Example 1 with AuthenticationException
use of io.divide.shared.util.AuthTokenUtils.AuthenticationException in project divide by HiddenStage.
the class AuthServerLogic method getUserFromAuthToken.
public Credentials getUserFromAuthToken(String token) throws DAOException {
AuthTokenUtils.AuthToken authToken;
try {
authToken = new AuthTokenUtils.AuthToken(keyManager.getSymmetricKey(), token);
} catch (AuthenticationException e) {
throw new DAOException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "internal error");
}
if (authToken.isExpired())
throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "Expired");
Query q = new QueryBuilder().select().from(Credentials.class).where(Credentials.AUTH_TOKEN_KEY, OPERAND.EQ, token).build();
TransientObject to = ObjectUtils.get1stOrNull(dao.query(q));
if (to != null) {
return new ServerCredentials(to);
} else {
throw new DAOException(HttpStatus.SC_BAD_REQUEST, "invalid auth token");
}
}
Also used :
DAOException(io.divide.shared.server.DAO.DAOException)
Query(io.divide.shared.transitory.query.Query)
AuthenticationException(io.divide.shared.util.AuthTokenUtils.AuthenticationException)
AuthTokenUtils(io.divide.shared.util.AuthTokenUtils)
QueryBuilder(io.divide.shared.transitory.query.QueryBuilder)
TransientObject(io.divide.shared.transitory.TransientObject)
Example 2 with AuthenticationException
use of io.divide.shared.util.AuthTokenUtils.AuthenticationException in project divide by HiddenStage.
the class AuthServerLogic method userSignIn.
/**
* Checks username/password against that stored in DB, if same return
* token, if token expired create new.
* @param credentials
* @return authentication token
*/
public Credentials userSignIn(Credentials credentials) throws DAOException {
Credentials dbCreds = getUserByEmail(dao, credentials.getEmailAddress());
if (dbCreds == null) {
throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "User Doesnt exist");
} else {
// check if we are resetting the password
if (dbCreds.getValidation() != null && dbCreds.getValidation().equals(credentials.getValidation())) {
// decrypt the password
credentials.decryptPassword(keyManager.getPrivateKey());
// set the new password
dbCreds.setPassword(BCrypt.hashpw(credentials.getPassword(), BCrypt.gensalt(10)));
} else // else check password
{
String en = credentials.getPassword();
// decrypt the password
credentials.decryptPassword(keyManager.getPrivateKey());
String de = credentials.getPassword();
String ha = BCrypt.hashpw(de, BCrypt.gensalt(10));
System.out.println("Comparing passwords.\n" + "Encrypted: " + en + "\n" + "Decrypted: " + de + "\n" + "Hashed: " + ha + "\n" + "Stored: " + dbCreds.getPassword());
if (!BCrypt.checkpw(de, dbCreds.getPassword())) {
throw new DAOException(HttpStatus.SC_UNAUTHORIZED, "User Already Exists");
}
}
// check if token is expired, if so return/set new
AuthTokenUtils.AuthToken token;
try {
token = new AuthTokenUtils.AuthToken(keyManager.getSymmetricKey(), dbCreds.getAuthToken());
} catch (AuthenticationException e) {
throw new DAOException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "internal error");
}
if (c.getTime().getTime() > token.expirationDate) {
dbCreds.setAuthToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), dbCreds));
dao.save(dbCreds);
}
return dbCreds;
}
}
Also used :
DAOException(io.divide.shared.server.DAO.DAOException)
AuthenticationException(io.divide.shared.util.AuthTokenUtils.AuthenticationException)
AuthTokenUtils(io.divide.shared.util.AuthTokenUtils)
Credentials(io.divide.shared.transitory.Credentials)
Aggregations
DAOException (io.divide.shared.server.DAO.DAOException)2
AuthTokenUtils (io.divide.shared.util.AuthTokenUtils)2
AuthenticationException (io.divide.shared.util.AuthTokenUtils.AuthenticationException)2
Credentials (io.divide.shared.transitory.Credentials)1
TransientObject (io.divide.shared.transitory.TransientObject)1
Query (io.divide.shared.transitory.query.Query)1
QueryBuilder (io.divide.shared.transitory.query.QueryBuilder)1
