Interface ITwoFactorAuthenticationService

All Known Implementing Classes:
GoogleTwoFactorAuthenticationService

public interface ITwoFactorAuthenticationService
Provides a service to verify additional authentication factors (excluding the password) and enrol users for additional authentication factors securely via email.
Since:
4.2.0
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    The "endOfGracePeriod" property name.
  • Method Summary

    Modifier and Type
    Method
    Description
    Return the date after which users can no longer log on without providing additional authentication factors.
    boolean
    Return whether users can currently log on without providing a token prior to having enrolled.
    boolean
    isValid(Object securityToken, UserAccount userAccount, jakarta.servlet.http.HttpServletRequest request)
    Checks additional authentication factors (not including the password) for a user.
    void
    sendEnrolmentEmail(UserAccount userAccount, Portal portal)
    Send an email with enrolment instructions to the given user.
    void
    sendResetEmail(UserAccount userAccount, Portal portal)
    Send an email with instructions on how to reset multi-factor authentication credentials.
  • Field Details

    • PROPERTY_END_OF_GRACE_PERIOD

      static final String PROPERTY_END_OF_GRACE_PERIOD
      The "endOfGracePeriod" property name.
      See Also:
  • Method Details

    • isValid

      boolean isValid(Object securityToken, UserAccount userAccount, jakarta.servlet.http.HttpServletRequest request)
      Checks additional authentication factors (not including the password) for a user.
      Parameters:
      securityToken - an object containing additional authentication factors, e.g. a one-time password
      userAccount - the user account
      request - the HTTP servlet request
      Returns:
      true if the additional authentication factors were verified successfully, false otherwise
    • getEndOfGracePeriod

      Date getEndOfGracePeriod()
      Return the date after which users can no longer log on without providing additional authentication factors. If not set, no grace period is being used. Note that once a user has been enrolled for multi-factor authentication, the grace period no longer applies.
      Returns:
      the end of the grace period
    • isInGracePeriod

      boolean isInGracePeriod()
      Return whether users can currently log on without providing a token prior to having enrolled.
      Returns:
      whether a grace period is currently active
    • sendEnrolmentEmail

      void sendEnrolmentEmail(UserAccount userAccount, Portal portal)
      Send an email with enrolment instructions to the given user.
      Parameters:
      userAccount - the user to enrol (required)
      portal - the portal (required)
    • sendResetEmail

      void sendResetEmail(UserAccount userAccount, Portal portal)
      Send an email with instructions on how to reset multi-factor authentication credentials.
      Parameters:
      userAccount - the user (required)
      portal - the portal (required)