001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.PasswordPolicy;
019    import com.liferay.portal.model.PasswordTracker;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
022    import com.liferay.portal.service.base.PasswordTrackerLocalServiceBaseImpl;
023    
024    import java.util.Date;
025    import java.util.List;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     * @author Scott Lee
030     */
031    public class PasswordTrackerLocalServiceImpl
032            extends PasswordTrackerLocalServiceBaseImpl {
033    
034            @Override
035            public void deletePasswordTrackers(long userId) {
036                    passwordTrackerPersistence.removeByUserId(userId);
037            }
038    
039            @Override
040            public boolean isSameAsCurrentPassword(long userId, String newClearTextPwd)
041                    throws PortalException {
042    
043                    User user = userPersistence.findByPrimaryKey(userId);
044    
045                    String currentPwd = user.getPassword();
046    
047                    if (user.isPasswordEncrypted()) {
048                            String newEncPwd = PasswordEncryptorUtil.encrypt(
049                                    newClearTextPwd, user.getPassword());
050    
051                            if (currentPwd.equals(newEncPwd)) {
052                                    return true;
053                            }
054                            else {
055                                    return false;
056                            }
057                    }
058                    else {
059                            if (currentPwd.equals(newClearTextPwd)) {
060                                    return true;
061                            }
062                            else {
063                                    return false;
064                            }
065                    }
066            }
067    
068            @Override
069            public boolean isValidPassword(long userId, String newClearTextPwd)
070                    throws PortalException {
071    
072                    PasswordPolicy passwordPolicy =
073                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
074    
075                    if ((passwordPolicy == null) || !passwordPolicy.getHistory()) {
076                            return true;
077                    }
078    
079                    // Check password history
080    
081                    int historyCount = 1;
082    
083                    List<PasswordTracker> passwordTrackers =
084                            passwordTrackerPersistence.findByUserId(userId);
085    
086                    for (PasswordTracker passwordTracker : passwordTrackers) {
087                            if (historyCount >= passwordPolicy.getHistoryCount()) {
088                                    break;
089                            }
090    
091                            String oldEncPwd = passwordTracker.getPassword();
092                            String newEncPwd = PasswordEncryptorUtil.encrypt(
093                                    newClearTextPwd, oldEncPwd);
094    
095                            if (oldEncPwd.equals(newEncPwd)) {
096                                    return false;
097                            }
098    
099                            historyCount++;
100                    }
101    
102                    return true;
103            }
104    
105            @Override
106            public void trackPassword(long userId, String encPassword)
107                    throws PortalException {
108    
109                    PasswordPolicy passwordPolicy =
110                            passwordPolicyLocalService.getPasswordPolicyByUserId(userId);
111    
112                    if ((passwordPolicy != null) && passwordPolicy.isHistory()) {
113                            long passwordTrackerId = counterLocalService.increment();
114    
115                            PasswordTracker passwordTracker = passwordTrackerPersistence.create(
116                                    passwordTrackerId);
117    
118                            passwordTracker.setUserId(userId);
119                            passwordTracker.setCreateDate(new Date());
120                            passwordTracker.setPassword(encPassword);
121    
122                            passwordTrackerPersistence.update(passwordTracker);
123                    }
124            }
125    
126    }