Interface ResetPasswordManager


  • @Role
    @Unstable
    public interface ResetPasswordManager
    Component dedicated to handle the reset password operation. This component is designed to handle a reset password in 3 steps: 1. a request is performed for doing a reset password for a given user: a verification code is transmitted to the user by a side way (e.g. email) 2. the user certifies her identity by sending back the verification code 3. the user specify a new password which is updated internally.
    Since:
    13.1RC1
    Version:
    $Id: 86ba962be429e594555d3f1c23cfe7299fa48af9 $
    • Method Detail

      • requestResetPassword

        ResetPasswordRequestResponse requestResetPassword​(UserReference userReference)
                                                   throws ResetPasswordException
        Perform a reset password request and return the information to send to the user. Note that the implementation of this method might have some side effect like modifying the user information.
        Parameters:
        userReference - the reference of the user for which to reset the password.
        Returns:
        the needed information to send to the user for confirming her identity.
        Throws:
        ResetPasswordException - if any problem occurs.
      • checkVerificationCode

        ResetPasswordRequestResponse checkVerificationCode​(UserReference userReference,
                                                           String verificationCode)
                                                    throws ResetPasswordException
        Check if the given verification code is correct for the user reference. This method throws the ResetPasswordException if the verification code is not correct. The verification code must be reset at each check, even if the validation is not correct, to ensure that an attacker cannot bruteforce it.
        Parameters:
        userReference - the reference for which to check the verification code.
        verificationCode - the code to check.
        Returns:
        the information about the user and the up-to-date verification code.
        Throws:
        ResetPasswordException - if the verification code is wrong or cannot be validated.
      • resetPassword

        void resetPassword​(UserReference userReference,
                           String newPassword)
                    throws ResetPasswordException
        Reset the password of the given user with the given new password. Note that this method should always be called after the verification code has been checked out.
        Parameters:
        userReference - the reference of the user for which to reset the password.
        newPassword - the new password to set.
        Throws:
        ResetPasswordException - in case of problem when modifying the password.