use of com.liferay.portal.model.PasswordPolicy in project liferay-ide by liferay.
the class UserLocalServiceImpl method updateLockout.
/**
* Updates whether the user is locked out from logging in.
*
* @param user the user
* @param lockout whether the user is locked out
* @return the user
* @throws PortalException if a portal exception occurred
* @throws SystemException if a system exception occurred
*/
@Override
public User updateLockout(User user, boolean lockout) throws PortalException, SystemException {
PasswordPolicy passwordPolicy = user.getPasswordPolicy();
if ((passwordPolicy == null) || !passwordPolicy.isLockout()) {
return user;
}
Date lockoutDate = null;
if (lockout) {
lockoutDate = new Date();
}
user.setLockout(lockout);
user.setLockoutDate(lockoutDate);
if (!lockout) {
user.setLastFailedLoginDate(lockoutDate);
user.setFailedLoginAttempts(0);
}
userPersistence.update(user);
return user;
}
use of com.liferay.portal.model.PasswordPolicy in project liferay-ide by liferay.
the class UserLocalServiceImpl method completeUserRegistration.
/**
* Completes the user's registration by generating a password and sending
* the confirmation email.
*
* @param user the user
* @param serviceContext the service context to be applied. You can specify
* an unencrypted custom password for the user via attribute
* <code>passwordUnencrypted</code>. You automatically generate a
* password for the user by setting attribute
* <code>autoPassword</code> to <code>true</code>. You can send a
* confirmation email to the user by setting attribute
* <code>sendEmail</code> to <code>true</code>.
* @throws PortalException if a portal exception occurred
* @throws SystemException if a system exception occurred
*/
@Override
public void completeUserRegistration(User user, ServiceContext serviceContext) throws PortalException, SystemException {
boolean autoPassword = ParamUtil.getBoolean(serviceContext, "autoPassword");
String password = (String) serviceContext.getAttribute("passwordUnencrypted");
if (autoPassword) {
if (LDAPSettingsUtil.isPasswordPolicyEnabled(user.getCompanyId())) {
if (_log.isWarnEnabled()) {
StringBundler sb = new StringBundler(4);
sb.append("When LDAP password policy is enabled, it is ");
sb.append("possible that portal generated passwords will ");
sb.append("not match the LDAP policy. Using ");
sb.append("RegExpToolkit to generate new password.");
_log.warn(sb.toString());
}
RegExpToolkit regExpToolkit = new RegExpToolkit();
password = regExpToolkit.generate(null);
} else {
PasswordPolicy passwordPolicy = passwordPolicyLocalService.getPasswordPolicy(user.getCompanyId(), user.getOrganizationIds());
password = PwdToolkitUtil.generate(passwordPolicy);
}
serviceContext.setAttribute("passwordUnencrypted", password);
user.setPassword(PasswordEncryptorUtil.encrypt(password));
user.setPasswordUnencrypted(password);
user.setPasswordEncrypted(true);
user.setPasswordModified(true);
user.setPasswordModifiedDate(new Date());
userPersistence.update(user);
user.setPasswordModified(false);
}
if (user.hasCompanyMx()) {
mailService.addUser(user.getCompanyId(), user.getUserId(), password, user.getFirstName(), user.getMiddleName(), user.getLastName(), user.getEmailAddress());
}
boolean sendEmail = ParamUtil.getBoolean(serviceContext, "sendEmail");
if (sendEmail) {
sendEmail(user, password, serviceContext);
}
Company company = companyPersistence.findByPrimaryKey(user.getCompanyId());
if (company.isStrangersVerify()) {
sendEmailAddressVerification(user, user.getEmailAddress(), serviceContext);
}
}
use of com.liferay.portal.model.PasswordPolicy in project liferay-ide by liferay.
the class UserLocalServiceImpl method validate.
protected void validate(long companyId, long userId, boolean autoPassword, String password1, String password2, boolean autoScreenName, String screenName, String emailAddress, String openId, String firstName, String middleName, String lastName, long[] organizationIds) throws PortalException, SystemException {
validateCompanyMaxUsers(companyId);
if (!autoScreenName) {
validateScreenName(companyId, userId, screenName);
}
if (!autoPassword) {
PasswordPolicy passwordPolicy = passwordPolicyLocalService.getDefaultPasswordPolicy(companyId);
PwdToolkitUtil.validate(companyId, 0, password1, password2, passwordPolicy);
}
validateEmailAddress(companyId, emailAddress);
if (Validator.isNotNull(emailAddress)) {
User user = userPersistence.fetchByC_EA(companyId, emailAddress);
if ((user != null) && (user.getUserId() != userId)) {
throw new DuplicateUserEmailAddressException("{userId=" + userId + "}");
}
}
validateOpenId(companyId, userId, openId);
validateFullName(companyId, firstName, middleName, lastName);
if (organizationIds != null) {
for (long organizationId : organizationIds) {
Organization organization = organizationPersistence.fetchByPrimaryKey(organizationId);
if (organization == null) {
throw new NoSuchOrganizationException("{organizationId=" + organizationId + "}");
}
}
}
}
use of com.liferay.portal.model.PasswordPolicy in project liferay-ide by liferay.
the class UserLocalServiceImpl method isPasswordExpiringSoon.
/**
* Returns <code>true</code> if the password policy is configured to warn
* the user that his password is expiring and the remaining time until
* expiration is equal or less than the configured warning time.
*
* @param user the user
* @return <code>true</code> if the user's password is expiring soon;
* <code>false</code> otherwise
* @throws PortalException if the password policy for the user could not be
* found
* @throws SystemException if a system exception occurred
*/
@Override
public boolean isPasswordExpiringSoon(User user) throws PortalException, SystemException {
PasswordPolicy passwordPolicy = user.getPasswordPolicy();
if ((passwordPolicy != null) && passwordPolicy.isExpireable() && (passwordPolicy.getWarningTime() > 0)) {
Date now = new Date();
if (user.getPasswordModifiedDate() == null) {
user.setPasswordModifiedDate(now);
userLocalService.updateUser(user);
}
long timeModified = user.getPasswordModifiedDate().getTime();
long passwordExpiresOn = (passwordPolicy.getMaxAge() * 1000) + timeModified;
long timeStartWarning = passwordExpiresOn - (passwordPolicy.getWarningTime() * 1000);
if (now.getTime() > timeStartWarning) {
return true;
} else {
return false;
}
}
return false;
}
use of com.liferay.portal.model.PasswordPolicy in project liferay-ide by liferay.
the class UserLocalServiceImpl method authenticate.
/**
* Attempts to authenticate the user by their login and password, while
* using the AuthPipeline.
*
* <p>
* Authentication type specifies what <code>login</code> contains.The valid
* values are:
* </p>
*
* <ul>
* <li>
* <code>CompanyConstants.AUTH_TYPE_EA</code> - <code>login</code> is the
* user's email address
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_SN</code> - <code>login</code> is the
* user's screen name
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_ID</code> - <code>login</code> is the
* user's primary key
* </li>
* </ul>
*
* @param companyId the primary key of the user's company
* @param login either the user's email address, screen name, or primary
* key depending on the value of <code>authType</code>
* @param password the user's password
* @param authType the type of authentication to perform
* @param headerMap the header map from the authentication request
* @param parameterMap the parameter map from the authentication request
* @param resultsMap the map of authentication results (may be nil). After
* a succesful authentication the user's primary key will be placed
* under the key <code>userId</code>.
* @return the authentication status. This can be {@link
* com.liferay.portal.security.auth.Authenticator#FAILURE}
* indicating that the user's credentials are invalid, {@link
* com.liferay.portal.security.auth.Authenticator#SUCCESS}
* indicating a successful login, or {@link
* com.liferay.portal.security.auth.Authenticator#DNE} indicating
* that a user with that login does not exist.
* @throws PortalException if <code>login</code> or <code>password</code>
* was <code>null</code>
* @throws SystemException if a system exception occurred
* @see com.liferay.portal.security.auth.AuthPipeline
*/
protected int authenticate(long companyId, String login, String password, String authType, Map<String, String[]> headerMap, Map<String, String[]> parameterMap, Map<String, Object> resultsMap) throws PortalException, SystemException {
if (PropsValues.AUTH_LOGIN_DISABLED) {
return Authenticator.FAILURE;
}
login = StringUtil.toLowerCase(login.trim());
long userId = GetterUtil.getLong(login);
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
if (Validator.isNull(login)) {
throw new UserEmailAddressException();
}
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
if (Validator.isNull(login)) {
throw new UserScreenNameException();
}
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
if (Validator.isNull(login)) {
throw new UserIdException();
}
}
if (Validator.isNull(password)) {
throw new UserPasswordException(UserPasswordException.PASSWORD_INVALID);
}
int authResult = Authenticator.FAILURE;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
authResult = AuthPipeline.authenticateByEmailAddress(PropsKeys.AUTH_PIPELINE_PRE, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
authResult = AuthPipeline.authenticateByScreenName(PropsKeys.AUTH_PIPELINE_PRE, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
authResult = AuthPipeline.authenticateByUserId(PropsKeys.AUTH_PIPELINE_PRE, companyId, userId, password, headerMap, parameterMap);
}
// Get user
User user = null;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
user = fetchUserByEmailAddress(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
user = fetchUserByScreenName(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
user = userPersistence.fetchByPrimaryKey(GetterUtil.getLong(login));
}
if (user == null) {
return Authenticator.DNE;
}
if (user.isDefaultUser()) {
if (_log.isInfoEnabled()) {
_log.info("Authentication is disabled for the default user");
}
return Authenticator.DNE;
} else if (!user.isActive()) {
if (_log.isInfoEnabled()) {
_log.info("Authentication is disabled for inactive user " + user.getUserId());
}
return Authenticator.FAILURE;
}
if (!user.isPasswordEncrypted()) {
user.setPassword(PasswordEncryptorUtil.encrypt(user.getPassword()));
user.setPasswordEncrypted(true);
userPersistence.update(user);
}
// Check password policy to see if the is account locked out or if the
// password is expired
checkLockout(user);
checkPasswordExpired(user);
// Authenticate against the User_ table
boolean skipLiferayCheck = false;
if (authResult == Authenticator.SKIP_LIFERAY_CHECK) {
authResult = Authenticator.SUCCESS;
skipLiferayCheck = true;
} else if ((authResult == Authenticator.SUCCESS) && PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK) {
boolean authenticated = PwdAuthenticator.authenticate(login, password, user.getPassword());
if (authenticated) {
authResult = Authenticator.SUCCESS;
} else {
authResult = Authenticator.FAILURE;
}
}
if (authResult == Authenticator.SUCCESS) {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
authResult = AuthPipeline.authenticateByEmailAddress(PropsKeys.AUTH_PIPELINE_POST, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
authResult = AuthPipeline.authenticateByScreenName(PropsKeys.AUTH_PIPELINE_POST, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
authResult = AuthPipeline.authenticateByUserId(PropsKeys.AUTH_PIPELINE_POST, companyId, userId, password, headerMap, parameterMap);
}
}
if (authResult == Authenticator.SUCCESS) {
if (resultsMap != null) {
resultsMap.put("userId", user.getUserId());
}
if (skipLiferayCheck || !PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK || Validator.isNull(user.getDigest())) {
String digest = user.getDigest(password);
user.setDigest(digest);
userPersistence.update(user);
}
}
if (authResult == Authenticator.FAILURE) {
try {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
AuthPipeline.onFailureByEmailAddress(PropsKeys.AUTH_FAILURE, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
AuthPipeline.onFailureByScreenName(PropsKeys.AUTH_FAILURE, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
AuthPipeline.onFailureByUserId(PropsKeys.AUTH_FAILURE, companyId, userId, headerMap, parameterMap);
}
user = userPersistence.fetchByPrimaryKey(user.getUserId());
if (user == null) {
return Authenticator.DNE;
}
if (!LDAPSettingsUtil.isPasswordPolicyEnabled(user.getCompanyId())) {
PasswordPolicy passwordPolicy = user.getPasswordPolicy();
user = userPersistence.fetchByPrimaryKey(user.getUserId());
int failedLoginAttempts = user.getFailedLoginAttempts();
int maxFailures = passwordPolicy.getMaxFailure();
if ((failedLoginAttempts >= maxFailures) && (maxFailures != 0)) {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
AuthPipeline.onMaxFailuresByEmailAddress(PropsKeys.AUTH_MAX_FAILURES, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
AuthPipeline.onMaxFailuresByScreenName(PropsKeys.AUTH_MAX_FAILURES, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
AuthPipeline.onMaxFailuresByUserId(PropsKeys.AUTH_MAX_FAILURES, companyId, userId, headerMap, parameterMap);
}
}
}
} catch (Exception e) {
_log.error(e, e);
}
}
return authResult;
}
Aggregations