Search in sources :

Example 16 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ScimUserEndpointsTests method createUser_whenPasswordIsInvalid_throwsException.

@Test
void createUser_whenPasswordIsInvalid_throwsException() {
    doThrow(new InvalidPasswordException("whaddup")).when(mockPasswordValidator).validate(anyString());
    ScimUserProvisioning mockScimUserProvisioning = mock(ScimUserProvisioning.class);
    ReflectionTestUtils.setField(scimUserEndpoints, "scimUserProvisioning", mockScimUserProvisioning);
    String zoneId = identityZone.getId();
    when(mockScimUserProvisioning.createUser(any(ScimUser.class), anyString(), eq(zoneId))).thenReturn(new ScimUser());
    String userName = "user@example.com";
    ScimUser user = new ScimUser("user1", userName, null, null);
    user.addEmail(userName);
    user.setOrigin(OriginKeys.UAA);
    user.setPassword("some bad password");
    InvalidPasswordException invalidPasswordException = assertThrowsWithMessageThat(InvalidPasswordException.class, () -> scimUserEndpoints.createUser(user, new MockHttpServletRequest(), new MockHttpServletResponse()), containsString("whaddup"));
    assertEquals(invalidPasswordException.getStatus(), HttpStatus.BAD_REQUEST);
    verify(mockPasswordValidator).validate("some bad password");
    ReflectionTestUtils.setField(scimUserEndpoints, "scimUserProvisioning", jdbcScimUserProvisioning);
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) JdbcScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning) ScimUserProvisioning(org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 17 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class InvitationsControllerTest method testAcceptInviteWithContraveningPassword.

@Test
public void testAcceptInviteWithContraveningPassword() throws Exception {
    doThrow(new InvalidPasswordException(Arrays.asList("Msg 2c", "Msg 1c"))).when(passwordValidator).validate("a");
    MockHttpServletRequestBuilder post = startAcceptInviteFlow("a", "a");
    Map<String, String> codeData = getInvitationsCode(OriginKeys.UAA);
    String codeDataString = JsonUtils.writeValueAsString(codeData);
    when(expiringCodeStore.retrieveCode("thecode", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("thecode", new Timestamp(1), codeDataString, INVITATION.name()), null);
    when(expiringCodeStore.retrieveCode("thenewcode", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("thenewcode", new Timestamp(1), codeDataString, INVITATION.name()), null);
    when(expiringCodeStore.generateCode(eq(codeDataString), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(new ExpiringCode("thenewcode", new Timestamp(1), codeDataString, INVITATION.name()), new ExpiringCode("thenewcode2", new Timestamp(1), codeDataString, INVITATION.name()));
    IdentityProvider identityProvider = new IdentityProvider();
    identityProvider.setType(OriginKeys.UAA);
    when(providerProvisioning.retrieveByOrigin("uaa", "uaa")).thenReturn(identityProvider);
    mockMvc.perform(post).andExpect(status().isFound()).andExpect(model().attribute("error_message", "Msg 1c Msg 2c")).andExpect(model().attribute("code", "thenewcode2")).andExpect(view().name("redirect:accept"));
    verify(expiringCodeStore).retrieveCode("thecode", IdentityZoneHolder.get().getId());
    verify(expiringCodeStore, times(2)).generateCode(anyString(), any(), anyString(), eq(IdentityZoneHolder.get().getId()));
    verify(invitationsService, never()).acceptInvitation(anyString(), anyString());
}
Also used : ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Timestamp(java.sql.Timestamp) Test(org.junit.Test)

Example 18 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class PasswordResetEndpoint method changePassword.

@RequestMapping(value = "/password_change", method = RequestMethod.POST)
public ResponseEntity<LostPasswordChangeResponse> changePassword(@RequestBody LostPasswordChangeRequest passwordChangeRequest) {
    ResponseEntity<LostPasswordChangeResponse> responseEntity;
    if (passwordChangeRequest.getChangeCode() != null) {
        try {
            ExpiringCode expiringCode = getExpiringCode(passwordChangeRequest.getChangeCode());
            ResetPasswordService.ResetPasswordResponse reset = resetPasswordService.resetPassword(expiringCode, passwordChangeRequest.getNewPassword());
            ScimUser user = reset.getUser();
            ExpiringCode loginCode = getCode(user.getId(), user.getUserName(), reset.getClientId());
            LostPasswordChangeResponse response = new LostPasswordChangeResponse();
            response.setUserId(user.getId());
            response.setUsername(user.getUserName());
            response.setEmail(user.getPrimaryEmail());
            response.setLoginCode(loginCode.getCode());
            return new ResponseEntity<>(response, OK);
        } catch (BadCredentialsException e) {
            return new ResponseEntity<>(UNAUTHORIZED);
        } catch (ScimResourceNotFoundException e) {
            return new ResponseEntity<>(NOT_FOUND);
        } catch (InvalidPasswordException | InvalidCodeException e) {
            throw e;
        } catch (Exception e) {
            return new ResponseEntity<>(INTERNAL_SERVER_ERROR);
        }
    } else {
        responseEntity = new ResponseEntity<>(BAD_REQUEST);
    }
    return responseEntity;
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimResourceNotFoundException(org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ScimException(org.cloudfoundry.identity.uaa.scim.exception.ScimException) ScimResourceNotFoundException(org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException) ResponseEntity(org.springframework.http.ResponseEntity) ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)

Example 19 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ResetPasswordAuthenticationEntryPoint method commence.

@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
    Throwable cause = authException.getCause();
    response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
    HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {

        @Override
        public String getMethod() {
            return "GET";
        }

        @Override
        public String getParameter(String name) {
            if (name.equals("code")) {
                return (String) getAttribute(name);
            }
            return super.getParameter(name);
        }

        @Override
        public Map<String, String[]> getParameterMap() {
            Map<String, String[]> map = super.getParameterMap();
            if (map.containsKey("code")) {
                Map<String, String[]> newMap = new HashMap<>(map);
                newMap.put("code", new String[] { (String) getAttribute("code") });
                map = newMap;
            }
            return map;
        }

        @Override
        public String[] getParameterValues(String name) {
            return getParameterMap().get(name);
        }
    };
    if (cause instanceof PasswordConfirmationException) {
        PasswordConfirmationException passwordConfirmationException = (PasswordConfirmationException) cause;
        request.setAttribute("message_code", passwordConfirmationException.getMessageCode());
        request.getRequestDispatcher("/reset_password").forward(wrapper, response);
        return;
    } else {
        if (cause instanceof InvalidPasswordException) {
            InvalidPasswordException exception = (InvalidPasswordException) cause;
            request.setAttribute("message", exception.getMessagesAsOneString());
            request.getRequestDispatcher("/reset_password").forward(wrapper, response);
        } else {
            request.setAttribute("message_code", "bad_code");
            request.getRequestDispatcher("/forgot_password").forward(wrapper, response);
        }
    }
}
Also used : HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) HashMap(java.util.HashMap) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)

Example 20 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ResetPasswordAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    String email = request.getParameter("email");
    String code = request.getParameter("code");
    String password = request.getParameter("password");
    String passwordConfirmation = request.getParameter("password_confirmation");
    PasswordConfirmationValidation validation = new PasswordConfirmationValidation(email, password, passwordConfirmation);
    ExpiringCode expiringCode = null;
    try {
        expiringCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId());
        validation.throwIfNotValid();
        if (expiringCode == null) {
            throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
        }
        ResetPasswordService.ResetPasswordResponse resetPasswordResponse = service.resetPassword(expiringCode, password);
        String redirectUri = resetPasswordResponse.getRedirectUri();
        if (!StringUtils.hasText(redirectUri) || redirectUri.equals("home")) {
            response.sendRedirect(request.getContextPath() + "/login?success=password_reset");
        } else {
            response.sendRedirect(request.getContextPath() + "/login?success=password_reset&form_redirect_uri=" + redirectUri);
        }
    } catch (InvalidPasswordException e) {
        refreshCode(request, expiringCode);
        entryPoint.commence(request, response, new BadCredentialsException(e.getMessagesAsOneString(), e));
    } catch (UaaException e) {
        entryPoint.commence(request, response, new InternalAuthenticationServiceException(e.getMessage(), e));
    } catch (PasswordConfirmationException pe) {
        refreshCode(request, expiringCode);
        entryPoint.commence(request, response, new BadCredentialsException("Password did not pass validation.", pe));
    }
    return;
}
Also used : UaaException(org.cloudfoundry.identity.uaa.error.UaaException) ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException) PasswordConfirmationException(org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)

Aggregations

InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)27 Test (org.junit.jupiter.api.Test)10 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)9 ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)8 Timestamp (java.sql.Timestamp)5 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)5 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)5 Date (java.util.Date)4 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)4 Matchers.containsString (org.hamcrest.Matchers.containsString)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)3 UaaException (org.cloudfoundry.identity.uaa.error.UaaException)3 ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)3 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 PasswordConfirmationValidation (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)2 PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)2