use of com.auth0.flickr2.domain.User in project structr by structr.
the class JWTHelper method getPrincipalForRefreshToken.
public static Principal getPrincipalForRefreshToken(final String refreshToken) throws FrameworkException {
final String jwtSecretType = Settings.JWTSecretType.getValue();
Map<String, Claim> claims = null;
switch(jwtSecretType) {
default:
case "secret":
final String secret = Settings.JWTSecret.getValue();
claims = validateTokenWithSecret(refreshToken, secret);
break;
case "keypair":
final RSAPublicKey publicKey = getPublicKeyForToken();
final RSAPrivateKey privateKey = getPrivateKeyForToken();
if (publicKey == null || privateKey == null) {
break;
}
claims = validateTokenWithKeystore(refreshToken, Algorithm.RSA256(publicKey, privateKey));
break;
case "jwks":
throw new FrameworkException(400, "will not validate refresh_token because authentication is not handled by this instance");
}
if (claims == null) {
return null;
}
final String tokenId = claims.get("tokenId").asString();
final String tokenType = claims.get("tokenType").asString();
if (tokenId == null || tokenType == null || !StringUtils.equals(tokenType, "refresh_token")) {
return null;
}
Principal user = AuthHelper.getPrincipalForCredential(StructrApp.key(Principal.class, "refreshTokens"), new String[] { tokenId }, false);
if (user == null) {
return null;
}
Principal.removeRefreshToken(user, tokenId);
return user;
}
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class Auth0Filter method doFilter.
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
// clean caches in a background thread, only one task at a time, checks for clean interval of 60s
executor.submit(this::cleanCache);
final HttpServletRequest req = (HttpServletRequest) servletRequest;
final HttpServletResponse res = (HttpServletResponse) servletResponse;
log.log(Level.INFO, String.format("Http Request [%s %s %s %d]", req.getMethod(), req.getRequestURI(), req.getRemoteAddr(), req.getContentLengthLong()));
initFilters();
FilterResult result;
result = allowedHostsFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = headersFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = optionsResendVerificationEmailFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (req.getMethod().equals("OPTIONS")) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = publicViewFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (System.getenv("SKIP_SECURITY") != null) {
// try to consume test user from request header
fakeUserLogin(req);
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (req.getPathInfo() == null || !req.getPathInfo().startsWith("/paymentNotify/")) {
final String accessToken = getAccessToken(req);
// we do not have the token at all, or we failed to obtain verifier
if (accessToken == null || verifier == null) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// we failed to verify the token
final DecodedJWT jwt;
try {
jwt = JWT.decode(accessToken);
verifier.verify(jwt.getToken());
} catch (Exception e) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// the token is expired
if (Instant.now().isAfter(jwt.getExpiresAt().toInstant())) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// we are safe to go, make sure we have user info
final AuthenticatedUser.AuthUserInfo authUserInfo = getAuthenticatedUser(accessToken);
if (!accessToken.equals(authUserInfo.accessToken) || authUserInfo.user == null || (authUserInfo.lastUpdated + TOKEN_REFRESH_PERIOD <= System.currentTimeMillis()) || (!authUserInfo.user.isEmailVerified() && authUserInfo.lastUpdated + UNVERIFIED_TOKEN_REFRESH_PERIOD <= System.currentTimeMillis())) {
final Semaphore s = semaphores.computeIfAbsent(accessToken, key -> new Semaphore(1));
final boolean firstLogin = authUserInfo.user == null;
if (s.tryAcquire()) {
// only one thread must do that at the same time
try {
final AuthenticatedUser.AuthUserInfo newAuthUserInfo = new AuthenticatedUser.AuthUserInfo();
// try to get user info 3 times in a row with 500ms delays
for (int i = 0; i < 3 && newAuthUserInfo.user == null; i++) {
try {
newAuthUserInfo.user = getUserInfo(accessToken);
} catch (Auth0Exception a0e) {
try {
Thread.sleep(500);
} catch (InterruptedException ie) {
// NOP
}
}
}
// we still could not get user info
if (newAuthUserInfo.user == null) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
s.release();
return;
}
newAuthUserInfo.accessToken = accessToken;
newAuthUserInfo.lastUpdated = System.currentTimeMillis();
authUserCache.put(accessToken, newAuthUserInfo);
authenticatedUser.setAuthUserInfo(newAuthUserInfo);
authenticatedUser.checkUser(firstLogin);
} finally {
s.release();
}
} else {
try {
s.acquire();
s.release();
// we might have a different session id for the same user
if (authenticatedUser.getAuthUserInfo().user == null) {
AuthenticatedUser.AuthUserInfo newAuthUserInfo = authUserCache.get(accessToken);
authenticatedUser.setAuthUserInfo(newAuthUserInfo);
// we do not need to check the user again, it was already done in the first session
}
} catch (InterruptedException ie) {
// do nothing
}
}
}
}
result = resendVerificationEmailFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
}
try {
filterChain.doFilter(servletRequest, servletResponse);
} catch (RuntimeException e) {
log.log(Level.SEVERE, "Unable to serve request: ", e);
sentryFacade.reportError(e);
res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getLocalizedMessage());
}
}
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class Auth0Filter method getUserInfo.
private User getUserInfo(final String accessToken) throws Auth0Exception {
final AuthAPI auth0 = new AuthAPI(domain, clientId, clientSecret);
final Request<UserInfo> info = auth0.userInfo(accessToken);
final Map<String, Object> values = info.execute().getValues();
final String nickname = (String) values.get("nickname");
final String sub = (String) values.get("sub");
final String name = (String) values.get("name");
final String email = (String) values.get("email");
final Boolean emailVerified = (Boolean) values.get("email_verified");
final User user = new User(email == null ? (sub.startsWith("google-oauth2") ? nickname + "@gmail.com" : name) : email);
user.setAuthIds(new HashSet<>(Arrays.asList(sub)));
user.setName(name);
user.setEmailVerified(emailVerified != null && emailVerified);
return user;
}
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class UserFacade method patchCurrentUser.
public User patchCurrentUser(final User user, final String language) {
final User currentUser = authenticatedUser.getCurrentUser();
boolean sendPushNotification = false;
if (user.hasNewsletter() != null) {
currentUser.setNewsletter(user.hasNewsletter());
// so that en is default
mailerService.setUserSubscription(currentUser, !Language.fromString(language).equals(Language.CS));
}
if (user.hasAgreement() != null) {
currentUser.setAgreement(user.hasAgreement());
if (user.hasAgreement()) {
currentUser.setAgreementDate(ZonedDateTime.now());
}
}
if (user.getWizardDismissed() != null) {
currentUser.setWizardDismissed(user.getWizardDismissed());
}
if (user.getReferral() != null && (currentUser.getReferral() == null || "".equals(currentUser.getReferral())) && !user.getReferral().equals(Utils.strHexTo36(currentUser.getId()))) {
currentUser.setReferral(user.getReferral());
}
if (user.getName() != null && StringUtils.compare(user.getName(), currentUser.getName()) != 0) {
currentUser.setName(user.getName());
try {
userAuth0Utils.renameUser(user.getName());
} catch (Auth0Exception e) {
throw new UnsuccessfulOperationException("Unable to update user name: ", e);
}
sendPushNotification = true;
}
if (user.getNotifications() != null) {
currentUser.setNotifications(user.getNotifications());
sendPushNotification = true;
}
if (user.getLanguage() != null) {
currentUser.setLanguage(user.getLanguage());
sendPushNotification = true;
}
final User updatedUser;
if (sendPushNotification) {
updatedUser = updateUserAndSendNotification(null, currentUser.getId(), currentUser);
} else {
updatedUser = userDao.updateUser(currentUser.getId(), currentUser);
}
userCache.updateUser(updatedUser.getEmail(), updatedUser);
logUserVerified(currentUser, updatedUser);
return updatedUser;
}
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class UserFacade method createUsersWithDefaultData.
private List<User> createUsersWithDefaultData(final String organizationId, @Nullable final String projectId, final List<User> users) {
List<InitialUserData> dataList = initialUserDataDao.get();
Map<String, List<DefaultViewConfig>> defaultViewConfigsMap = new HashMap<>();
List<Project> projects = projectDao.getAllProjects();
List<User> createdUsers = users.stream().map(user -> {
User storedUser = userDao.getUserByEmail(user.getEmail());
if (storedUser == null) {
user.setOrganization(organizationId);
user.setDefaultWorkspace(new DefaultWorkspace(organizationId, projectId));
patchNewUserDefaultData(user, projects, dataList, defaultViewConfigsMap);
return createUserAndSendNotification(organizationId, user);
}
storedUser.setOrganizations(UserUtil.mergeOrganizations(storedUser.getOrganizations(), Set.of(organizationId)));
if (storedUser.getDefaultWorkspace() == null) {
storedUser.setDefaultWorkspace(new DefaultWorkspace(organizationId, projectId));
}
User updatedUser = updateExistingUser(organizationId, storedUser);
return keepOnlyCurrentOrganization(updatedUser, organizationId);
}).collect(Collectors.toList());
Map<String, String> emailToIdMap = createdUsers.stream().collect(Collectors.toMap(User::getEmail, User::getId));
for (Project project : projects) {
List<DefaultViewConfig> configs = defaultViewConfigsMap.getOrDefault(project.getId(), new ArrayList<>()).stream().peek(config -> config.setUserId(emailToIdMap.get(config.getUserId()))).collect(Collectors.toList());
if (configs.size() > 0) {
defaultViewConfigDao.setProject(project);
defaultViewConfigDao.insertConfigs(configs);
}
}
return createdUsers;
}
Aggregations