1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.kernel.exception.PortalException;
18  import com.liferay.portal.kernel.exception.SystemException;
19  import com.liferay.portal.model.PasswordPolicy;
20  import com.liferay.portal.model.PasswordTracker;
21  import com.liferay.portal.model.User;
22  import com.liferay.portal.security.pwd.PwdEncryptor;
23  import com.liferay.portal.service.base.PasswordTrackerLocalServiceBaseImpl;
24  
25  import java.util.Date;
26  import java.util.Iterator;
27  
28  /**
29   * <a href="PasswordTrackerLocalServiceImpl.java.html"><b><i>View Source</i></b>
30   * </a>
31   *
32   * @author Brian Wing Shun Chan
33   * @author Scott Lee
34   */
35  public class PasswordTrackerLocalServiceImpl
36      extends PasswordTrackerLocalServiceBaseImpl {
37  
38      public void deletePasswordTrackers(long userId) throws SystemException {
39          passwordTrackerPersistence.removeByUserId(userId);
40      }
41  
42      public boolean isSameAsCurrentPassword(long userId, String newClearTextPwd)
43          throws PortalException, SystemException {
44  
45          User user = userPersistence.findByPrimaryKey(userId);
46  
47          String currentPwd = user.getPassword();
48  
49          if (user.isPasswordEncrypted()) {
50              String newEncPwd = PwdEncryptor.encrypt(
51                  newClearTextPwd, user.getPassword());
52  
53              if (currentPwd.equals(newEncPwd)) {
54                  return true;
55              }
56              else {
57                  return false;
58              }
59          }
60          else {
61              if (currentPwd.equals(newClearTextPwd)) {
62                  return true;
63              }
64              else {
65                  return false;
66              }
67          }
68      }
69  
70      public boolean isValidPassword(long userId, String newClearTextPwd)
71          throws PortalException, SystemException {
72  
73          PasswordPolicy passwordPolicy =
74              passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
75  
76          if (!passwordPolicy.getHistory()) {
77              return true;
78          }
79  
80          // Check password history
81  
82          int historyCount = 1;
83  
84          Iterator<PasswordTracker> itr = passwordTrackerPersistence.findByUserId(
85              userId).iterator();
86  
87          while (itr.hasNext()) {
88              if (historyCount >= passwordPolicy.getHistoryCount()) {
89                  break;
90              }
91  
92              PasswordTracker passwordTracker = itr.next();
93  
94              String oldEncPwd = passwordTracker.getPassword();
95              String newEncPwd = PwdEncryptor.encrypt(newClearTextPwd, oldEncPwd);
96  
97              if (oldEncPwd.equals(newEncPwd)) {
98                  return false;
99              }
100 
101             historyCount++;
102         }
103 
104         return true;
105     }
106 
107     public void trackPassword(long userId, String encPassword)
108         throws PortalException, SystemException {
109 
110         PasswordPolicy passwordPolicy =
111             passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
112 
113         if ((passwordPolicy != null) && passwordPolicy.isHistory()) {
114             long passwordTrackerId = counterLocalService.increment();
115 
116             PasswordTracker passwordTracker = passwordTrackerPersistence.create(
117                 passwordTrackerId);
118 
119             passwordTracker.setUserId(userId);
120             passwordTracker.setCreateDate(new Date());
121             passwordTracker.setPassword(encPassword);
122 
123             passwordTrackerPersistence.update(passwordTracker, false);
124         }
125     }
126 
127 }