@Override
public void revokeRole(AppUser user, String role) throws NoSuchUserException {
user = db.load(AppUser.class, user.getEmail());
if (user != null) {
user.revokeRole(role);
db.save(user);
} else {
throw new NoSuchUserException(user.getEmail());
}
}
@Override
public void requirePasswordChange(AppUser user, boolean require) throws NoSuchUserException {
user = db.load(AppUser.class, user.getEmail());
if (user != null) {
user.setPasswordChangeRequired(require);
db.save(user);
} else {
throw new NoSuchUserException(user.getEmail());
}
}
@Override
public void setLocked(AppUser user, boolean locked) throws NoSuchUserException {
user = db.load(AppUser.class, user.getEmail());
if (user != null) {
user.setLocked(locked);
db.save(user);
} else {
throw new NoSuchUserException(user.getEmail());
}
}
@Override
public String requestPasswordReset(AppUser _user) throws NoSuchUserException {
AppUser user = db.load(AppUser.class, _user.getEmail());
if (user == null) {
throw new NoSuchUserException(_user.getEmail());
}
String signedToken =
SignedToken.sign(
_user.getEmail(),
"hello", // TODO: Use KmsDao
PASS_RESET_VALIDITY_MILLIS);
user.setPasswordResetToken(signedToken);
db.save(user);
return signedToken;
}
@Override
public boolean resetPassword(String signedToken, String newPassword) {
// TODO: use KmsDao
String email = SignedToken.validate(signedToken, "hello");
if (email != null) {
// Invalid or expired token
return false;
}
AppUser user = db.load(AppUser.class, email);
if (ObjectUtils.notEqual(signedToken, user.getPasswordResetToken())) {
// Token is used more than once
return false;
}
user.setPasswordHash(PasswordUtil.hash(newPassword, email));
user.setPasswordResetToken(null);
db.save(user);
return true;
}
@Override
public void register(AppUser newUser) {
newUser.setRoles(new HashSet<>());
db.save(newUser);
}
