1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.SystemException;
24  import com.liferay.portal.model.PasswordPolicy;
25  import com.liferay.portal.model.PasswordTracker;
26  import com.liferay.portal.model.User;
27  import com.liferay.portal.security.pwd.PwdEncryptor;
28  import com.liferay.portal.service.base.PasswordTrackerLocalServiceBaseImpl;
29  
30  import java.util.Date;
31  import java.util.Iterator;
32  
33  /**
34   * <a href="PasswordTrackerLocalServiceImpl.java.html"><b><i>View Source</i></b>
35   * </a>
36   *
37   * @author Brian Wing Shun Chan
38   * @author Scott Lee
39   */
40  public class PasswordTrackerLocalServiceImpl
41      extends PasswordTrackerLocalServiceBaseImpl {
42  
43      public void deletePasswordTrackers(long userId) throws SystemException {
44          passwordTrackerPersistence.removeByUserId(userId);
45      }
46  
47      public boolean isSameAsCurrentPassword(long userId, String newClearTextPwd)
48          throws PortalException, SystemException {
49  
50          User user = userPersistence.findByPrimaryKey(userId);
51  
52          String currentPwd = user.getPassword();
53  
54          if (user.isPasswordEncrypted()) {
55              String newEncPwd = PwdEncryptor.encrypt(
56                  newClearTextPwd, user.getPassword());
57  
58              if (currentPwd.equals(newEncPwd)) {
59                  return true;
60              }
61              else {
62                  return false;
63              }
64          }
65          else {
66              if (currentPwd.equals(newClearTextPwd)) {
67                  return true;
68              }
69              else {
70                  return false;
71              }
72          }
73      }
74  
75      public boolean isValidPassword(long userId, String newClearTextPwd)
76          throws PortalException, SystemException {
77  
78          PasswordPolicy passwordPolicy =
79              passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
80  
81          if (!passwordPolicy.getHistory()) {
82              return true;
83          }
84  
85          // Check password history
86  
87          int historyCount = 1;
88  
89          Iterator<PasswordTracker> itr = passwordTrackerPersistence.findByUserId(
90              userId).iterator();
91  
92          while (itr.hasNext()) {
93              if (historyCount > passwordPolicy.getHistoryCount()) {
94                  break;
95              }
96  
97              PasswordTracker passwordTracker = itr.next();
98  
99              String oldEncPwd = passwordTracker.getPassword();
100             String newEncPwd = PwdEncryptor.encrypt(newClearTextPwd, oldEncPwd);
101 
102             if (oldEncPwd.equals(newEncPwd)) {
103                 return false;
104             }
105 
106             historyCount++;
107         }
108 
109         return true;
110     }
111 
112     public void trackPassword(long userId, String encPassword)
113         throws PortalException, SystemException {
114 
115         PasswordPolicy passwordPolicy =
116             passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
117 
118         if (passwordPolicy.isHistory()) {
119             long passwordTrackerId = counterLocalService.increment();
120 
121             PasswordTracker passwordTracker = passwordTrackerPersistence.create(
122                 passwordTrackerId);
123 
124             passwordTracker.setUserId(userId);
125             passwordTracker.setCreateDate(new Date());
126             passwordTracker.setPassword(encPassword);
127 
128             passwordTrackerPersistence.update(passwordTracker, false);
129         }
130     }
131 
132 }