username in the given directory. Note: no check is done to verify that the user actually exists in the given directory; if this is not the case, the returned token will be useless.

Specified by:

createAndStoreResetToken in interface ForgottenLoginManager

Parameters:

directoryId - the directory id associated with the user

username - the username of the user to create the token for

email - the email of the user to create the token for

tokenExpirySeconds - number of seconds before generated token expires, or DEFAULT_TOKEN_EXPIRY_SECONDS

Returns:

The ExpirableUserToken

removeByDirectoryAndUsername

public boolean removeByDirectoryAndUsername(long directoryId,
 String username)

Description copied from interface: ForgottenLoginManager

Removes the password reset tokens associated to a username in a directory.

Specified by:

removeByDirectoryAndUsername in interface ForgottenLoginManager

Parameters:

directoryId - directory where the user lives

username - username

Returns:

true if some tokens were removed

isUserActive

public boolean isUserActive(long directoryId,
 String username)

Description copied from interface: ForgottenLoginManager

Check if user is active

Specified by:

isUserActive in interface ForgottenLoginManager

Parameters:

directoryId - directory where the user lives

username - username

Returns:

true if user is active

resetUserCredential

public void resetUserCredential(long directoryId,
 String username,
 PasswordCredential credential,
 String token)
                         throws DirectoryNotFoundException,
UserNotFoundException,
InvalidResetPasswordTokenException,
OperationFailedException,
InvalidCredentialException,
DirectoryPermissionException

Description copied from interface: ForgottenLoginManager

Resets the user credentials and invalidates the token.

Specified by:

resetUserCredential in interface ForgottenLoginManager

Parameters:

directoryId - directory ID of the user

username - user name of the user to perform a credential reset

credential - new credentials

token - password reset token

Throws:

DirectoryNotFoundException - if the directory could not be found.

UserNotFoundException - if the user could not be found in the given directory.

InvalidResetPasswordTokenException - if the reset token is not valid.

OperationFailedException - if there was an error performing the operation or instantiating the backend directory.

InvalidCredentialException - if the user's credential does not meet the validation requirements for an associated directory.

DirectoryPermissionException - if the directory is not allowed to perform the operation