Class UserAuthentication

Method Details

• getInstance

  public static UserAuthentication getInstance()

  Gets the user authentication instance.

• validateHashPW

  public static void validateHashPW(String hashPW)

  Validates a hashed password.

  Parameters:

  hashPW - The hashed password. It is based on PBKDF2 with Keyed-Hash Message Authentication Code (HMAC) with a SHA-256 hash. It can start with "EXT:" if the user has signed in using an external Sign In Provider, e.g. LinkedIn or Facebook, the remaining part of the string identifies the provider and the users identifier for that provider.

  Throws:

  NullPointerException - If hashPW is null.

  IllegalArgumentException - If hashPW is an empty string or has invalid format.

• getUserLocations

  public List<UserLocation> getUserLocations()

  Finds locations of all users.

  Specified by:

  getUserLocations in interface IAuthenticatedUserProvider

• isUserNameFree

  public boolean isUserNameFree(String userName) throws UserException

  Checks if the user name is free to use, i.e. has not yet been signed up.

  Parameters:

  userName - The user name.

  Returns:

  true if free, false if already taken.

  Throws:

  UserException - If the user name is invalid.

• getUser

  public AuthenticatedUser getUser(String userName) throws NotFoundException

  Gets the instance of a user with its information.

  Specified by:

  getUser in interface IAuthenticatedUserProvider

  Parameters:

  userName - The user name.

  Returns:

  The instance holding the potentially authenticated user.

  Throws:

  NullPointerException - If the userName is null.

  NotFoundException - If the user name is not found or an SQL exception occurred.

• getUserFromEmail

  public AuthenticatedUser getUserFromEmail(String emailAddress) throws NotFoundException

  Looks up a user from the email.

  Parameters:

  emailAddress - The email address.

  Throws:

  NullPointerException - If the emailAddress is null.

  NotFoundException - If user is not found.

• getUser

  public AuthenticatedUser getUser(Connection conn, String userName) throws NotFoundException, SQLException

  Gets the instance of a user with its information. This always gets the information from the database and never a cached user.

  Parameters:

  conn - The connection.

  userName - The user name.

  Returns:

  The instance holding the potentially authenticated user, or null if the user does not exist in the server's database.

  Throws:

  NotFoundException - If user is not found.

  SQLException - For SQL errors.

• getUser

  public AuthenticatedUser getUser(Connection conn, String userName, String password) throws NotFoundException, SQLException

  Gets the instance of a user with its information.

  Parameters:

  conn - The database connection.

  userName - The user name.

  password - The password hash or the clear text password.

  Returns:

  The instance holding the potentially authenticated user, or null if the user does not exist in the server's database or the password doesn't match.

  Throws:

  NullPointerException - If the userName or password is null.

  NotFoundException - If user is not found.

  SQLException - For SQL errors.

• getUser

  public AuthenticatedUser getUser(long id) throws NotFoundException

  Gets the basic user info for a user from its unique user ID. The value comes from UserInfoBase.id.

  Specified by:

  getUser in interface IAuthenticatedUserProvider

  Parameters:

  id - The unique user ID.

  Returns:

  The user information.

  Throws:

  NotFoundException - If the user ID is not found or an SQL exception occurred.

• getUser

  public AuthenticatedUser getUser(Connection conn, long id) throws NotFoundException, SQLException

  Gets the basic user info for a user from its unique user ID. The value comes from UserInfoBase.id.

  Parameters:

  conn - The connection.

  id - The unique user ID.

  Returns:

  The user information.

  Throws:

  NotFoundException - If user is not found.

  SQLException - For SQL errors.

• validateUser

  public final UserAuthenticationInfo validateUser(UserIdentifier userIdentifier, String appID, String validatePassword)

  Authenticates a user ID and password.

  Parameters:

  userIdentifier - The user identifier.

  appID - The app ID to validate, null to skip this test.

  validatePassword - The password to validate. If the password is empty, the user is authenticated as pre-validation used e.g. by the iiziRun Developer listing possible sessions, etc. When this parameter is null, the real password is not validated.

  Returns:

  The user authentication result.

• validateUser

  public final UserAuthenticationInfo validateUser(UserIdentifier userIdentifier, AppFactory appFactory, String validatePassword)

  Authenticates a user ID and password.

  Parameters:

  userIdentifier - The user identifier.

  appFactory - The app to validate, null to skip this test.

  validatePassword - The password to validate. If the password is empty, the user is authenticated as pre-validation used e.g. by the iiziRun Developer listing possible sessions, etc. When this parameter is null, the real password is not validated.

  Returns:

  The user authentication result.

• createNewPasswordHash

  public final String createNewPasswordHash(String userName, String password)

  Creates a new password hash to store in the database. The password is not decryptable.

  Parameters:

  userName - The basic user information.

  password - The new password.

  Returns:

  The new password hash.

• isOldPasswordMatching

  public final boolean isOldPasswordMatching(BasicUserInfo bui, String oldPassword, String password)

  Verifies that the old password matches before changing to a new one.

  Parameters:

  bui - The basic user information.

  oldPassword - The old (existing) password.

  password - The password.

  Returns:

  true for success, false if not matching.

  Throws:

  RuntimeException - If not called from inside the iiziServer.