HS.Registry.AuthDomain.ICallbackClass
abstract class HS.Registry.AuthDomain.ICallbackClass
Base interface for any CallbackClass of an instance of HS.Registry.AuthDomain to extend.@API.Extensible
Method Inventory
- OnAuthenticate()
- OnAuthorize()
- OnGeneratePWEmail()
- OnRequestPWEmail()
- OnResetPassword()
- OnValidatePW()
- SendResetPasswordEmail()
- SendTwoFactorToken()
Methods
abstract classmethod OnAuthenticate(pServiceName As %String, pDomain As %String, pLoginID As %String, pPassword As %String, Output pUserName As %String, Output pToken As %RawString, Output pFullName As %String, Output pChangePW As %Boolean, Output pChallengeQuestion As %String) as %String
Authenticates a user.
Return value will be empty or a displayable error message (if there's a real error). Alternatively, for authentication failures, the return value can be a $list(name value pairs), where each pair is $List(key,data).
IF authenticated, pUsername and pToken MUST be set to non empty values or else the authentication attempt fails.
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this login attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pPassword Password for user to be authenticated.
@Argument pUsername Username for the provided login ID.
@Argument pToken Can be anything needed for later use to identify. For internal HealthShare domains, we use the internal ID in the UserLoginID table.
@Argument pFullName Full name of authenticated user.
@Argument pChangePW Whether the user MUST change their password.
@Argument pChallengeQuestion Used when "forgot password" workflow is enabled.
Return value will be empty or a displayable error message (if there's a real error). Alternatively, for authentication failures, the return value can be a $list(name value pairs), where each pair is $List(key,data).
IF authenticated, pUsername and pToken MUST be set to non empty values or else the authentication attempt fails.
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this login attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pPassword Password for user to be authenticated.
@Argument pUsername Username for the provided login ID.
@Argument pToken Can be anything needed for later use to identify. For internal HealthShare domains, we use the internal ID in the UserLoginID table.
@Argument pFullName Full name of authenticated user.
@Argument pChangePW Whether the user MUST change their password.
@Argument pChallengeQuestion Used when "forgot password" workflow is enabled.
abstract classmethod OnAuthorize(pServiceName As %String, pDomain As %String, pLoginID As %String, pPassword As %String, pUserName As %String, pToken As %RawString, Output pRoles As %String) as %String
Authorizes a user. Is always called AFTER OnAuthenticate() has
been invoked with no errors.
Outputs a list of authorized roles for the provided user.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this login attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pPassword Password for user to be authenticated.
@Argument pUsername Username for the provided login ID.
@Argument pToken Can be anything needed for later use to identify. For internal HealthShare domains, we use the internal ID in the UserLoginID table.
@Argument pRoles Comma-separated list of roles for user.
Outputs a list of authorized roles for the provided user.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this login attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pPassword Password for user to be authenticated.
@Argument pUsername Username for the provided login ID.
@Argument pToken Can be anything needed for later use to identify. For internal HealthShare domains, we use the internal ID in the UserLoginID table.
@Argument pRoles Comma-separated list of roles for user.
abstract classmethod OnGeneratePWEmail(pLoginInternalID As %String, Output pMailMessage As %Net.MailMessage, Output pUserMessage As %String) as %String
Handle generation of the new password & construction of the email from a
"forgot password" email request initiated by ZAUTHENTICATE.
Invoked from Interoperability production: HS.Registry.Person.User.PWEmailOperation.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pLoginInternalID Row ID of user is HS.Registry.Person.UserLoginID.
@Argument pMailMessage MailMessage to construct that will be sent to the user.
@Argument pUserMessage Message to display to the user once email has been sent.
Invoked from Interoperability production: HS.Registry.Person.User.PWEmailOperation.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pLoginInternalID Row ID of user is HS.Registry.Person.UserLoginID.
@Argument pMailMessage MailMessage to construct that will be sent to the user.
@Argument pUserMessage Message to display to the user once email has been sent.
abstract classmethod OnRequestPWEmail(pServiceName As %String, pDomain As %String, pLoginID As %String, pChallengeQuestion As %String, pChallengeAnswer As %String) as %String
Process "forgot password" email request from ZAUTHENTICATE.
Should initiate the email request via the following Interoperability production: HS.Registry.Person.User.PWEmailOperation.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this forgot password email request. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user.
@Argument pChallengeQuestion Challenge question for the user present in their record in HS.Registry.Person.UserLoginID.
@Argument pChallengeAnswer Challenge answer for the user present in their record in HS.Registry.Person.UserLoginID.
Should initiate the email request via the following Interoperability production: HS.Registry.Person.User.PWEmailOperation.
Return value will be empty or a displayable error message (if there's a real error).
@API.Method
@API.Overrideable
@Argument pServiceName Service name bound to pDomain for those who need to call external service endpoints.
@Argument pDomain Domain code for this forgot password email request. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user.
@Argument pChallengeQuestion Challenge question for the user present in their record in HS.Registry.Person.UserLoginID.
@Argument pChallengeAnswer Challenge answer for the user present in their record in HS.Registry.Person.UserLoginID.
abstract classmethod OnResetPassword(pLoginIDContainer As HS.Registry.Person.User.WebServices.Containers.UserLoginID, pNewPassword As %String)
Reset a user's password.
MUST throw any exceptions that occur.
@API.Method
@API.Overrideable
@Argument pLoginIDContainer Login ID object corresponding to a Login ID in the User/Clinician registry for user whose password is to be reset.
@Argument pNewPassword New password to set for the authenticated user.
MUST throw any exceptions that occur.
@API.Method
@API.Overrideable
@Argument pLoginIDContainer Login ID object corresponding to a Login ID in the User/Clinician registry for user whose password is to be reset.
@Argument pNewPassword New password to set for the authenticated user.
abstract classmethod OnValidatePW(pPassword As %String, pDomain As %String, pLoginId As %String, pQuickAdd As %Boolean = 0, pRegistryId As %String = "") as %String
Validates a provided password for a given security domain and login ID.
Is invoked to validate a user's password whenever they attempt to change/
reset it (could be via forgot password, expired password etc. workflows).
Returns "" if validation passes; otherwise a displayable error message. @API.Method
@API.Overrideable
@Argument pPassword Password to be validated.
@Argument pDomain Domain code for this password change attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pQuickAdd Set to 1 by HS.UI.Registry.User.Add.
@Argument pRegistryId Internal row ID of user in HS.Registry.Person.User. ONLY provided when invoked when called by HS.UI.Registry.User.Manage.
Returns "" if validation passes; otherwise a displayable error message. @API.Method
@API.Overrideable
@Argument pPassword Password to be validated.
@Argument pDomain Domain code for this password change attempt. Corresponds to DomainCode in HS.Registry.AuthDomain.
@Argument pLoginID Login ID for user to be authenticated.
@Argument pQuickAdd Set to 1 by HS.UI.Registry.User.Add.
@Argument pRegistryId Internal row ID of user in HS.Registry.Person.User. ONLY provided when invoked when called by HS.UI.Registry.User.Manage.
abstract classmethod SendResetPasswordEmail(pLoginIDObj As HS.Registry.Person.User.WebServices.Containers.UserLoginID, pResetPwdPageURL As %String, pSMTPInfo As HS.Types.SMTP)
Send a reset password email with the URL provided.
Errors will be thrown directly and this method will not return a status.
@API.Method
@API.Overrideable
@Argument pLoginIDObj Corresponds to the loginID persistent object of the user who is requesting a password reset.
@Argument pResetPwdPageURL Corresponds to the URL to the reset password page.
@Argument pSMTPInfo Corresponds to the HS.UniversalLogin.Settings.SMTP settings object, from which we obtain information of the server to send email.
Errors will be thrown directly and this method will not return a status.
@API.Method
@API.Overrideable
@Argument pLoginIDObj Corresponds to the loginID persistent object of the user who is requesting a password reset.
@Argument pResetPwdPageURL Corresponds to the URL to the reset password page.
@Argument pSMTPInfo Corresponds to the HS.UniversalLogin.Settings.SMTP settings object, from which we obtain information of the server to send email.
abstract classmethod SendTwoFactorToken(pAuthResponse As HS.Registry.Person.User.WebServices.Containers.AuthResponse, pSMTPInfo As HS.Types.SMTP, Output pSecurityToken As %String) as %Status
Send a two-factor security code to the user.
Should return an error status if security token is not sent to user.
The text will not be displayed to the end user and will be logged to the application error log.
MUST set as output pSecurityToken.
@API.Method
@API.Overrideable
@Argument pAuthResponse Response from user/clinician registry containing information about the user.
@Argument pSMTPInfo The settings object, from which we obtain information of the server to send email.
@Argument pSecurityToken The security token that has been sent to the user.
Should return an error status if security token is not sent to user.
The text will not be displayed to the end user and will be logged to the application error log.
MUST set as output pSecurityToken.
@API.Method
@API.Overrideable
@Argument pAuthResponse Response from user/clinician registry containing information about the user.
@Argument pSMTPInfo The settings object, from which we obtain information of the server to send email.
@Argument pSecurityToken The security token that has been sent to the user.