contentbox.models.security

Class SecurityService

lucee.Component
    extended by contentbox.models.security.SecurityService

ContentBox - A Modular Content Platform Copyright since 2012 by Ortus Solutions, Corp www.ortussolutions.com/products/contentbox --- Our contentbox security service must match our interface: ISecurityService

Class Attributes:
  • singleton
  •  
  • synchronized : false
  •  
  • accessors : false
  •  
  • persistent : false
  •  
    Property Summary
    type property default serializable required
    any CBHelper


    • access = public
    • returntype = any
    • inject = CBHelper@contentbox
    true false
    any authorService


    • access = public
    • returntype = any
    • inject = authorService@contentbox
    true false
    any bCrypt


    • access = public
    • returntype = any
    • inject = BCrypt@BCrypt
    true false
    any cache


    • access = public
    • returntype = any
    • inject = cachebox:template
    true false
    any cacheStorage


    • access = public
    • returntype = any
    • inject = cacheStorage@cbStorages
    true false
    any cbCSRF


    • access = public
    • returntype = any
    • inject = @cbcsrf
    true false
    any cookieStorage


    • access = public
    • returntype = any
    • inject = cookieStorage@cbStorages
    true false
    any encryptionKey


    • access = public
    • returntype = any
    true false
    any log


    • access = public
    • returntype = any
    • inject = logbox:logger:{this}
    true false
    any mailService


    • access = public
    • returntype = any
    • inject = mailService@cbmailservices
    true false
    any renderer


    • access = public
    • returntype = any
    • inject = coldbox:renderer
    true false
    any requestStorage


    • access = public
    • returntype = any
    • inject = RequestStorage@cbstorages
    true false
    any settingService


    • access = public
    • returntype = any
    • inject = settingService@contentbox
    true false
    any siteService


    • access = public
    • returntype = any
    • inject = siteService@contentbox
    true false
    Constructor Summary
    init()
          Constructor.
    Method Summary
    Author authenticate(any username, any password, [boolean logThemIn='false'])
         Authenticate an author via ContentBox credentials.
    boolean authorizeContent(any content, any password)
         Check to authorize a user to view a content entry or page.
    string decryptIt(any decValue)
         ContentBox Decryption.
    string encryptIt(any encValue)
         ContentBox encryption.
    string encryptString(any string)
         Leverages bcrypt to do a one way encrypt of a string using our salts.
    string generateResetToken(Author author)
         This function will store a reset token in hash for the user to pickup on password resets.
    Author getAuthorSession()
         Tries to get the currently logged in user by using our lookup algorithm:.
    private string getContentProtectedHash(any content)
         Get password content protected salt.
    string getEncryptionKey()
         Verifies we have a salt in our installation.
    any getKeepMeLoggedIn()
         Get keep me logged in cookie.
    any getRealIP()
         Get Real IP, by looking at clustered, proxy headers and locally.
    any getRememberMe()
         Get remember me cookie.
    any getUser()
         Alias to getAuthorSession() created to satisfy JWT Services.
    boolean isContentViewable(any content)
         Checks Whether a content entry or page is protected and user has credentials for it.
    boolean isLoggedIn()
         Verifies if a user is logged in or not.
    Author login(any author)
         Logs an authenticated author into the system.
    SecurityService logout()
         Delete an author session wether web or api based: Required for JWT services.
    struct resetUserPassword(any token, Author author, any password)
         Resets a user's password.
    struct sendPasswordReminder(Author author, [boolean adminIssued='false'], [Author issuer])
         Send password reminder email, this verifies that the email is valid and they must click on the token.
    SecurityService setRememberMe(any username, numeric days='0')
         Set remember me cookie.
    Author updateAuthorLoginTimestamp(any author)
         Update an author's last login timestamp.
    struct validateResetToken(any token)
         This function validates an incoming pw reset token to figure out their user.
     
    Methods inherited from class lucee.Component
    None

    Constructor Detail

    init

    public init()

    Constructor


    Property Detail

    CBHelper

    property any CBHelper

    Attributes:
    access - public
    required - false
    returntype - any
    inject - CBHelper@contentbox
    serializable - true

    authorService

    property any authorService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - authorService@contentbox
    serializable - true

    bCrypt

    property any bCrypt

    Attributes:
    access - public
    required - false
    returntype - any
    inject - BCrypt@BCrypt
    serializable - true

    cache

    property any cache

    Attributes:
    access - public
    required - false
    returntype - any
    inject - cachebox:template
    serializable - true

    cacheStorage

    property any cacheStorage

    Attributes:
    access - public
    required - false
    returntype - any
    inject - cacheStorage@cbStorages
    serializable - true

    cbCSRF

    property any cbCSRF

    Attributes:
    access - public
    required - false
    returntype - any
    inject - @cbcsrf
    serializable - true

    cookieStorage

    property any cookieStorage

    Attributes:
    access - public
    required - false
    returntype - any
    inject - cookieStorage@cbStorages
    serializable - true

    encryptionKey

    property any encryptionKey

    Attributes:
    access - public
    required - false
    returntype - any
    serializable - true

    log

    property any log

    Attributes:
    access - public
    required - false
    returntype - any
    inject - logbox:logger:{this}
    serializable - true

    mailService

    property any mailService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - mailService@cbmailservices
    serializable - true

    renderer

    property any renderer

    Attributes:
    access - public
    required - false
    returntype - any
    inject - coldbox:renderer
    serializable - true

    requestStorage

    property any requestStorage

    Attributes:
    access - public
    required - false
    returntype - any
    inject - RequestStorage@cbstorages
    serializable - true

    settingService

    property any settingService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - settingService@contentbox
    serializable - true

    siteService

    property any siteService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - siteService@contentbox
    serializable - true

    Method Detail

    authenticate

    public Author authenticate(any username, any password, [boolean logThemIn='false'])

    Authenticate an author via ContentBox credentials. If the user is not valid an InvalidCredentials is thrown. Required for JWT services The usage of the LogThemIn boolean flag is essential for two-factor authentication, where a user is authenticated but not yet validated by a two-factor mechanism. Thus, the default is to ONLY authenticate but not log them in yet. For our RESTFul API, we can do an authenticate and login at the same time.

    Parameters:
    username - The username to validate
    password - The password to validate
    logThemIn - If true, we will log them in automatically, else it will be the caller's job to do so via the `login()` method.
    Returns:
    User : The logged in user object
    Throws:
    InvalidCredentials

    authorizeContent

    public boolean authorizeContent(any content, any password)

    Check to authorize a user to view a content entry or page

    Parameters:
    content - The content object
    password - The password to check

    decryptIt

    public string decryptIt(any decValue)

    ContentBox Decryption

    Parameters:
    decValue - value to decrypt

    encryptIt

    public string encryptIt(any encValue)

    ContentBox encryption

    Parameters:
    encValue - value to encrypt

    encryptString

    public string encryptString(any string)

    Leverages bcrypt to do a one way encrypt of a string using our salts

    Parameters:
    string - The string to bcrypt

    generateResetToken

    public string generateResetToken(Author author)

    This function will store a reset token in hash for the user to pickup on password resets

    Parameters:
    author - The author to create the reset token for.

    getAuthorSession

    public Author getAuthorSession()

    Tries to get the currently logged in user by using our lookup algorithm: - Look in request storage - Look in cache - Look in remember me cookie - Tough look, you are an invalid user, return an unauthenticated user

    Returns:
    Logged in or new author object

    getContentProtectedHash

    private string getContentProtectedHash(any content)

    Get password content protected salt

    Parameters:
    content - The content object

    getEncryptionKey

    public string getEncryptionKey()

    Verifies we have a salt in our installation if not, it will generate a new cb_enc_key


    getKeepMeLoggedIn

    public any getKeepMeLoggedIn()

    Get keep me logged in cookie


    getRealIP

    public any getRealIP()

    Get Real IP, by looking at clustered, proxy headers and locally.


    getRememberMe

    public any getRememberMe()

    Get remember me cookie


    getUser

    public any getUser()

    Alias to getAuthorSession() created to satisfy JWT Services


    isContentViewable

    public boolean isContentViewable(any content)

    Checks Whether a content entry or page is protected and user has credentials for it

    Parameters:
    content - The content object to check

    isLoggedIn

    public boolean isLoggedIn()

    Verifies if a user is logged in or not. Required for JWT Services


    login

    public Author login(any author)

    Logs an authenticated author into the system. Required for JWT services

    Parameters:
    author - The author to log in

    logout

    public SecurityService logout()

    Delete an author session wether web or api based: Required for JWT services

    Returns:
    SecurityService

    resetUserPassword

    public struct resetUserPassword(any token, Author author, any password)

    Resets a user's password.

    Parameters:
    token - Security token
    author - The author you are reseting the password for
    password - The password you have chosen
    Returns:
    {error:boolean, messages:string}

    sendPasswordReminder

    public struct sendPasswordReminder(Author author, [boolean adminIssued='false'], [Author issuer])

    Send password reminder email, this verifies that the email is valid and they must click on the token link in order to reset their password.

    Parameters:
    author - The author to send the reminder to
    adminIssued - Was this reset issued by a user or an admin
    issuer - The admin that issued the reset
    Returns:
    The mailing results of the password reminder: struct.

    setRememberMe

    public SecurityService setRememberMe(any username, numeric days='0')

    Set remember me cookie

    Parameters:
    username - The username to store
    days - The days to store

    updateAuthorLoginTimestamp

    public Author updateAuthorLoginTimestamp(any author)

    Update an author's last login timestamp

    Parameters:
    author - The author object

    validateResetToken

    public struct validateResetToken(any token)

    This function validates an incoming pw reset token to figure out their user. The token is not removed just yet. It will be removed once the password has been reset.

    Parameters:
    token - The security token
    Returns:
    {error, author}