Search in sources :

Example 1 with AuthenticationResult

use of fi.otavanopisto.muikku.auth.AuthenticationResult in project muikku by otavanopisto.

the class InternalAuthenticationStrategy method processLogin.

@Override
public AuthenticationResult processLogin(AuthSource authSource, Map<String, String[]> requestParameters) {
    String email = StringUtils.lowerCase(getFirstRequestParameter(requestParameters, "email"));
    String password = getFirstRequestParameter(requestParameters, "password");
    InternalAuth internalAuth = internalLoginController.findInternalAuthByEmailAndPassword(email, password);
    if (internalAuth != null) {
        UserEntity userEntity = userEntityController.findUserEntityById(internalAuth.getUserEntityId());
        if (userEntity != null) {
            return processLogin(authSource, requestParameters, DigestUtils.md5Hex("INTERNAL-" + internalAuth.getId()), Arrays.asList(email), null, null);
        }
    }
    return new AuthenticationResult(Status.INVALID_CREDENTIALS);
}
Also used : InternalAuth(fi.otavanopisto.muikku.plugins.internalauth.model.InternalAuth) UserEntity(fi.otavanopisto.muikku.model.users.UserEntity) AuthenticationResult(fi.otavanopisto.muikku.auth.AuthenticationResult)

Example 2 with AuthenticationResult

use of fi.otavanopisto.muikku.auth.AuthenticationResult in project muikku by otavanopisto.

the class GoogleAuthenticationStrategy method processResponse.

@Override
protected AuthenticationResult processResponse(AuthSource authSource, Map<String, String[]> requestParameters, OAuthService service, String[] requestedScopes) {
    ObjectMapper objectMapper = new ObjectMapper();
    String verifier = getFirstRequestParameter(requestParameters, "code");
    Verifier v = new Verifier(verifier);
    Token accessToken = service.getAccessToken(null, v);
    GoogleAccessToken googleAccessToken;
    try {
        googleAccessToken = objectMapper.readValue(accessToken.getRawResponse(), GoogleAccessToken.class);
        Calendar calendar = new GregorianCalendar();
        calendar.setTime(new Date());
        calendar.add(Calendar.SECOND, googleAccessToken.getExpiresIn());
        Date expires = calendar.getTime();
        sessionController.addOAuthAccessToken("google", expires, accessToken.getToken(), null);
    } catch (IOException e) {
        logger.log(Level.SEVERE, "Token extraction failed a JSON parsing error", e);
        return new AuthenticationResult(AuthenticationResult.Status.ERROR);
    }
    List<String> scopesList = Arrays.asList(requestedScopes);
    boolean hasProfileScope = scopesList.contains("https://www.googleapis.com/auth/userinfo.profile");
    GoogleUserInfo userInfo = null;
    if (hasProfileScope) {
        OAuthRequest request = new OAuthRequest(Verb.GET, "https://www.googleapis.com/oauth2/v1/userinfo?alt=json");
        service.signRequest(accessToken, request);
        Response response = request.send();
        try {
            userInfo = objectMapper.readValue(response.getBody(), GoogleUserInfo.class);
        } catch (IOException e) {
            logger.log(Level.SEVERE, "Logging in failed because of a JSON parsing exception", e);
            return new AuthenticationResult(AuthenticationResult.Status.ERROR);
        }
    }
    if (userInfo != null)
        return processLogin(authSource, requestParameters, userInfo.getId(), Arrays.asList(userInfo.getEmail()), userInfo.getGivenName(), userInfo.getFamilyName());
    else {
        return new AuthenticationResult(AuthenticationResult.Status.GRANT);
    }
}
Also used : OAuthRequest(org.scribe.model.OAuthRequest) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) GregorianCalendar(java.util.GregorianCalendar) Token(org.scribe.model.Token) IOException(java.io.IOException) Verifier(org.scribe.model.Verifier) Date(java.util.Date) AuthenticationResult(fi.otavanopisto.muikku.auth.AuthenticationResult) Response(org.scribe.model.Response) ObjectMapper(org.codehaus.jackson.map.ObjectMapper)

Example 3 with AuthenticationResult

use of fi.otavanopisto.muikku.auth.AuthenticationResult in project muikku by otavanopisto.

the class FacebookAuthenticationStrategy method processResponse.

@Override
protected AuthenticationResult processResponse(AuthSource authSource, Map<String, String[]> requestParameters, OAuthService service, String[] requestedScopes) {
    ObjectMapper objectMapper = new ObjectMapper();
    String verifier = getFirstRequestParameter(requestParameters, "code");
    Verifier v = new Verifier(verifier);
    Token accessToken = service.getAccessToken(null, v);
    FacebookUser meObject = null;
    OAuthRequest request = new OAuthRequest(Verb.GET, "https://graph.facebook.com/me");
    service.signRequest(accessToken, request);
    Response response = request.send();
    try {
        meObject = objectMapper.readValue(response.getBody(), FacebookUser.class);
    } catch (IOException e) {
        logger.log(Level.SEVERE, "Logging in failed because of a JSON parsing exception", e);
        return new AuthenticationResult(AuthenticationResult.Status.ERROR);
    }
    Integer expiresIn = extractExpires(accessToken);
    Date expires = null;
    if (expiresIn != null) {
        Calendar calendar = new GregorianCalendar();
        calendar.setTime(new Date());
        calendar.add(Calendar.SECOND, expiresIn);
        expires = calendar.getTime();
        sessionController.addOAuthAccessToken("facebook", expires, accessToken.getToken(), null);
    }
    if (meObject != null)
        return processLogin(authSource, requestParameters, meObject.getId(), Arrays.asList(meObject.getEmail()), meObject.getFirstName(), meObject.getLastName());
    else {
        return new AuthenticationResult(AuthenticationResult.Status.GRANT);
    }
}
Also used : OAuthRequest(org.scribe.model.OAuthRequest) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) GregorianCalendar(java.util.GregorianCalendar) Token(org.scribe.model.Token) IOException(java.io.IOException) Verifier(org.scribe.model.Verifier) Date(java.util.Date) AuthenticationResult(fi.otavanopisto.muikku.auth.AuthenticationResult) Response(org.scribe.model.Response) ObjectMapper(org.codehaus.jackson.map.ObjectMapper)

Example 4 with AuthenticationResult

use of fi.otavanopisto.muikku.auth.AuthenticationResult in project muikku by otavanopisto.

the class PyramusAuthenticationStrategy method processResponse.

@Override
protected AuthenticationResult processResponse(AuthSource authSource, Map<String, String[]> requestParameters, OAuthService service, String[] requestedScopes) {
    ObjectMapper objectMapper = new ObjectMapper();
    String verifier = getFirstRequestParameter(requestParameters, "code");
    Verifier v = new Verifier(verifier);
    Token accessToken = service.getAccessToken(null, v);
    PyramusAccessToken pyramusAccessToken;
    try {
        pyramusAccessToken = objectMapper.readValue(accessToken.getRawResponse(), PyramusAccessToken.class);
        Calendar calendar = new GregorianCalendar();
        calendar.setTime(new Date());
        calendar.add(Calendar.SECOND, pyramusAccessToken.getExpiresIn());
        Date expires = calendar.getTime();
        sessionController.addOAuthAccessToken("pyramus", expires, accessToken.getToken(), pyramusAccessToken.getRefreshToken());
    } catch (IOException e) {
        logger.log(Level.SEVERE, "Token extraction failed a JSON parsing error", e);
        return new AuthenticationResult(AuthenticationResult.Status.ERROR);
    }
    WhoAmI whoAmI = null;
    OAuthRequest request = new OAuthRequest(Verb.GET, getWhoAmIUrl());
    service.signRequest(accessToken, request);
    Response response = request.send();
    try {
        whoAmI = objectMapper.readValue(response.getBody(), WhoAmI.class);
    } catch (IOException e) {
        logger.log(Level.SEVERE, "Logging in failed because of a JSON parsing exception", e);
        return new AuthenticationResult(AuthenticationResult.Status.ERROR);
    }
    return processLogin(authSource, requestParameters, whoAmI.getId().toString(), whoAmI.getEmails(), whoAmI.getFirstName(), whoAmI.getLastName());
}
Also used : OAuthRequest(org.scribe.model.OAuthRequest) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) GregorianCalendar(java.util.GregorianCalendar) Token(org.scribe.model.Token) IOException(java.io.IOException) Verifier(org.scribe.model.Verifier) Date(java.util.Date) AuthenticationResult(fi.otavanopisto.muikku.auth.AuthenticationResult) Response(org.scribe.model.Response) WhoAmI(fi.otavanopisto.pyramus.rest.model.WhoAmI) ObjectMapper(org.codehaus.jackson.map.ObjectMapper)

Example 5 with AuthenticationResult

use of fi.otavanopisto.muikku.auth.AuthenticationResult in project muikku by otavanopisto.

the class LoginBackingBean method init.

@RequestAction
@Deferred
public String init() {
    try {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext externalContext = facesContext.getExternalContext();
        Map<String, String[]> requestParameters = externalContext.getRequestParameterValuesMap();
        if (authSourceId == null) {
            authSourceId = loginSessionBean.getAuthSourceId();
        } else {
            loginSessionBean.setAuthSourceId(authSourceId);
        }
        if (StringUtils.isNotBlank(redirectUrl)) {
            loginSessionBean.setPostLoginRedirectUrl(redirectUrl);
        }
        if (authSourceId == null) {
            // authentication source id is not defined, which means that we need to ask the user which he or she is
            // going to use, unless only one source is defined and it's credentialess one, in which case we use that one.
            List<AuthSource> credentialAuthSources = authSourceController.listCredentialAuthSources();
            List<AuthSource> credentialessAuthSources = authSourceController.listCredentialessAuthSources();
            if (credentialAuthSources.isEmpty() && credentialessAuthSources.size() == 1) {
                authSourceId = credentialessAuthSources.get(0).getId();
            }
        }
        if (authSourceId != null) {
            AuthSource authSource = authSourceController.findAuthSourceById(authSourceId);
            if (authSource != null) {
                AuthenticationProvider authenticationProvider = authSourceController.findAuthenticationProvider(authSource);
                if (authenticationProvider != null) {
                    AuthenticationResult result = authenticationProvider.processLogin(authSource, requestParameters);
                    if (StringUtils.isNotBlank(result.getRedirectUrl())) {
                        externalContext.redirect(result.getRedirectUrl());
                    } else {
                        loginSessionBean.setAuthSourceId(null);
                        String postLoginRedirectUrl = loginSessionBean.getPostLoginRedirectUrl();
                        switch(result.getStatus()) {
                            case GRANT:
                                // User granted additional scopes in existing authentication source
                                break;
                            case LOGIN:
                                // User logged in
                                break;
                            case NEW_ACCOUNT:
                                // User created new account
                                break;
                            case CONFLICT:
                                switch(result.getConflictReason()) {
                                    case EMAIL_BELONGS_TO_ANOTHER_USER:
                                        // Could not login, one or more of the email addresses belong to another user
                                        break;
                                    case LOGGED_IN_AS_DIFFERENT_USER:
                                        // Could not login, user is already logged in as a another user
                                        break;
                                    case SEVERAL_USERS_BY_EMAILS:
                                        // Could not login, several users found by email addresses
                                        break;
                                }
                                logger.log(Level.SEVERE, String.format("Authentication failed on with following message: %s", result.getConflictReason().toString()));
                                return NavigationRules.INTERNAL_ERROR;
                            case INVALID_CREDENTIALS:
                                logger.log(Level.SEVERE, "Erroneous authentication provider status: INVALID_CREDENTIALS in external login page");
                                return NavigationRules.INTERNAL_ERROR;
                            case NO_EMAIL:
                                return NavigationRules.AUTH_NOEMAIL;
                            case PROCESSING:
                                logger.log(Level.SEVERE, "Erroneous authentication provider status: PROCESSING without redirectUrl");
                                return NavigationRules.INTERNAL_ERROR;
                            case ERROR:
                                return NavigationRules.INTERNAL_ERROR;
                        }
                        if (StringUtils.isBlank(postLoginRedirectUrl)) {
                            postLoginRedirectUrl = externalContext.getRequestContextPath() + "/";
                        }
                        externalContext.redirect(postLoginRedirectUrl);
                    }
                } else {
                    logger.log(Level.SEVERE, "Invalid authenticationProvider");
                    return NavigationRules.INTERNAL_ERROR;
                }
            } else {
                logger.log(Level.SEVERE, "Invalid authSourceId");
                return NavigationRules.INTERNAL_ERROR;
            }
        }
    } catch (IOException e) {
        logger.log(Level.SEVERE, "Login failed because of an internal error", e);
        return NavigationRules.INTERNAL_ERROR;
    }
    return null;
}
Also used : FacesContext(javax.faces.context.FacesContext) AuthSource(fi.otavanopisto.muikku.model.security.AuthSource) ExternalContext(javax.faces.context.ExternalContext) AuthenticationProvider(fi.otavanopisto.muikku.auth.AuthenticationProvider) IOException(java.io.IOException) AuthenticationResult(fi.otavanopisto.muikku.auth.AuthenticationResult) RequestAction(org.ocpsoft.rewrite.annotation.RequestAction) Deferred(org.ocpsoft.rewrite.faces.annotation.Deferred)

Aggregations

AuthenticationResult (fi.otavanopisto.muikku.auth.AuthenticationResult)5 IOException (java.io.IOException)4 Calendar (java.util.Calendar)3 Date (java.util.Date)3 GregorianCalendar (java.util.GregorianCalendar)3 ObjectMapper (org.codehaus.jackson.map.ObjectMapper)3 OAuthRequest (org.scribe.model.OAuthRequest)3 Response (org.scribe.model.Response)3 Token (org.scribe.model.Token)3 Verifier (org.scribe.model.Verifier)3 AuthenticationProvider (fi.otavanopisto.muikku.auth.AuthenticationProvider)1 AuthSource (fi.otavanopisto.muikku.model.security.AuthSource)1 UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)1 InternalAuth (fi.otavanopisto.muikku.plugins.internalauth.model.InternalAuth)1 WhoAmI (fi.otavanopisto.pyramus.rest.model.WhoAmI)1 ExternalContext (javax.faces.context.ExternalContext)1 FacesContext (javax.faces.context.FacesContext)1 RequestAction (org.ocpsoft.rewrite.annotation.RequestAction)1 Deferred (org.ocpsoft.rewrite.faces.annotation.Deferred)1