Class AuthModel
This model implements the logic for authenticating a user (the "login" interface). It implements traditional username/password registration, and third party identification methods (although for the latter, it doesn't really do anything).
The model exposes three fields:
- LoginNameField: the login name (used as an identity for the
Identity.LoginName
provider) - PasswordField: the password
- RememberMeField: whether the login should be remembered with an authentication cookie (if
that is configured in the
AuthService
).
When the model validates correctly (validate()
returns true
), the entered credentials are correct. At that point you can use the login()
utility function to login the identified user.
The model can also be used when the user is already known (e.g. to implement password confirmation before a critical operation). In that case you can set a value for the LoginNameField and make this field invisible or read-only.
The model also provides the client-side JavaScript logic to indicate password attempt
throttling (configureThrottling()
and updateThrottling()
).
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject
WObject.FormData
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Password field.static final String
Remember-me field.Fields inherited from class eu.webtoolkit.jwt.auth.FormBaseModel
LoginNameField
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
configureThrottling
(WInteractWidget button) Initializes client-side login throttling.boolean
hasMfaStep
(User user) Determines whether the MFA step is necessary for theuser
.boolean
Returns whether to allow resending the email verification.boolean
Returns whether a field is visible.boolean
Logs the user in.void
Logs the user out.Detects and processes an authentication token.processEmailToken
(String token) Processes an email token.void
reset()
Resets the model.void
setRememberMeCookie
(User user) Creates a token and stores it in a cookie.void
updateThrottling
(WInteractWidget button) Updates client-side login throttling.boolean
validate()
Validates the current input.boolean
validateField
(String field) Validates a field.Methods inherited from class eu.webtoolkit.jwt.auth.FormBaseModel
addOAuth, addOAuth, addPasswordAuth, getBaseAuth, getOAuth, getPasswordAuth, getUsers, label, loginUser, loginUser, setValid, setValid
Methods inherited from class eu.webtoolkit.jwt.WFormModel
addField, addField, getFields, getValidation, getValidator, getValue, isReadOnly, isValid, isValidated, removeField, setReadOnly, setValidated, setValidation, setValidator, setValue, setVisible, valueText
Methods inherited from class eu.webtoolkit.jwt.WObject
getId, getObjectName, remove, setFormData, setObjectName, tr
-
Field Details
-
PasswordField
Password field.- See Also:
-
RememberMeField
Remember-me field.- See Also:
-
-
Constructor Details
-
AuthModel
Constructor.Creates a new authentication model, using a basic authentication service and user database.
-
-
Method Details
-
reset
public void reset()Description copied from class:WFormModel
Resets the model.The default implementation clears the value of all fields, and resets the validation state to not validated.
- Overrides:
reset
in classWFormModel
-
isVisible
Description copied from class:WFormModel
Returns whether a field is visible.In some cases not all fields of the model need to be shown. This may depend on values input for certain fields, and thus change dynamically. You may specialize this method to indicate that a certain field should be invisible.
The default implementation returns the value set by
setVisible()
.- Overrides:
isVisible
in classWFormModel
-
validateField
Description copied from class:WFormModel
Validates a field.The default implementation uses the validator configured for the field to validate the field contents, or if no validator has been configured assumes that the field is valid.
You will typically customize this method for more complex validation cases.
- Overrides:
validateField
in classWFormModel
- See Also:
-
validate
public boolean validate()Description copied from class:WFormModel
Validates the current input.The default implementation calls
validateField()
for each field and returnstrue
if all fields validated.- Overrides:
validate
in classWFormModel
- See Also:
-
configureThrottling
Initializes client-side login throttling.If login attempt throttling is enabled, then this may also be indicated client-side using JavaScript by disabling the login button and showing a count-down indicator. This method initializes this JavaScript utlity function for a login button.
- See Also:
-
updateThrottling
Updates client-side login throttling.This should be called after a call to attemptPasswordLogin(), if you want to reflect throttling using a client-side count-down indicator in the button.
You need to call
configureThrottling()
before you can do this. -
login
Logs the user in.Logs in the user after a successful call to
validate()
. To avoid mishaps, you should call this method immediately after a call tovalidate()
.Returns whether the user could be logged in.
By default the user will be logged into a
LoginState.Strong
state, but if a second factor is required, the state will beLoginState.RequiresMfa
. This indicates additional authentication is required. -
logout
Logs the user out.This also removes the remember-me cookie for the user.
-
processEmailToken
Processes an email token.This simply calls
AuthService#processEmailToken()
. -
setRememberMeCookie
Creates a token and stores it in a cookie.This enables automatic authentication in a next session.
-
processAuthToken
Detects and processes an authentication token.This returns a user that was identified with an authentication token found in the application environment, or an invalid
User
object if this feature is not configured, or no valid cookie was found. -
isShowResendEmailVerification
public boolean isShowResendEmailVerification()Returns whether to allow resending the email verification.Returns true when email verification is required and the user was not yet verified. In this case, a user would be stuck if the verification email was lost.
-
hasMfaStep
Determines whether the MFA step is necessary for theuser
.After the user has logged in, and the MFA step would be shown, this functionality can be changed to determine whether the MFA step is to be shown. If so,
LoginState.RequiresMfa
will be set to indicate this to the framework.If this state is set, the
AuthWidget.createMfaView()
will be called, which constructs the MFA widget withAuthWidget.createMfaProcess()
. If the created widget implements theAbstractMfaProcess
interface, the default flow of showing the setup/input views is taken.If it does not adhere to the interface, and features a completely custom implementation, developers should override
AuthWidget.createMfaProcess()
andAuthWidget.createMfaView()
.By default this will return
true
iff:- the MFA step is both enabled (
AuthService.isMfaEnabled()
), and also required (AuthService.isMfaRequired()
). - MFA is enabled (
AuthService.isMfaEnabled()
) and theuser's
MFA identity will be checked. If an identity is found for the provider the widget inAuthWidget.createMfaProcess()
specifies, JWt will interpret this as a valid MFA configuration, and show the MFA step to the user.
- the MFA step is both enabled (
-