Search in sources :

Example 11 with ServiceException

use of com.nexblocks.authguard.service.exceptions.ServiceException in project AuthGuard by AuthGuard.

the class CredentialsServiceImpl method replaceIdentifier.

@Override
public Optional<CredentialsBO> replaceIdentifier(final String id, final String oldIdentifier, final UserIdentifierBO newIdentifier) {
    final CredentialsBO credentials = getByIdUnsafe(id).orElseThrow(() -> new ServiceNotFoundException(ErrorCode.IDENTIFIER_DOES_NOT_EXIST, "No credentials with ID " + id));
    final boolean hasIdentifier = credentials.getIdentifiers().stream().anyMatch(identifier -> identifier.getIdentifier().equals(oldIdentifier));
    if (!hasIdentifier) {
        throw new ServiceException(ErrorCode.IDENTIFIER_DOES_NOT_EXIST, "Credentials " + id + " has no identifier " + oldIdentifier);
    }
    final Set<UserIdentifierBO> newIdentifiers = credentials.getIdentifiers().stream().map(identifier -> {
        if (identifier.getIdentifier().equals(oldIdentifier)) {
            return UserIdentifierBO.builder().identifier(newIdentifier.getIdentifier()).active(newIdentifier.isActive()).type(identifier.getType()).domain(identifier.getDomain()).build();
        }
        return identifier;
    }).collect(Collectors.toSet());
    final CredentialsBO update = credentials.withIdentifiers(newIdentifiers);
    return doUpdate(credentials, update, false);
}
Also used : ServiceMapper(com.nexblocks.authguard.service.mappers.ServiceMapper) MessageBus(com.nexblocks.authguard.emb.MessageBus) CryptographicRandom(com.nexblocks.authguard.service.random.CryptographicRandom) Inject(com.google.inject.Inject) CredentialsRepository(com.nexblocks.authguard.dal.persistence.CredentialsRepository) CredentialsDO(com.nexblocks.authguard.dal.model.CredentialsDO) ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) ServiceNotFoundException(com.nexblocks.authguard.service.exceptions.ServiceNotFoundException) ResetTokenMessage(com.nexblocks.authguard.service.messaging.ResetTokenMessage) CredentialsService(com.nexblocks.authguard.service.CredentialsService) ArrayList(java.util.ArrayList) AccountsService(com.nexblocks.authguard.service.AccountsService) Duration(java.time.Duration) ServiceConflictException(com.nexblocks.authguard.service.exceptions.ServiceConflictException) com.nexblocks.authguard.basic.passwords(com.nexblocks.authguard.basic.passwords) IdempotencyService(com.nexblocks.authguard.service.IdempotencyService) ErrorCode(com.nexblocks.authguard.service.exceptions.codes.ErrorCode) ImmutableMap(com.google.common.collect.ImmutableMap) Set(java.util.Set) AccountTokensRepository(com.nexblocks.authguard.dal.cache.AccountTokensRepository) com.nexblocks.authguard.service.model(com.nexblocks.authguard.service.model) Collectors(java.util.stream.Collectors) Messages(com.nexblocks.authguard.emb.Messages) CredentialsAuditRepository(com.nexblocks.authguard.dal.persistence.CredentialsAuditRepository) List(java.util.List) OffsetDateTime(java.time.OffsetDateTime) Optional(java.util.Optional) AccountTokenDO(com.nexblocks.authguard.dal.model.AccountTokenDO) ID(com.nexblocks.authguard.service.util.ID) ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) ServiceNotFoundException(com.nexblocks.authguard.service.exceptions.ServiceNotFoundException)

Example 12 with ServiceException

use of com.nexblocks.authguard.service.exceptions.ServiceException in project AuthGuard by AuthGuard.

the class CredentialsServiceImpl method replacePassword.

@Override
public Optional<CredentialsBO> replacePassword(final String identifier, final String oldPassword, final String newPassword, final String domain) {
    final CredentialsBO credentials = getByUsernameUnsafe(identifier, domain).orElseThrow(() -> new ServiceNotFoundException(ErrorCode.CREDENTIALS_DOES_NOT_EXIST, "Unknown identifier"));
    if (!securePassword.verify(oldPassword, credentials.getHashedPassword())) {
        throw new ServiceException(ErrorCode.PASSWORDS_DO_NOT_MATCH, "Passwords do not match");
    }
    final HashedPasswordBO newHashedPassword = verifyAndHashPassword(newPassword);
    final CredentialsBO update = credentials.withHashedPassword(newHashedPassword).withPasswordUpdatedAt(OffsetDateTime.now());
    return doUpdate(credentials, update, true);
}
Also used : ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) ServiceNotFoundException(com.nexblocks.authguard.service.exceptions.ServiceNotFoundException)

Example 13 with ServiceException

use of com.nexblocks.authguard.service.exceptions.ServiceException in project AuthGuard by AuthGuard.

the class ExchangeServiceImpl method exchange.

@Override
public AuthResponseBO exchange(final AuthRequestBO authRequest, final String fromTokenType, final String toTokenType, final RequestContextBO requestContext) {
    final String key = exchangeKey(fromTokenType, toTokenType);
    final Exchange exchange = exchanges.get(key);
    if (exchange == null) {
        throw new ServiceException(ErrorCode.UNKNOWN_EXCHANGE, "Unknown token exchange " + fromTokenType + " to " + toTokenType);
    }
    final Either<Exception, AuthResponseBO> result = exchange.exchange(authRequest);
    if (result.isRight()) {
        final AuthResponseBO tokens = result.get();
        exchangeSuccess(authRequest, requestContext, tokens, fromTokenType, toTokenType);
        return tokens;
    } else {
        final Exception e = result.getLeft();
        exchangeFailure(authRequest, requestContext, e, fromTokenType, toTokenType);
        // TODO remove this
        if (ServiceException.class.isAssignableFrom(e.getClass())) {
            throw (ServiceException) e;
        } else {
            throw new RuntimeException(e);
        }
    }
}
Also used : TokenExchange(com.nexblocks.authguard.service.exchange.TokenExchange) Exchange(com.nexblocks.authguard.service.exchange.Exchange) ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException) ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException)

Example 14 with ServiceException

use of com.nexblocks.authguard.service.exceptions.ServiceException in project AuthGuard by AuthGuard.

the class ActionTokenServiceImpl method verifyToken.

@Override
public Try<ActionTokenBO> verifyToken(final String token, final String action) {
    final Optional<AccountTokenDO> persisted = accountTokensRepository.getByToken(token).join();
    if (persisted.isEmpty()) {
        return Try.failure(new ServiceException(ErrorCode.TOKEN_EXPIRED_OR_DOES_NOT_EXIST, "Token was not found"));
    }
    final OffsetDateTime now = OffsetDateTime.now();
    if (persisted.get().getExpiresAt().isBefore(now)) {
        return Try.failure(new ServiceException(ErrorCode.EXPIRED_TOKEN, "Token has expired"));
    }
    final String allowedAction = persisted.get().getAdditionalInformation().get("action");
    if (allowedAction == null || !allowedAction.equals(action)) {
        return Try.failure(new ServiceException(ErrorCode.INVALID_TOKEN, "Token was created for a different action"));
    }
    return Try.success(ActionTokenBO.builder().accountId(persisted.get().getAssociatedAccountId()).token(token).action(action).build());
}
Also used : ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) OffsetDateTime(java.time.OffsetDateTime) AccountTokenDO(com.nexblocks.authguard.dal.model.AccountTokenDO)

Example 15 with ServiceException

use of com.nexblocks.authguard.service.exceptions.ServiceException in project AuthGuard by AuthGuard.

the class AesCbcTokenEncryptor method decryptEncoded.

/**
 * Decrypts a token which was encrypted and base64 encoded.
 * @param encryptedToken Encrypted and base64-encoded string. Must be
 *                       in the format {IV}.{encrypted_token}
 * @return The decrypted token, UTF-8 encoded.
 */
public String decryptEncoded(final String encryptedToken) {
    final String[] parts = encryptedToken.split("\\.");
    if (parts.length != 2) {
        throw new ServiceException(ErrorCode.INVALID_TOKEN, "Invalid encrypted token");
    }
    final String ivBase64 = parts[0];
    final String tokenBase64 = parts[1];
    final byte[] ivBytes = Base64.getDecoder().decode(ivBase64);
    final Cipher cipher = Cryptography.createCipherWithIv(Cryptography.Algorithm.AES_CBC, Cipher.DECRYPT_MODE, secretKey, ivBytes);
    final byte[] decoded = Base64.getDecoder().decode(tokenBase64);
    final byte[] decrypted = Cryptography.doCipher(decoded, cipher);
    return new String(decrypted, StandardCharsets.UTF_8);
}
Also used : ServiceException(com.nexblocks.authguard.service.exceptions.ServiceException) Cipher(javax.crypto.Cipher)

Aggregations

ServiceException (com.nexblocks.authguard.service.exceptions.ServiceException)17 AccountTokenDO (com.nexblocks.authguard.dal.model.AccountTokenDO)8 ServiceNotFoundException (com.nexblocks.authguard.service.exceptions.ServiceNotFoundException)6 OffsetDateTime (java.time.OffsetDateTime)6 Inject (com.google.inject.Inject)5 AccountsService (com.nexblocks.authguard.service.AccountsService)5 ErrorCode (com.nexblocks.authguard.service.exceptions.codes.ErrorCode)5 Optional (java.util.Optional)5 Collectors (java.util.stream.Collectors)4 AccountTokensRepository (com.nexblocks.authguard.dal.cache.AccountTokensRepository)3 MessageBus (com.nexblocks.authguard.emb.MessageBus)3 Messages (com.nexblocks.authguard.emb.Messages)3 IdempotencyService (com.nexblocks.authguard.service.IdempotencyService)3 ServiceAuthorizationException (com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)3 ServiceConflictException (com.nexblocks.authguard.service.exceptions.ServiceConflictException)3 ActionTokenBO (com.nexblocks.authguard.service.model.ActionTokenBO)3 Duration (java.time.Duration)3 ImmutableMap (com.google.common.collect.ImmutableMap)2 Named (com.google.inject.name.Named)2 com.nexblocks.authguard.basic.passwords (com.nexblocks.authguard.basic.passwords)2