contentbox.models.security

Class SecurityService

lucee.Component
    extended by contentbox.models.security.SecurityService
All Implemented Interfaces:
ISecurityService

ContentBox - A Modular Content Platform Copyright since 2012 by Ortus Solutions, Corp www.ortussolutions.com/products/contentbox --- Our contentbox security service

Class Attributes:
  • singleton
  •  
  • synchronized : false
  •  
  • accessors : false
  •  
  • persistent : false
  •  
    Property Summary
    type property default serializable required
    any authorService


    • access = public
    • returntype = any
    • inject = id:authorService@cb
    true false
    any bCrypt


    • access = public
    • returntype = any
    • inject = BCrypt@BCrypt
    true false
    any cache


    • access = public
    • returntype = any
    • inject = cachebox:default
    true false
    any CBHelper


    • access = public
    • returntype = any
    • inject = id:CBHelper@cb
    true false
    any cookieStorage


    • access = public
    • returntype = any
    • inject = cookieStorage@cbStorages
    true false
    any log


    • access = public
    • returntype = any
    • inject = logbox:logger:{this}
    true false
    any mailService


    • access = public
    • returntype = any
    • inject = mailService@cbmailservices
    true false
    any renderer


    • access = public
    • returntype = any
    • inject = provider:ColdBoxRenderer
    true false
    any sessionStorage


    • access = public
    • returntype = any
    • inject = sessionStorage@cbStorages
    true false
    any settingService


    • access = public
    • returntype = any
    • inject = id:settingService@cb
    true false
    Constructor Summary
    init()
          Constructor.
    Method Summary
    boolean authenticate(any username, any password)
         Verify if an author is valid.
    boolean authorizeContent(any content, any password)
         Check to authorize a user to view a content entry or page.
    string decryptIt(any decValue)
         ContentBox Decryption.
    string encryptIt(any encValue)
         ContentBox encryption.
    string encryptString(any string)
         Leverages bcrypt to encrypt a string.
    Author getAuthorSession()
         Get an author from session, or returns a new empty author entity.
    private string getContentProtectedHash(any content)
         Get password content protected salt.
    string getEncryptionKey()
         Verifies we have a salt in our installation.
    any getKeepMeLoggedIn()
         Get keep me logged in cookie.
    any getRememberMe()
         Get remember me cookie.
    boolean isContentViewable(any content)
         Checks Whether a content entry or page is protected and user has credentials for it.
    ISecurityService logout()
         Delete author session.
    struct resetUserPassword(any token)
         Resets a user's password if the passed in token is valid.
    ISecurityService sendPasswordReminder(Author author)
         Send password reminder email.
    ISecurityService setAuthorSession(Author author)
         Set a new author in session.
    ISecurityService setRememberMe(any username, numeric days='0')
         Set remember me cookie.
    ISecurityService updateAuthorLoginTimestamp(any author)
         Update an author's last login timestamp.
    boolean userValidator(struct rule, [any controller])
         User validator via security interceptor.
     
    Methods inherited from class lucee.Component
    None

    Constructor Detail

    init

    public init()

    Constructor


    Property Detail

    authorService

    property any authorService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - id:authorService@cb
    serializable - true

    bCrypt

    property any bCrypt

    Attributes:
    access - public
    required - false
    returntype - any
    inject - BCrypt@BCrypt
    serializable - true

    cache

    property any cache

    Attributes:
    access - public
    required - false
    returntype - any
    inject - cachebox:default
    serializable - true

    CBHelper

    property any CBHelper

    Attributes:
    access - public
    required - false
    returntype - any
    inject - id:CBHelper@cb
    serializable - true

    cookieStorage

    property any cookieStorage

    Attributes:
    access - public
    required - false
    returntype - any
    inject - cookieStorage@cbStorages
    serializable - true

    log

    property any log

    Attributes:
    access - public
    required - false
    returntype - any
    inject - logbox:logger:{this}
    serializable - true

    mailService

    property any mailService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - mailService@cbmailservices
    serializable - true

    renderer

    property any renderer

    Attributes:
    access - public
    required - false
    returntype - any
    inject - provider:ColdBoxRenderer
    serializable - true

    sessionStorage

    property any sessionStorage

    Attributes:
    access - public
    required - false
    returntype - any
    inject - sessionStorage@cbStorages
    serializable - true

    settingService

    property any settingService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - id:settingService@cb
    serializable - true

    Method Detail

    authenticate

    public boolean authenticate(any username, any password)

    Verify if an author is valid

    Specified by:
    authenticate in interface ISecurityService
    Parameters:
    username - The username to validate
    password - The password to validate

    authorizeContent

    public boolean authorizeContent(any content, any password)

    Check to authorize a user to view a content entry or page

    Specified by:
    authorizeContent in interface ISecurityService
    Parameters:
    content - The content object
    password - The password to check

    decryptIt

    public string decryptIt(any decValue)

    ContentBox Decryption

    Parameters:
    decValue - value to decrypt

    encryptIt

    public string encryptIt(any encValue)

    ContentBox encryption

    Parameters:
    encValue - value to encrypt

    encryptString

    public string encryptString(any string)

    Leverages bcrypt to encrypt a string

    Parameters:
    string - The string to bcrypt

    getAuthorSession

    public Author getAuthorSession()

    Get an author from session, or returns a new empty author entity

    Specified by:
    getAuthorSession in interface ISecurityService

    getContentProtectedHash

    private string getContentProtectedHash(any content)

    Get password content protected salt

    Parameters:
    content - The content object

    getEncryptionKey

    public string getEncryptionKey()

    Verifies we have a salt in our installation if not, it will generate a new cb_enc_key


    getKeepMeLoggedIn

    public any getKeepMeLoggedIn()

    Get keep me logged in cookie


    getRememberMe

    public any getRememberMe()

    Get remember me cookie


    isContentViewable

    public boolean isContentViewable(any content)

    Checks Whether a content entry or page is protected and user has credentials for it

    Specified by:
    isContentViewable in interface ISecurityService
    Parameters:
    content - The content object to check

    logout

    public ISecurityService logout()

    Delete author session

    Specified by:
    logout in interface ISecurityService
    Returns:
    SecurityService

    resetUserPassword

    public struct resetUserPassword(any token)

    Resets a user's password if the passed in token is valid

    Parameters:
    token - Security token

    sendPasswordReminder

    public ISecurityService sendPasswordReminder(Author author)

    Send password reminder email

    Specified by:
    sendPasswordReminder in interface ISecurityService
    Parameters:
    author - The author to send the reminder to

    setAuthorSession

    public ISecurityService setAuthorSession(Author author)

    Set a new author in session

    Specified by:
    setAuthorSession in interface ISecurityService
    Parameters:
    author - The author to store
    Returns:
    SecurityService

    setRememberMe

    public ISecurityService setRememberMe(any username, numeric days='0')

    Set remember me cookie

    Parameters:
    username - The username to store
    days - The days to store

    updateAuthorLoginTimestamp

    public ISecurityService updateAuthorLoginTimestamp(any author)

    Update an author's last login timestamp

    Parameters:
    author - The author object

    userValidator

    public boolean userValidator(struct rule, [any controller])

    User validator via security interceptor

    Specified by:
    userValidator in interface ISecurityService
    Parameters:
    rule - The security rule
    controller - The ColdBox controller calling the validation