use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class AccountsController method sendActivationEmail.
@RequestMapping(value = "/create_account.do", method = POST)
public String sendActivationEmail(Model model, HttpServletResponse response, @RequestParam(value = "client_id", required = false) String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, @Valid @ModelAttribute("email") ValidEmail email, BindingResult result, @RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, @RequestParam(value = "does_user_consent", required = false) boolean doesUserConsent) {
BrandingInformation zoneBranding = IdentityZoneHolder.get().getConfig().getBranding();
if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) {
return handleUnprocessableEntity(model, response, "error_message_code", "missing_consent");
}
if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) {
return handleSelfServiceDisabled(model, response, "error_message_code", "self_service_disabled");
}
if (result.hasErrors()) {
return handleUnprocessableEntity(model, response, "error_message_code", "invalid_email");
}
List<IdentityProvider> identityProviderList = DomainFilter.getIdpsForEmailDomain(identityProviderProvisioning.retrieveAll(true, IdentityZoneHolder.get().getId()), email.getEmail());
identityProviderList = identityProviderList.stream().filter(idp -> !idp.getOriginKey().equals(OriginKeys.UAA)).collect(Collectors.toList());
if (!identityProviderList.isEmpty()) {
model.addAttribute("email", email.getEmail());
return handleUnprocessableEntity(model, response, "error_message_code", "other_idp");
}
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(password, passwordConfirmation);
if (!validation.valid()) {
return handleUnprocessableEntity(model, response, "error_message_code", validation.getMessageCode());
}
try {
accountCreationService.beginActivation(email.getEmail(), password, clientId, redirectUri);
} catch (UaaException e) {
return handleUnprocessableEntity(model, response, "error_message_code", "username_exists");
} catch (InvalidPasswordException e) {
return handleUnprocessableEntity(model, response, "error_message", e.getMessagesAsOneString());
}
return "redirect:accounts/email_sent";
}
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaResetPasswordService method changePasswordCodeAuthenticated.
private ResetPasswordResponse changePasswordCodeAuthenticated(ExpiringCode expiringCode, String newPassword) {
String userId;
String userName;
Date passwordLastModified;
String clientId;
String redirectUri;
PasswordChange change;
try {
change = JsonUtils.readValue(expiringCode.getData(), PasswordChange.class);
} catch (JsonUtils.JsonUtilException x) {
throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
}
userId = change.getUserId();
userName = change.getUsername();
passwordLastModified = change.getPasswordModifiedTime();
clientId = change.getClientId();
redirectUri = change.getRedirectUri();
ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
UaaUser uaaUser = getUaaUser(user);
Authentication authentication = constructAuthentication(uaaUser);
try {
if (scimUserProvisioning.checkPasswordMatches(userId, newPassword, identityZoneManager.getCurrentIdentityZoneId())) {
throw new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY);
}
if (isUserModified(user, userName, passwordLastModified)) {
throw new UaaException("Invalid password reset request.");
}
if (!user.isVerified()) {
scimUserProvisioning.verifyUser(userId, -1, identityZoneManager.getCurrentIdentityZoneId());
}
updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, newPassword);
String redirectLocation = "home";
if (!isEmpty(clientId) && !isEmpty(redirectUri)) {
try {
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId());
Set<String> redirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() : clientDetails.getRegisteredRedirectUri();
String matchingRedirectUri = UaaUrlUtils.findMatchingRedirectUri(redirectUris, redirectUri, redirectLocation);
if (matchingRedirectUri != null) {
redirectLocation = matchingRedirectUri;
}
} catch (NoSuchClientException nsce) {
}
}
return new ResetPasswordResponse(user, redirectLocation, clientId);
} catch (Exception e) {
publish(new PasswordChangeFailureEvent(e.getMessage(), uaaUser, authentication, identityZoneManager.getCurrentIdentityZoneId()));
throw e;
}
}
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaResetPasswordService method resetUserPassword.
@Override
public void resetUserPassword(String userId, String password) {
if (scimUserProvisioning.checkPasswordMatches(userId, password, identityZoneManager.getCurrentIdentityZoneId())) {
throw new InvalidPasswordException(resourcePropertySource.getProperty("force_password_change.same_as_old").toString(), UNPROCESSABLE_ENTITY);
}
passwordValidator.validate(password);
ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
UaaUser uaaUser = getUaaUser(user);
Authentication authentication = constructAuthentication(uaaUser);
updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, password);
}
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class PasswordResetEndpointTest method passwordsMustSatisfyPolicy.
@Test
void passwordsMustSatisfyPolicy() throws Exception {
doThrow(new InvalidPasswordException("Password flunks policy")).when(mockPasswordValidator).validate("new_secret");
when(mockExpiringCodeStore.retrieveCode("emailed_code", currentZoneId)).thenReturn(new ExpiringCode("emailed_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), "{\"user_id\":\"eyedee\",\"username\":\"user@example.com\",\"passwordModifiedTime\":null,\"client_id\":\"\",\"redirect_uri\":\"\"}", null));
MockHttpServletRequestBuilder post = post("/password_change").contentType(APPLICATION_JSON).content("{\"code\":\"emailed_code\",\"new_password\":\"new_secret\"}").accept(APPLICATION_JSON);
mockMvc.perform(post).andExpect(status().isUnprocessableEntity()).andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject(new JSONObject().put("error_description", "Password flunks policy").put("message", "Password flunks policy").put("error", "invalid_password"))));
}
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationEntryPointTests method test_when_invalid_password_exception.
@Test
public void test_when_invalid_password_exception() throws Exception {
InvalidPasswordException pe = new InvalidPasswordException(Arrays.asList("one", "two"));
BadCredentialsException be = new BadCredentialsException("", pe);
entryPoint.commence(request, response, be);
verify(request, times(1)).getRequestDispatcher(eq("/reset_password"));
verify(request, times(1)).setAttribute(eq("message"), eq(pe.getMessagesAsOneString()));
verify(requestDispatcher, timeout(1)).forward(any(HttpServletRequest.class), same(response));
verify(response, times(1)).setStatus(eq(HttpStatus.UNPROCESSABLE_ENTITY.value()));
}
Aggregations