1
14
15 package com.liferay.portal.security.pwd;
16
17 import com.liferay.portal.PortalException;
18 import com.liferay.portal.SystemException;
19 import com.liferay.portal.UserPasswordException;
20 import com.liferay.portal.model.PasswordPolicy;
21 import com.liferay.portal.model.User;
22 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
23 import com.liferay.portal.service.UserLocalServiceUtil;
24 import com.liferay.portal.util.PropsValues;
25 import com.liferay.portlet.words.util.WordsUtil;
26 import com.liferay.util.PwdGenerator;
27
28 import java.util.Date;
29
30
35 public class PasswordPolicyToolkit extends BasicToolkit {
36
37 public String generate() {
38 if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
39 "static")) {
40
41 return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
42 }
43 else {
44 return PwdGenerator.getPassword();
45 }
46 }
47
48 public void validate(
49 long userId, String password1, String password2,
50 PasswordPolicy passwordPolicy)
51 throws PortalException, SystemException {
52
53 if (passwordPolicy.isCheckSyntax()) {
54 if (!passwordPolicy.isAllowDictionaryWords() &&
55 WordsUtil.isDictionaryWord(password1)) {
56
57 throw new UserPasswordException(
58 UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
59 }
60
61 if (password1.length() < passwordPolicy.getMinLength()) {
62 throw new UserPasswordException(
63 UserPasswordException.PASSWORD_LENGTH);
64 }
65 }
66
67 if (!passwordPolicy.isChangeable()) {
68 throw new UserPasswordException(
69 UserPasswordException.PASSWORD_NOT_CHANGEABLE);
70 }
71
72 if (userId != 0) {
73 User user = UserLocalServiceUtil.getUserById(userId);
74
75 Date passwordModfiedDate = user.getPasswordModifiedDate();
76
77 if (passwordModfiedDate != null) {
78
79
81 Date now = new Date();
82
83 long passwordModificationElapsedTime =
84 now.getTime() - passwordModfiedDate.getTime();
85
86 long userCreationElapsedTime =
87 now.getTime() - user.getCreateDate().getTime();
88
89 long minAge = passwordPolicy.getMinAge() * 1000;
90
91 if ((passwordModificationElapsedTime < minAge) &&
92 (userCreationElapsedTime > minAge)) {
93
94 throw new UserPasswordException(
95 UserPasswordException.PASSWORD_TOO_YOUNG);
96 }
97 }
98
99 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
100 userId, password1)) {
101
102 throw new UserPasswordException(
103 UserPasswordException.PASSWORD_SAME_AS_CURRENT);
104 }
105 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
106 userId, password1)) {
107
108 throw new UserPasswordException(
109 UserPasswordException.PASSWORD_ALREADY_USED);
110 }
111 }
112 }
113
114 }