1
|
/**
|
2
|
* Copyright (C) 2021 EDIT
|
3
|
* European Distributed Institute of Taxonomy
|
4
|
* http://www.e-taxonomy.eu
|
5
|
*
|
6
|
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
7
|
* See LICENSE.TXT at the top of this package for the full license terms.
|
8
|
*/
|
9
|
package eu.etaxonomy.cdm.api.service.security;
|
10
|
|
11
|
import java.time.Duration;
|
12
|
|
13
|
import org.springframework.mail.MailException;
|
14
|
import org.springframework.util.concurrent.ListenableFuture;
|
15
|
|
16
|
/**
|
17
|
* @author a.kohlbecker
|
18
|
* @since Nov 8, 2021
|
19
|
*/
|
20
|
public interface IPasswordResetService {
|
21
|
|
22
|
public static final int RATE_LIMTER_TIMEOUT_SECONDS = 2;
|
23
|
|
24
|
public static final double PERMITS_PER_SECOND = 0.3;
|
25
|
|
26
|
/**
|
27
|
* Create a request token and send it to the user via email.
|
28
|
*
|
29
|
* Must conform to the recommendations of <a href=
|
30
|
* "https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html">
|
31
|
* https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html</a>
|
32
|
*
|
33
|
* <ul>
|
34
|
* <li>Hides internal processing time differences by sending the email
|
35
|
* asynchronously</li>
|
36
|
* <li>Access to the method is rate limited, see {@link #RATE_LIMIT}</li>
|
37
|
* </ul>
|
38
|
*
|
39
|
* @param userNameOrEmail
|
40
|
* The user name or email address of the user requesting for a
|
41
|
* password reset.
|
42
|
* @param passwordRequestFormUrlTemplate
|
43
|
* A template string for {@code String.format()} for the URL to
|
44
|
* the request form in which the user can enter the new password.
|
45
|
* The template string must contain one string placeholder
|
46
|
* {@code %s} for the request token string.
|
47
|
* @return A <code>Future</code> for a <code>Boolean</code> flag. The
|
48
|
* boolean value will be <code>false</code> in case the max access
|
49
|
* rate for this method has been exceeded and a time out has
|
50
|
* occurred. Internal error states that may
|
51
|
* expose sensitive information are intentionally hidden this way
|
52
|
* (see above link to the Forgot_Password_Cheat_Sheet).
|
53
|
* @throws MailException
|
54
|
* in case sending the email has failed
|
55
|
*/
|
56
|
ListenableFuture<Boolean> emailResetToken(String userNameOrEmail, String passwordRequestFormUrlTemplate) throws MailException;
|
57
|
|
58
|
/**
|
59
|
*
|
60
|
* @param token
|
61
|
* the token string
|
62
|
* @param newPassword
|
63
|
* The new password to set
|
64
|
* @return A <code>Future</code> for a <code>Boolean</code> flag. The
|
65
|
* boolean value will be <code>false</code> in case the max access
|
66
|
* rate for this method has been exceeded and a time out has
|
67
|
* occurred.
|
68
|
* @throws PasswordResetException
|
69
|
* in case an invalid token has been used
|
70
|
* @throws MailException
|
71
|
* in case sending the email has failed
|
72
|
*/
|
73
|
ListenableFuture<Boolean> resetPassword(String token, String newPassword) throws PasswordResetException;
|
74
|
|
75
|
|
76
|
/**
|
77
|
* Requests to the service methods should be rate limited.
|
78
|
* This method allows to set the timeout when waiting for a
|
79
|
* free execution slot. {@link #RATE_LIMTER_TIMEOUT_SECONDS}
|
80
|
* is the default
|
81
|
*/
|
82
|
void setRateLimiterTimeout(Duration timeout);
|
83
|
|
84
|
|
85
|
/**
|
86
|
* see {@link #setRateLimiterTimeout(Duration)}
|
87
|
*
|
88
|
* @return the currently used timeout
|
89
|
*/
|
90
|
Duration getRateLimiterTimeout();
|
91
|
|
92
|
/**
|
93
|
* Requests to the service methods should be rate limited.
|
94
|
* This method allows to override the default rate
|
95
|
* {@link #PERMITS_PER_SECOND}
|
96
|
*/
|
97
|
public void setRate(double rate);
|
98
|
|
99
|
}
|