Package com.axelor.auth

Class AuthPasswordResetServiceImpl

java.lang.Object
com.axelor.auth.AuthPasswordResetServiceImpl
All Implemented Interfaces:
AuthPasswordResetService
public class AuthPasswordResetServiceImpl extends Object implements AuthPasswordResetService
Service for password reset.

  • Field Details

  • Constructor Details

  • Method Details

    • isEnabled

      public boolean isEnabled()
      Description copied from interface: AuthPasswordResetService
      Checks whether password reset service is enabled.
      Specified by:
      isEnabled in interface AuthPasswordResetService
      Returns:
      true if enabled

    • computeEnabled

      protected boolean computeEnabled()

    • submitForgotPassword

      public void submitForgotPassword(String emailAddress) throws MailException
      Description copied from interface: AuthPasswordResetService
      Submits forgot password.

      Consumes existing password reset tokens for user and sends a password reset email.

      Specified by:
      submitForgotPassword in interface AuthPasswordResetService
      Parameters:
      emailAddress - the email address of the user
      Throws:
      MailException - on email sending failure

    • checkToken

      public void checkToken(String token)
      Description copied from interface: AuthPasswordResetService
      Checks whether the token is valid.
      Specified by:
      checkToken in interface AuthPasswordResetService
      Parameters:
      token - the password reset token

    • changePassword

      public void changePassword(String token, String password)
      Description copied from interface: AuthPasswordResetService
      Changes the user password and marks the token as consumed.
      Specified by:
      changePassword in interface AuthPasswordResetService
      Parameters:
      token - the password reset token
      password - the new password

    • consumeTokens

      protected void consumeTokens(User user)
      Consumes existing password reset tokens for the given user.
      Parameters:
      user - the user whose password needs to be reset

    • sendEmail

      protected void sendEmail(User user) throws MailException
      Sends a password reset email to the given user.
      Parameters:
      user - the user whose password needs to be reset
      Throws:
      MailException

    • getEmailSubject

      protected String getEmailSubject(User user)
      Gets the subject of the password reset email.
      Parameters:
      user - the user whose password needs to be reset
      Returns:
      the subject of the email

    • getEmailBody

      protected String getEmailBody(User user, String resetUrl)
      Gets the body of the password reset email.
      Parameters:
      user - the user whose password needs to be reset
      resetUrl - the password reset URL
      Returns:
      the body of the email

    • getMessage

      protected String getMessage(String key)

    • createResetUrl

      protected String createResetUrl(User user)
      Creates a password reset URL.
      Parameters:
      user - the user whose password needs to be reset
      Returns:
      the password reset URL

    • createToken

      protected String createToken(User user)
      Creates a password reset token.
      Parameters:
      user - the user whose password needs to be reset
      Returns:
      the password reset token
      Throws:
      IllegalStateException - if the user is not active

    • getValidToken

      protected PasswordResetToken getValidToken(String token)
      Gets a password reset token record if it is valid.

      Checks whether it exists, not archived, not consumed, not expired, and user is active.

      Parameters:
      token - the password reset token
      Returns:
      the password reset token record
      Throws:
      IllegalArgumentException - if the token is invalid

    • getMaxAgeHours

      protected static int getMaxAgeHours()
      Gets the maximum age of a password reset token in hours.
      Returns:
      the maximum age in hours

    • getBaseUrl

      protected String getBaseUrl()
      Gets the base URL of the application.

      We cannot trust request host header because of host header injection attacks. We use either `application.base-url` or current tenant `hosts` configuration.

      Returns:
      the base URL

    • getHttpRequest

      protected jakarta.servlet.http.HttpServletRequest getHttpRequest()

    • hash

      protected String hash(String token)