PasswordRecoveryService

public interface PasswordRecoveryService

Service that defines APIs to manage password recovery

Methods

cleanUpExpiredRecoveries

void cleanUpExpiredRecoveries()

Removes all expired recoveries

oneTimeTokenOpenId

String oneTimeTokenOpenId(String email)

Creates an one time token for OpenId for the user with the given email address and sends a recovery email

Parameters:
  • email – address of the user
Throws:
Returns:

the recovery token that can be used for resetting the password

oneTimeTokenOpenId

String oneTimeTokenOpenId(String email, boolean notify)

Creates an one time token for OpenId for the user with the given email address, with an optional email notification.

Parameters:
  • email – address of the user
  • notify – about the recovery
Throws:
Returns:

the recovery token that can be used for resetting the password

oneTimeTokenOpenId

String oneTimeTokenOpenId(String email, DateTime expiration, boolean notify)

Creates an one time token for OpenId for the user with the given email address, with an optional email notification. The recovery will expire on the given date.

Parameters:
  • email – address of the user
  • expiration – date of recovery, it shouldn’t be a past date
  • notify – about the recovery
Throws:
Returns:

the recovery token that can be used for resetting the password

passwordRecoveryRequest

String passwordRecoveryRequest(String email)

Creates password recovery for the user with the given email address and sends a recovery email

Parameters:
  • email – address of the user
Throws:
Returns:

the recovery token that can be used for resetting the password

passwordRecoveryRequest

String passwordRecoveryRequest(String email, boolean notify)

Creates password recovery for the user with the given email address, with an optional email notification.

Parameters:
  • email – address of the user
  • notify – about the recovery
Throws:
Returns:

the recovery token that can be used for resetting the password

passwordRecoveryRequest

String passwordRecoveryRequest(String email, DateTime expiration)

Creates password recovery for the user with the given email address and sends a recovery email. The recovery will expire on the given date.

Parameters:
  • email – address of the user
  • expiration – date of recovery, it shouldn’t be a past date
Throws:
Returns:

the recovery token that can be used for resetting the password

passwordRecoveryRequest

String passwordRecoveryRequest(String email, DateTime expiration, boolean notify)

Creates password recovery for the user with the given email address, with an optional email notification. The recovery will expire on the given date.

Parameters:
  • email – address of the user
  • expiration – date of recovery, it shouldn’t be a past date
  • notify – about the recovery
Throws:
Returns:

the recovery token that can be used for resetting the password

resetPassword

void resetPassword(String token, String password, String passwordConfirmation)

Sets new password for user from token

Parameters:
Throws:

validateToken

boolean validateToken(String token)

Checks if there’s a not expired org.motechproject.security.domain.PasswordRecovery for given token

Parameters:
  • token – to validate
Returns:

true if recovery exists, otherwise false

validateTokenAndLoginUser

void validateTokenAndLoginUser(String token, HttpServletRequest request, HttpServletResponse response)

Creates new openId Token for user from token as long as there’s a org.motechproject.security.domain.PasswordRecovery for that token and redirect to home page. If there’s no such recovery then redirect to login page

Parameters:
  • token – for password recovery
  • request – for session
  • response – for session
Throws:
  • IOException – when response cannot redirect to given URL (home or login page)