Examples with WebUserAuthException com.djrapitops.plan.exceptions.WebUserAuthException used on opensource projects

Example 1 with WebUserAuthException

use of com.djrapitops.plan.exceptions.WebUserAuthException in project Plan by plan-player-analytics.

the class RequestHandler method getResponse.

public Response getResponse(HttpExchange exchange) {
    if (ipWhitelist == null) {
        ipWhitelist = config.isTrue(WebserverSettings.IP_WHITELIST) ? config.get(WebserverSettings.WHITELIST) : Collections.emptyList();
    }
    String accessor = getAccessorAddress(exchange);
    Request request = null;
    Response response;
    try {
        request = buildRequest(exchange);
        if (bruteForceGuard.shouldPreventRequest(accessor)) {
            response = responseFactory.failedLoginAttempts403();
        } else if (!ipWhitelist.isEmpty() && !ipWhitelist.contains(accessor)) {
            response = responseFactory.ipWhitelist403(accessor);
            logger.info(locale.getString(PluginLang.WEB_SERVER_NOTIFY_IP_WHITELIST_BLOCK, accessor, exchange.getRequestURI().toString()));
        } else {
            response = responseResolver.getResponse(request);
        }
    } catch (WebUserAuthException thrownByAuthentication) {
        FailReason failReason = thrownByAuthentication.getFailReason();
        if (failReason == FailReason.USER_PASS_MISMATCH) {
            bruteForceGuard.increaseAttemptCountOnFailedLogin(accessor);
            response = responseFactory.badRequest(failReason.getReason(), "/auth/login");
        } else {
            String from = exchange.getRequestURI().toASCIIString();
            String directTo = StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from;
            response = Response.builder().redirectTo(directTo).setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=0; SameSite=Lax; Secure;").build();
        }
    }
    if (bruteForceGuard.shouldPreventRequest(accessor)) {
        response = responseFactory.failedLoginAttempts403();
    }
    if (// Not failed
    response.getCode() != 401 && // Not blocked
    response.getCode() != 403 && request != null && // Logged in
    request.getUser().isPresent()) {
        bruteForceGuard.resetAttemptCount(accessor);
    }
    return response;
}

Example 2 with WebUserAuthException

use of com.djrapitops.plan.exceptions.WebUserAuthException in project Plan by plan-player-analytics.

the class BasicAuthentication method getUser.

@Override
public User getUser() {
    String decoded = Base64Util.decode(authenticationString);
    String[] userInfo = StringUtils.split(decoded, ':');
    if (userInfo.length != 2) {
        throw new WebUserAuthException(FailReason.USER_AND_PASS_NOT_SPECIFIED, Arrays.toString(userInfo));
    }
    String username = userInfo[0];
    String passwordRaw = userInfo[1];
    Database.State dbState = database.getState();
    if (dbState != Database.State.OPEN) {
        throw new WebUserAuthException(FailReason.DATABASE_NOT_OPEN, "State was: " + dbState.name());
    }
    try {
        User user = database.query(WebUserQueries.fetchUser(username)).orElseThrow(() -> new WebUserAuthException(FailReason.USER_DOES_NOT_EXIST, username));
        boolean correctPass = user.doesPasswordMatch(passwordRaw);
        if (!correctPass) {
            throw new WebUserAuthException(FailReason.USER_PASS_MISMATCH, username);
        }
        return user;
    } catch (DBOpException | PassEncryptException e) {
        throw new WebUserAuthException(e);
    }
}

Example 3 with WebUserAuthException

use of com.djrapitops.plan.exceptions.WebUserAuthException in project Plan by plan-player-analytics.

the class UserJSONResolver method getResponse.

private Response getResponse(Request request) {
    if (!webServer.get().isAuthRequired()) {
        return Response.builder().setStatus(404).setJSONContent("{}").build();
    }
    WebUser user = request.getUser().orElseThrow(() -> new WebUserAuthException(FailReason.NO_USER_PRESENT));
    Map<String, Object> json = new HashMap<>();
    json.put("username", user.getUsername());
    json.put("linkedTo", user.getName());
    json.put("permissions", user.getPermissions());
    return Response.builder().setJSONContent(json).build();
}

Example 4 with WebUserAuthException

use of com.djrapitops.plan.exceptions.WebUserAuthException in project Plan by plan-player-analytics.

the class ResponseResolver method tryToGetResponse.

/**
 * @throws NotFoundException   In some cases when page was not found, not all.
 * @throws ForbiddenException  If the user is not allowed to see the page
 * @throws BadRequestException If the request did not have required things.
 */
private Response tryToGetResponse(Request request) {
    if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
        return Response.builder().setStatus(204).build();
    }
    Optional<WebUser> user = request.getUser();
    List<Resolver> foundResolvers = resolverService.getResolvers(request.getPath().asString());
    if (foundResolvers.isEmpty())
        return responseFactory.pageNotFound404();
    for (Resolver resolver : foundResolvers) {
        boolean isAuthRequired = webServer.get().isAuthRequired() && resolver.requiresAuth(request);
        if (isAuthRequired) {
            if (!user.isPresent()) {
                if (webServer.get().isUsingHTTPS()) {
                    throw new WebUserAuthException(FailReason.NO_USER_PRESENT);
                } else {
                    return responseFactory.forbidden403();
                }
            }
            if (resolver.canAccess(request)) {
                Optional<Response> resolved = resolver.resolve(request);
                if (resolved.isPresent())
                    return resolved.get();
            } else {
                return responseFactory.forbidden403();
            }
        } else {
            Optional<Response> resolved = resolver.resolve(request);
            if (resolved.isPresent())
                return resolved.get();
        }
    }
    return responseFactory.pageNotFound404();
}

Example 5 with WebUserAuthException

use of com.djrapitops.plan.exceptions.WebUserAuthException in project Plan by plan-player-analytics.

the class RootPageResolver method getResponse.

private Response getResponse(Request request) {
    Server server = serverInfo.getServer();
    if (!webServer.get().isAuthRequired()) {
        String redirectTo = server.isProxy() ? "network" : "server/" + Html.encodeToURL(server.getIdentifiableName());
        return responseFactory.redirectResponse(redirectTo);
    }
    WebUser user = request.getUser().orElseThrow(() -> new WebUserAuthException(FailReason.EXPIRED_COOKIE));
    if (user.hasPermission("page.server")) {
        return responseFactory.redirectResponse(server.isProxy() ? "network" : "server/" + Html.encodeToURL(server.getIdentifiableName()));
    } else if (user.hasPermission("page.players")) {
        return responseFactory.redirectResponse("players");
    } else if (user.hasPermission("page.player.self")) {
        return responseFactory.redirectResponse("player/" + Html.encodeToURL(user.getName()));
    } else {
        return responseFactory.forbidden403(user.getName() + " has insufficient permissions to be redirected to any page. Needs one of: 'page.server', 'page.players' or 'page.player.self'");
    }
}