Example 6 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaChangePasswordService method changePassword.
@Override
public void changePassword(String username, String currentPassword, String newPassword) {
if (username == null || currentPassword == null) {
throw new BadCredentialsException(username);
}
passwordValidator.validate(newPassword);
List<ScimUser> results = scimUserProvisioning.retrieveByUsernameAndOriginAndZone(username, UAA, IdentityZoneHolder.getCurrentZoneId());
if (results.isEmpty()) {
throw new ScimResourceNotFoundException("User not found");
}
ScimUser user = results.get(0);
UaaUser uaaUser = getUaaUser(user);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
try {
if (scimUserProvisioning.checkPasswordMatches(user.getId(), newPassword, IdentityZoneHolder.get().getId())) {
throw new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY);
}
scimUserProvisioning.changePassword(user.getId(), currentPassword, newPassword, IdentityZoneHolder.get().getId());
publish(new PasswordChangeEvent("Password changed", uaaUser, authentication, IdentityZoneHolder.getCurrentZoneId()));
} catch (Exception e) {
publish(new PasswordChangeFailureEvent(e.getMessage(), uaaUser, authentication, IdentityZoneHolder.getCurrentZoneId()));
throw e;
}
}
Also used :
ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser)
PasswordChangeEvent(org.cloudfoundry.identity.uaa.account.event.PasswordChangeEvent)
PasswordChangeFailureEvent(org.cloudfoundry.identity.uaa.account.event.PasswordChangeFailureEvent)
Authentication(org.springframework.security.core.Authentication)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
ScimResourceNotFoundException(org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
ScimResourceNotFoundException(org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException)
Example 7 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaPasswordPolicyValidator method validate.
@Override
public void validate(String password) throws InvalidPasswordException {
if (password == null) {
password = "";
}
IdentityProvider<UaaIdentityProviderDefinition> idp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZoneHolder.get().getId());
if (idp == null) {
// should never happen
return;
}
PasswordPolicy policy = globalDefaultPolicy;
UaaIdentityProviderDefinition idpDefinition = idp.getConfig();
if (idpDefinition != null && idpDefinition.getPasswordPolicy() != null) {
policy = idpDefinition.getPasswordPolicy();
}
org.passay.PasswordValidator validator = validator(policy, messageResolver);
RuleResult result = validator.validate(new PasswordData(password));
if (!result.isValid()) {
List<String> errorMessages = new LinkedList<>(validator.getMessages(result));
if (!errorMessages.isEmpty()) {
throw new InvalidPasswordException(errorMessages);
}
}
}
Also used :
UaaIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition)
PasswordData(org.passay.PasswordData)
PasswordPolicy(org.cloudfoundry.identity.uaa.provider.PasswordPolicy)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
RuleResult(org.passay.RuleResult)
LinkedList(java.util.LinkedList)
Example 8 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class InvitationsController method acceptInvitation.
@RequestMapping(value = "/accept.do", method = POST)
public String acceptInvitation(@RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, @RequestParam("code") String code, @RequestParam(value = "does_user_consent", required = false) boolean doesUserConsent, Model model, HttpServletResponse response) {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(password, passwordConfirmation);
UaaPrincipal principal = (UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
final ExpiringCode expiringCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId());
if (expiringCode == null || expiringCode.getData() == null) {
logger.debug("Failing invitation. Code not found.");
SecurityContextHolder.clearContext();
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
Map<String, String> data = JsonUtils.readValue(expiringCode.getData(), new TypeReference<>() {
});
if (principal == null || data.get("user_id") == null || !data.get("user_id").equals(principal.getId())) {
logger.debug("Failing invitation. Code and user ID mismatch.");
SecurityContextHolder.clearContext();
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
final String newCode = expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000)), expiringCode.getIntent(), IdentityZoneHolder.get().getId()).getCode();
BrandingInformation zoneBranding = IdentityZoneHolder.get().getConfig().getBranding();
if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message_code", "missing_consent");
}
if (!validation.valid()) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message_code", validation.getMessageCode());
}
try {
passwordValidator.validate(password);
} catch (InvalidPasswordException e) {
return processErrorReload(newCode, model, principal.getEmail(), response, "error_message", e.getMessagesAsOneString());
}
AcceptedInvitation invitation;
try {
invitation = invitationsService.acceptInvitation(newCode, password);
} catch (HttpClientErrorException e) {
return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite");
}
String res = "redirect:/login?success=invite_accepted";
if (!invitation.getRedirectUri().equals("/home")) {
res += "&" + FORM_REDIRECT_PARAMETER + "=" + invitation.getRedirectUri();
}
return res;
}
Also used :
BrandingInformation(org.cloudfoundry.identity.uaa.zone.BrandingInformation)
UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)
HttpClientErrorException(org.springframework.web.client.HttpClientErrorException)
ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode)
PasswordConfirmationValidation(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
Timestamp(java.sql.Timestamp)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 9 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class EmailAccountCreationServiceTests method beginActivation_throwsException_ifPasswordViolatesPolicy.
@Test
void beginActivation_throwsException_ifPasswordViolatesPolicy() {
doThrow(new InvalidPasswordException("Oh hell no")).when(mockPasswordValidator).validate(anyString());
assertThrows(InvalidPasswordException.class, () -> emailAccountCreationService.beginActivation("user@example.com", "some password", null, null));
verify(mockPasswordValidator).validate("some password");
}
Also used :
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
Test(org.junit.jupiter.api.Test)
Example 10 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class ChangePasswordControllerTest method changePassword_PasswordPolicyViolationReported.
@Test
void changePassword_PasswordPolicyViolationReported() throws Exception {
doThrow(new InvalidPasswordException(asList("Msg 2b", "Msg 1b"))).when(changePasswordService).changePassword("bob", "secret", "new secret");
MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "new secret");
mockMvc.perform(post).andExpect(status().isUnprocessableEntity()).andExpect(view().name("change_password")).andExpect(model().attribute("message", "Msg 1b Msg 2b"));
}
Also used :
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
Test(org.junit.jupiter.api.Test)
Aggregations
InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)27
Test (org.junit.jupiter.api.Test)10
ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)9
ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)8
Timestamp (java.sql.Timestamp)5
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)5
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)5
Date (java.util.Date)4
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)4
Matchers.containsString (org.hamcrest.Matchers.containsString)4
Test (org.junit.Test)4
Authentication (org.springframework.security.core.Authentication)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4
InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)3
UaaException (org.cloudfoundry.identity.uaa.error.UaaException)3
ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)3
UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
PasswordConfirmationValidation (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)2
PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)2
