@Override public void revokeRole(AppUser user, String role) throws NoSuchUserException { user = db.load(AppUser.class, user.getEmail()); if (user != null) { user.revokeRole(role); db.save(user); } else { throw new NoSuchUserException(user.getEmail()); } }
@Override public void requirePasswordChange(AppUser user, boolean require) throws NoSuchUserException { user = db.load(AppUser.class, user.getEmail()); if (user != null) { user.setPasswordChangeRequired(require); db.save(user); } else { throw new NoSuchUserException(user.getEmail()); } }
@Override public void setLocked(AppUser user, boolean locked) throws NoSuchUserException { user = db.load(AppUser.class, user.getEmail()); if (user != null) { user.setLocked(locked); db.save(user); } else { throw new NoSuchUserException(user.getEmail()); } }
@Override public String requestPasswordReset(AppUser _user) throws NoSuchUserException { AppUser user = db.load(AppUser.class, _user.getEmail()); if (user == null) { throw new NoSuchUserException(_user.getEmail()); } String signedToken = SignedToken.sign( _user.getEmail(), "hello", // TODO: Use KmsDao PASS_RESET_VALIDITY_MILLIS); user.setPasswordResetToken(signedToken); db.save(user); return signedToken; }
@Override public boolean resetPassword(String signedToken, String newPassword) { // TODO: use KmsDao String email = SignedToken.validate(signedToken, "hello"); if (email != null) { // Invalid or expired token return false; } AppUser user = db.load(AppUser.class, email); if (ObjectUtils.notEqual(signedToken, user.getPasswordResetToken())) { // Token is used more than once return false; } user.setPasswordHash(PasswordUtil.hash(newPassword, email)); user.setPasswordResetToken(null); db.save(user); return true; }
@Override public void register(AppUser newUser) { newUser.setRoles(new HashSet<>()); db.save(newUser); }