use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation in project uaa by cloudfoundry.
the class PasswordConfirmationValidationTest method testValidWithMatchingPasswords.
@Test
public void testValidWithMatchingPasswords() {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation("secret", "secret");
Assert.assertTrue(validation.valid());
}
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation in project uaa by cloudfoundry.
the class PasswordConfirmationValidationTest method testInvalidWithMismatchedPasswords.
@Test
public void testInvalidWithMismatchedPasswords() {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation("secret", "mecret");
Assert.assertFalse(validation.valid());
}
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation in project uaa by cloudfoundry.
the class InvitationsController method acceptInvitation.
@RequestMapping(value = "/accept.do", method = POST)
public String acceptInvitation(@RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, @RequestParam("code") String code, @RequestParam(value = "does_user_consent", required = false) boolean doesUserConsent, Model model, HttpServletResponse response) {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(password, passwordConfirmation);
UaaPrincipal principal = (UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
final ExpiringCode expiringCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId());
if (expiringCode == null || expiringCode.getData() == null) {
logger.debug("Failing invitation. Code not found.");
SecurityContextHolder.clearContext();
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
Map<String, String> data = JsonUtils.readValue(expiringCode.getData(), new TypeReference<>() {
});
if (principal == null || data.get("user_id") == null || !data.get("user_id").equals(principal.getId())) {
logger.debug("Failing invitation. Code and user ID mismatch.");
SecurityContextHolder.clearContext();
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
final String newCode = expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000)), expiringCode.getIntent(), IdentityZoneHolder.get().getId()).getCode();
BrandingInformation zoneBranding = IdentityZoneHolder.get().getConfig().getBranding();
if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message_code", "missing_consent");
}
if (!validation.valid()) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message_code", validation.getMessageCode());
}
try {
passwordValidator.validate(password);
} catch (InvalidPasswordException e) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message", e.getMessagesAsOneString());
}
AcceptedInvitation invitation;
try {
invitation = invitationsService.acceptInvitation(newCode, password);
} catch (HttpClientErrorException e) {
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
String res = "redirect:/login?success=invite_accepted";
if (!invitation.getRedirectUri().equals("/home")) {
res += "&" + FORM_REDIRECT_PARAMETER + "=" + invitation.getRedirectUri();
}
return res;
}
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation in project uaa by cloudfoundry.
the class ForcePasswordChangeController method handleForcePasswordChange.
@RequestMapping(value = "/force_password_change", method = POST)
public String handleForcePasswordChange(Model model, @RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, HttpServletRequest request, HttpServletResponse response, HttpSession httpSession) {
SecurityContext securityContext = SecurityContextHolder.getContext();
UaaAuthentication authentication = ((UaaAuthentication) securityContext.getAuthentication());
UaaPrincipal principal = authentication.getPrincipal();
String email = principal.getEmail();
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(email, password, passwordConfirmation);
if (!validation.valid()) {
return handleUnprocessableEntity(model, response, email, resourcePropertySource.getProperty("force_password_change.form_error").toString());
}
logger.debug("Processing handleForcePasswordChange for user: " + email);
try {
resetPasswordService.resetUserPassword(principal.getId(), password);
} catch (InvalidPasswordException exception) {
return handleUnprocessableEntity(model, response, email, exception.getMessagesAsOneString());
}
logger.debug(String.format("Successful password change for username:%s in zone:%s ", principal.getName(), IdentityZoneHolder.get().getId()));
SessionUtils.setPasswordChangeRequired(httpSession, false);
authentication.setAuthenticatedTime(System.currentTimeMillis());
SessionUtils.setSecurityContext(request.getSession(), SecurityContextHolder.getContext());
return "redirect:/force_password_change_completed";
}
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation in project uaa by cloudfoundry.
the class PasswordConfirmationValidationTest method testInvalidWithEmptyPassword.
@Test
public void testInvalidWithEmptyPassword() {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation("", "");
Assert.assertFalse(validation.valid());
}
Aggregations