1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.security.pwd;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.UserPasswordException;
28  import com.liferay.portal.model.PasswordPolicy;
29  import com.liferay.portal.model.User;
30  import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
31  import com.liferay.portal.service.UserLocalServiceUtil;
32  import com.liferay.portal.util.PropsValues;
33  import com.liferay.portlet.words.util.WordsUtil;
34  import com.liferay.util.PwdGenerator;
35  
36  import java.util.Date;
37  
38  /**
39   * <a href="PasswordPolicyToolkit.java.html"><b><i>View Source</i></b></a>
40   *
41   * @author Scott Lee
42   *
43   */
44  public class PasswordPolicyToolkit extends BasicToolkit {
45  
46      public String generate() {
47          if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
48                  "static")) {
49  
50              return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
51          }
52          else {
53              return PwdGenerator.getPassword();
54          }
55      }
56  
57      public void validate(
58              long userId, String password1, String password2,
59              PasswordPolicy passwordPolicy)
60          throws PortalException, SystemException {
61  
62          if (passwordPolicy.getCheckSyntax()) {
63              if (!passwordPolicy.getAllowDictionaryWords() &&
64                      WordsUtil.isDictionaryWord(password1)) {
65  
66                  throw new UserPasswordException(
67                      UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
68              }
69  
70              if (password1.length() < passwordPolicy.getMinLength()) {
71                  throw new UserPasswordException(
72                      UserPasswordException.PASSWORD_LENGTH);
73              }
74          }
75  
76          if (!passwordPolicy.getChangeable()) {
77              throw new UserPasswordException(
78                  UserPasswordException.PASSWORD_NOT_CHANGEABLE);
79          }
80  
81          if (userId != 0) {
82              if (passwordPolicy.getChangeable()) {
83                  User user = UserLocalServiceUtil.getUserById(userId);
84  
85                  Date passwordModfiedDate = user.getPasswordModifiedDate();
86  
87                  if (passwordModfiedDate != null) {
88  
89                      // LEP-2961
90  
91                      Date now = new Date();
92  
93                      long passwordModificationElapsedTime =
94                          now.getTime() - passwordModfiedDate.getTime();
95  
96                      long userCreationElapsedTime =
97                          now.getTime() - user.getCreateDate().getTime();
98  
99                      long minAge = passwordPolicy.getMinAge() * 1000;
100 
101                     if ((passwordModificationElapsedTime < minAge) &&
102                         (userCreationElapsedTime > minAge)) {
103 
104                         throw new UserPasswordException(
105                             UserPasswordException.PASSWORD_TOO_YOUNG);
106                     }
107                 }
108             }
109 
110             if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
111                     userId, password1)) {
112 
113                 throw new UserPasswordException(
114                     UserPasswordException.PASSWORD_SAME_AS_CURRENT);
115             }
116             else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
117                         userId, password1)) {
118 
119                 throw new UserPasswordException(
120                     UserPasswordException.PASSWORD_ALREADY_USED);
121             }
122         }
123     }
124 
125 }