uk.ac.ed.epcc.webapp.session

Class DatabasePasswordComposite<T extends AppUser>

java.lang.Object

uk.ac.ed.epcc.webapp.model.data.Composite<AU,X>

uk.ac.ed.epcc.webapp.session.AppUserComposite<T,PasswordAuthComposite<T>>

uk.ac.ed.epcc.webapp.session.PasswordAuthComposite<T>

uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite<T>

Type Parameters:

T -

All Implemented Interfaces:

Contexed, AnonymisingComposite<T>, TableStructureContributer<T>, AppUserTransitionContributor, NewSignupAction<T>, RequiredPageProvider<T>

public class DatabasePasswordComposite<T extends AppUser>
extends PasswordAuthComposite<T>
implements AnonymisingComposite<T>

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	DatabasePasswordComposite.AcceptHashFilter An AcceptFilter that selects records that match a password.
class	DatabasePasswordComposite.Handler A handler class for any database fields specific to the composite.
protected static class	DatabasePasswordComposite.PasswordStatus
class	DatabasePasswordComposite.SQLHashFilter Filter to select from a hashed (possibly salted) string.

Nested classes/interfaces inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

PasswordAuthComposite.PasswordResetRequiredPage, PasswordAuthComposite.UpdatePasswordTransition

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALG
static Feature	CHANGE_OLD_HASH
static uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value	FIRST
static int	GENERATED_PASSWORD_LENGTH Number of characters generated randomly for initial passwords If ('a'-'z') + ('A'-'Z') + ('0'-'9') = 62 ~= 64 ~= 6 bits, 16 characters gives nearly 96 bits
static uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value	INVALID
protected static Feature	JAVA_HASH
static Feature	LOG_RANDOM_PASSWORD
static Feature	NON_RANDOM_PASSWORD
static Feature	NOTIFY_PASSWORD_LOCK
static java.lang.String	PASSWORD
static java.lang.String	PASSWORD_CHANGED
static java.lang.String	PASSWORD_FAILS
static java.lang.String	SALT
protected static Feature	SALT_FIRST_FEATURE
static uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value	VALID

Fields inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

CHANGE_PASSWORD, USER_CHANGE_PASSWORD_FEATURE

Fields inherited from class uk.ac.ed.epcc.webapp.model.data.Composite

fac

Constructor Summary

Constructors

Constructor and Description
DatabasePasswordComposite(AppUserFactory<T> fac)

Method Summary

Modifier and Type	Method and Description
java.util.Map<java.lang.String,java.lang.Object>	addDefaults(java.util.Map<java.lang.String,java.lang.Object> h) Generate a set of default property values.
java.util.Set<java.lang.String>	addSuppress(java.util.Set<java.lang.String> supress) generate the class specific set of suppressed fields to be used in form creation/update The individual forms can override these so you usually use this method to define fields that should be suppressed in all forms.
void	anonymise(T target)
boolean	canResetPassword(T user) Is it legal to reset the password for the current user.
boolean	checkPassword(T u, java.lang.String password) Check if a string matches this persons password.
boolean	doWelcome(T person) Should we show a welcome page for new users.
T	findByLoginNamePassword(java.lang.String email, java.lang.String password) Check a supplied user-name and password.
T	findByLoginNamePassword(java.lang.String email, java.lang.String password, boolean check_fail_count) Check a supplied user-name and password.
java.lang.String	firstPassword(T user) set the initial randomised password for the user
DatabasePasswordComposite.Handler	getHandler(T user)
java.lang.String	getLoginNameLabel() The label for the LoginName input in the login form.
protected BaseFilter<T>	getPasswordFilter(java.lang.String password) return filer that matches all entries with the specified password
void	lockPassword(T user) lock the account so no password works.
TableSpecification	modifyDefaultTableSpecification(TableSpecification s, java.lang.String table) Modify the TableSpecification of the target factory.
boolean	mustResetPassword(T user) Is the user required to change their password
void	newPassword(T user) Set a new randomised password for the user and send a notification email
java.lang.String	nonRandomString(int length)
java.lang.String	randomisePassword(T user) set a new randomised password for the user
java.lang.String	reasonForReset(T user) Text explanation of why PasswordAuthComposite.mustResetPassword(AppUser) returned true.
void	setPassword(Hash h, T user, java.lang.String password)
void	setPassword(T user, java.lang.String password) Change the password for a user
boolean	useSalt()

Methods inherited from class uk.ac.ed.epcc.webapp.session.PasswordAuthComposite

getRequiredPages, getTransitions, getType, newSignup

Methods inherited from class uk.ac.ed.epcc.webapp.model.data.Composite

addFieldHelp, addOptional, addSelectors, addTranslations, customiseForm, customiseUpdateForm, getContext, getFactory, getLogger, getRecord, getRepository, postUpdate, preRegister, release, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface uk.ac.ed.epcc.webapp.model.AnonymisingComposite

addEraseFields

Methods inherited from interface uk.ac.ed.epcc.webapp.model.data.TableStructureContributer

addFieldConstraints, addFormFields

Field Detail

JAVA_HASH

protected static final Feature JAVA_HASH

SALT_FIRST_FEATURE

protected static final Feature SALT_FIRST_FEATURE

NON_RANDOM_PASSWORD

public static final Feature NON_RANDOM_PASSWORD

LOG_RANDOM_PASSWORD

public static final Feature LOG_RANDOM_PASSWORD

NOTIFY_PASSWORD_LOCK

public static final Feature NOTIFY_PASSWORD_LOCK

CHANGE_OLD_HASH

public static final Feature CHANGE_OLD_HASH

SALT

public static final java.lang.String SALT

See Also:

Constant Field Values

ALG

public static final java.lang.String ALG

See Also:

Constant Field Values

PASSWORD

public static final java.lang.String PASSWORD

See Also:

Constant Field Values

PASSWORD_FAILS

public static final java.lang.String PASSWORD_FAILS

See Also:

Constant Field Values

PASSWORD_CHANGED

public static final java.lang.String PASSWORD_CHANGED

See Also:

Constant Field Values

GENERATED_PASSWORD_LENGTH

public static final int GENERATED_PASSWORD_LENGTH

Number of characters generated randomly for initial passwords If ('a'-'z') + ('A'-'Z') + ('0'-'9') = 62 ~= 64 ~= 6 bits, 16 characters gives nearly 96 bits

See Also:

Constant Field Values

VALID

public static final uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value VALID

INVALID

public static final uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value INVALID

FIRST

public static final uk.ac.ed.epcc.webapp.session.DatabasePasswordComposite.PasswordStatus.Value FIRST

Constructor Detail

DatabasePasswordComposite

public DatabasePasswordComposite(AppUserFactory<T> fac)

Parameters:

fac -

Method Detail

getPasswordFilter

protected BaseFilter<T> getPasswordFilter(java.lang.String password)
                                   throws DataFault

return filer that matches all entries with the specified password

Parameters:

password -

Returns:

Throws:

DataFault

useSalt

public boolean useSalt()

getLoginNameLabel

public java.lang.String getLoginNameLabel()

The label for the LoginName input in the login form.

Returns:

String label

getHandler

public DatabasePasswordComposite.Handler getHandler(T user)

addDefaults

public java.util.Map<java.lang.String,java.lang.Object> addDefaults(java.util.Map<java.lang.String,java.lang.Object> h)

Description copied from interface: TableStructureContributer

Generate a set of default property values. override this in sub-classes to give defaults when creating objects.

Specified by:

addDefaults in interface TableStructureContributer<T extends AppUser>

Overrides:

addDefaults in class Composite<T extends AppUser,PasswordAuthComposite<T extends AppUser>>

Returns:

Map of default values

nonRandomString

public java.lang.String nonRandomString(int length)

addSuppress

public java.util.Set<java.lang.String> addSuppress(java.util.Set<java.lang.String> supress)

Description copied from interface: TableStructureContributer

generate the class specific set of suppressed fields to be used in form creation/update The individual forms can override these so you usually use this method to define fields that should be suppressed in all forms.

Specified by:

addSuppress in interface TableStructureContributer<T extends AppUser>

Overrides:

addSuppress in class Composite<T extends AppUser,PasswordAuthComposite<T extends AppUser>>

Returns:

Set of fields to suppress in forms.

modifyDefaultTableSpecification

public TableSpecification modifyDefaultTableSpecification(TableSpecification s,
                                                          java.lang.String table)

Description copied from interface: TableStructureContributer

Modify the TableSpecification of the target factory.

Specified by:

modifyDefaultTableSpecification in interface TableStructureContributer<T extends AppUser>

Overrides:

modifyDefaultTableSpecification in class Composite<T extends AppUser,PasswordAuthComposite<T extends AppUser>>

Returns:

checkPassword

public boolean checkPassword(T u,
                             java.lang.String password)

Check if a string matches this persons password.

Specified by:

checkPassword in class PasswordAuthComposite<T extends AppUser>

Parameters:

u - AppUser to check

password - unencrypted password to check.

Returns:

true if password matches.

findByLoginNamePassword

public final T findByLoginNamePassword(java.lang.String email,
                                       java.lang.String password)
                                throws DataException

Description copied from class: PasswordAuthComposite

Check a supplied user-name and password. return the person if it matches. If the table is tracking an external authentication system this could create the person on first use.

Specified by:

findByLoginNamePassword in class PasswordAuthComposite<T extends AppUser>

Returns:

user

Throws:

DataException

findByLoginNamePassword

public T findByLoginNamePassword(java.lang.String email,
                                 java.lang.String password,
                                 boolean check_fail_count)
                          throws DataException

Description copied from class: PasswordAuthComposite

Check a supplied user-name and password. return the person if it matches. If the table is tracking an external authentication system this could create the person on first use.

Specified by:

findByLoginNamePassword in class PasswordAuthComposite<T extends AppUser>

check_fail_count - set to false to ignore failed logins.

Returns:

user

Throws:

DataException

canResetPassword

public boolean canResetPassword(T user)

Description copied from class: PasswordAuthComposite

Is it legal to reset the password for the current user. This can either reflect that password changes are not possible or that the user is in state where it is not legal to reset the password.

Specified by:

canResetPassword in class PasswordAuthComposite<T extends AppUser>

Parameters:

user - or null for general test

Returns:

boolean

setPassword

public void setPassword(T user,
                        java.lang.String password)
                 throws DataFault

Description copied from class: PasswordAuthComposite

Change the password for a user

Specified by:

setPassword in class PasswordAuthComposite<T extends AppUser>

password - clear-text password

Throws:

DataFault

setPassword

public void setPassword(Hash h,
                        T user,
                        java.lang.String password)
                 throws DataFault

Throws:

DataFault

newPassword

public void newPassword(T user)
                 throws java.lang.Exception

Description copied from class: PasswordAuthComposite

Set a new randomised password for the user and send a notification email

Specified by:

newPassword in class PasswordAuthComposite<T extends AppUser>

Throws:

java.lang.Exception

randomisePassword

public java.lang.String randomisePassword(T user)
                                   throws DataFault

Description copied from class: PasswordAuthComposite

set a new randomised password for the user

Specified by:

randomisePassword in class PasswordAuthComposite<T extends AppUser>

Returns:

plain-text of new password

Throws:

DataFault

firstPassword

public java.lang.String firstPassword(T user)
                               throws DataFault

Description copied from class: PasswordAuthComposite

set the initial randomised password for the user

Specified by:

firstPassword in class PasswordAuthComposite<T extends AppUser>

Returns:

plain-text of new password

Throws:

DataFault

lockPassword

public void lockPassword(T user)

Description copied from class: PasswordAuthComposite

lock the account so no password works.

Specified by:

lockPassword in class PasswordAuthComposite<T extends AppUser>

doWelcome

public boolean doWelcome(T person)

Description copied from class: PasswordAuthComposite

Should we show a welcome page for new users. Normally this is because the password is recorded as being an initial password.

Overrides:

doWelcome in class PasswordAuthComposite<T extends AppUser>

Returns:

mustResetPassword

public boolean mustResetPassword(T user)

Description copied from class: PasswordAuthComposite

Is the user required to change their password

Specified by:

mustResetPassword in class PasswordAuthComposite<T extends AppUser>

Returns:

boolean

reasonForReset

public java.lang.String reasonForReset(T user)

Description copied from class: PasswordAuthComposite

Text explanation of why PasswordAuthComposite.mustResetPassword(AppUser) returned true.

Specified by:

reasonForReset in class PasswordAuthComposite<T extends AppUser>

Returns:

anonymise

public void anonymise(T target)

Specified by:

anonymise in interface AnonymisingComposite<T extends AppUser>