Skip to main content

HS.Registry.Person.User.HSAuth

class HS.Registry.Person.User.HSAuth extends HS.Registry.AuthDomain.ICallbackClass

Base Authentication & Authorization callback class for the default HS domain.

Method Inventory

Parameters

parameter DOMAIN = HS;
The message translation domain for CSP - this is not related to the authentication domain.
parameter INACTIVITYLIMIT = 90;
Disable user access if they haven't logged on within the past N days (unless the user gets edited).
Checked by OnAuthenticate()().
parameter INVALIDLOGINLIMIT = 0;
Lock the loginID after N failures in a row (if N >0). Checked by OnAuthenticate()().
parameter PASSWORDEXPIRATIONDAYS = 0;
After N days, the user will need to change their password. Checked by OnAuthenticate()().
parameter PASSWORDMATCHNUM = 4;
Used by OnValidatePW()(). Password cannot match this number of past passwords Set to 0 to disable past password validation
parameter PASSWORDPATTERN = 3.32ANP;
Used by OnValidatePW()(). The proposed password must satisfy this pattern
parameter PWEMAILOPERATION = PasswordEmailOperation;
If this domain will support an email being sent if the user forgot their password, this is the name of the Ensemble configured operation used to generate the email

Methods

classmethod CallbackClass(pDomain As %String) as %String
API Method: Returns the child of this class for a given domain
classmethod GeneratePassword() as %String
API Method: Generates the password. Override this to change the way that random passwords are generated.
classmethod MatchError() as %String
API Method: Text for past-password-match error message. Override this to change the past-password-match error message.
classmethod OnAuthenticate(pServiceName As %String, pDomain As %String, pLoginID As %String, pPassword As %String, Output pUserName As %String, Output pToken As %RawString, Output pFullName As %String, Output pChangePW As %Boolean, Output pChallengeQ As %String) as %String
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Authenticates against a user in the User/Clinician registry Login IDs table.
The following 3 parameters are checked by the overriden OnAuthenticate() method:
  • INACTIVITYLIMIT: number of days a user login ID stays enabled if the user does not log in.
    After the number of days, an action should be taken, like clearing the user password.
  • INVALIDLOGINLIMIT: number of invalid login attempts allowed before a login ID is locked.
    After the number of attempts, an action should be taken, like clearing the user password.
  • PASSWORDEXPIRATIONDAYS: number of days left before the user must to reset their password.
    Once the password has expired, an action should be taken, like clearing the user password.
classmethod OnAuthorize(pServiceName As %String, pDomain As %String, pLoginID As %String, pPassword As %String, pUserName As %String, pToken As %RawString, Output pRoles As %String) as %String
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Authorizes against a user in the User/Clinician registry Login IDs table.
classmethod OnGeneratePWEmail(pLoginInternalID As %String, Output pMailMessage As %Net.MailMessage, Output pUserMessage) as %String
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Sends "forgot password" email with a temporary password.
classmethod OnRequestPWEmail(pServiceName As %String, pDomain As %String, pLoginID As %String, pChallengeQ As %String, pChallengeA As %String) as %String
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Initiates sending "forgot password" email.
classmethod OnResetPassword(pLoginIDContainer As HS.Registry.Person.User.WebServices.Containers.UserLoginID, pNewPassword As %String)
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Resets the user's password in the Login ID table of the User/Clinician registry.
classmethod OnValidatePW(pPassword As %String, pDomain As %String, pLoginId As %String, pQuickAdd As %Boolean = 0, pRegistryId As %String = "") as %String
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Validates that the password matches a specific pattern and that it hasn't been used recently.
classmethod PatternError() as %String
API Method: Text for password-match error message. Override this to change the password pattern match error message.
classmethod PatternMatch(pPassword As %String) as %String
API Method: Controls how passwords are pattern matched. Override this to change the method of pattern matching on passwords.
classmethod RepeatCheck(pPassword As %String, pDomain As %String, pLoginId As %String, pRegistryId As %String = "") as %String
API Method: Controls how past passwords are checked. Override this to change the method of checking against past passwords.
classmethod SendResetPasswordEmail(pLoginIDObj As HS.Registry.Person.User.WebServices.Containers.UserLoginID, pResetPwdPageURL As %String, pSMTPInfo As HS.Types.SMTP)
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Sends a reset-password email to user.
classmethod SendTwoFactorToken(pAuthResponse As HS.Registry.Person.User.WebServices.Containers.AuthResponse, pSMTPInfo As HS.Types.SMTP, Output pSecurityToken As %String) as %Status
Overridden from super class. Look at documentation in super class HS.Registry.AuthDomain.ICallbackClass.
Sends a two-factor security code to the user.

Subclasses