![(please configure the [header_logo] section in trac.ini)](/pubtrac/Utilities/chrome/site/your_project_logo.png){kind=logo}
| Version 3 (modified by , 5 years ago) ( diff ) |
|---|
AccountManager
The accountmanager project contains software to manage user accounts. Users can create an account, log in, and reset their password.
This is a bare-bones system, the idea is that personal data is stored separately and that this is just for the account management.
The central class is CurrentUser. Any user that starts using your system starts as an anonymous CurrentUser(dbcon, mailer). dbcon is the connectino with the accounts database and mailer is handling notification mails to the user.
Account management
The software provides the main functionality register, login, resetpassword
- register takes name, password and an optional email address. The user can enter anything here and nothing is checked by default, allowing the user to start quickly and work anonymously which is important in some use cases.
- The login procedure takes the name and password. It does not require any cookies to work, so that it automatically complies with the cookie laws.
- The reset-password function allows a user to enter just his user name and request a reset of his password. A new password is then mailed to the mail address that he provided. This reset is only possible if the user entered a working email address.
Security
All passwords are stored only after salting and hashing with 512 bit MD5. This follows 2020's standards for this.
Usage
When a new user arrives, your server program creates CurrentUser, typically with a call new CurrentUser(new DBConnection(), new DefaultMailer()).
To check if a user is logged in you call currentUser.getId(). It can only be non-null if the user has logged in because calling currentuser.login(NamePassword) is the only way to get an id.
The userID is a UUID and generated uniquely for each new user. All users also have unique user names.
Database Configuration
The database default database as created with DBConnection() is based on SQLite for quick, secure and easy setup. It works as follows
- If the environment variable "accountdatabase" is set, this is used to locate the sql database
- If the variable is not set, the default value "src/main/resources/accounts.db" is used.
This way, the default without environment variable can work when doing junit tests while also it allows you to make it work with environment variable in a more complex situation like a tomcat server. If you need to you can always override DBConnection#getDatabaseURL to return something more suited. You can also use a different database than SQLite by verriding DBConnection#getDriverName(). Or even write another implementation of DatabaseInterface.
SQLite requires database to be available in plain filesystem format (so not as part of a jar, war, etc).
Mail Configuration
The DefaultMailer() takes the properties from the mail.properties file (see src/main/resources). This works even inside a jar.
The mail.properties file is configured to use the TUDelft mail system, and only works if your machine has a TUDelft internet address. You may have to override the standard settings if you want to use this on a non-TUDelft machine.
You can also provide a set of Properties directly to construct a DefaultMailer with non-standard settings.
