Package com.avoka.fc.core.service

Interface ITwoFactorAuthenticationService

All Known Implementing Classes:

GoogleTwoFactorAuthenticationService

public interface ITwoFactorAuthenticationService

Provides a service to verify additional authentication factors (excluding the password) and enrol users for additional authentication factors securely via email.

Since:

4.2.0

Field Summary

Fields

Modifier and Type	Field	Description
static String	PROPERTY_END_OF_GRACE_PERIOD	The "endOfGracePeriod" property name.

Method Summary

Modifier and Type	Method	Description
Date	getEndOfGracePeriod()	Return the date after which users can no longer log on without providing additional authentication factors.
boolean	isInGracePeriod()	Return whether users can currently log on without providing a token prior to having enrolled.
boolean	isValid(Object securityToken, UserAccount userAccount, HttpServletRequest request)	Checks additional authentication factors (not including the password) for a user.
void	sendEnrolmentEmail(UserAccount userAccount, Portal portal)	Send an email with enrolment instructions to the given user.
void	sendResetEmail(UserAccount userAccount, Portal portal)	Send an email with instructions on how to reset multi-factor authentication credentials.

Field Detail

PROPERTY_END_OF_GRACE_PERIOD

static final String PROPERTY_END_OF_GRACE_PERIOD

The "endOfGracePeriod" property name.

See Also:

Constant Field Values

Method Detail

isValid

boolean isValid(Object securityToken,
                UserAccount userAccount,
                HttpServletRequest request)

Checks additional authentication factors (not including the password) for a user.

Parameters:

securityToken - an object containing additional authentication factors, e.g. a one-time password

userAccount - the user account

request - the HTTP servlet request

Returns:

true if the additional authentication factors were verified successfully, false otherwise

getEndOfGracePeriod

Date getEndOfGracePeriod()

Return the date after which users can no longer log on without providing additional authentication factors. If not set, no grace period is being used. Note that once a user has been enrolled for multi-factor authentication, the grace period no longer applies.

Returns:

the end of the grace period

isInGracePeriod

boolean isInGracePeriod()

Return whether users can currently log on without providing a token prior to having enrolled.

Returns:

whether a grace period is currently active

sendEnrolmentEmail

void sendEnrolmentEmail(UserAccount userAccount,
                        Portal portal)

Send an email with enrolment instructions to the given user.

Parameters:

userAccount - the user to enrol (required)

portal - the portal (required)

sendResetEmail

void sendResetEmail(UserAccount userAccount,
                    Portal portal)

Send an email with instructions on how to reset multi-factor authentication credentials.

Parameters:

userAccount - the user (required)

portal - the portal (required)