1
22
23 package com.liferay.portal.security.pwd;
24
25 import com.liferay.portal.PortalException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.UserPasswordException;
28 import com.liferay.portal.kernel.util.GetterUtil;
29 import com.liferay.portal.model.PasswordPolicy;
30 import com.liferay.portal.model.User;
31 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
32 import com.liferay.portal.service.UserLocalServiceUtil;
33 import com.liferay.portal.util.PropsUtil;
34 import com.liferay.portlet.words.util.WordsUtil;
35 import com.liferay.util.PwdGenerator;
36
37 import java.util.Date;
38
39
45 public class PasswordPolicyToolkit extends BasicToolkit {
46
47 public String generate() {
48 String generator = GetterUtil.getString(PropsUtil.get(
49 PropsUtil.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR));
50
51 if (generator.equals("static")) {
52 String password = GetterUtil.getString(PropsUtil.get(
53 PropsUtil.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC));
54
55 return password;
56 }
57 else {
58 return PwdGenerator.getPassword();
59 }
60 }
61
62 public void validate(
63 long userId, String password1, String password2,
64 PasswordPolicy passwordPolicy)
65 throws PortalException, SystemException {
66
67 if (passwordPolicy.getCheckSyntax()) {
68 if (!passwordPolicy.getAllowDictionaryWords() &&
69 WordsUtil.isDictionaryWord(password1)) {
70
71 throw new UserPasswordException(
72 UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
73 }
74
75 if (password1.length() < passwordPolicy.getMinLength()) {
76 throw new UserPasswordException(
77 UserPasswordException.PASSWORD_LENGTH);
78 }
79 }
80
81 if (!passwordPolicy.getChangeable()) {
82 throw new UserPasswordException(
83 UserPasswordException.PASSWORD_NOT_CHANGEABLE);
84 }
85
86 if (userId != 0) {
87 if (passwordPolicy.getChangeable()) {
88 User user = UserLocalServiceUtil.getUserById(userId);
89
90 Date passwordModfiedDate = user.getPasswordModifiedDate();
91
92 if (passwordModfiedDate != null) {
93
94
96 Date now = new Date();
97
98 long passwordModificationElapsedTime =
99 now.getTime() - passwordModfiedDate.getTime();
100
101 long userCreationElapsedTime =
102 now.getTime() - user.getCreateDate().getTime();
103
104 long minAge = passwordPolicy.getMinAge() * 1000;
105
106 if ((passwordModificationElapsedTime < minAge) &&
107 (userCreationElapsedTime > minAge)) {
108
109 throw new UserPasswordException(
110 UserPasswordException.PASSWORD_TOO_YOUNG);
111 }
112 }
113 }
114
115 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
116 userId, password1)) {
117
118 throw new UserPasswordException(
119 UserPasswordException.PASSWORD_SAME_AS_CURRENT);
120 }
121 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
122 userId, password1)) {
123
124 throw new UserPasswordException(
125 UserPasswordException.PASSWORD_ALREADY_USED);
126 }
127 }
128 }
129
130 }