Example 51 with ServletRequest
use of javax.servlet.ServletRequest in project guice by google.
the class ServletTest method testNewSessionObject.
public void testNewSessionObject() throws CreationException, IOException, ServletException {
final Injector injector = createInjector();
final HttpServletRequest request = newFakeHttpServletRequest();
GuiceFilter filter = new GuiceFilter();
final boolean[] invoked = new boolean[1];
FilterChain filterChain = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) {
invoked[0] = true;
assertNotNull(injector.getInstance(InSession.class));
assertNull(injector.getInstance(IN_SESSION_NULL_KEY));
}
};
filter.doFilter(request, null, filterChain);
assertTrue(invoked[0]);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletTestUtils.newFakeHttpServletRequest(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
ServletTestUtils.newFakeHttpServletRequest(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)
ServletTestUtils.newFakeHttpServletResponse(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
Injector(com.google.inject.Injector)
FilterChain(javax.servlet.FilterChain)
Example 52 with ServletRequest
use of javax.servlet.ServletRequest in project guice by google.
the class ServletTest method testRequestAndResponseBindings_wrappingFilter.
public void testRequestAndResponseBindings_wrappingFilter() throws Exception {
final HttpServletRequest request = newFakeHttpServletRequest();
final ImmutableMap<String, String[]> wrappedParamMap = ImmutableMap.of("wrap", new String[] { "a", "b" });
final HttpServletRequestWrapper requestWrapper = new HttpServletRequestWrapper(request) {
@Override
public Map getParameterMap() {
return wrappedParamMap;
}
@Override
public Object getAttribute(String attr) {
// Ensure that attributes are stored on the original request object.
throw new UnsupportedOperationException();
}
};
final HttpServletResponse response = newFakeHttpServletResponse();
final HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(response);
final boolean[] filterInvoked = new boolean[1];
final Injector injector = createInjector(new ServletModule() {
@Override
protected void configureServlets() {
filter("/*").through(new Filter() {
@Inject
Provider<ServletRequest> servletReqProvider;
@Inject
Provider<HttpServletRequest> reqProvider;
@Inject
Provider<ServletResponse> servletRespProvider;
@Inject
Provider<HttpServletResponse> respProvider;
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
filterInvoked[0] = true;
assertSame(req, servletReqProvider.get());
assertSame(req, reqProvider.get());
assertSame(resp, servletRespProvider.get());
assertSame(resp, respProvider.get());
chain.doFilter(requestWrapper, responseWrapper);
assertSame(req, reqProvider.get());
assertSame(resp, respProvider.get());
}
@Override
public void destroy() {
}
});
}
});
GuiceFilter filter = new GuiceFilter();
final boolean[] chainInvoked = new boolean[1];
FilterChain filterChain = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) {
chainInvoked[0] = true;
assertSame(requestWrapper, servletRequest);
assertSame(requestWrapper, injector.getInstance(ServletRequest.class));
assertSame(requestWrapper, injector.getInstance(HTTP_REQ_KEY));
assertSame(responseWrapper, servletResponse);
assertSame(responseWrapper, injector.getInstance(ServletResponse.class));
assertSame(responseWrapper, injector.getInstance(HTTP_RESP_KEY));
assertSame(servletRequest.getParameterMap(), injector.getInstance(REQ_PARAMS_KEY));
InRequest inRequest = injector.getInstance(InRequest.class);
assertSame(inRequest, injector.getInstance(InRequest.class));
}
};
filter.doFilter(request, response, filterChain);
assertTrue(chainInvoked[0]);
assertTrue(filterInvoked[0]);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
ServletTestUtils.newFakeHttpServletRequest(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)
ServletTestUtils.newFakeHttpServletResponse(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
FilterChain(javax.servlet.FilterChain)
HttpServletResponseWrapper(javax.servlet.http.HttpServletResponseWrapper)
ServletTestUtils.newFakeHttpServletResponse(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Provider(com.google.inject.Provider)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletTestUtils.newFakeHttpServletRequest(com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
Filter(javax.servlet.Filter)
Injector(com.google.inject.Injector)
FilterConfig(javax.servlet.FilterConfig)
Example 53 with ServletRequest
use of javax.servlet.ServletRequest in project guice by google.
the class FilterDefinitionTest method testGetFilterIfMatchingNotMatching.
public void testGetFilterIfMatchingNotMatching() throws ServletException {
String pattern = "/*";
final FilterDefinition filterDef = new FilterDefinition(Key.get(Filter.class), UriPatternType.get(UriPatternType.SERVLET, pattern), new HashMap<String, String>(), null);
HttpServletRequest servletRequest = createMock(HttpServletRequest.class);
ServletContext servletContext = createMock(ServletContext.class);
Injector injector = createMock(Injector.class);
Binding binding = createMock(Binding.class);
final MockFilter mockFilter = new MockFilter() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
//suppress rest of chain...
}
};
expect(injector.getBinding(Key.get(Filter.class))).andReturn(binding);
expect(binding.acceptScopingVisitor((BindingScopingVisitor) anyObject())).andReturn(true);
expect(injector.getInstance(Key.get(Filter.class))).andReturn(mockFilter).anyTimes();
expect(servletRequest.getContextPath()).andReturn("/a_context_path");
expect(servletRequest.getRequestURI()).andReturn("/test.html");
replay(servletRequest, binding, injector);
filterDef.init(servletContext, injector, Sets.<Filter>newIdentityHashSet());
Filter filter = filterDef.getFilterIfMatching(servletRequest);
assertNull(filter);
verify(servletRequest, binding, injector);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Binding(com.google.inject.Binding)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletResponse(javax.servlet.ServletResponse)
Filter(javax.servlet.Filter)
Injector(com.google.inject.Injector)
FilterChain(javax.servlet.FilterChain)
ServletContext(javax.servlet.ServletContext)
Example 54 with ServletRequest
use of javax.servlet.ServletRequest in project nhin-d by DirectProject.
the class DirectSOAPHandler method handleMessage.
/**
* This method handles the incoming and outgoing SOAP-Message. It's an
* excellent point to manipulate the SOAP.
*
* @param SOAPMessageContext
* The SOAPMessageContext object.
* @return true for successful handling, false otherwise.
*/
@Override
public boolean handleMessage(SOAPMessageContext context) {
LOGGER.info("Entering DirectSOAPHandler.handleMessage(SOAPMessageContext)");
// Inquire incoming or outgoing message.
boolean outbound = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
try {
if (outbound) {
LOGGER.info("Handling an outbound message");
boolean isACK = !context.containsKey(ENDPOINT_ADDRESS);
SafeThreadData threadData = SafeThreadData.GetThreadInstance(Thread.currentThread().getId());
SOAPMessage msg = ((SOAPMessageContext) context).getMessage();
dumpSOAPMessage(msg);
SOAPPart sp = msg.getSOAPPart();
// edit Envelope
SOAPEnvelope env = sp.getEnvelope();
SOAPHeader sh = env.addHeader();
@SuppressWarnings("unused") SOAPBody sb = env.getBody();
try {
if (threadData.getAction() != null) {
QName qname = new QName("http://www.w3.org/2005/08/addressing", "Action");
SOAPHeaderElement saction = sh.addHeaderElement(qname);
boolean must = true;
saction.setMustUnderstand(must);
saction.setValue(threadData.getAction());
}
if (threadData.getRelatesTo() != null) {
QName qname = new QName("http://www.w3.org/2005/08/addressing", "RelatesTo");
SOAPHeaderElement relates = sh.addHeaderElement(qname);
relates.setValue(threadData.getRelatesTo());
}
if (threadData.getFrom() != null) {
QName qname = new QName("http://www.w3.org/2005/08/addressing", "From");
QName child = new QName("http://www.w3.org/2005/08/addressing", "Address");
SOAPHeaderElement efrom = sh.addHeaderElement(qname);
SOAPElement address = efrom.addChildElement(child);
address.setValue(threadData.getFrom());
}
if (threadData.getMessageId() != null) {
QName qname = new QName("http://www.w3.org/2005/08/addressing", "MessageID");
SOAPHeaderElement message = sh.addHeaderElement(qname);
message.setValue(threadData.getMessageId());
}
if (threadData.getTo() != null) {
QName qname = new QName("http://www.w3.org/2005/08/addressing", "To");
SOAPHeaderElement sto = sh.addHeaderElement(qname);
sto.setValue(threadData.getTo());
}
SOAPHeaderElement directHeader = sh.addHeaderElement(new QName("urn:direct:addressing", "addressBlock"));
directHeader.setPrefix("direct");
directHeader.setRole("urn:direct:addressing:destination");
directHeader.setRelay(true);
if (StringUtils.isNotBlank(threadData.getDirectFrom())) {
SOAPElement directFromElement = directHeader.addChildElement(new QName("from"));
directFromElement.setPrefix("direct");
URI uri = new URI(threadData.getDirectFrom());
directFromElement.setValue((new URI("mailto", uri.getSchemeSpecificPart(), null)).toString());
}
if (StringUtils.isNotBlank(threadData.getDirectTo())) {
/**
* consider multiple recipients
*/
String[] directTos = threadData.getDirectTo().split(";");
for (String directToAddr : directTos) {
SOAPElement directToElement = directHeader.addChildElement(new QName("to"));
directToElement.setPrefix("direct");
URI uri = new URI(directToAddr);
directToElement.setValue((new URI("mailto", uri.getSchemeSpecificPart(), null)).toString());
}
}
SOAPElement directMetadataLevelElement = directHeader.addChildElement(new QName("metadata-level"));
directMetadataLevelElement.setPrefix("direct");
directMetadataLevelElement.setValue(MetadataLevelEnum.MINIMAL.getLevel());
} catch (Throwable tb) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Failed to write SOAP Header", tb);
} else {
LOGGER.error("Failed to write SOAP Header: " + tb.getMessage());
}
}
if (isACK) {
SafeThreadData.clean(Thread.currentThread().getId());
}
} else {
LOGGER.info("Handling an inbound message");
SOAPMessage msg = ((SOAPMessageContext) context).getMessage();
boolean isResponse = isResponse(msg);
if (!isResponse) {
// Issue 249 - before handling the inbound case, we should clear
// out the old thread data if we don't this the To: (SMTP recipients) will
// append from the previous thread data
SafeThreadData.clean(Thread.currentThread().getId());
}
SafeThreadData threadData = SafeThreadData.GetThreadInstance(Thread.currentThread().getId());
ServletRequest sr = (ServletRequest) context.get(MessageContext.SERVLET_REQUEST);
if (sr != null) {
threadData.setRemoteHost(sr.getRemoteHost());
threadData.setThisHost(sr.getServerName());
threadData.setPid(getPID());
}
SOAPPart sp = msg.getSOAPPart();
// edit Envelope
SOAPEnvelope env = sp.getEnvelope();
SOAPHeader sh = env.getHeader();
@SuppressWarnings("unchecked") Iterator<Node> it = sh.extractAllHeaderElements();
while (it.hasNext()) {
try {
Node header = it.next();
if (StringUtils.contains(header.toString(), "MessageID")) {
threadData.setMessageId(header.getTextContent());
} else if (StringUtils.contains(header.toString(), "Action")) {
threadData.setAction(header.getTextContent());
} else if (StringUtils.contains(header.toString(), "RelatesTo")) {
threadData.setRelatesTo(header.getTextContent());
} else if (StringUtils.contains(header.toString(), "ReplyTo")) {
NodeList reps = header.getChildNodes();
for (int i = 0; i < reps.getLength(); i++) {
Node address = reps.item(i);
if (StringUtils.contains(address.getNodeName(), "Address")) {
threadData.setEndpoint(address.getTextContent());
}
}
} else if (StringUtils.contains(header.toString(), "From")) {
NodeList reps = header.getChildNodes();
for (int i = 0; i < reps.getLength(); i++) {
Node address = reps.item(i);
if (StringUtils.contains(address.getNodeName(), "Address")) {
threadData.setFrom(address.getTextContent());
}
}
} else if (// must be after ReplyTo
StringUtils.contains(header.toString(), "To")) {
threadData.setTo(header.getTextContent());
} else if (StringUtils.contains(header.toString(), "addressBlock")) {
NodeList childNodes = header.getChildNodes();
for (int i = 0; i < childNodes.getLength(); i++) {
Node node = childNodes.item(i);
if (StringUtils.contains(node.getNodeName(), "from")) {
threadData.setDirectFrom(node.getTextContent());
} else if (StringUtils.contains(node.getNodeName(), "to")) {
// XDR-MULTIPLE-RECIPIENT-ISSUE - this is the part where old thread data
// gets into the To: and will cause unwanted recipients
// (see above for the clear)
String recipient = node.getTextContent();
if (threadData.getDirectTo() == null) {
threadData.setDirectTo(recipient);
} else {
/**
* if multiple recipients, save addresses in one parameters separate by (;)
*/
threadData.setDirectTo(threadData.getDirectTo() + ";" + recipient);
}
} else if (StringUtils.contains(node.getNodeName(), "metadata-level")) {
threadData.setDirectMetadataLevel(node.getTextContent());
}
}
}
} catch (Throwable tb) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Failed to read input parameter.", tb);
} else {
LOGGER.error("Failed to read input parameter.");
}
}
}
threadData.save();
}
} catch (Exception e) {
LOGGER.warn("Error handling SOAP message.", e);
return false;
}
return true;
}
Also used :
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
ServletRequest(javax.servlet.ServletRequest)
QName(javax.xml.namespace.QName)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
SOAPMessage(javax.xml.soap.SOAPMessage)
URI(java.net.URI)
SOAPException(javax.xml.soap.SOAPException)
SOAPBody(javax.xml.soap.SOAPBody)
SOAPMessageContext(javax.xml.ws.handler.soap.SOAPMessageContext)
SOAPPart(javax.xml.soap.SOAPPart)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPHeader(javax.xml.soap.SOAPHeader)
Example 55 with ServletRequest
use of javax.servlet.ServletRequest in project zm-mailbox by Zimbra.
the class Auth method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
// Look up the specified account. It is optional in the <authToken> case.
String acctValuePassedIn = null, acctValue = null, acctByStr = null;
AccountBy acctBy = null;
Account acct = null;
Element acctEl = request.getOptionalElement(AccountConstants.E_ACCOUNT);
boolean csrfSupport = request.getAttributeBool(AccountConstants.A_CSRF_SUPPORT, false);
if (acctEl != null) {
acctValuePassedIn = acctEl.getText();
acctValue = acctValuePassedIn;
acctByStr = acctEl.getAttribute(AccountConstants.A_BY, AccountBy.name.name());
acctBy = AccountBy.fromString(acctByStr);
if (acctBy == AccountBy.name) {
Element virtualHostEl = request.getOptionalElement(AccountConstants.E_VIRTUAL_HOST);
String virtualHost = virtualHostEl == null ? null : virtualHostEl.getText().toLowerCase();
if (virtualHost != null && acctValue.indexOf('@') == -1) {
Domain d = prov.get(Key.DomainBy.virtualHostname, virtualHost);
if (d != null)
acctValue = acctValue + "@" + d.getName();
}
}
acct = prov.get(acctBy, acctValue);
}
TrustedDeviceToken trustedToken = null;
if (acct != null) {
TrustedDevices trustedDeviceManager = TwoFactorAuth.getFactory().getTrustedDevices(acct);
if (trustedDeviceManager != null) {
trustedToken = trustedDeviceManager.getTokenFromRequest(request, context);
if (trustedToken != null && trustedToken.isExpired()) {
TrustedDevice device = trustedDeviceManager.getTrustedDeviceByTrustedToken(trustedToken);
if (device != null) {
device.revoke();
}
}
}
}
String password = request.getAttribute(AccountConstants.E_PASSWORD, null);
boolean generateDeviceId = request.getAttributeBool(AccountConstants.A_GENERATE_DEVICE_ID, false);
String twoFactorCode = request.getAttribute(AccountConstants.E_TWO_FACTOR_CODE, null);
String newDeviceId = generateDeviceId ? UUIDUtil.generateUUID() : null;
Element authTokenEl = request.getOptionalElement(AccountConstants.E_AUTH_TOKEN);
if (authTokenEl != null) {
boolean verifyAccount = authTokenEl.getAttributeBool(AccountConstants.A_VERIFY_ACCOUNT, false);
if (verifyAccount && acctEl == null) {
throw ServiceException.INVALID_REQUEST("missing required element: " + AccountConstants.E_ACCOUNT, null);
}
try {
AuthToken at = AuthProvider.getAuthToken(authTokenEl, acct);
addAccountToLogContextByAuthToken(prov, at);
// so the account will show in log context
if (!checkPasswordSecurity(context))
throw ServiceException.INVALID_REQUEST("clear text password is not allowed", null);
AuthToken.Usage usage = at.getUsage();
if (usage != Usage.AUTH && usage != Usage.TWO_FACTOR_AUTH) {
throw AuthFailedServiceException.AUTH_FAILED("invalid auth token");
}
Account authTokenAcct = AuthProvider.validateAuthToken(prov, at, false, usage);
if (verifyAccount) {
// can treat the auth token as an opaque string.
if (acct == null || !acct.getId().equalsIgnoreCase(authTokenAcct.getId())) {
throw new AuthTokenException("auth token doesn't match the named account");
}
}
if (usage == Usage.AUTH) {
ServletRequest httpReq = (ServletRequest) context.get(SoapServlet.SERVLET_REQUEST);
httpReq.setAttribute(CsrfFilter.AUTH_TOKEN, at);
if (csrfSupport && !at.isCsrfTokenEnabled()) {
// handle case where auth token was originally generated with csrf support
// and now client sends the same auth token but saying csrfSupport is turned off
// in that case do not disable CSRF check for this authToken.
at.setCsrfTokenEnabled(csrfSupport);
}
return doResponse(request, at, zsc, context, authTokenAcct, csrfSupport, trustedToken, newDeviceId);
} else {
acct = authTokenAcct;
}
} catch (AuthTokenException e) {
throw ServiceException.AUTH_REQUIRED();
}
}
if (!checkPasswordSecurity(context)) {
throw ServiceException.INVALID_REQUEST("clear text password is not allowed", null);
}
Element preAuthEl = request.getOptionalElement(AccountConstants.E_PREAUTH);
String deviceId = request.getAttribute(AccountConstants.E_DEVICE_ID, null);
long expires = 0;
Map<String, Object> authCtxt = new HashMap<String, Object>();
authCtxt.put(AuthContext.AC_ORIGINATING_CLIENT_IP, context.get(SoapEngine.ORIG_REQUEST_IP));
authCtxt.put(AuthContext.AC_REMOTE_IP, context.get(SoapEngine.SOAP_REQUEST_IP));
authCtxt.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, acctValuePassedIn);
authCtxt.put(AuthContext.AC_USER_AGENT, zsc.getUserAgent());
boolean acctAutoProvisioned = false;
if (acct == null) {
// try LAZY auto provision if it is enabled
if (acctBy == AccountBy.name || acctBy == AccountBy.krb5Principal) {
try {
if (acctBy == AccountBy.name) {
EmailAddress email = new EmailAddress(acctValue, false);
String domainName = email.getDomain();
Domain domain = domainName == null ? null : prov.get(Key.DomainBy.name, domainName);
if (password != null) {
acct = prov.autoProvAccountLazy(domain, acctValuePassedIn, password, null);
} else if (preAuthEl != null) {
long timestamp = preAuthEl.getAttributeLong(AccountConstants.A_TIMESTAMP);
expires = preAuthEl.getAttributeLong(AccountConstants.A_EXPIRES, 0);
String preAuth = preAuthEl.getTextTrim();
prov.preAuthAccount(domain, acctValue, acctByStr, timestamp, expires, preAuth, authCtxt);
acct = prov.autoProvAccountLazy(domain, acctValuePassedIn, null, AutoProvAuthMech.PREAUTH);
}
} else {
if (password != null) {
Domain domain = Krb5Principal.getDomainByKrb5Principal(acctValuePassedIn);
if (domain != null) {
acct = prov.autoProvAccountLazy(domain, acctValuePassedIn, password, null);
}
}
}
if (acct != null) {
acctAutoProvisioned = true;
}
} catch (AuthFailedServiceException e) {
ZimbraLog.account.debug("auth failed, unable to auto provisioing acct " + acctValue, e);
} catch (ServiceException e) {
ZimbraLog.account.info("unable to auto provisioing acct " + acctValue, e);
}
}
}
if (acct == null) {
// try ZMG Proxy auto provision if it is enabled
if (acctBy == AccountBy.name && password != null) {
Pair<Account, Boolean> result = null;
try {
result = prov.autoProvZMGProxyAccount(acctValuePassedIn, password);
} catch (AuthFailedServiceException e) {
// Most likely in error with user creds
} catch (ServiceException e) {
ZimbraLog.account.info("unable to auto provision acct " + acctValuePassedIn, e);
}
if (result != null) {
acct = result.getFirst();
acctAutoProvisioned = result.getSecond();
}
}
}
if (acct == null) {
throw AuthFailedServiceException.AUTH_FAILED(acctValue, acctValuePassedIn, "account not found");
}
AccountUtil.addAccountToLogContext(prov, acct.getId(), ZimbraLog.C_NAME, ZimbraLog.C_ID, null);
Boolean registerTrustedDevice = false;
TwoFactorAuth twoFactorManager = TwoFactorAuth.getFactory().getTwoFactorAuth(acct);
if (twoFactorManager.twoFactorAuthEnabled()) {
registerTrustedDevice = trustedToken == null && request.getAttributeBool(AccountConstants.A_TRUSTED_DEVICE, false);
}
// if account was auto provisioned, we had already authenticated the principal
if (!acctAutoProvisioned) {
boolean trustedDeviceOverride = false;
if (trustedToken != null && acct.isFeatureTrustedDevicesEnabled()) {
if (trustedToken.isExpired()) {
ZimbraLog.account.debug("trusted token is expired");
registerTrustedDevice = false;
} else {
Map<String, Object> attrs = getTrustedDeviceAttrs(zsc, deviceId);
try {
verifyTrustedDevice(acct, trustedToken, attrs);
trustedDeviceOverride = true;
} catch (AuthFailedServiceException e) {
ZimbraLog.account.info("trusted device not verified");
}
}
}
boolean usingTwoFactorAuth = acct != null && twoFactorManager.twoFactorAuthRequired() && !trustedDeviceOverride;
boolean twoFactorAuthWithToken = usingTwoFactorAuth && authTokenEl != null;
if (password != null || twoFactorAuthWithToken) {
// authentication logic can be reached with either a password, or a 2FA auth token
if (usingTwoFactorAuth && twoFactorCode == null && password != null) {
int mtaAuthPort = acct.getServer().getMtaAuthPort();
boolean supportsAppSpecificPaswords = acct.isFeatureAppSpecificPasswordsEnabled() && zsc.getPort() == mtaAuthPort;
if (supportsAppSpecificPaswords && password != null) {
// if we are here, it means we are authenticating SMTP,
// so app-specific passwords are accepted. Other protocols (pop, imap)
// doesn't touch this code, so their authentication happens in ZimbraAuth.
AppSpecificPasswords appPasswords = TwoFactorAuth.getFactory().getAppSpecificPasswords(acct, acctValuePassedIn);
appPasswords.authenticate(password);
} else {
prov.authAccount(acct, password, AuthContext.Protocol.soap, authCtxt);
return needTwoFactorAuth(acct, twoFactorManager, zsc);
}
} else {
if (password != null) {
prov.authAccount(acct, password, AuthContext.Protocol.soap, authCtxt);
} else {
// it's ok to not have a password if the client is using a 2FA auth token for the 2nd step of 2FA
if (!twoFactorAuthWithToken) {
throw ServiceException.AUTH_REQUIRED();
}
}
if (usingTwoFactorAuth) {
// check that 2FA has been enabled, in case the client is passing in a twoFactorCode prior to setting up 2FA
if (!twoFactorManager.twoFactorAuthEnabled()) {
throw AccountServiceException.TWO_FACTOR_SETUP_REQUIRED();
}
AuthToken twoFactorToken = null;
if (password == null) {
try {
twoFactorToken = AuthProvider.getAuthToken(authTokenEl, acct);
Account twoFactorTokenAcct = AuthProvider.validateAuthToken(prov, twoFactorToken, false, Usage.TWO_FACTOR_AUTH);
boolean verifyAccount = authTokenEl.getAttributeBool(AccountConstants.A_VERIFY_ACCOUNT, false);
if (verifyAccount && !twoFactorTokenAcct.getId().equalsIgnoreCase(acct.getId())) {
throw new AuthTokenException("two-factor auth token doesn't match the named account");
}
} catch (AuthTokenException e) {
throw AuthFailedServiceException.AUTH_FAILED("bad auth token");
}
}
TwoFactorAuth manager = TwoFactorAuth.getFactory().getTwoFactorAuth(acct);
if (twoFactorCode != null) {
manager.authenticate(twoFactorCode);
} else {
throw AuthFailedServiceException.AUTH_FAILED("no two-factor code provided");
}
if (twoFactorToken != null) {
try {
twoFactorToken.deRegister();
} catch (AuthTokenException e) {
throw ServiceException.FAILURE("cannot de-register two-factor auth token", e);
}
}
}
}
} else if (preAuthEl != null) {
long timestamp = preAuthEl.getAttributeLong(AccountConstants.A_TIMESTAMP);
expires = preAuthEl.getAttributeLong(AccountConstants.A_EXPIRES, 0);
String preAuth = preAuthEl.getTextTrim();
prov.preAuthAccount(acct, acctValue, acctByStr, timestamp, expires, preAuth, authCtxt);
} else {
throw ServiceException.INVALID_REQUEST("must specify " + AccountConstants.E_PASSWORD, null);
}
}
AuthToken at = expires == 0 ? AuthProvider.getAuthToken(acct) : AuthProvider.getAuthToken(acct, expires);
if (registerTrustedDevice && (trustedToken == null || trustedToken.isExpired())) {
//generate a new trusted device token if there is no existing one or if the current one is no longer valid
Map<String, Object> attrs = getTrustedDeviceAttrs(zsc, newDeviceId == null ? deviceId : newDeviceId);
TrustedDevices trustedDeviceManager = TwoFactorAuth.getFactory().getTrustedDevices(acct);
trustedToken = trustedDeviceManager.registerTrustedDevice(attrs);
}
ServletRequest httpReq = (ServletRequest) context.get(SoapServlet.SERVLET_REQUEST);
// For CSRF filter so that token generation can happen
if (csrfSupport && !at.isCsrfTokenEnabled()) {
// handle case where auth token was originally generated with csrf support
// and now client sends the same auth token but saying csrfSupport is turned off
// in that case do not disable CSRF check for this authToken.
at.setCsrfTokenEnabled(csrfSupport);
}
httpReq.setAttribute(CsrfFilter.AUTH_TOKEN, at);
return doResponse(request, at, zsc, context, acct, csrfSupport, trustedToken, newDeviceId);
}
Also used :
Account(com.zimbra.cs.account.Account)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
TrustedDeviceToken(com.zimbra.cs.account.TrustedDeviceToken)
HashMap(java.util.HashMap)
Element(com.zimbra.common.soap.Element)
Provisioning(com.zimbra.cs.account.Provisioning)
AccountBy(com.zimbra.common.account.Key.AccountBy)
TwoFactorAuth(com.zimbra.cs.account.auth.twofactor.TwoFactorAuth)
Usage(com.zimbra.cs.account.AuthToken.Usage)
AppSpecificPasswords(com.zimbra.cs.account.auth.twofactor.AppSpecificPasswords)
EmailAddress(com.zimbra.cs.account.names.NameUtil.EmailAddress)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
TrustedDevice(com.zimbra.cs.account.TrustedDevice)
AuthToken(com.zimbra.cs.account.AuthToken)
Domain(com.zimbra.cs.account.Domain)
TrustedDevices(com.zimbra.cs.account.auth.twofactor.TrustedDevices)
Aggregations
ServletRequest (javax.servlet.ServletRequest)185
ServletResponse (javax.servlet.ServletResponse)129
HttpServletRequest (javax.servlet.http.HttpServletRequest)117
HttpServletResponse (javax.servlet.http.HttpServletResponse)95
FilterChain (javax.servlet.FilterChain)79
Test (org.junit.Test)75
ServletException (javax.servlet.ServletException)59
IOException (java.io.IOException)57
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)35
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)35
MockFilterChain (org.springframework.mock.web.MockFilterChain)32
Filter (javax.servlet.Filter)28
Injector (com.google.inject.Injector)25
HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)21
NestedServletException (org.springframework.web.util.NestedServletException)19
ServletTestUtils.newFakeHttpServletRequest (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)18
ServletTestUtils.newFakeHttpServletResponse (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)18
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)15
ErrorPage (org.springframework.boot.web.server.ErrorPage)15
MockHttpServletRequest (org.springframework.mock.web.test.MockHttpServletRequest)14
