use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class WebClientServiceUtil method sendServiceRequestToUiNode.
public static String sendServiceRequestToUiNode(Server server, String serviceUrl) throws ServiceException {
if (isServerAtLeast8dot5(server)) {
HttpClient client = ZimbraHttpConnectionManager.getExternalHttpConnMgr().newHttpClient();
HttpProxyUtil.configureProxy(client);
AuthToken authToken = AuthProvider.getAdminAuthToken();
ZimbraLog.misc.debug("got admin auth token");
String resp = "";
HttpMethod method = null;
try {
method = new GetMethod(URLUtil.getServiceURL(server, serviceUrl, false));
ZimbraLog.misc.debug("connecting to ui node %s", server.getName());
method.addRequestHeader(PARAM_AUTHTOKEN, authToken.getEncoded());
int result = HttpClientUtil.executeMethod(client, method);
ZimbraLog.misc.debug("resp: %d", result);
resp = method.getResponseBodyAsString();
ZimbraLog.misc.debug("got response from ui node: %s", resp);
} catch (IOException e) {
ZimbraLog.misc.warn("failed to get response from ui node", e);
} catch (AuthTokenException e) {
ZimbraLog.misc.warn("failed to get authToken", e);
} finally {
if (method != null) {
method.releaseConnection();
}
}
if (authToken != null && authToken.isRegistered()) {
try {
authToken.deRegister();
ZimbraLog.misc.debug("de-registered auth token, isRegistered?%s", authToken.isRegistered());
} catch (AuthTokenException e) {
ZimbraLog.misc.warn("failed to de-register authToken", e);
}
}
return resp;
}
return "";
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class WebClientServiceUtil method sendServiceRequestToOneRandomUiNode.
/**
* send service request to one random ui node, keep trying until succeeds.
* @param serviceUrl the url that should be matched and handled by ServiceServlet in ZimbraWebClient
* reqHeaders the map of req/rsp attributes that need to be set by the UI node
* @return response from ui node in String
* @throws ServiceException
*/
public static String sendServiceRequestToOneRandomUiNode(String serviceUrl, Map<String, String> reqHeaders) throws ServiceException {
List<Server> servers = Provisioning.getInstance().getAllServers(Provisioning.SERVICE_WEBCLIENT);
if (servers == null || servers.isEmpty()) {
servers.add(Provisioning.getInstance().getLocalServer());
}
HttpClient client = ZimbraHttpConnectionManager.getExternalHttpConnMgr().newHttpClient();
HttpProxyUtil.configureProxy(client);
AuthToken authToken = AuthProvider.getAdminAuthToken();
ZimbraLog.misc.debug("got admin auth token");
String resp = "";
for (Server server : servers) {
if (isServerAtLeast8dot5(server)) {
HttpMethod method = null;
try {
method = new GetMethod(URLUtil.getServiceURL(server, serviceUrl, false));
ZimbraLog.misc.debug("connecting to ui node %s", server.getName());
method.addRequestHeader(PARAM_AUTHTOKEN, authToken.getEncoded());
// Add all the req headers passed to this function as well
for (Map.Entry<String, String> entry : reqHeaders.entrySet()) {
method.addRequestHeader(entry.getKey(), entry.getValue());
ZimbraLog.misc.debug("adding request header %s=%s", entry.getKey(), entry.getValue());
}
int result = HttpClientUtil.executeMethod(client, method);
ZimbraLog.misc.debug("resp: %d", result);
resp = method.getResponseBodyAsString();
ZimbraLog.misc.debug("got response from ui node: %s", resp);
//try ui nodes one by one until one succeeds.
break;
} catch (IOException e) {
ZimbraLog.misc.warn("failed to get response from ui node", e);
} catch (AuthTokenException e) {
ZimbraLog.misc.warn("failed to get authToken", e);
} finally {
if (method != null) {
method.releaseConnection();
}
}
}
}
if (authToken != null && authToken.isRegistered()) {
try {
authToken.deRegister();
ZimbraLog.misc.debug("de-registered auth token, isRegistered?%s", authToken.isRegistered());
} catch (AuthTokenException e) {
ZimbraLog.misc.warn("failed to de-register authToken", e);
}
}
return resp;
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class PreAuthServlet method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
ZimbraLog.clearContext();
try {
Provisioning prov = Provisioning.getInstance();
Server server = prov.getLocalServer();
String referMode = server.getAttr(Provisioning.A_zimbraMailReferMode, "wronghost");
boolean isRedirect = getOptionalParam(req, PARAM_ISREDIRECT, "0").equals("1");
String rawAuthToken = getOptionalParam(req, PARAM_AUTHTOKEN, null);
AuthToken authToken = null;
if (rawAuthToken != null) {
authToken = AuthProvider.getAuthToken(rawAuthToken);
if (authToken == null) {
throw new AuthTokenException("unable to get auth token from " + PARAM_AUTHTOKEN);
} else if (authToken.isExpired()) {
throw new AuthTokenException("auth token expired");
} else if (!authToken.isRegistered()) {
throw new AuthTokenException("authtoken is invalid");
}
}
if (rawAuthToken != null) {
if (!authToken.isRegistered()) {
throw new AuthTokenException("authtoken is not registered");
}
if (authToken.isExpired()) {
throw new AuthTokenException("authtoken is expired registered");
}
// we've got an auth token in the request:
// See if we need a redirect to the correct server
boolean isAdmin = authToken != null && AuthToken.isAnyAdmin(authToken);
Account acct = prov.get(AccountBy.id, authToken.getAccountId(), authToken);
if (isAdmin || !needReferral(acct, referMode, isRedirect)) {
//authtoken in get request is for one time use only. Deregister and generate new one.
if (authToken instanceof ZimbraAuthToken) {
ZimbraAuthToken oneTimeToken = (ZimbraAuthToken) authToken;
ZimbraAuthToken newZimbraAuthToken = null;
try {
newZimbraAuthToken = oneTimeToken.clone();
} catch (CloneNotSupportedException e) {
throw new ServletException(e);
}
newZimbraAuthToken.resetTokenId();
oneTimeToken.deRegister();
authToken = newZimbraAuthToken;
ZimbraLog.account.debug("Deregistered the one time preauth token and issuing new one to the user.");
}
// no need to redirect to the correct server, just send them off to do business
setCookieAndRedirect(req, resp, authToken);
} else {
// redirect to the correct server with the incoming auth token
// we no longer send the auth token we generate over when we redirect to the correct server,
// but customer can be sending a token in their preauth URL, in this case, just
// send over the auth token as is.
redirectToCorrectServer(req, resp, acct, rawAuthToken);
}
} else {
// no auth token in the request URL. See if we should redirect this request
// to the correct server, or should do the preauth locally.
String preAuth = getRequiredParam(req, resp, PARAM_PREAUTH);
String account = getRequiredParam(req, resp, PARAM_ACCOUNT);
String accountBy = getOptionalParam(req, PARAM_BY, AccountBy.name.name());
AccountBy by = AccountBy.fromString(accountBy);
boolean admin = getOptionalParam(req, PARAM_ADMIN, "0").equals("1") && isAdminRequest(req);
long timestamp = Long.parseLong(getRequiredParam(req, resp, PARAM_TIMESTAMP));
long expires = Long.parseLong(getRequiredParam(req, resp, PARAM_EXPIRES));
Account acct = null;
acct = prov.get(by, account, authToken);
Map<String, Object> authCtxt = new HashMap<String, Object>();
authCtxt.put(AuthContext.AC_ORIGINATING_CLIENT_IP, ZimbraServlet.getOrigIp(req));
authCtxt.put(AuthContext.AC_REMOTE_IP, ZimbraServlet.getClientIp(req));
authCtxt.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, account);
authCtxt.put(AuthContext.AC_USER_AGENT, req.getHeader("User-Agent"));
boolean acctAutoProvisioned = false;
if (acct == null) {
//
if (by == AccountBy.name && !admin) {
try {
EmailAddress email = new EmailAddress(account, false);
String domainName = email.getDomain();
Domain domain = domainName == null ? null : prov.get(Key.DomainBy.name, domainName);
prov.preAuthAccount(domain, account, accountBy, timestamp, expires, preAuth, authCtxt);
acct = prov.autoProvAccountLazy(domain, account, null, AutoProvAuthMech.PREAUTH);
if (acct != null) {
acctAutoProvisioned = true;
}
} catch (AuthFailedServiceException e) {
ZimbraLog.account.debug("auth failed, unable to auto provisioing acct " + account, e);
} catch (ServiceException e) {
ZimbraLog.account.info("unable to auto provisioing acct " + account, e);
}
}
}
if (acct == null) {
throw AuthFailedServiceException.AUTH_FAILED(account, account, "account not found");
}
String accountStatus = acct.getAccountStatus(prov);
if (!Provisioning.ACCOUNT_STATUS_ACTIVE.equalsIgnoreCase(accountStatus)) {
if (Provisioning.ACCOUNT_STATUS_MAINTENANCE.equalsIgnoreCase(accountStatus)) {
throw AccountServiceException.MAINTENANCE_MODE();
} else {
throw AccountServiceException.ACCOUNT_INACTIVE(acct.getName());
}
}
if (admin) {
boolean isDomainAdminAccount = acct.getBooleanAttr(Provisioning.A_zimbraIsDomainAdminAccount, false);
boolean isAdminAccount = acct.getBooleanAttr(Provisioning.A_zimbraIsAdminAccount, false);
boolean isDelegatedAdminAccount = acct.getBooleanAttr(Provisioning.A_zimbraIsDelegatedAdminAccount, false);
boolean ok = (isDomainAdminAccount || isAdminAccount || isDelegatedAdminAccount);
if (!ok)
throw ServiceException.PERM_DENIED("not an admin account");
}
if (admin || !needReferral(acct, referMode, isRedirect)) {
// do preauth locally
if (!acctAutoProvisioned) {
prov.preAuthAccount(acct, account, accountBy, timestamp, expires, preAuth, admin, authCtxt);
}
AuthToken at;
if (admin)
at = (expires == 0) ? AuthProvider.getAuthToken(acct, admin) : AuthProvider.getAuthToken(acct, expires, admin, null);
else
at = (expires == 0) ? AuthProvider.getAuthToken(acct) : AuthProvider.getAuthToken(acct, expires);
setCookieAndRedirect(req, resp, at);
} else {
// redirect to the correct server.
// Note: we do not send over the generated auth token (the auth token param passed to
// redirectToCorrectServer is null).
redirectToCorrectServer(req, resp, acct, null);
}
}
} catch (ServiceException e) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
} catch (AuthTokenException e) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
}
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class PublicICalServlet method doGetFreeBusy.
/**
*
* http://localhost:7070/service/pubcal/freebusy.ifb?acct=user@host.com
*
* @param req
* @param resp
* @throws IOException
* @throws ServletException
*/
public final void doGetFreeBusy(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException {
String acctName = req.getParameter(QP_ACCOUNT);
String startStr = req.getParameter(QP_START_TIME);
String endStr = req.getParameter(QP_END_TIME);
resp.setContentType(MimeConstants.CT_TEXT_CALENDAR);
if (checkBlankOrNull(resp, QP_ACCOUNT, acctName))
return;
long now = new Date().getTime();
long rangeStart = now - Constants.MILLIS_PER_WEEK;
long rangeEnd = now + (2 * Constants.MILLIS_PER_MONTH);
if (startStr != null)
rangeStart = Long.parseLong(startStr);
if (endStr != null)
rangeEnd = Long.parseLong(endStr);
if (rangeEnd < rangeStart) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "End time must be after Start time");
return;
}
long days = (rangeEnd - rangeStart) / Constants.MILLIS_PER_DAY;
long maxDays = LC.calendar_freebusy_max_days.longValueWithinRange(0, 36600);
if (days > maxDays) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Requested range is too large (max " + maxDays + " days)");
return;
}
String targetAccountId = null;
try {
Account targetAccount = Provisioning.getInstance().get(AccountBy.name, acctName);
if (targetAccount != null)
targetAccountId = targetAccount.getId();
} catch (ServiceException e) {
}
AuthToken at = getAuthTokenFromCookie(req, resp, true);
if (at == null) {
String authTokenParam = req.getParameter(QP_AUTH_TOKEN);
if (authTokenParam != null) {
try {
at = AuthProvider.getAuthToken(authTokenParam);
} catch (AuthTokenException e) {
sLog.warn("Auth error: " + e.getMessage(), e);
}
}
}
Account authAccount = null;
ZimbraSoapContext zsc = null;
if (at != null) {
try {
authAccount = Provisioning.getInstance().get(AccountBy.id, at.getAccountId(), at);
} catch (ServiceException e) {
sLog.warn("Auth error: " + e.getMessage(), e);
}
try {
zsc = new ZimbraSoapContext(at, targetAccountId, SoapProtocol.SoapJS, SoapProtocol.SoapJS);
} catch (ServiceException e) {
sLog.error("Error initializing request context", e);
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error initializing request context");
return;
}
} else {
authAccount = GuestAccount.ANONYMOUS_ACCT;
}
FreeBusyQuery fbQuery = new FreeBusyQuery(req, zsc, authAccount, rangeStart, rangeEnd, null);
fbQuery.addEmailAddress(acctName, FreeBusyQuery.CALENDAR_FOLDER_ALL);
Collection<FreeBusy> result = fbQuery.getResults();
FreeBusy fb = null;
if (result.size() > 0)
fb = result.iterator().next();
else
fb = FreeBusy.emptyFreeBusy(acctName, rangeStart, rangeEnd);
String url = req.getRequestURL() + "?" + req.getQueryString();
String fbMsg = fb.toVCalendar(FreeBusy.Method.PUBLISH, acctName, null, url);
resp.getOutputStream().write(fbMsg.getBytes());
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class RevokeOAuthConsumer method removeOAuthAccessor.
private void removeOAuthAccessor() throws ServiceException {
String[] accessors = account.getOAuthAccessor();
for (String val : accessors) {
if (val.startsWith(accessTokenToBeRemoved)) {
//Retrieve zauthtoken from accessor data
String zauthToken = val.substring(val.indexOf(",zauthtoken"), val.indexOf(",verifier")).substring(12);
try {
AuthToken token = ZimbraAuthToken.getAuthToken(zauthToken);
token.deRegister();
} catch (AuthTokenException ate) {
LOG.error("In Revoke: Failed to deregister zimbra auth token.", ate);
}
account.removeOAuthAccessor(val);
LOG.debug("OAuth accessor for access token %s is removed", accessTokenToBeRemoved);
break;
}
}
}
Aggregations