com.unboundid.ldap.sdk.unboundidds.extensions

Class DeliverPasswordResetTokenExtendedRequest

java.lang.Object

com.unboundid.ldap.sdk.LDAPRequest

com.unboundid.ldap.sdk.ExtendedRequest

com.unboundid.ldap.sdk.unboundidds.extensions.DeliverPasswordResetTokenExtendedRequest

All Implemented Interfaces:

ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class DeliverPasswordResetTokenExtendedRequest
extends ExtendedRequest

This class provides an implementation of an extended request that can be used to trigger the delivery of a temporary one-time password reset token to a specified user. This token can be provided to the password modify extended request in lieu of the current password for the purpose of performing a self change and setting a new password. This token cannot be used to authenticate to the server in any other way, and it can only be used once. The token will expire after a short period of time, and any attempt to use it after its expiration will fail. In addition, because this token is only intended for use in the event that the current password cannot be used (e.g., because it has been forgotten or the account is locked), a successful bind with the current password will cause the server to invalidate any password reset token for that user.

NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

The server will use the same mechanisms for delivering password reset tokens as it uses for delivering one-time passwords via the DeliverOneTimePasswordExtendedRequest. See the ds-supported-otp-delivery-mechanism attribute in the root DSE for a list of the one-time password delivery mechanisms that are configured for use in the server.

This extended request is expected to be used to help applications provide a secure, automated password reset feature. In the event that a user has forgotten his/her password, has allowed the password to expire, or has allowed the account to become locked, the application can collect a sufficient set of information to identify the user and request that the server generate and deliver the password reset token to the end user.

The OID for this extended request is 1.3.6.1.4.1.30221.2.6.45. It must have a value with the following encoding:

   DeliverPasswordResetTokenRequestValue ::= SEQUENCE {
        userDN                         LDAPDN,
        messageSubject                 [0] OCTET STRING OPTIONAL,
        fullTextBeforeToken            [1] OCTET STRING OPTIONAL,
        fullTextAfterToken             [2] OCTET STRING OPTIONAL,
        compactTextBeforeToken         [3] OCTET STRING OPTIONAL,
        compactTextAfterToken          [4] OCTET STRING OPTIONAL,
        preferredDeliveryMechanism     [5] SEQUENCE OF SEQUENCE {
             mechanismName     OCTET STRING,
             recipientID       OCTET STRING OPTIONAL },
        ... }
 

See Also:

DeliverPasswordResetTokenExtendedResult, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DELIVER_PW_RESET_TOKEN_REQUEST_OID The OID (1.3.6.1.4.1.30221.2.6.45) for the deliver password reset token extended request.

Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest

TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE

Constructor Summary

Constructors

Constructor and Description
DeliverPasswordResetTokenExtendedRequest(ExtendedRequest request) Creates a new deliver password reset token extended request that is decoded from the provided extended request.
DeliverPasswordResetTokenExtendedRequest(java.lang.String userDN, java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms, Control... controls) Creates a new deliver password reset token extended request with the provided information.
DeliverPasswordResetTokenExtendedRequest(java.lang.String userDN, java.lang.String... preferredDeliveryMechanisms) Creates a new deliver password reset token extended request with the provided information.
DeliverPasswordResetTokenExtendedRequest(java.lang.String userDN, java.lang.String messageSubject, java.lang.String fullTextBeforeToken, java.lang.String fullTextAfterToken, java.lang.String compactTextBeforeToken, java.lang.String compactTextAfterToken, java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms, Control... controls) Creates a new deliver password reset token extended request with the provided information.

Method Summary

Modifier and Type	Method and Description
DeliverPasswordResetTokenExtendedRequest	duplicate() Creates a new instance of this LDAP request that may be modified without impacting this request.
DeliverPasswordResetTokenExtendedRequest	duplicate(Control[] controls) Creates a new instance of this LDAP request that may be modified without impacting this request.
java.lang.String	getCompactTextAfterToken() Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
java.lang.String	getCompactTextBeforeToken() Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.
java.lang.String	getExtendedRequestName() Retrieves the user-friendly name for the extended request, if available.
java.lang.String	getFullTextAfterToken() Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
java.lang.String	getFullTextBeforeToken() Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.
java.lang.String	getMessageSubject() Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.
java.util.List<ObjectPair<java.lang.String,java.lang.String>>	getPreferredDeliveryMechanisms() Retrieves an ordered list of the preferred delivery mechanisms that should be used to provide the password reset token to the user, optionally paired with a mechanism-specific recipient ID (e.g., a mobile phone number for SMS delivery, or an email address for email delivery) that can be used in the delivery.
java.lang.String	getUserDN() Retrieves the DN of the user to whom the password reset token should be delivered.
DeliverPasswordResetTokenExtendedResult	process(LDAPConnection connection, int depth) Sends this extended request to the directory server over the provided connection and returns the associated response.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of this request to the provided buffer.

Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest

encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo

Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest

followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getReferralConnectorInternal, getReferralDepth, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setReferralDepth, setResponseTimeoutMillis, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DELIVER_PW_RESET_TOKEN_REQUEST_OID

@NotNull
public static final java.lang.String DELIVER_PW_RESET_TOKEN_REQUEST_OID

The OID (1.3.6.1.4.1.30221.2.6.45) for the deliver password reset token extended request.

See Also:

Constant Field Values

Constructor Detail

DeliverPasswordResetTokenExtendedRequest

public DeliverPasswordResetTokenExtendedRequest(@NotNull
                                                java.lang.String userDN,
                                                @Nullable
                                                java.lang.String... preferredDeliveryMechanisms)

Creates a new deliver password reset token extended request with the provided information.

Parameters:

userDN - The DN of the user to whom the password reset token should be generated.

preferredDeliveryMechanisms - An optional ordered list of preferred delivery mechanisms that should be used to deliver the token to the user. It may be null or empty to allow the server to select an appropriate delivery mechanism. If it is non-null and non-empty, then only the listed mechanisms will be considered for use, even if the server supports alternate mechanisms not included in this list.

DeliverPasswordResetTokenExtendedRequest

public DeliverPasswordResetTokenExtendedRequest(@NotNull
                                                java.lang.String userDN,
                                                @Nullable
                                                java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms,
                                                @Nullable
                                                Control... controls)

Creates a new deliver password reset token extended request with the provided information.

Parameters:

userDN - The DN of the user to whom the password reset token should be generated.

preferredDeliveryMechanisms - An optional ordered list of preferred delivery mechanisms that should be used to deliver the token to the user. It may be null or empty to allow the server to select an appropriate delivery mechanism. If it is non-null and non-empty, then only the listed mechanisms will be considered for use, even if the server supports alternate mechanisms not included in this list. Each ObjectPair item must have a non-null value for the first element, which is the name of the target delivery mechanism. It may optionally have a non-null value for the second element, which is a recipient ID to use for that mechanism (e.g., the target mobile phone number for SMS delivery, an email address for email delivery, etc.). If no recipient ID is provided for a mechanism, then the server will attempt to select a value for the user.

controls - An optional set of controls to include in the request. It may be null or empty if no controls should be included in the request.

DeliverPasswordResetTokenExtendedRequest

public DeliverPasswordResetTokenExtendedRequest(@NotNull
                                                java.lang.String userDN,
                                                @Nullable
                                                java.lang.String messageSubject,
                                                @Nullable
                                                java.lang.String fullTextBeforeToken,
                                                @Nullable
                                                java.lang.String fullTextAfterToken,
                                                @Nullable
                                                java.lang.String compactTextBeforeToken,
                                                @Nullable
                                                java.lang.String compactTextAfterToken,
                                                @Nullable
                                                java.util.List<ObjectPair<java.lang.String,java.lang.String>> preferredDeliveryMechanisms,
                                                @Nullable
                                                Control... controls)

Creates a new deliver password reset token extended request with the provided information.

Parameters:

userDN - The DN of the user to whom the password reset token should be generated.

messageSubject - The text (if any) that should be used as the message subject if the delivery mechanism accepts a subject. This may be null if no subject is required or a subject should be automatically generated.

fullTextBeforeToken - The text (if any) that should appear before the generated password reset token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required before the token.

fullTextAfterToken - The text (if any) that should appear after the generated password reset token in the message delivered to the user via a delivery mechanism that does not impose significant constraints on message size. This may be null if no text is required after the token.

compactTextBeforeToken - The text (if any) that should appear before the generated password reset token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required before the token.

compactTextAfterToken - The text (if any) that should appear after the generated password reset token in the message delivered to the user via a delivery mechanism that imposes significant constraints on message size. This may be null if no text is required after the token.

preferredDeliveryMechanisms - An optional ordered list of preferred delivery mechanisms that should be used to deliver the token to the user. It may be null or empty to allow the server to select an appropriate delivery mechanism. If it is non-null and non-empty, then only the listed mechanisms will be considered for use, even if the server supports alternate mechanisms not included in this list. Each ObjectPair item must have a non-null value for the first element, which is the name of the target delivery mechanism. It may optionally have a non-null value for the second element, which is a recipient ID to use for that mechanism (e.g., the target mobile phone number for SMS delivery, an email address for email delivery, etc.). If no recipient ID is provided for a mechanism, then the server will attempt to select a value for the user.

controls - An optional set of controls to include in the request. It may be null or empty if no controls should be included in the request.

DeliverPasswordResetTokenExtendedRequest

public DeliverPasswordResetTokenExtendedRequest(@NotNull
                                                ExtendedRequest request)
                                         throws LDAPException

Creates a new deliver password reset token extended request that is decoded from the provided extended request.

Parameters:

request - The generic extended request to decode as a deliver password reset token request. It must not be null.

Throws:

LDAPException - If an unexpected problem occurs.

Method Detail

getUserDN

@NotNull
public java.lang.String getUserDN()

Retrieves the DN of the user to whom the password reset token should be delivered.

Returns:

The DN of the user to whom the password reset token should be delivered.

getMessageSubject

@Nullable
public java.lang.String getMessageSubject()

Retrieves the text (if any) that should be used as the message subject for delivery mechanisms that can make use of a subject.

Returns:

The text that should be used as the message subject for delivery mechanisms that can make use of a subject, or null if no subject should be used, or if the delivery mechanism should attempt to automatically determine a subject.

getFullTextBeforeToken

@Nullable
public java.lang.String getFullTextBeforeToken()

Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.

Returns:

The text that should appear before the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text before the token.

getFullTextAfterToken

@Nullable
public java.lang.String getFullTextAfterToken()

Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size.

Returns:

The text that should appear after the single-use token in the message delivered to the user via a mechanism that does not impose significant constraints on message size, or null if there should not be any text after the token.

getCompactTextBeforeToken

@Nullable
public java.lang.String getCompactTextBeforeToken()

Retrieves the text (if any) that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.

Returns:

The text that should appear before the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text before the token.

getCompactTextAfterToken

@Nullable
public java.lang.String getCompactTextAfterToken()

Retrieves the text (if any) that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size.

Returns:

The text that should appear after the single-use token in the message delivered to the user via a mechanism that imposes significant constraints on message size, or null if there should not be any text after the token.

getPreferredDeliveryMechanisms

@NotNull
public java.util.List<ObjectPair<java.lang.String,java.lang.String>> getPreferredDeliveryMechanisms()

Retrieves an ordered list of the preferred delivery mechanisms that should be used to provide the password reset token to the user, optionally paired with a mechanism-specific recipient ID (e.g., a mobile phone number for SMS delivery, or an email address for email delivery) that can be used in the delivery. If this list is non-empty, then the server will use the first mechanism in the list that the server supports and is available for the target user, and the server will only consider mechanisms in the provided list even if the server supports alternate mechanisms that are not included. If this list is empty, then the server will attempt to select an appropriate delivery mechanism for the user.

Returns:

An ordered list of the preferred delivery mechanisms for the password reset token, or an empty list if none were provided.

process

@NotNull
public DeliverPasswordResetTokenExtendedResult process(@NotNull
                                                                LDAPConnection connection,
                                                                int depth)
                                                         throws LDAPException

Sends this extended request to the directory server over the provided connection and returns the associated response.

Overrides:

process in class ExtendedRequest

Parameters:

connection - The connection to use to communicate with the directory server.

depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.

Returns:

An LDAP result object that provides information about the result of the extended operation processing.

Throws:

LDAPException - If a problem occurs while sending the request or reading the response.

duplicate

@NotNull
public DeliverPasswordResetTokenExtendedRequest duplicate()

Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type..

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

duplicate

@NotNull
public DeliverPasswordResetTokenExtendedRequest duplicate(@Nullable
                                                                   Control[] controls)

Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type..

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Parameters:

controls - The set of controls to include in the duplicate request.

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

getExtendedRequestName

@NotNull
public java.lang.String getExtendedRequestName()

Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.

Overrides:

getExtendedRequestName in class ExtendedRequest

Returns:

The user-friendly name for this extended request, or the OID if no user-friendly name is available.

toString

public void toString(@NotNull
                     java.lang.StringBuilder buffer)

Appends a string representation of this request to the provided buffer.

Specified by:

toString in interface ProtocolOp

Specified by:

toString in interface ReadOnlyLDAPRequest

Overrides:

toString in class ExtendedRequest

Parameters:

buffer - The buffer to which to append a string representation of this request.