1
14
15 package com.liferay.portal.security.pwd;
16
17 import com.liferay.portal.UserPasswordException;
18 import com.liferay.portal.kernel.exception.PortalException;
19 import com.liferay.portal.kernel.exception.SystemException;
20 import com.liferay.portal.model.PasswordPolicy;
21 import com.liferay.portal.model.User;
22 import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
23 import com.liferay.portal.service.UserLocalServiceUtil;
24 import com.liferay.portal.util.PropsValues;
25 import com.liferay.portlet.words.util.WordsUtil;
26 import com.liferay.util.PwdGenerator;
27
28 import java.util.Date;
29
30
35 public class PasswordPolicyToolkit extends BasicToolkit {
36
37 public String generate() {
38 if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
39 "static")) {
40
41 return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
42 }
43 else {
44 return PwdGenerator.getPassword();
45 }
46 }
47
48 public void validate(
49 long userId, String password1, String password2,
50 PasswordPolicy passwordPolicy)
51 throws PortalException, SystemException {
52
53 if (passwordPolicy.getCheckSyntax()) {
54 if (!passwordPolicy.getAllowDictionaryWords() &&
55 WordsUtil.isDictionaryWord(password1)) {
56
57 throw new UserPasswordException(
58 UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
59 }
60
61 if (password1.length() < passwordPolicy.getMinLength()) {
62 throw new UserPasswordException(
63 UserPasswordException.PASSWORD_LENGTH);
64 }
65 }
66
67 if (!passwordPolicy.getChangeable()) {
68 throw new UserPasswordException(
69 UserPasswordException.PASSWORD_NOT_CHANGEABLE);
70 }
71
72 if (userId != 0) {
73 if (passwordPolicy.getChangeable()) {
74 User user = UserLocalServiceUtil.getUserById(userId);
75
76 Date passwordModfiedDate = user.getPasswordModifiedDate();
77
78 if (passwordModfiedDate != null) {
79
80
82 Date now = new Date();
83
84 long passwordModificationElapsedTime =
85 now.getTime() - passwordModfiedDate.getTime();
86
87 long userCreationElapsedTime =
88 now.getTime() - user.getCreateDate().getTime();
89
90 long minAge = passwordPolicy.getMinAge() * 1000;
91
92 if ((passwordModificationElapsedTime < minAge) &&
93 (userCreationElapsedTime > minAge)) {
94
95 throw new UserPasswordException(
96 UserPasswordException.PASSWORD_TOO_YOUNG);
97 }
98 }
99 }
100
101 if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
102 userId, password1)) {
103
104 throw new UserPasswordException(
105 UserPasswordException.PASSWORD_SAME_AS_CURRENT);
106 }
107 else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
108 userId, password1)) {
109
110 throw new UserPasswordException(
111 UserPasswordException.PASSWORD_ALREADY_USED);
112 }
113 }
114 }
115
116 }