Package jetbrains.buildServer.serverSide.auth

Interface TwoFactorPasswordManager

    • Method Detail

      • validatePassword

        boolean validatePassword​(@NotNull
                         User user,
                         int password)
        Checks that user has provided correct TOTP password during login attempt.
        Parameters:
        user - user to authenticate
        password - TOTP password defined by six digits
        Returns:
        true if password is correct, false otherwise

      • setRecoveryKeys

        void setRecoveryKeys​(@NotNull
                     SUser user,
                     @NotNull
                     Set<String> keys)
        Receives plaintext recovery keys, hashes and adds new recovery keys for provided user. Old keys are discarded and no longer valid.
        Parameters:
        user - user
        keys - new set of recovery keys

      • validateRecoveryKey

        boolean validateRecoveryKey​(@NotNull
                            SUser user,
                            @NotNull
                            String key)
        Checks that user has provided correct recovery key during login attempt. If provided key exists, returns true and removes it (each key can be used only once).
        Parameters:
        user - user to authenticate
        key - recovery key
        Returns:
        true if recovery key is correct, false otherwise

      • disable2FA

        void disable2FA​(@NotNull
                SUser user)
        Disables 2FA for given user. Removes secret key and recovery keys
        Parameters:
        user - user

      • hasEnabled2FA

        boolean hasEnabled2FA​(@NotNull
                      User user)
        Checks whether provided user has enabled 2FA. 2FA is enabled if user has generated and confirmed secret key
        Parameters:
        user - user
        Returns:
        true if user has set up 2FA, false otherwise

      • shouldAsk2FA

        boolean shouldAsk2FA​(@NotNull
                     SUser user)
        Returns whether 2FA completion should be asked for provided user. For example, in difference to hasEnabled2FA(User), returns true if user has not enabled 2FA and does not have grace period.
        Parameters:
        user - user
        Returns:
        true if 2FA check is required for given user, false otherwise

      • refreshGracePeriod

        void refreshGracePeriod​(@NotNull
                        SUser user)
        Refreshes grace period for given user, when they can login without 2FA. This setting is applicable only for users without 2FA in mandatory mode. If unapplicable - does nothing. Users with active 2FA should not have active grace period in any case.
        Parameters:
        user - user to refresh

      • hasActiveGracePeriod

        default boolean hasActiveGracePeriod​(@NotNull
                                     SUser user)
        Returns if the user has active grace period. It allows to log in without 2FA when mandatory mode is on. The common use case of grace period is newly registered user.
        Parameters:
        user - user
        Returns:
        true if user has active grace period, false otherwise

      • getGracePeriodExpirationDate

        @Nullable
Date getGracePeriodExpirationDate​(@NotNull
                                  SUser user)
        Returns expiration date of user's grace period. If there is no active grace period, returns null instead.
        Parameters:
        user - user
        Returns:
        date of grace period's expiration, null if user has no active grace period

      • addDraftCredentials

        @NotNull
UUID addDraftCredentials​(@NotNull
                         SUser user,
                         @NotNull
                         String secretKey,
                         @NotNull
                         Set<String> recoveryKeys)
        Adds new 2FA credentials (secret key and recovery keys) to be confirmed. Before confirmation, hasEnabled2FA(User) should return false. Unconfirmed credentials are stored in temporary storage with unique token as a key.
        Parameters:
        user - owner of unconfirmed credentials
        secretKey - secret key
        recoveryKeys - recovery keys
        Returns:
        UUID, which is used for key confirmation

      • confirmSecretKey

        void confirmSecretKey​(@NotNull
                      SUser user,
                      @NotNull
                      UUID uuid,
                      int password)
        Attempts to confirm 2FA credentials (secret key and recovery keys) for given user. If the provided password is correct, credentials become bound to user and 2FA is considered enabled.
        Parameters:
        user - user
        uuid - uuid, used to identify the user's unconfirmed credentials
        password - 2FA 6-digit password for unconfirmed secret key

      • is2FAMandatoryForUser

        boolean is2FAMandatoryForUser​(@NotNull
                              SUser user)
        Returns true when 2FA is mandatory for user.
        Parameters:
        user - user
        Returns:
        see above

      • userBelongsToMandatory2FAGroup

        boolean userBelongsToMandatory2FAGroup​(@NotNull
                                       SUser user)
        Returns true when user belongs to mandatory 2FA group, false otherwise. All members of this group have to set up 2FA before grace period ends, like global "Mandatory" mode.
        Parameters:
        user - user
        Returns:
        see above