@Deprecated @Override public GenericResponse checkPasswordResetToken(String token) { if (!usingDeprecatedPasswordEncoder()) { // We cannot proceed without a Customer when using the new PasswordEncoder throw new NoSuchBeanDefinitionException("This method requires the deprecated PasswordEncoder bean"); } return checkPasswordResetToken(token, null); }
@Override public Customer createCustomer() { return createCustomerFromId(null); }
@Deprecated @Override public String encodePassword(String rawPassword, Customer customer) { return encodePass(rawPassword, getSalt(customer, rawPassword)); }
/** * Delegates to either the new {@link PasswordEncoder} or the deprecated {@link org.springframework.security.authentication.encoding.PasswordEncoder PasswordEncoder}. * * @param rawPassword the unencoded password * @param salt the optional salt * @return * @deprecated the new {@link org.springframework.security.crypto.password.PasswordEncoder PasswordEncoder} handles salting internally, this will be removed in 4.2 */ @Deprecated protected String encodePass(String rawPassword, Object salt) { if (usingDeprecatedPasswordEncoder()) { return passwordEncoder.encodePassword(rawPassword, salt); } else { return encodePassword(rawPassword); } }
checkCustomer(customer, response); String token = PasswordUtils.generateSecurePassword(getPasswordTokenLength()); token = token.toLowerCase(); Object salt = getSalt(customer, token); fpst.setToken(encodePass(token, saltString)); fpst.setCreateDate(SystemTime.asDate()); customerForgotPasswordSecurityTokenDao.saveToken(fpst); if (usingDeprecatedPasswordEncoder() && saltString != null) { token = token + '-' + saltString; sendEmail(customer.getEmailAddress(), getForgotPasswordEmailInfo(), vars);
@Override @Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER) public Customer registerCustomer(Customer customer, String password, String passwordConfirm) { customer.setRegistered(true); // When unencodedPassword is set the save() will encode it if (customer.getId() == null) { customer.setId(findNextCustomerId()); } customer.setUnencodedPassword(password); Customer retCustomer = saveCustomer(customer); createRegisteredCustomerRoles(retCustomer); HashMap<String, Object> vars = new HashMap<String, Object>(); vars.put("customer", retCustomer); sendEmail(customer.getEmailAddress(), getRegistrationEmailInfo(), vars); notifyPostRegisterListeners(retCustomer); return retCustomer; }
@Override @Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER) public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) { GenericResponse response = new GenericResponse(); Customer customer = null; if (username != null) { customer = customerDao.readCustomerByUsername(username); } checkCustomer(customer, response); checkPassword(password, confirmPassword, response); CustomerForgotPasswordSecurityToken fpst = checkPasswordResetToken(token, customer, response); if (!response.getHasErrors()) { if (!customer.getId().equals(fpst.getCustomerId())) { if (LOG.isWarnEnabled()) { LOG.warn("Password reset attempt tried with mismatched customer and token " + customer.getId() + ", " + StringUtil.sanitize(token)); } response.addErrorCode("invalidToken"); } } if (!response.getHasErrors()) { customer.setUnencodedPassword(password); customer.setPasswordChangeRequired(false); saveCustomer(customer); invalidateAllTokensForCustomer(customer); } return response; }
@Override public Customer createCustomerFromId(Long customerId) { Customer customer = customerId != null ? readCustomerById(customerId) : null; if (customer == null) { customer = customerDao.create(); if (customerId != null) { customer.setId(customerId); } else { customer.setId(findNextCustomerId()); } } return customer; }
@Override public GenericResponse checkPasswordResetToken(String token, Customer customer) { GenericResponse response = new GenericResponse(); checkPasswordResetToken(token, customer, response); return response; }
@Override public boolean customerPassesCustomerRule(Customer customer, CustomerRuleHolder customerRuleHolder) { String customerRule = customerRuleHolder.getCustomerRule(); Map<String, Object> ruleParams = buildCustomerRuleParams(customer); return customerRule == null || MvelHelper.evaluateRule(customerRule, ruleParams); }
@Override @Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER) public Customer saveCustomer(Customer customer, boolean register) { if (register && !customer.isRegistered()) { customer.setRegistered(true); } if (customer.getUnencodedPassword() != null) { customer.setPassword(encodePassword(customer.getUnencodedPassword(), customer)); } // let's make sure they entered a new challenge answer (we will populate // the password field with hashed values so check that they have changed // id if (customer.getUnencodedChallengeAnswer() != null && !customer.getUnencodedChallengeAnswer().equals(customer.getChallengeAnswer())) { customer.setChallengeAnswer(encodePassword(customer.getUnencodedChallengeAnswer(), customer)); } return customerDao.save(customer); }
@Override public Customer createNewCustomer() { return createCustomerFromId(null); }