Package org.rapidcontext.core.type
Class User
java.lang.Object
org.rapidcontext.core.storage.StorableObject
org.rapidcontext.core.type.User
A system user.
- Version:
- 1.0
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The default user realm.static final String
The dictionary key for the oldest valid authentication timestamp.static final String
The dictionary key for the user description.static final String
The dictionary key for the user email address.static final String
The dictionary key for the user enabled flag.static final String
The dictionary key for the user name.static final String
The dictionary key for the user password hash.static final String
The dictionary key for the user realm.static final String
The dictionary key for the user role array.static final String
The dictionary key for the user settings dictionary.static final Path
The user object storage path.Fields inherited from class org.rapidcontext.core.storage.StorableObject
dict, KEY_ACTIVATED_TIME, KEY_CLASSNAME, KEY_ID, KEY_TYPE, PREFIX_COMPUTED, PREFIX_HIDDEN
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionReturns the oldest valid authentication timestamp.createAuthToken
(long expiryTime) Creates an authentication token for this user.static String[]
decodeAuthToken
(String token) Decodes a user authentication token.Returns the user description.email()
Returns the user email address.static String
encodeAuthToken
(String id, long expiry, String hash) Encodes a user authentication token.static User
Searches for a specific user in the storage.boolean
Checks if the user has the specified role.boolean
Checks if the user is enabled.name()
Returns the user name.static Dict
Normalizes a user data object if needed.Returns the user password MD5 hash, encoded as a hexadecimal string.realm()
Returns the user realm.String[]
roles()
Returns an array with all the roles for the user.void
setDescription
(String descr) Sets the user description.void
Sets the user email address.void
setEnabled
(boolean enabled) Sets the user enabled flag.void
Sets the user name.void
setPassword
(String password) Sets the user password.void
setPasswordHash
(String passwordHash) Sets the user password MD5 hash.void
Sets the user realm.void
Sets all the all the roles for the user.settings()
Returns the user settings dictionary.static void
Stores the specified used in the provided storage.void
updateSettings
(Dict updates) Merges updates into the user settings dictionary.boolean
verifyAuthToken
(String token) Verifies that the specified authentication token is valid for this user.boolean
verifyPasswordHash
(String passwordHash) Verifies that the specified password MD5 hash is a match.Methods inherited from class org.rapidcontext.core.storage.StorableObject
activate, activatedTime, destroy, id, init, isActive, isModified, passivate, path, serialize, sterilize, toString, type
-
Field Details
-
DEFAULT_REALM
The default user realm.- See Also:
-
KEY_NAME
The dictionary key for the user name.- See Also:
-
KEY_EMAIL
The dictionary key for the user email address.- See Also:
-
KEY_DESCRIPTION
The dictionary key for the user description.- See Also:
-
KEY_ENABLED
The dictionary key for the user enabled flag.- See Also:
-
KEY_REALM
The dictionary key for the user realm.- See Also:
-
KEY_PASSWORD
The dictionary key for the user password hash.- See Also:
-
KEY_ROLE
The dictionary key for the user role array.- See Also:
-
KEY_AUTHORIZED_TIME
The dictionary key for the oldest valid authentication timestamp.- See Also:
-
KEY_SETTINGS
The dictionary key for the user settings dictionary.- See Also:
-
PATH
The user object storage path.
-
-
Constructor Details
-
User
Creates a new user from a serialized representation.- Parameters:
id
- the object identifiertype
- the object type namedict
- the serialized representation
-
User
Creates a new user with the specified user identifier. The user will be created with a blank password.- Parameters:
id
- the user identifier
-
-
Method Details
-
find
Searches for a specific user in the storage.- Parameters:
storage
- the storage to search inid
- the user identifier- Returns:
- the user found, or null if not found
-
store
Stores the specified used in the provided storage.- Parameters:
storage
- the storage to useuser
- the user to store- Throws:
StorageException
- if the user couldn't be stored
-
normalize
Normalizes a user data object if needed. This method will modify legacy data into the proper keys and values.- Parameters:
id
- the object identifierdict
- the storage data- Returns:
- the storage data (possibly modified)
-
decodeAuthToken
Decodes a user authentication token. If the token isn't valid, the missing parts will be filled with empty values.- Parameters:
token
- the token string- Returns:
- the array of user id, expiry time and validation hash
-
encodeAuthToken
Encodes a user authentication token.- Parameters:
id
- the user idexpiry
- the expire timestamp (in millis)hash
- the data validation hash- Returns:
- the authentication token to be used for login
-
name
Returns the user name.- Returns:
- the user name.
-
setName
Sets the user name.- Parameters:
name
- the user full name
-
email
Returns the user email address.- Returns:
- the user email address.
-
setEmail
Sets the user email address.- Parameters:
email
- the user email address
-
description
Returns the user description.- Returns:
- the user description.
-
setDescription
Sets the user description.- Parameters:
descr
- the user description
-
isEnabled
public boolean isEnabled()Checks if the user is enabled.- Returns:
- true if the user is enabled, or false otherwise
-
setEnabled
public void setEnabled(boolean enabled) Sets the user enabled flag.- Parameters:
enabled
- the enabled flag
-
realm
Returns the user realm.- Returns:
- the user realm.
-
setRealm
Sets the user realm. Note that this method will make the old password impossible to use, since the password hash contains the old realm name. A new password has should be calculated.- Parameters:
realm
- the new user realm
-
passwordHash
Returns the user password MD5 hash, encoded as a hexadecimal string. Avoid using this method to verify the current user password, since it may be blank (any password) or the user might be disabled. Use verifyPasswordHash() instead.- Returns:
- the user password hash
- See Also:
-
setPasswordHash
Sets the user password MD5 hash. The password hash should be created from the string "id:realm:password" and converted to a lower-case hexadecimal string before being sent to this method.- Parameters:
passwordHash
- the new user password MD5 hash- See Also:
-
setPassword
Sets the user password. This method will create a password MD5 hash from the string "id:realm:password" and store that result in the password field. This is an irreversible process, so the original password cannot be retrieved from the object.- Parameters:
password
- the new user password (in clear text)- See Also:
-
verifyPasswordHash
Verifies that the specified password MD5 hash is a match. This method checks that the user is enabled and that the current user password hash is identical to the specified one. If the current password hash is blank, this method will also return true.- Parameters:
passwordHash
- the password hash to check- Returns:
- true if the password hashes are identical, or false otherwise
-
createAuthToken
Creates an authentication token for this user. The token contains the user id, an expire timestamp and a validation hash containing both these values and the current user password. The authentication token can be used for password recovery via email or some other out-of-band delivery mechanism.- Parameters:
expiryTime
- the authentication token expire time (in millis)- Returns:
- the authentication token
-
verifyAuthToken
Verifies that the specified authentication token is valid for this user.- Parameters:
token
- the authentication token- Returns:
- true if the token is valid, or false otherwise
-
hasRole
Checks if the user has the specified role. Note that this method doesn't check for automatic roles.- Parameters:
name
- the role name- Returns:
- true if the user has the role, or false otherwise
- See Also:
-
roles
Returns an array with all the roles for the user.- Returns:
- an array with all the roles
-
setRoles
Sets all the all the roles for the user.- Parameters:
roles
- the array with all roles
-
authorizedTime
Returns the oldest valid authentication timestamp. Any session, auth token or similar created prior is considered invalid.- Returns:
- the oldest valid authentication timestamp
-
settings
Returns the user settings dictionary.- Returns:
- a dictionary with user settings, or a new empty dictionary if not set
-
updateSettings
Merges updates into the user settings dictionary. Keys with null values will be removed from settings and other keys will be overwritten. Any key not listed in the updates will remain unmodified.- Parameters:
updates
- the dictionary with updates
-