FuseGuard Logo

fuseguard.components.authenticators
Component BaseAuthenticator

authenticators.BaseAuthenticator

The base authentication component (abstract)

Method Summary
public any init([any firewallInstance])
          Initialize the Authenticator on firewall configure.
package void auditUserEvent([string user_id="0"], string event_type, string event_description)
          I log a user action
public boolean authenticate(string username, string password)
          I authenticate a user credential
public boolean authenticateByToken([string auth_token="#getAuthenticationCookieValue()#"])
public boolean canEditUsers()
          Returns true if this Authenticator supports the methods to edit users and change passwords
public boolean changeForgotPassword(string email, string password, string confirm_password, string forgot_password_hash)
public void changePassword(string user_id, string old_password, string new_password, string confirm_password)
          Used to change a users password
public boolean constantTimeCompare([string a], [string b])
          Returns true if same string. Does not return early if difference found to avoid timing flaws.
package string createAuthenticationToken([string user_id], [string password_hash], [string token])
public void deleteAuthenticationCookie()
          I remove the authenication cookie value.
package string generateForgotPasswordToken([any user_id])
public string generateHash([string data], [string algorithm="#getHashAlgorithm()#"], [string salt="#generateToken()#"], [any work_factor="#getWorkFactor()#"], [any keysize="#getKeySize()#"])
          Performs a Hash Operation
public any generateToken()
          Returns a token to be stored with the user account.
public query getAllUsers()
          Returns a query of all users with columns id,username,email,roles,enabled
public string getAuthenticatedUserID()
          Returns authenticated user id or 0 if not authenticated
public string getAuthenticatedUserRoles()
          Returns authenticated user roles or empty string if not authenticated
public string getAuthenticatedUserToken()
public string getAuthenticationCookieValue()
          I return authentication cookie value
public string getDefaultHashAlgorithm()
          Returns the default password hashing algorithm for this implementation.
public string getDescription()
          Returns a description of where the data is stored, eg datasource name.
public string getHashAlgorithm()
          Returns the hashing algorithm used to hash passwords
public string getKeySize()
          Returns the password storage key size
public numeric getMinimumPasswordLength()
          Returns the minimum password length
public string getTokenType()
          Returns one of AES,DES,DESEDE,BLOWFISH, or UUID
public query getUserByEmail([any email])
          Returns user info query by email address
public query getUserByID([any user_id])
          Returns a query with columns id, username, token, email, password, enabled, roles
public string getWorkFactor()
          Returns the password work factor
public boolean isAuthenticatedUserAdmin()
          Returns true if authenticated user has admin role.
public boolean isAuthenticatedUserInRole([variablename role="admin"])
          Returns true if the user is authenticated
public boolean isPasswordValid(string password)
          Used to validate that a password matches required criteria, (eg min length)
public boolean isUserAuthenticated()
          Returns true if a user is authenticated.
public void logout()
          Removes all authentication cookies
public void sendForgotPasswordEmail(string email)
package void setAuthenticationCookie([string auth_token])
public void setHashAlgorithm([string algorithm])
          Changes the hashing algorithm used. WARNING if you change this you may not be able to login without updating your data.
package void setIsAuthenticated([string user_id], [string username], [string email], [string password_hash], [string token], [string roles=""], [string auth_token=""])
public void setKeySize([any size="256"])
          Used to set the password storage key size.
public void setMinimumPasswordLength([numeric length="5"])
          Used to set the minimum password length
public void setWorkFactor([any work_factor="10000"])
          Used to set the password storage work factor.
public string updateUser([string user_id], [struct user])
          Updates or creates a user by passing in a struct with keys email, roles, enabled, etc. Performs security checks to make sure the current user may perform this action as well. Returns the user id of the new or existing user.
package boolean verifyForgotPasswordToken([any user_id], [any token])
public boolean verifyHash([string hashData], [string plainData])
          Checks a hash value against a plain text value
 

Method Detail

auditUserEvent

package void auditUserEvent([string user_id="0"], string event_type, string event_description)
I log a user action

Parameters:
[string user_id="0"]
string event_type
string event_description

authenticate

public boolean authenticate(string username, string password)
I authenticate a user credential

Parameters:
string username
string password

authenticateByToken

public boolean authenticateByToken([string auth_token="#getAuthenticationCookieValue()#"])
Parameters:
[string auth_token="#getAuthenticationCookieValue()#"]

canEditUsers

public boolean canEditUsers()
Returns true if this Authenticator supports the methods to edit users and change passwords


changeForgotPassword

public boolean changeForgotPassword(string email, string password, string confirm_password, string forgot_password_hash)
Parameters:
string email
string password
string confirm_password
string forgot_password_hash

changePassword

public void changePassword(string user_id, string old_password, string new_password, string confirm_password)
Used to change a users password

Parameters:
string user_id
string old_password
string new_password
string confirm_password

constantTimeCompare

public boolean constantTimeCompare([string a], [string b])
Returns true if same string. Does not return early if difference found to avoid timing flaws.

Parameters:
[string a]
[string b]

createAuthenticationToken

package string createAuthenticationToken([string user_id], [string password_hash], [string token])
Parameters:
[string user_id]
[string password_hash]
[string token]

deleteAuthenticationCookie

public void deleteAuthenticationCookie()
I remove the authenication cookie value.


generateForgotPasswordToken

package string generateForgotPasswordToken([any user_id])
Parameters:
[any user_id]

generateHash

public string generateHash([string data], [string algorithm="#getHashAlgorithm()#"], [string salt="#generateToken()#"], [any work_factor="#getWorkFactor()#"], [any keysize="#getKeySize()#"])
Performs a Hash Operation

Parameters:
[string data]
[string algorithm="#getHashAlgorithm()#"]
[string salt="#generateToken()#"]
[any work_factor="#getWorkFactor()#"]
[any keysize="#getKeySize()#"]

generateToken

public any generateToken()
Returns a token to be stored with the user account.


getAllUsers

public query getAllUsers()
Returns a query of all users with columns id,username,email,roles,enabled


getAuthenticatedUserID

public string getAuthenticatedUserID()
Returns authenticated user id or 0 if not authenticated


getAuthenticatedUserRoles

public string getAuthenticatedUserRoles()
Returns authenticated user roles or empty string if not authenticated


getAuthenticatedUserToken

public string getAuthenticatedUserToken()

getAuthenticationCookieValue

public string getAuthenticationCookieValue()
I return authentication cookie value


getDefaultHashAlgorithm

public string getDefaultHashAlgorithm()
Returns the default password hashing algorithm for this implementation.


getDescription

public string getDescription()
Returns a description of where the data is stored, eg datasource name.


getHashAlgorithm

public string getHashAlgorithm()
Returns the hashing algorithm used to hash passwords


getKeySize

public string getKeySize()
Returns the password storage key size


getMinimumPasswordLength

public numeric getMinimumPasswordLength()
Returns the minimum password length


getTokenType

public string getTokenType()
Returns one of AES,DES,DESEDE,BLOWFISH, or UUID


getUserByEmail

public query getUserByEmail([any email])
Returns user info query by email address

Parameters:
[any email]

getUserByID

public query getUserByID([any user_id])
Returns a query with columns id, username, token, email, password, enabled, roles

Parameters:
[any user_id]

getWorkFactor

public string getWorkFactor()
Returns the password work factor


init

public any init([any firewallInstance])
Initialize the Authenticator on firewall configure.

Parameters:
[any firewallInstance]

isAuthenticatedUserAdmin

public boolean isAuthenticatedUserAdmin()
Returns true if authenticated user has admin role.


isAuthenticatedUserInRole

public boolean isAuthenticatedUserInRole([variablename role="admin"])
Returns true if the user is authenticated

Parameters:
[variablename role="admin"]

isPasswordValid

public boolean isPasswordValid(string password)
Used to validate that a password matches required criteria, (eg min length)

Parameters:
string password

isUserAuthenticated

public boolean isUserAuthenticated()
Returns true if a user is authenticated.


logout

public void logout()
Removes all authentication cookies


sendForgotPasswordEmail

public void sendForgotPasswordEmail(string email)
Parameters:
string email

setAuthenticationCookie

package void setAuthenticationCookie([string auth_token])
Parameters:
[string auth_token]

setHashAlgorithm

public void setHashAlgorithm([string algorithm])
Changes the hashing algorithm used. WARNING if you change this you may not be able to login without updating your data.

Parameters:
[string algorithm]

setIsAuthenticated

package void setIsAuthenticated([string user_id], [string username], [string email], [string password_hash], [string token], [string roles=""], [string auth_token=""])
Parameters:
[string user_id]
[string username]
[string email]
[string password_hash]
[string token]
[string roles=""]
[string auth_token=""]

setKeySize

public void setKeySize([any size="256"])
Used to set the password storage key size.

Parameters:
[any size="256"]

setMinimumPasswordLength

public void setMinimumPasswordLength([numeric length="5"])
Used to set the minimum password length

Parameters:
[numeric length="5"]

setWorkFactor

public void setWorkFactor([any work_factor="10000"])
Used to set the password storage work factor.

Parameters:
[any work_factor="10000"]

updateUser

public string updateUser([string user_id], [struct user])
Updates or creates a user by passing in a struct with keys email, roles, enabled, etc. Performs security checks to make sure the current user may perform this action as well. Returns the user id of the new or existing user.

Parameters:
[string user_id]
[struct user]

verifyForgotPasswordToken

package boolean verifyForgotPasswordToken([any user_id], [any token])
Parameters:
[any user_id]
[any token]

verifyHash

public boolean verifyHash([string hashData], [string plainData])
Checks a hash value against a plain text value

Parameters:
[string hashData]
[string plainData]