Package jetbrains.buildServer.serverSide.auth.impl

Class SecureTwoFactorPasswordManager

    • Method Detail

      • validatePassword

        public boolean validatePassword​(@NotNull
                                User user,
                                int password)
        Description copied from interface: TwoFactorPasswordManager
        Checks that user has provided correct TOTP password during login attempt.
        Specified by:
        validatePassword in interface TwoFactorPasswordManager
        Parameters:
        user - user to authenticate
        password - TOTP password defined by six digits
        Returns:
        true if password is correct, false otherwise

      • setRecoveryKeys

        public void setRecoveryKeys​(@NotNull
                            SUser user,
                            @NotNull
                            Set<String> keys)
        Description copied from interface: TwoFactorPasswordManager
        Receives plaintext recovery keys, hashes and adds new recovery keys for provided user. Old keys are discarded and no longer valid.
        Specified by:
        setRecoveryKeys in interface TwoFactorPasswordManager
        Parameters:
        user - user
        keys - new set of recovery keys

      • validateRecoveryKey

        public boolean validateRecoveryKey​(@NotNull
                                   SUser user,
                                   @NotNull
                                   String key)
        Description copied from interface: TwoFactorPasswordManager
        Checks that user has provided correct recovery key during login attempt. If provided key exists, returns true and removes it (each key can be used only once).
        Specified by:
        validateRecoveryKey in interface TwoFactorPasswordManager
        Parameters:
        user - user to authenticate
        key - recovery key
        Returns:
        true if recovery key is correct, false otherwise

      • hasEnabled2FA

        public boolean hasEnabled2FA​(@NotNull
                             User user)
        Description copied from interface: TwoFactorPasswordManager
        Checks whether provided user has enabled 2FA. 2FA is enabled if user has generated and confirmed secret key
        Specified by:
        hasEnabled2FA in interface TwoFactorPasswordManager
        Parameters:
        user - user
        Returns:
        true if user has set up 2FA, false otherwise

      • refreshGracePeriod

        public void refreshGracePeriod​(@NotNull
                               SUser user)
        Description copied from interface: TwoFactorPasswordManager
        Refreshes grace period for given user, when they can login without 2FA. This setting is applicable only for users without 2FA in mandatory mode. If unapplicable - does nothing. Users with active 2FA should not have active grace period in any case.
        Specified by:
        refreshGracePeriod in interface TwoFactorPasswordManager
        Parameters:
        user - user to refresh

      • getGracePeriodExpirationDate

        @Nullable
public Date getGracePeriodExpirationDate​(@NotNull
                                         SUser user)
        Description copied from interface: TwoFactorPasswordManager
        Returns expiration date of user's grace period. If there is no active grace period, returns null instead.
        Specified by:
        getGracePeriodExpirationDate in interface TwoFactorPasswordManager
        Parameters:
        user - user
        Returns:
        date of grace period's expiration, null if user has no active grace period

      • addDraftCredentials

        @NotNull
public UUID addDraftCredentials​(@NotNull
                                SUser user,
                                @NotNull
                                String secretKey,
                                @NotNull
                                Set<String> recoveryKeys)
        Description copied from interface: TwoFactorPasswordManager
        Adds new 2FA credentials (secret key and recovery keys) to be confirmed. Before confirmation, TwoFactorPasswordManager.hasEnabled2FA(User) should return false. Unconfirmed credentials are stored in temporary storage with unique token as a key.
        Specified by:
        addDraftCredentials in interface TwoFactorPasswordManager
        Parameters:
        user - owner of unconfirmed credentials
        secretKey - secret key
        recoveryKeys - recovery keys
        Returns:
        UUID, which is used for key confirmation

      • confirmSecretKey

        public void confirmSecretKey​(@NotNull
                             SUser user,
                             @NotNull
                             UUID uuid,
                             int password)
        Description copied from interface: TwoFactorPasswordManager
        Attempts to confirm 2FA credentials (secret key and recovery keys) for given user. If the provided password is correct, credentials become bound to user and 2FA is considered enabled.
        Specified by:
        confirmSecretKey in interface TwoFactorPasswordManager
        Parameters:
        user - user
        uuid - uuid, used to identify the user's unconfirmed credentials
        password - 2FA 6-digit password for unconfirmed secret key

      • userBelongsToMandatory2FAGroup

        public boolean userBelongsToMandatory2FAGroup​(@NotNull
                                              SUser user)
        Description copied from interface: TwoFactorPasswordManager
        Returns true when user belongs to mandatory 2FA group, false otherwise. All members of this group have to set up 2FA before grace period ends, like global "Mandatory" mode.
        Specified by:
        userBelongsToMandatory2FAGroup in interface TwoFactorPasswordManager
        Parameters:
        user - user
        Returns:
        see above