Example 1 with PasswordConfirmationException
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationEntryPoint method commence.
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
Throwable cause = authException.getCause();
response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
@Override
public String getMethod() {
return "GET";
}
@Override
public String getParameter(String name) {
if (name.equals("code")) {
return (String) getAttribute(name);
}
return super.getParameter(name);
}
@Override
public Map<String, String[]> getParameterMap() {
Map<String, String[]> map = super.getParameterMap();
if (map.containsKey("code")) {
Map<String, String[]> newMap = new HashMap<>(map);
newMap.put("code", new String[] { (String) getAttribute("code") });
map = newMap;
}
return map;
}
@Override
public String[] getParameterValues(String name) {
return getParameterMap().get(name);
}
};
if (cause instanceof PasswordConfirmationException) {
PasswordConfirmationException passwordConfirmationException = (PasswordConfirmationException) cause;
request.setAttribute("message_code", passwordConfirmationException.getMessageCode());
request.getRequestDispatcher("/reset_password").forward(wrapper, response);
return;
} else {
if (cause instanceof InvalidPasswordException) {
InvalidPasswordException exception = (InvalidPasswordException) cause;
request.setAttribute("message", exception.getMessagesAsOneString());
request.getRequestDispatcher("/reset_password").forward(wrapper, response);
} else {
request.setAttribute("message_code", "bad_code");
request.getRequestDispatcher("/forgot_password").forward(wrapper, response);
}
}
}
Also used :
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
HashMap(java.util.HashMap)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)
Example 2 with PasswordConfirmationException
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String email = request.getParameter("email");
String code = request.getParameter("code");
String password = request.getParameter("password");
String passwordConfirmation = request.getParameter("password_confirmation");
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(email, password, passwordConfirmation);
ExpiringCode expiringCode = null;
try {
expiringCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId());
validation.throwIfNotValid();
if (expiringCode == null) {
throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
}
ResetPasswordService.ResetPasswordResponse resetPasswordResponse = service.resetPassword(expiringCode, password);
String redirectUri = resetPasswordResponse.getRedirectUri();
if (!StringUtils.hasText(redirectUri) || redirectUri.equals("home")) {
response.sendRedirect(request.getContextPath() + "/login?success=password_reset");
} else {
response.sendRedirect(request.getContextPath() + "/login?success=password_reset&form_redirect_uri=" + redirectUri);
}
} catch (InvalidPasswordException e) {
refreshCode(request, expiringCode);
entryPoint.commence(request, response, new BadCredentialsException(e.getMessagesAsOneString(), e));
} catch (UaaException e) {
entryPoint.commence(request, response, new InternalAuthenticationServiceException(e.getMessage(), e));
} catch (PasswordConfirmationException pe) {
refreshCode(request, expiringCode);
entryPoint.commence(request, response, new BadCredentialsException("Password did not pass validation.", pe));
}
return;
}
Also used :
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)
PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)
Example 3 with PasswordConfirmationException
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationEntryPointTests method test_invalid_password_match.
@Test
public void test_invalid_password_match() throws Exception {
PasswordConfirmationException pe = new PasswordConfirmationException(messageCode, email);
BadCredentialsException be = new BadCredentialsException("", pe);
entryPoint.commence(request, response, be);
verify(request, times(1)).getRequestDispatcher(eq("/reset_password"));
verify(request, times(1)).setAttribute(eq("message_code"), eq(messageCode));
verify(requestDispatcher, timeout(1)).forward(any(HttpServletRequest.class), same(response));
verify(response, times(1)).setStatus(eq(HttpStatus.UNPROCESSABLE_ENTITY.value()));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)
Test(org.junit.Test)
Example 4 with PasswordConfirmationException
use of org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationFilterTest method invalid_password_confirmation.
@Test
public void invalid_password_confirmation() throws Exception {
request.setParameter("password_confirmation", "invalid");
Exception e = error_during_password_reset(PasswordConfirmationException.class);
assertTrue(e instanceof AuthenticationException);
assertNotNull(e.getCause());
assertTrue(e.getCause() instanceof PasswordConfirmationException);
PasswordConfirmationException pe = (PasswordConfirmationException) e.getCause();
assertEquals("form_error", pe.getMessageCode());
assertEquals(email, pe.getEmail());
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)
PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)
Test(org.junit.Test)
Aggregations
PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)4
InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)3
InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)2
UaaException (org.cloudfoundry.identity.uaa.error.UaaException)2
Test (org.junit.Test)2
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2
HashMap (java.util.HashMap)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)1
ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)1
InternalAuthenticationServiceException (org.springframework.security.authentication.InternalAuthenticationServiceException)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
