1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.security.pwd;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.SystemException;
24  import com.liferay.portal.UserPasswordException;
25  import com.liferay.portal.model.PasswordPolicy;
26  import com.liferay.portal.model.User;
27  import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
28  import com.liferay.portal.service.UserLocalServiceUtil;
29  import com.liferay.portal.util.PropsValues;
30  import com.liferay.portlet.words.util.WordsUtil;
31  import com.liferay.util.PwdGenerator;
32  
33  import java.util.Date;
34  
35  /**
36   * <a href="PasswordPolicyToolkit.java.html"><b><i>View Source</i></b></a>
37   *
38   * @author Scott Lee
39   *
40   */
41  public class PasswordPolicyToolkit extends BasicToolkit {
42  
43      public String generate() {
44          if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
45                  "static")) {
46  
47              return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
48          }
49          else {
50              return PwdGenerator.getPassword();
51          }
52      }
53  
54      public void validate(
55              long userId, String password1, String password2,
56              PasswordPolicy passwordPolicy)
57          throws PortalException, SystemException {
58  
59          if (passwordPolicy.getCheckSyntax()) {
60              if (!passwordPolicy.getAllowDictionaryWords() &&
61                      WordsUtil.isDictionaryWord(password1)) {
62  
63                  throw new UserPasswordException(
64                      UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
65              }
66  
67              if (password1.length() < passwordPolicy.getMinLength()) {
68                  throw new UserPasswordException(
69                      UserPasswordException.PASSWORD_LENGTH);
70              }
71          }
72  
73          if (!passwordPolicy.getChangeable()) {
74              throw new UserPasswordException(
75                  UserPasswordException.PASSWORD_NOT_CHANGEABLE);
76          }
77  
78          if (userId != 0) {
79              if (passwordPolicy.getChangeable()) {
80                  User user = UserLocalServiceUtil.getUserById(userId);
81  
82                  Date passwordModfiedDate = user.getPasswordModifiedDate();
83  
84                  if (passwordModfiedDate != null) {
85  
86                      // LEP-2961
87  
88                      Date now = new Date();
89  
90                      long passwordModificationElapsedTime =
91                          now.getTime() - passwordModfiedDate.getTime();
92  
93                      long userCreationElapsedTime =
94                          now.getTime() - user.getCreateDate().getTime();
95  
96                      long minAge = passwordPolicy.getMinAge() * 1000;
97  
98                      if ((passwordModificationElapsedTime < minAge) &&
99                          (userCreationElapsedTime > minAge)) {
100 
101                         throw new UserPasswordException(
102                             UserPasswordException.PASSWORD_TOO_YOUNG);
103                     }
104                 }
105             }
106 
107             if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
108                     userId, password1)) {
109 
110                 throw new UserPasswordException(
111                     UserPasswordException.PASSWORD_SAME_AS_CURRENT);
112             }
113             else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
114                         userId, password1)) {
115 
116                 throw new UserPasswordException(
117                     UserPasswordException.PASSWORD_ALREADY_USED);
118             }
119         }
120     }
121 
122 }