Redirect to Password Reset on Password Expiration

Liferay provides an option to configure password policy (refer), it provides an option to mention Password Expiry Time. Once the Password is expired then user will not be able to login to the system and when user tries to login, Liferay shows error message :  

Error: Your password has expired. Please contact an administrator to reset your password.

Admin needs to reset the user password so that the user can login to the system. In this blog we will change the process so that the users should be able to login to the system and we will force the user to reset the password. This use case will make Admin intervention minimal in this regard.  

Steps to follow :

1. Create Service Wrapper : We will be creating a Service Wrapper for UserLocalServiceWrapper, you can refer below for more information on Creating Service Wrapper.

https://help.liferay.com/hc/en-us/articles/360018159951-Overriding-Liferay-Services-Service-Wrappers-

2. Overriding Authenticate Method - We need to override the Authenticate method. By default, Liferay Provides Three Auth Types (User Id, EmailAddress, Screen Name). In this example, I will be overriding authenticateByScreenName(...) method, you can override as per your AuthType.

 

@Override
    public int authenticateByScreenName(long companyId, String screenName, String password,
            Map<String, String[]> headerMap, Map<String, String[]> parameterMap, Map<String, Object> resultsMap)
            throws PortalException {
        return super.authenticateByScreenName(companyId, screenName, password, headerMap, parameterMap, resultsMap);
    }

3. Force Password Reset : We will be adding below code inside our Authenticate method. First, we will check whether the password is expired. In case the password is expired, then we will :

  •  Update Password modification Date - to allow expired password 
  •  Update Password Reset - to redirect user to Update Password screen on login

 

@Component(immediate = true, property = {}, service = ServiceWrapper.class)
public class UserLocalServiceOverride extends UserLocalServiceWrapper {

    public UserLocalServiceOverride() {
        super(null);
    }

    @Override
    public int authenticateByScreenName(long companyId, String screenName, String password,
            Map<String, String[]> headerMap, Map<String, String[]> parameterMap, Map<String, Object> resultsMap)
            throws PortalException {

        User user = fetchUserByScreenName(companyId, screenName);

        if (Validator.isNotNull(user) && isPasswordExpired(user)) {
            user.setPasswordModifiedDate(new Date());
            user.setPasswordReset(true);

            user = updateUser(user);

        }
        return super.authenticateByScreenName(companyId, screenName, password, headerMap, parameterMap, resultsMap);
    }

    @Reference(unbind = "-")
    private void serviceSetter(UserLocalService userLocalService) {
        setWrappedService(userLocalService);
    }

}

 

Done! Now when a user with an expired password tries to login, then he will be redirected to the Password Reset Page.