Password authentication service. More...
#include <Wt/Auth/PasswordService.h>
Classes | |
| class | AbstractVerifier |
| Abstract password hash computation and verification class. More... | |
Public Member Functions | |
| PasswordService (const AuthService &baseAuth) | |
| Constructor. More... | |
| virtual | ~PasswordService () |
| Destructor. | |
| virtual const AuthService & | baseAuth () const override |
| Returns the basic authentication service. | |
| void | setVerifier (std::unique_ptr< AbstractVerifier > verifier) |
| Sets a password verifier which computes authorization checks. More... | |
| AbstractVerifier * | verifier () const |
| Returns the password verifier. More... | |
| void | setStrengthValidator (std::unique_ptr< AbstractStrengthValidator > validator) |
| Sets a validator which computes password strength. More... | |
| virtual AbstractStrengthValidator * | strengthValidator () const override |
| Returns the password strength validator. More... | |
| void | setPasswordThrottle (std::unique_ptr< AuthThrottle > delayer) |
| Sets the class instance managing the throttling delay. More... | |
| AuthThrottle * | passwordThrottle () const override |
| Returns the class instance managing the throttling delay. | |
| void | setAttemptThrottlingEnabled (bool enabled) |
| Configures password attempt throttling. More... | |
| virtual bool | attemptThrottlingEnabled () const override |
| Returns whether password attempt throttling is enabled. More... | |
| virtual int | delayForNextAttempt (const User &user) const override |
| Returns the delay for this user for a next authentication attempt. More... | |
| virtual PasswordResult | verifyPassword (const User &user, const WString &password) const override |
| Verifies a password for a given user. More... | |
| virtual void | updatePassword (const User &user, const WString &password) const override |
| Sets a new password for the given user. More... | |
 Public Member Functions inherited from Wt::Auth::AbstractPasswordService | |
| virtual | ~AbstractPasswordService () |
| Destructor. | |
Protected Member Functions | |
| virtual int | getAuthenticationThrottle (int failedAttempts) const |
| Returns how much throttle should be given considering a number of failed authentication attempts. More... | |
Detailed Description
Password authentication service.
This class implements password authentication.
Like all service classes, this class holds only configuration state. Thus, once configured, it can be safely shared between multiple sessions since its state (the configuration) is read-only. A "const PasswordService" object is thus thread-safe.
Passwords are (usually) saved in the database using salted hash functions. The process of computing new hashes, and verifying them is delegated to an AbstractVerifier.
The authentication class may be configured to enable password attempt throttling. This provides protection against brute force guessing of passwords. When throttling is enabled, new password attempts are refused until the throttling period is finished.
Password strength validation of a new user-chosen password may be implemented by setting an AbstractStrengthValidator.
Constructor & Destructor Documentation
◆ PasswordService()
| Wt::Auth::PasswordService::PasswordService | ( | const AuthService & | baseAuth | ) |
Constructor.
Creates a new password authentication service, which depends on the passed basic authentication service.
Member Function Documentation
◆ attemptThrottlingEnabled()
|
overridevirtual |
Returns whether password attempt throttling is enabled.
- See also
- setAttemptThrottlingEnabled()
Implements Wt::Auth::AbstractPasswordService.
◆ delayForNextAttempt()
|
overridevirtual |
Returns the delay for this user for a next authentication attempt.
The implementation of this functionality is managed by AuthThrottle.
Implements Wt::Auth::AbstractPasswordService.
◆ getAuthenticationThrottle()
|
protectedvirtual |
Returns how much throttle should be given considering a number of failed authentication attempts.
◆ setAttemptThrottlingEnabled()
| void Wt::Auth::PasswordService::setAttemptThrottlingEnabled | ( | bool | enabled | ) |
Configures password attempt throttling.
When password throttling is enabled, new password verification attempts will be refused when the user has had too many unsuccessful authentication attempts in a row.
The exact back-off schema can be customized by specializing AuthThrottle::getAuthenticationThrottle().
◆ setPasswordThrottle()
| void Wt::Auth::PasswordService::setPasswordThrottle | ( | std::unique_ptr< AuthThrottle > | delayer | ) |
Sets the class instance managing the throttling delay.
◆ setStrengthValidator()
| void Wt::Auth::PasswordService::setStrengthValidator | ( | std::unique_ptr< AbstractStrengthValidator > | validator | ) |
Sets a validator which computes password strength.
The default password strength validator is 0.
◆ setVerifier()
| void Wt::Auth::PasswordService::setVerifier | ( | std::unique_ptr< AbstractVerifier > | verifier | ) |
Sets a password verifier which computes authorization checks.
The password verifier has as task to verify an entered password against a password hash stored in the database, and also to create or update a user's password hash.
The default password verifier is 0.
- See also
- verifyPassword(), updatePassword()
◆ strengthValidator()
|
overridevirtual |
Returns the password strength validator.
- See also
- setStrengthValidator()
Implements Wt::Auth::AbstractPasswordService.
◆ updatePassword()
|
overridevirtual |
Sets a new password for the given user.
This stores a new password for the user in the database.
Implements Wt::Auth::AbstractPasswordService.
◆ verifier()
| AbstractVerifier* Wt::Auth::PasswordService::verifier | ( | ) | const |
Returns the password verifier.
- See also
- setVerifier()
◆ verifyPassword()
|
overridevirtual |
Verifies a password for a given user.
The supplied password is verified against the user's credentials stored in the database. If password account throttling is enabled, it may also refuse an authentication attempt.
Implements Wt::Auth::AbstractPasswordService.
