Examples with Kontrol loophole.mvc.annotation.Kontrol used on opensource projects

Example 1 with Kontrol

use of loophole.mvc.annotation.Kontrol in project KeyBox by skavanagh.

the class LoginKtrl method loginSubmit.

@Kontrol(path = "/loginSubmit", method = MethodType.POST)
public String loginSubmit() throws ServletException {
    String retVal = "redirect:/admin/menu.html";
    String authToken = null;
    try {
        authToken = AuthDB.login(auth);
        // get client IP
        String clientIP = AuthUtil.getClientIPAddress(getRequest());
        if (authToken != null) {
            User user = AuthDB.getUserByAuthToken(authToken);
            if (user != null) {
                String sharedSecret = null;
                if (otpEnabled) {
                    sharedSecret = AuthDB.getSharedSecret(user.getId());
                    if (StringUtils.isNotEmpty(sharedSecret) && (auth.getOtpToken() == null || !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) {
                        loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR);
                        addError(AUTH_ERROR);
                        return "/login.html";
                    }
                }
                // check to see if admin has any assigned profiles
                if (!User.MANAGER.equals(user.getUserType()) && (user.getProfileList() == null || user.getProfileList().size() <= 0)) {
                    loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR_NO_PROFILE);
                    addError(AUTH_ERROR_NO_PROFILE);
                    return "/login.html";
                }
                // check to see if account has expired
                if (user.isExpired()) {
                    loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR_EXPIRED_ACCOUNT);
                    addError(AUTH_ERROR_EXPIRED_ACCOUNT);
                    return "/login.html";
                }
                AuthUtil.setAuthToken(getRequest().getSession(), authToken);
                AuthUtil.setUserId(getRequest().getSession(), user.getId());
                AuthUtil.setAuthType(getRequest().getSession(), user.getAuthType());
                AuthUtil.setTimeout(getRequest().getSession());
                AuthUtil.setUsername(getRequest().getSession(), user.getUsername());
                AuthDB.updateLastLogin(user);
                // for first time login redirect to set OTP
                if (otpEnabled && StringUtils.isEmpty(sharedSecret)) {
                    retVal = "redirect:/admin/viewOTP.ktrl";
                } else if ("changeme".equals(auth.getPassword()) && Auth.AUTH_BASIC.equals(user.getAuthType())) {
                    retVal = "redirect:/admin/userSettings.ktrl";
                }
                loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - Authentication Success");
            }
        } else {
            loginAuditLogger.info(auth.getUsername() + " (" + clientIP + ") - " + AUTH_ERROR);
            addError(AUTH_ERROR);
            retVal = "/login.html";
        }
    } catch (SQLException | GeneralSecurityException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    return retVal;
}

Example 2 with Kontrol

use of loophole.mvc.annotation.Kontrol in project KeyBox by skavanagh.

the class AuthKeysKtrl method enablePublicKey.

@Kontrol(path = "/manage/enablePublicKey", method = MethodType.GET)
public String enablePublicKey() throws ServletException {
    try {
        publicKey = PublicKeyDB.getPublicKey(publicKey.getId());
        PublicKeyDB.enableKey(publicKey.getId());
        profileList = ProfileDB.getAllProfiles();
        userList = UserDB.getUserSet(new SortedSet(SessionAuditDB.SORT_BY_USERNAME)).getItemList();
        sortedSet = PublicKeyDB.getPublicKeySet(sortedSet);
    } catch (SQLException | GeneralSecurityException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    distributePublicKeys(publicKey);
    return "/manage/view_keys.html";
}

Example 3 with Kontrol

use of loophole.mvc.annotation.Kontrol in project KeyBox by skavanagh.

the class AuthKeysKtrl method adminViewKeys.

@Kontrol(path = "/admin/viewKeys", method = MethodType.GET)
public String adminViewKeys() throws ServletException {
    try {
        Long userId = AuthUtil.getUserId(getRequest().getSession());
        String userType = AuthUtil.getUserType(getRequest().getSession());
        if (Auth.MANAGER.equals(userType)) {
            profileList = ProfileDB.getAllProfiles();
        } else {
            profileList = UserProfileDB.getProfilesByUser(userId);
        }
        sortedSet = PublicKeyDB.getPublicKeySet(sortedSet, userId);
        userPublicKeyList = PublicKeyDB.getUniquePublicKeysForUser(userId);
    } catch (SQLException | GeneralSecurityException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    return "/admin/view_keys.html";
}

Example 4 with Kontrol

use of loophole.mvc.annotation.Kontrol in project KeyBox by skavanagh.

the class OTPKtrl method qrImage.

@Kontrol(path = "/admin/qrImage", method = MethodType.GET)
public String qrImage() throws ServletException {
    String username;
    String secret;
    try {
        username = UserDB.getUser(AuthUtil.getUserId(getRequest().getSession())).getUsername();
        secret = AuthUtil.getOTPSecret(getRequest().getSession());
        AuthUtil.setOTPSecret(getRequest().getSession(), null);
    } catch (SQLException | GeneralSecurityException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    try {
        String qrCodeText = "otpauth://totp/Bastillion%20%28" + URLEncoder.encode(getRequest().getHeader("host").replaceAll("\\:.*$", ""), "utf-8") + "%29:" + username + "?secret=" + secret;
        QRCodeWriter qrWriter = new QRCodeWriter();
        Hashtable<EncodeHintType, String> hints = new Hashtable<>();
        hints.put(EncodeHintType.CHARACTER_SET, "UTF-8");
        BitMatrix matrix = qrWriter.encode(qrCodeText, BarcodeFormat.QR_CODE, QR_IMAGE_WIDTH, QR_IMAGE_HEIGHT, hints);
        getResponse().setContentType("image/png");
        BufferedImage image = new BufferedImage(QR_IMAGE_WIDTH, QR_IMAGE_HEIGHT, BufferedImage.TYPE_INT_RGB);
        Graphics2D graphics = (Graphics2D) image.getGraphics();
        graphics.setColor(Color.WHITE);
        graphics.fillRect(0, 0, QR_IMAGE_WIDTH, QR_IMAGE_HEIGHT);
        graphics.setColor(Color.BLACK);
        for (int x = 0; x < QR_IMAGE_WIDTH; x++) {
            for (int y = 0; y < QR_IMAGE_HEIGHT; y++) {
                if (matrix.get(x, y)) {
                    graphics.fillRect(x, y, 1, 1);
                }
            }
        }
        ImageIO.write(image, "png", getResponse().getOutputStream());
        getResponse().getOutputStream().flush();
        getResponse().getOutputStream().close();
    } catch (IOException | WriterException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    return null;
}

Example 5 with Kontrol

use of loophole.mvc.annotation.Kontrol in project KeyBox by skavanagh.

the class OTPKtrl method viewOTP.

@Kontrol(path = "/admin/viewOTP", method = MethodType.GET)
public String viewOTP() throws ServletException {
    sharedSecret = OTPUtil.generateSecret();
    try {
        AuthUtil.setOTPSecret(getRequest().getSession(), sharedSecret);
    } catch (GeneralSecurityException ex) {
        log.error(ex.toString(), ex);
        throw new ServletException(ex.toString(), ex);
    }
    qrImage = new Date().getTime() + ".png";
    return "/admin/two-factor_otp.html";
}