contentbox.models.security

Interface ISecurityService

contentbox.models.security.ISecurityService

ContentBox - A Modular Content Platform Copyright since 2012 by Ortus Solutions, Corp www.ortussolutions.com/products/contentbox --- This is the ContentBox Security Service needed for security to be implemented in ContentBox

Class Attributes:
None
Method Summary
Author authenticate(any username, any password, [boolean logThemIn])
     Authenticate an author via ContentBox credentials.
boolean authorizeContent(any content, any password)
     Check to authorize a user to view a content entry or page.
Author getAuthorSession()
     Get an author from session, or returns a new empty author entity.
boolean isContentViewable(any content)
     Checks Whether a content entry or page is protected and user has credentials for it.
ISecurityService login(Author author)
     Logs in a user into persistence storages for tracking purposes.
ISecurityService logout()
     Delete author session.
struct resetUserPassword(any token, Author author, any password)
     Resets a user's password.
struct sendPasswordReminder(Author author, [boolean adminIssued], [Author issuer])
     Send password reminder for an author.
boolean validateSecurity([struct rule], [any securedValue], [any controller])
     Validates if a user can access an event.

Method Detail

authenticate

public Author authenticate(any username, any password, [boolean logThemIn])

Authenticate an author via ContentBox credentials. If the user is not valid an InvalidCredentials is thrown. Required for JWT services The usage of the LogThemIn boolean flag is essential for two-factor authentication, where a user is authenticated but not yet validated by a two-factor mechanism. Thus, the default is to ONLY authenticate but not log them in yet. For our RESTFul API, we can do an authenticate and login at the same time.

Parameters:
username - The username to validate
password - The password to validate
logThemIn - If true, we will log them in automatically, else it will be the caller's job to do so via the `login()` method.
Returns:
User : The logged in user object
Throws:
InvalidCredentials

authorizeContent

public boolean authorizeContent(any content, any password)

Check to authorize a user to view a content entry or page

Parameters:
content
password

getAuthorSession

public Author getAuthorSession()

Get an author from session, or returns a new empty author entity


isContentViewable

public boolean isContentViewable(any content)

Checks Whether a content entry or page is protected and user has credentials for it

Parameters:
content

login

public ISecurityService login(Author author)

Logs in a user into persistence storages for tracking purposes

Parameters:
author

logout

public ISecurityService logout()

Delete author session


resetUserPassword

public struct resetUserPassword(any token, Author author, any password)

Resets a user's password.

Parameters:
token
author
password
Returns:
{error:boolean, messages:string}

sendPasswordReminder

public struct sendPasswordReminder(Author author, [boolean adminIssued], [Author issuer])

Send password reminder for an author

Parameters:
author
adminIssued
issuer

validateSecurity

public boolean validateSecurity([struct rule], [any securedValue], [any controller])

Validates if a user can access an event. Called via the cbSecurity module.

Parameters:
rule - The security rule being tested for
securedValue
controller - The ColdBox controller calling the validation