001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.PasswordPolicy;
020    import com.liferay.portal.model.PasswordTracker;
021    import com.liferay.portal.model.User;
022    import com.liferay.portal.security.pwd.PwdEncryptor;
023    import com.liferay.portal.service.base.PasswordTrackerLocalServiceBaseImpl;
024    
025    import java.util.Date;
026    import java.util.List;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     * @author Scott Lee
031     */
032    public class PasswordTrackerLocalServiceImpl
033            extends PasswordTrackerLocalServiceBaseImpl {
034    
035            public void deletePasswordTrackers(long userId) throws SystemException {
036                    passwordTrackerPersistence.removeByUserId(userId);
037            }
038    
039            public boolean isSameAsCurrentPassword(long userId, String newClearTextPwd)
040                    throws PortalException, SystemException {
041    
042                    User user = userPersistence.findByPrimaryKey(userId);
043    
044                    String currentPwd = user.getPassword();
045    
046                    if (user.isPasswordEncrypted()) {
047                            String newEncPwd = PwdEncryptor.encrypt(
048                                    newClearTextPwd, user.getPassword());
049    
050                            if (currentPwd.equals(newEncPwd)) {
051                                    return true;
052                            }
053                            else {
054                                    return false;
055                            }
056                    }
057                    else {
058                            if (currentPwd.equals(newClearTextPwd)) {
059                                    return true;
060                            }
061                            else {
062                                    return false;
063                            }
064                    }
065            }
066    
067            public boolean isValidPassword(long userId, String newClearTextPwd)
068                    throws PortalException, SystemException {
069    
070                    PasswordPolicy passwordPolicy =
071                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
072    
073                    if ((passwordPolicy == null) || !passwordPolicy.getHistory()) {
074                            return true;
075                    }
076    
077                    // Check password history
078    
079                    int historyCount = 1;
080    
081                    List<PasswordTracker> passwordTrackers =
082                            passwordTrackerPersistence.findByUserId(userId);
083    
084                    for (PasswordTracker passwordTracker : passwordTrackers) {
085                            if (historyCount >= passwordPolicy.getHistoryCount()) {
086                                    break;
087                            }
088    
089                            String oldEncPwd = passwordTracker.getPassword();
090                            String newEncPwd = PwdEncryptor.encrypt(newClearTextPwd, oldEncPwd);
091    
092                            if (oldEncPwd.equals(newEncPwd)) {
093                                    return false;
094                            }
095    
096                            historyCount++;
097                    }
098    
099                    return true;
100            }
101    
102            public void trackPassword(long userId, String encPassword)
103                    throws PortalException, SystemException {
104    
105                    PasswordPolicy passwordPolicy =
106                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
107    
108                    if ((passwordPolicy != null) && passwordPolicy.isHistory()) {
109                            long passwordTrackerId = counterLocalService.increment();
110    
111                            PasswordTracker passwordTracker = passwordTrackerPersistence.create(
112                                    passwordTrackerId);
113    
114                            passwordTracker.setUserId(userId);
115                            passwordTracker.setCreateDate(new Date());
116                            passwordTracker.setPassword(encPassword);
117    
118                            passwordTrackerPersistence.update(passwordTracker);
119                    }
120            }
121    
122    }