1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.pwd;
16  
17  import com.liferay.portal.UserPasswordException;
18  import com.liferay.portal.kernel.exception.PortalException;
19  import com.liferay.portal.kernel.exception.SystemException;
20  import com.liferay.portal.model.PasswordPolicy;
21  import com.liferay.portal.model.User;
22  import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
23  import com.liferay.portal.service.UserLocalServiceUtil;
24  import com.liferay.portal.util.PropsValues;
25  import com.liferay.portlet.words.util.WordsUtil;
26  import com.liferay.util.PwdGenerator;
27  
28  import java.util.Date;
29  
30  /**
31   * <a href="PasswordPolicyToolkit.java.html"><b><i>View Source</i></b></a>
32   *
33   * @author Scott Lee
34   */
35  public class PasswordPolicyToolkit extends BasicToolkit {
36  
37      public String generate() {
38          if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
39                  "static")) {
40  
41              return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
42          }
43          else {
44              return PwdGenerator.getPassword();
45          }
46      }
47  
48      public void validate(
49              long userId, String password1, String password2,
50              PasswordPolicy passwordPolicy)
51          throws PortalException, SystemException {
52  
53          if (passwordPolicy.getCheckSyntax()) {
54              if (!passwordPolicy.getAllowDictionaryWords() &&
55                      WordsUtil.isDictionaryWord(password1)) {
56  
57                  throw new UserPasswordException(
58                      UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
59              }
60  
61              if (password1.length() < passwordPolicy.getMinLength()) {
62                  throw new UserPasswordException(
63                      UserPasswordException.PASSWORD_LENGTH);
64              }
65          }
66  
67          if (!passwordPolicy.getChangeable()) {
68              throw new UserPasswordException(
69                  UserPasswordException.PASSWORD_NOT_CHANGEABLE);
70          }
71  
72          if (userId != 0) {
73              if (passwordPolicy.getChangeable()) {
74                  User user = UserLocalServiceUtil.getUserById(userId);
75  
76                  Date passwordModfiedDate = user.getPasswordModifiedDate();
77  
78                  if (passwordModfiedDate != null) {
79  
80                      // LEP-2961
81  
82                      Date now = new Date();
83  
84                      long passwordModificationElapsedTime =
85                          now.getTime() - passwordModfiedDate.getTime();
86  
87                      long userCreationElapsedTime =
88                          now.getTime() - user.getCreateDate().getTime();
89  
90                      long minAge = passwordPolicy.getMinAge() * 1000;
91  
92                      if ((passwordModificationElapsedTime < minAge) &&
93                          (userCreationElapsedTime > minAge)) {
94  
95                          throw new UserPasswordException(
96                              UserPasswordException.PASSWORD_TOO_YOUNG);
97                      }
98                  }
99              }
100 
101             if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
102                     userId, password1)) {
103 
104                 throw new UserPasswordException(
105                     UserPasswordException.PASSWORD_SAME_AS_CURRENT);
106             }
107             else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
108                         userId, password1)) {
109 
110                 throw new UserPasswordException(
111                     UserPasswordException.PASSWORD_ALREADY_USED);
112             }
113         }
114     }
115 
116 }