contentbox.models.security.ISecurityService
ContentBox - A Modular Content Platform Copyright since 2012 by Ortus Solutions, Corp www.ortussolutions.com/products/contentbox --- This is the ContentBox Security Service needed for security to be implemented in ContentBox
Method Summary | |
---|---|
Author
|
authenticate(any username, any password, [boolean logThemIn])
Authenticate an author via ContentBox credentials. |
boolean
|
authorizeContent(any content, any password)
Check to authorize a user to view a content entry or page. |
Author
|
getAuthorSession()
Get an author from session, or returns a new empty author entity. |
boolean
|
isContentViewable(any content)
Checks Whether a content entry or page is protected and user has credentials for it. |
ISecurityService
|
login(Author author)
Logs in a user into persistence storages for tracking purposes. |
ISecurityService
|
logout()
Delete author session. |
struct
|
resetUserPassword(any token, Author author, any password)
Resets a user's password. |
struct
|
sendPasswordReminder(Author author, [boolean adminIssued], [Author issuer])
Send password reminder for an author. |
boolean
|
validateSecurity([struct rule], [any securedValue], [any controller])
Validates if a user can access an event. |
Method Detail |
---|
Authenticate an author via ContentBox credentials. If the user is not valid an InvalidCredentials is thrown. Required for JWT services The usage of the LogThemIn boolean flag is essential for two-factor authentication, where a user is authenticated but not yet validated by a two-factor mechanism. Thus, the default is to ONLY authenticate but not log them in yet. For our RESTFul API, we can do an authenticate and login at the same time.
username
- The username to validatepassword
- The password to validatelogThemIn
- If true, we will log them in automatically, else it will be the caller's job to do so via the `login()` method.Check to authorize a user to view a content entry or page
content
password
Get an author from session, or returns a new empty author entity
Checks Whether a content entry or page is protected and user has credentials for it
content
Logs in a user into persistence storages for tracking purposes
author
Delete author session
Resets a user's password.
token
author
password
Send password reminder for an author
author
adminIssued
issuer
Validates if a user can access an event. Called via the cbSecurity module.
rule
- The security rule being tested forsecuredValue
controller
- The ColdBox controller calling the validation