| Wt
    3.3.0
    | 
Password authentication service. More...
#include <Wt/Auth/PasswordService>

| Classes | |
| class | AbstractVerifier | 
| Abstract password hash computation and verification class.  More... | |
| Public Member Functions | |
| PasswordService (const AuthService &baseAuth) | |
| Constructor. | |
| virtual | ~PasswordService () | 
| Destructor. | |
| virtual const AuthService & | baseAuth () const | 
| Returns the basic authentication service. | |
| void | setVerifier (AbstractVerifier *verifier) | 
| Sets a password verifier which computes authorization checks. | |
| AbstractVerifier * | verifier () const | 
| Returns the password verifier. | |
| void | setStrengthValidator (AbstractStrengthValidator *validator) | 
| Sets a validator which computes password strenght. | |
| virtual AbstractStrengthValidator * | strengthValidator () const | 
| Returns the password strength validator. | |
| void | setAttemptThrottlingEnabled (bool enabled) | 
| Configures password attempt throttling. | |
| virtual bool | attemptThrottlingEnabled () const | 
| Returns whether password attempt throttling is enabled. | |
| virtual int | delayForNextAttempt (const User &user) const | 
| Returns the delay for this user for a next authentication attempt. | |
| virtual PasswordResult | verifyPassword (const User &user, const WString &password) const | 
| Verifies a password for a given user. | |
| virtual void | updatePassword (const User &user, const WString &password) const | 
| Sets a new password for the given user. | |
| Protected Member Functions | |
| virtual int | getPasswordThrottle (int failedAttempts) const | 
| Returns how much throttle should be given considering a number of failed authentication attempts. | |
Password authentication service.
This class implements password authentication.
Like all service classes, this class holds only configuration state. Thus, once configured, it can be safely shared between multiple sessions since its state (the configuration) is read-only. A "const PasswordService" object is thus thread-safe.
Passwords are (usually) saved in the database using salted hash functions. The process of computing new hashes, and verifying them is delegated to an AbstractVerifier.
The authentication class may be configured to enable password attempt throttling. This provides protection against brute force guessing of passwords. When throttling is enabled, new password attempts are refused until the throttling period is finished.
Password strength validation of a new user-chosen password may be implemented by setting an AbstractStrengthValidator.
| Wt::Auth::PasswordService::PasswordService | ( | const AuthService & | baseAuth | ) | 
Constructor.
Creates a new password authentication service, which depends on the passed basic authentication service.
| virtual bool Wt::Auth::PasswordService::attemptThrottlingEnabled | ( | ) | const  [virtual] | 
Returns whether password attempt throttling is enabled.
Implements Wt::Auth::AbstractPasswordService.
| int Wt::Auth::PasswordService::delayForNextAttempt | ( | const User & | user | ) | const  [virtual] | 
Returns the delay for this user for a next authentication attempt.
If password attempt throttling is enabled, then this returns the number of seconds this user must wait for a new authentication attempt, presumably because of a number of failed attempts.
Implements Wt::Auth::AbstractPasswordService.
| int Wt::Auth::PasswordService::getPasswordThrottle | ( | int | failedAttempts | ) | const  [protected, virtual] | 
Returns how much throttle should be given considering a number of failed authentication attempts.
The returned value is in seconds.
The default implementation returns the following:
| void Wt::Auth::PasswordService::setAttemptThrottlingEnabled | ( | bool | enabled | ) | 
Configures password attempt throttling.
When password throttling is enabled, new password verification attempts will be refused when the user has had too many unsuccessful authentication attempts in a row.
The exact back-off schema can be customized by specializing getPasswordThrottle().
| void Wt::Auth::PasswordService::setStrengthValidator | ( | AbstractStrengthValidator * | validator | ) | 
Sets a validator which computes password strenght.
The default password strenght validator is 0.
The service takes ownership of the validator.
| void Wt::Auth::PasswordService::setVerifier | ( | AbstractVerifier * | verifier | ) | 
Sets a password verifier which computes authorization checks.
The password verifier has as task to verify an entered password against a password hash stored in the database, and also to create or update a user's password hash.
The default password verifier is 0.
The service takes ownership of the verifier.
| virtual AbstractStrengthValidator* Wt::Auth::PasswordService::strengthValidator | ( | ) | const  [virtual] | 
Returns the password strength validator.
Implements Wt::Auth::AbstractPasswordService.
| void Wt::Auth::PasswordService::updatePassword | ( | const User & | user, | 
| const WString & | password | ||
| ) | const  [virtual] | 
Sets a new password for the given user.
This stores a new password for the user in the database.
Implements Wt::Auth::AbstractPasswordService.
| AbstractVerifier* Wt::Auth::PasswordService::verifier | ( | ) | const | 
Returns the password verifier.
| PasswordResult Wt::Auth::PasswordService::verifyPassword | ( | const User & | user, | 
| const WString & | password | ||
| ) | const  [virtual] | 
Verifies a password for a given user.
The supplied password is verified against the user's credentials stored in the database. If password account throttling is enabled, it may also refuse an authentication attempt.
Implements Wt::Auth::AbstractPasswordService.
 1.7.5.1
 1.7.5.1