Package com.axelor.auth.identity

Class IdentityVerificationService

java.lang.Object

com.axelor.auth.identity.IdentityVerificationService

public class IdentityVerificationService
extends Object

Determines which identity verification method a user needs and performs the verification.

Verification methods depend on authentication context:

• LDAP users: verify password against LDAP
• Local users (with password): verify password against stored hash
• External SSO/OAuth users (no password): verify via MFA

Constructor Summary

Constructors

Constructor	Description
IdentityVerificationService(com.axelor.auth.identity.IdentityCheckService identityCheckService, AuthPac4jInfo authPac4jInfo, MFAService mfaService)

Method Summary

Modifier and Type	Method	Description
protected boolean	canIdentityCheck()	Checks if the current user can perform identity verification.
void	clearIdentityCheck()	Clears the identity check flag from the current session.
IdentityInfo	getIdentityInfo()	Returns identity verification requirements for the current user.
protected boolean	isIdentityChecked()	Checks whether the current session has a valid (non-expired) identity check.
void	markIdentityChecked()	Marks the current session as identity-checked.
boolean	requiresIdentityCheck()	Checks if the current user has any means to perform identity verification (if they have a password or MFA enabled).
void	verifyIdentity(Map<String,Object> data)	Verifies the user's identity based on the provided credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

IdentityVerificationService

@Inject
public IdentityVerificationService(com.axelor.auth.identity.IdentityCheckService identityCheckService,
 AuthPac4jInfo authPac4jInfo,
 MFAService mfaService)

Method Details

getIdentityInfo

public IdentityInfo getIdentityInfo()

Returns identity verification requirements for the current user.

requiresIdentityCheck

public boolean requiresIdentityCheck()

Checks if the current user has any means to perform identity verification (if they have a password or MFA enabled). If they can, then check if identity verification is currently missing.

Returns:

true if identity verification is possible and missing

canIdentityCheck

protected boolean canIdentityCheck()

Checks if the current user can perform identity verification.

The user must have either a password or MFA enabled.

Returns:

true if the current user can perform identity verification

isIdentityChecked

protected boolean isIdentityChecked()

Checks whether the current session has a valid (non-expired) identity check.

Returns:

true if identity was checked within the last TTL minutes

markIdentityChecked

public void markIdentityChecked()

Marks the current session as identity-checked.

clearIdentityCheck

public void clearIdentityCheck()

Clears the identity check flag from the current session.

verifyIdentity

public void verifyIdentity(Map<String,Object> data)

Verifies the user's identity based on the provided credentials.

Parameters:

data - credentials map (may contain "password" or "mfaCode"/"mfaMethod")

Throws:

IllegalArgumentException - if verification fails