001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.PasswordPolicy;
020    import com.liferay.portal.model.PasswordTracker;
021    import com.liferay.portal.model.User;
022    import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
023    import com.liferay.portal.service.base.PasswordTrackerLocalServiceBaseImpl;
024    
025    import java.util.Date;
026    import java.util.List;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     * @author Scott Lee
031     */
032    public class PasswordTrackerLocalServiceImpl
033            extends PasswordTrackerLocalServiceBaseImpl {
034    
035            @Override
036            public void deletePasswordTrackers(long userId) throws SystemException {
037                    passwordTrackerPersistence.removeByUserId(userId);
038            }
039    
040            @Override
041            public boolean isSameAsCurrentPassword(long userId, String newClearTextPwd)
042                    throws PortalException, SystemException {
043    
044                    User user = userPersistence.findByPrimaryKey(userId);
045    
046                    String currentPwd = user.getPassword();
047    
048                    if (user.isPasswordEncrypted()) {
049                            String newEncPwd = PasswordEncryptorUtil.encrypt(
050                                    newClearTextPwd, user.getPassword());
051    
052                            if (currentPwd.equals(newEncPwd)) {
053                                    return true;
054                            }
055                            else {
056                                    return false;
057                            }
058                    }
059                    else {
060                            if (currentPwd.equals(newClearTextPwd)) {
061                                    return true;
062                            }
063                            else {
064                                    return false;
065                            }
066                    }
067            }
068    
069            @Override
070            public boolean isValidPassword(long userId, String newClearTextPwd)
071                    throws PortalException, SystemException {
072    
073                    PasswordPolicy passwordPolicy =
074                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
075    
076                    if ((passwordPolicy == null) || !passwordPolicy.getHistory()) {
077                            return true;
078                    }
079    
080                    // Check password history
081    
082                    int historyCount = 1;
083    
084                    List<PasswordTracker> passwordTrackers =
085                            passwordTrackerPersistence.findByUserId(userId);
086    
087                    for (PasswordTracker passwordTracker : passwordTrackers) {
088                            if (historyCount >= passwordPolicy.getHistoryCount()) {
089                                    break;
090                            }
091    
092                            String oldEncPwd = passwordTracker.getPassword();
093                            String newEncPwd = PasswordEncryptorUtil.encrypt(
094                                    newClearTextPwd, oldEncPwd);
095    
096                            if (oldEncPwd.equals(newEncPwd)) {
097                                    return false;
098                            }
099    
100                            historyCount++;
101                    }
102    
103                    return true;
104            }
105    
106            @Override
107            public void trackPassword(long userId, String encPassword)
108                    throws PortalException, SystemException {
109    
110                    PasswordPolicy passwordPolicy =
111                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
112    
113                    if ((passwordPolicy != null) && passwordPolicy.isHistory()) {
114                            long passwordTrackerId = counterLocalService.increment();
115    
116                            PasswordTracker passwordTracker = passwordTrackerPersistence.create(
117                                    passwordTrackerId);
118    
119                            passwordTracker.setUserId(userId);
120                            passwordTracker.setCreateDate(new Date());
121                            passwordTracker.setPassword(encPassword);
122    
123                            passwordTrackerPersistence.update(passwordTracker);
124                    }
125            }
126    
127    }