Package com.skava.service.impl

Class UserCheckAuthServiceImpl

java.lang.Object

com.skava.service.impl.UserCheckAuthServiceImpl

All Implemented Interfaces:

com.skava.core.EcommService<UserAuthRequest,UserAuthResponse>, UserCheckAuthService

@Service
@Transactional(propagation=REQUIRED,
               readOnly=false,
               noRollbackFor=com.skava.core.validation.ValidateException.class)
public class UserCheckAuthServiceImpl
extends Object
implements UserCheckAuthService

This service class implements UserCheckAuthService and handles the user login service request, process it and save the details in DB. It also implements business logic required for user login request.

Author:

Infosys Equinox

Constructor Summary

Constructors

Constructor	Description
UserCheckAuthServiceImpl(CollectionCommonServices collectionCommonServices)	Default Constructor

Method Summary

Modifier and Type	Method	Description
UserAuthResponse	checkPasswordExpiryMFA(UserAuthRequest request, UserAuthResponse userAuthResponse, Collection collection)
List<com.skava.core.validation.ValidatorComponent>	getValidator()	This method is used to get the respective validator class for this user check auth service.
UserAuthResponse	process(UserAuthRequest request)	This API supports different logins based on the identityType such as default, custom, google and facebook.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.skava.core.EcommService

getValidateException, getValidator

Constructor Details

UserCheckAuthServiceImpl

@Autowired
public UserCheckAuthServiceImpl(CollectionCommonServices collectionCommonServices)

Default Constructor

Method Details

getValidator

public List<com.skava.core.validation.ValidatorComponent> getValidator()

This method is used to get the respective validator class for this user check auth service.

Specified by:

getValidator in interface com.skava.core.EcommService<UserAuthRequest,UserAuthResponse>

Returns:

The list of ValidatorComponent object.

process

@SendEvent(eventType="userservice/userauth/create",
           identifier="response_users.id",
           skipAuth=true)
public UserAuthResponse process(UserAuthRequest request)

This API supports different logins based on the identityType such as default, custom, google and facebook. It also supports MFA(Multi Factor Authentication) by multi step verification of credentials provided by a user for login.

• Login with DEFAULT identity will authenticate the given credentials (i.e)email or phonenumber and password within the given collection. Only an ACTIVE user is allowed to login.The user’s account will be LOCKED after a specifiable number of failed login attempts that is configured in the database. The default number of login attempts is 5, after which the user account will be locked. The number of failed login attempts are captured in the database for each user. The default allowed login attempts is configured for each collection under the collection property user.maxloginattempts.After a specific time interval, the user account will be activated again. The number of login attempts will be reset to 0. This time interval is configurable for each collection under the collection property user.loginattempt.expiry.millisecs. The default value of this property is 24 hours.
• Login with CUSTOM identity will provide an option to integrate external SSO identity providers to login in our system with the custom identity specific to that provider.
• Login with GOOGLE identity will authenticate the currently logged in google user's access tokens and provide option to login in our system.
• Login with FACEBOOK identity will authenticate the currently logged in facebook user's access tokens and provide option to login in our system.

When MFA is enabled for a collection, the login flow will also authenticate the given credentials (i.e)email or phonenumber and password within the collection and trigger an event to send a OTP to the respective user. Enabling or disabling MFA is configured in collection properties with the property name(login_MFA_enabled). MFA works only for login calls with DEFAULT identityType. Resend and validation of the login OTP can also be achieved using this call.

• If loginOTP and loginToken is provided in the request, it consider as validate login otp call. It will validate loginOTP and loginToken with expiry time that is configured in collection properties with the property name(login_MFA_expiry_millisecs). The default expiry time for the OTP is 5minutes.
• If loginToken is provided in the request without the loginOTP, it consider as Resend OTP call. It will generate a new OTP and trigger a new event for sending the OTP again for the corresponding user.

Specified by:

process in interface com.skava.core.EcommService<UserAuthRequest,UserAuthResponse>

Parameters:

request - Holds UserAuthRequest which is used to login an user with email/phonenumber and password.

Returns:

The UserAuthResponse returns success response message and response code and if any validations fails, throws an validate exceptions.

checkPasswordExpiryMFA

public UserAuthResponse checkPasswordExpiryMFA(UserAuthRequest request,
 UserAuthResponse userAuthResponse,
 Collection collection)

Parameters:

request - request

userAuthResponse - userAuthResponse

collection - collection

Returns:

UserAuthResponse