Package com.axelor.auth

Class AuthPasswordResetServiceImpl

java.lang.Object

com.axelor.auth.AuthPasswordResetServiceImpl

All Implemented Interfaces:

AuthPasswordResetService

public class AuthPasswordResetServiceImpl
extends Object
implements AuthPasswordResetService

Service for password reset.

Field Summary

Fields

Modifier and Type	Field	Description
protected boolean	enabled
protected static org.slf4j.Logger	logger
protected Provider<MailService>	mailService
protected static AppSettings	settings
protected Provider<PasswordResetTokenRepository>	tokenRepository
protected Provider<UserRepository>	userRepository

Constructor Summary

Constructors

Constructor	Description
AuthPasswordResetServiceImpl(Provider<MailService> mailService, Provider<UserRepository> userRepository, Provider<PasswordResetTokenRepository> tokenRepository)

Method Summary

Modifier and Type	Method	Description
void	changePassword(String token, String password)	Changes the user password and marks the token as consumed.
void	checkToken(String token)	Checks whether the token is valid.
protected boolean	computeEnabled()
protected void	consumeTokens(User user)	Consumes existing password reset tokens for the given user.
protected String	createResetUrl(User user)	Creates a password reset URL.
protected String	createToken(User user)	Creates a password reset token.
protected String	getBaseUrl()
protected String	getBaseUrl(boolean trimSlash)	Gets the base URL of the application.
protected String	getEmailBody(User user, String resetUrl)	Gets the body of the password reset email.
protected String	getEmailSubject(User user)	Gets the subject of the password reset email.
protected javax.servlet.http.HttpServletRequest	getHttpRequest()
protected static int	getMaxAgeHours()	Gets the maximum age of a password reset token in hours.
protected String	getMessage(String key)
protected String	getTenantBaseUrl(String tenantId)
protected PasswordResetToken	getValidToken(String token)	Gets a password reset token record if it is valid.
protected String	hash(String token)
boolean	isEnabled()	Checks whether password reset service is enabled.
protected void	sendEmail(User user)	Sends a password reset email to the given user.
void	submitForgotPassword(String emailAddress)	Submits forgot password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

mailService

protected final Provider<MailService> mailService

userRepository

protected final Provider<UserRepository> userRepository

tokenRepository

protected final Provider<PasswordResetTokenRepository> tokenRepository

enabled

protected final boolean enabled

settings

protected static final AppSettings settings

logger

protected static final org.slf4j.Logger logger

Constructor Detail

AuthPasswordResetServiceImpl

@Inject
public AuthPasswordResetServiceImpl(Provider<MailService> mailService,
                                    Provider<UserRepository> userRepository,
                                    Provider<PasswordResetTokenRepository> tokenRepository)

Method Detail

isEnabled

public boolean isEnabled()

Description copied from interface: AuthPasswordResetService

Checks whether password reset service is enabled.

Specified by:

isEnabled in interface AuthPasswordResetService

Returns:

true if enabled

computeEnabled

protected boolean computeEnabled()

submitForgotPassword

public void submitForgotPassword(String emailAddress)
                          throws MailException

Description copied from interface: AuthPasswordResetService

Submits forgot password.

Consumes existing password reset tokens for user and sends a password reset email.

Specified by:

submitForgotPassword in interface AuthPasswordResetService

Parameters:

emailAddress - the email address of the user

Throws:

MailException - on email sending failure

checkToken

public void checkToken(String token)

Description copied from interface: AuthPasswordResetService

Checks whether the token is valid.

Specified by:

checkToken in interface AuthPasswordResetService

Parameters:

token - the password reset token

changePassword

public void changePassword(String token,
                           String password)

Description copied from interface: AuthPasswordResetService

Changes the user password and marks the token as consumed.

Specified by:

changePassword in interface AuthPasswordResetService

Parameters:

token - the password reset token

password - the new password

consumeTokens

protected void consumeTokens(User user)

Consumes existing password reset tokens for the given user.

Parameters:

user - the user whose password needs to be reset

sendEmail

protected void sendEmail(User user)
                  throws MailException

Sends a password reset email to the given user.

Parameters:

user - the user whose password needs to be reset

Throws:

MailException

getEmailSubject

protected String getEmailSubject(User user)

Gets the subject of the password reset email.

Parameters:

user - the user whose password needs to be reset

Returns:

the subject of the email

getEmailBody

protected String getEmailBody(User user,
                              String resetUrl)

Gets the body of the password reset email.

Parameters:

user - the user whose password needs to be reset

resetUrl - the password reset URL

Returns:

the body of the email

getMessage

protected String getMessage(String key)

createResetUrl

protected String createResetUrl(User user)

Creates a password reset URL.

Parameters:

user - the user whose password needs to be reset

Returns:

the password reset URL

createToken

protected String createToken(User user)

Creates a password reset token.

Parameters:

user - the user whose password needs to be reset

Returns:

the password reset token

Throws:

IllegalStateException - if the user is not active

getValidToken

protected PasswordResetToken getValidToken(String token)

Gets a password reset token record if it is valid.

Checks whether it exists, not archived, not consumed, not expired, and user is active.

Parameters:

token - the password reset token

Returns:

the password reset token record

Throws:

IllegalArgumentException - if the token is invalid

getMaxAgeHours

protected static int getMaxAgeHours()

Gets the maximum age of a password reset token in hours.

Returns:

the maximum age in hours

getBaseUrl

protected String getBaseUrl(boolean trimSlash)

Gets the base URL of the application.

We cannot trust request host header because of host header injection attacks. We use either `application.base-url` or current tenant `hosts` configuration.

Returns:

the base URL

getBaseUrl

protected String getBaseUrl()

getTenantBaseUrl

@Nullable
protected String getTenantBaseUrl(String tenantId)

getHttpRequest

protected javax.servlet.http.HttpServletRequest getHttpRequest()

hash

protected String hash(String token)