@Component @Named(value="security.authentication") @Singleton public class AuthenticationScriptService extends Object implements org.xwiki.script.service.ScriptService
Modifier and Type | Field and Description |
---|---|
static String |
ID
The role hint of this component.
|
Constructor and Description |
---|
AuthenticationScriptService() |
Modifier and Type | Method and Description |
---|---|
String |
checkVerificationCode(org.xwiki.user.UserReference user,
String verificationCode)
Check that the given verification code is correct.
|
AuthenticationConfiguration |
getAuthenticationConfiguration() |
Set<String> |
getAuthenticationFailureAvailableStrategies() |
String |
getAuthenticationURL(String action,
Map<String,Object> params)
Compute a relative URL for an
AuthenticationResourceReference based on the given action string. |
String |
getErrorMessage(String username) |
String |
getForm(String username) |
void |
requestResetPassword(org.xwiki.user.UserReference user)
Request a password reset for the given user.
|
void |
resetAuthenticationFailureCounter(String username)
Reset the authentication failure record for the given username.
|
void |
resetPassword(org.xwiki.user.UserReference user,
String verificationCode,
String newPassword)
Reset the password of the given user, iff the given verification code is correct.
|
public static final String ID
public String getForm(String username)
username
- the login used in the request for authentication.AuthenticationFailureManager.getForm(String, javax.servlet.http.HttpServletRequest)
public String getErrorMessage(String username)
username
- the login used in the request for authentication.AuthenticationFailureManager.getErrorMessage(String)
).public Set<String> getAuthenticationFailureAvailableStrategies()
public AuthenticationConfiguration getAuthenticationConfiguration()
public void resetAuthenticationFailureCounter(String username)
username
- the username for which to remove the record.@Unstable public String getAuthenticationURL(String action, Map<String,Object> params)
AuthenticationResourceReference
based on the given action string.
See AuthenticationAction
for more information.action
- the authentication action from which to build the right URL.params
- the query string parameters of the URL.null
if an error occurs.@Unstable public void requestResetPassword(org.xwiki.user.UserReference user) throws ResetPasswordException
user
- the user for which to perform a reset password request.ResetPasswordException
- if any error occurs for performing the reset password request.@Unstable public String checkVerificationCode(org.xwiki.user.UserReference user, String verificationCode) throws ResetPasswordException
ResetPasswordException
is thrown and the verificationCode is reset. So a script attacker with wrong
credentials cannot access the new verification code, or bruteforce it.user
- the user for which to check the verification code.verificationCode
- the code to check.ResetPasswordException
- if the code is not correct or if an error occurs.@Unstable public void resetPassword(org.xwiki.user.UserReference user, String verificationCode, String newPassword) throws ResetPasswordException
ResetPasswordException
if the verification code is wrong.user
- the user for which to reset the password.verificationCode
- the code to check before resetting the passord.newPassword
- the new password to user.ResetPasswordException
- if the verification code is wrong, or if an error occurs.Copyright © 2004–2021 XWiki. All rights reserved.