use of io.gravitee.am.service.exception.UserNotFoundException in project gravitee-access-management by gravitee-io.
the class LogoutCallbackEndpoint method restoreCurrentSession.
/**
* Restore current session (user and application) to properly sign out the user.
*
* @param routingContext the routing context
* @param handler handler holding the potential current session
*/
private void restoreCurrentSession(RoutingContext routingContext, Handler<AsyncResult<UserToken>> handler) {
// The OP SHOULD accept ID Tokens when the RP identified by the ID Token's aud claim and/or sid claim has a current session
// or had a recent session at the OP, even when the exp time has passed.
final MultiMap originalLogoutQueryParams = routingContext.get(ConstantKeys.PARAM_CONTEXT_KEY);
if (originalLogoutQueryParams != null && originalLogoutQueryParams.contains(ConstantKeys.ID_TOKEN_HINT_KEY)) {
final String idToken = originalLogoutQueryParams.get(ConstantKeys.ID_TOKEN_HINT_KEY);
userService.extractSessionFromIdToken(idToken).map(userToken -> {
// check if the user ids match
if (userToken.getUser() != null && routingContext.user() != null) {
User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
if (!userToken.getUser().getId().equals(endUser.getId())) {
throw new UserNotFoundException(userToken.getUser().getId());
}
}
return userToken;
}).subscribe(currentSession -> handler.handle(Future.succeededFuture(currentSession)), error -> handler.handle(Future.succeededFuture(new UserToken())));
return;
}
if (routingContext.get(Parameters.CLIENT_ID) == null) {
logger.error("Unable to restore client for logout callback");
handler.handle(Future.failedFuture(new InvalidRequestException("Invalid state")));
return;
}
final User endUser = routingContext.user() != null ? ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser() : null;
final String clientId = routingContext.get(Parameters.CLIENT_ID);
clientSyncService.findByClientId(clientId).subscribe(client -> handler.handle(Future.succeededFuture(new UserToken(endUser, client))), ex -> {
logger.error("An error has occurred when getting client {}", clientId, ex);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
}, () -> {
logger.error("Unknown client {}", clientId);
handler.handle(Future.failedFuture(new BadClientCredentialsException()));
});
}
use of io.gravitee.am.service.exception.UserNotFoundException in project gravitee-access-management by gravitee-io.
the class LogoutEndpoint method restoreCurrentSession.
/**
* Restore current session (user and application) to properly sign out the user.
*
* @param routingContext the routing context
* @param handler handler holding the potential current session
*/
private void restoreCurrentSession(RoutingContext routingContext, Handler<AsyncResult<UserToken>> handler) {
// The OP SHOULD accept ID Tokens when the RP identified by the ID Token's aud claim and/or sid claim has a current session
// or had a recent session at the OP, even when the exp time has passed.
final String idToken = routingContext.request().getParam(Parameters.ID_TOKEN_HINT);
if (!StringUtils.isEmpty(idToken)) {
userService.extractSessionFromIdToken(idToken).map(userToken -> {
// check if the user ids match
if (userToken.getUser() != null && routingContext.user() != null) {
User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
if (!userToken.getUser().getId().equals(endUser.getId())) {
throw new UserNotFoundException(userToken.getUser().getId());
}
}
return userToken;
}).subscribe(currentSession -> handler.handle(Future.succeededFuture(currentSession)), error -> handler.handle(Future.succeededFuture(new UserToken())));
return;
}
// if no user, continue
if (routingContext.user() == null) {
handler.handle(Future.succeededFuture(new UserToken()));
return;
}
// get client from the user's last application
final io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
// whatever is the client search result, we have to return a UserToken with
// at least the user to manage properly the user's logout information
clientSyncService.findById(endUser.getClient()).switchIfEmpty(Maybe.defer(() -> clientSyncService.findByClientId(endUser.getClient()))).subscribe(client -> handler.handle(Future.succeededFuture(new UserToken(endUser, client, null))), error -> handler.handle(Future.succeededFuture(new UserToken(endUser, null, null))), () -> handler.handle(Future.succeededFuture(new UserToken(endUser, null, null))));
}
use of io.gravitee.am.service.exception.UserNotFoundException in project gravitee-access-management by gravitee-io.
the class ForgotPasswordSubmissionEndpoint method handle.
@Override
public void handle(RoutingContext context) {
final String email = context.request().getParam(ConstantKeys.EMAIL_PARAM_KEY);
final String username = context.request().getParam(ConstantKeys.USERNAME_PARAM_KEY);
final Client client = context.get(ConstantKeys.CLIENT_CONTEXT_KEY);
MultiMap queryParams = RequestUtils.getCleanedQueryParams(context.request());
AccountSettings settings = AccountSettings.getInstance(domain, client);
final ForgotPasswordParameters parameters = new ForgotPasswordParameters(email, username, settings != null && settings.isResetPasswordCustomForm(), settings != null && settings.isResetPasswordConfirmIdentity());
userService.forgotPassword(parameters, client, getAuthenticatedUser(context)).subscribe(() -> {
queryParams.set(ConstantKeys.SUCCESS_PARAM_KEY, "forgot_password_completed");
redirectToPage(context, queryParams);
}, error -> {
// the actual error continue to be stored in the audit logs
if (error instanceof UserNotFoundException || error instanceof AccountStatusException) {
queryParams.set(ConstantKeys.SUCCESS_PARAM_KEY, "forgot_password_completed");
redirectToPage(context, queryParams);
} else if (error instanceof EnforceUserIdentityException) {
if (settings.isResetPasswordConfirmIdentity()) {
queryParams.set(ConstantKeys.WARNING_PARAM_KEY, FORGOT_PASSWORD_CONFIRM);
} else {
queryParams.set(ConstantKeys.SUCCESS_PARAM_KEY, "forgot_password_completed");
}
redirectToPage(context, queryParams);
} else {
queryParams.set(ConstantKeys.ERROR_PARAM_KEY, "forgot_password_failed");
redirectToPage(context, queryParams, error);
}
});
}
use of io.gravitee.am.service.exception.UserNotFoundException in project gravitee-access-management by gravitee-io.
the class UserAuthenticationServiceImpl method loadPreAuthenticatedUser.
@Override
public Maybe<User> loadPreAuthenticatedUser(String subject, Request request) {
// find user by its technical id
return userService.findById(subject).switchIfEmpty(Maybe.error(new UserNotFoundException(subject))).flatMap(user -> isIndefinitelyLocked(user) ? Maybe.error(new AccountLockedException("User " + user.getUsername() + " is locked")) : Maybe.just(user)).flatMap(user -> identityProviderManager.get(user.getSource()).flatMap(authenticationProvider -> {
SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(request);
final Authentication authentication = new EndUserAuthentication(user, null, authenticationContext);
return authenticationProvider.loadPreAuthenticatedUser(authentication);
}).flatMap(idpUser -> {
// retrieve information from the idp user and update the user
Map<String, Object> additionalInformation = idpUser.getAdditionalInformation() == null ? new HashMap<>() : new HashMap<>(idpUser.getAdditionalInformation());
additionalInformation.put(SOURCE_FIELD, user.getSource());
additionalInformation.put(Parameters.CLIENT_ID, user.getClient());
((DefaultUser) idpUser).setAdditionalInformation(additionalInformation);
return update(user, idpUser, false).flatMap(userService::enhance).toMaybe();
}).switchIfEmpty(Maybe.defer(() -> userService.enhance(user).toMaybe())));
}
use of io.gravitee.am.service.exception.UserNotFoundException in project gravitee-access-management by gravitee-io.
the class AccountEndpointHandler method getUser.
public void getUser(RoutingContext routingContext) {
JWT token = routingContext.get(ConstantKeys.TOKEN_CONTEXT_KEY);
accountService.get(token.getSub()).subscribe(user -> {
routingContext.put(ConstantKeys.USER_CONTEXT_KEY, user);
routingContext.next();
}, error -> {
LOGGER.error("Unable to retrieve user for Id {}", token.getSub());
routingContext.fail(error);
}, () -> routingContext.fail(new UserNotFoundException(token.getSub())));
}
Aggregations