Search in sources :

Example 21 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class AccountsController method sendActivationEmail.

@RequestMapping(value = "/create_account.do", method = POST)
public String sendActivationEmail(Model model, HttpServletResponse response, @RequestParam(value = "client_id", required = false) String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, @Valid @ModelAttribute("email") ValidEmail email, BindingResult result, @RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, @RequestParam(value = "does_user_consent", required = false) boolean doesUserConsent) {
    BrandingInformation zoneBranding = IdentityZoneHolder.get().getConfig().getBranding();
    if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) {
        return handleUnprocessableEntity(model, response, "error_message_code", "missing_consent");
    }
    if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) {
        return handleSelfServiceDisabled(model, response, "error_message_code", "self_service_disabled");
    }
    if (result.hasErrors()) {
        return handleUnprocessableEntity(model, response, "error_message_code", "invalid_email");
    }
    List<IdentityProvider> identityProviderList = DomainFilter.getIdpsForEmailDomain(identityProviderProvisioning.retrieveAll(true, IdentityZoneHolder.get().getId()), email.getEmail());
    identityProviderList = identityProviderList.stream().filter(idp -> !idp.getOriginKey().equals(OriginKeys.UAA)).collect(Collectors.toList());
    if (!identityProviderList.isEmpty()) {
        model.addAttribute("email", email.getEmail());
        return handleUnprocessableEntity(model, response, "error_message_code", "other_idp");
    }
    PasswordConfirmationValidation validation = new PasswordConfirmationValidation(password, passwordConfirmation);
    if (!validation.valid()) {
        return handleUnprocessableEntity(model, response, "error_message_code", validation.getMessageCode());
    }
    try {
        accountCreationService.beginActivation(email.getEmail(), password, clientId, redirectUri);
    } catch (UaaException e) {
        return handleUnprocessableEntity(model, response, "error_message_code", "username_exists");
    } catch (InvalidPasswordException e) {
        return handleUnprocessableEntity(model, response, "error_message", e.getMessagesAsOneString());
    }
    return "redirect:accounts/email_sent";
}
Also used : BrandingInformation(org.cloudfoundry.identity.uaa.zone.BrandingInformation) UaaException(org.cloudfoundry.identity.uaa.error.UaaException) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 22 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class UaaResetPasswordService method changePasswordCodeAuthenticated.

private ResetPasswordResponse changePasswordCodeAuthenticated(ExpiringCode expiringCode, String newPassword) {
    String userId;
    String userName;
    Date passwordLastModified;
    String clientId;
    String redirectUri;
    PasswordChange change;
    try {
        change = JsonUtils.readValue(expiringCode.getData(), PasswordChange.class);
    } catch (JsonUtils.JsonUtilException x) {
        throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
    }
    userId = change.getUserId();
    userName = change.getUsername();
    passwordLastModified = change.getPasswordModifiedTime();
    clientId = change.getClientId();
    redirectUri = change.getRedirectUri();
    ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
    UaaUser uaaUser = getUaaUser(user);
    Authentication authentication = constructAuthentication(uaaUser);
    try {
        if (scimUserProvisioning.checkPasswordMatches(userId, newPassword, identityZoneManager.getCurrentIdentityZoneId())) {
            throw new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY);
        }
        if (isUserModified(user, userName, passwordLastModified)) {
            throw new UaaException("Invalid password reset request.");
        }
        if (!user.isVerified()) {
            scimUserProvisioning.verifyUser(userId, -1, identityZoneManager.getCurrentIdentityZoneId());
        }
        updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, newPassword);
        String redirectLocation = "home";
        if (!isEmpty(clientId) && !isEmpty(redirectUri)) {
            try {
                ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId());
                Set<String> redirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() : clientDetails.getRegisteredRedirectUri();
                String matchingRedirectUri = UaaUrlUtils.findMatchingRedirectUri(redirectUris, redirectUri, redirectLocation);
                if (matchingRedirectUri != null) {
                    redirectLocation = matchingRedirectUri;
                }
            } catch (NoSuchClientException nsce) {
            }
        }
        return new ResetPasswordResponse(user, redirectLocation, clientId);
    } catch (Exception e) {
        publish(new PasswordChangeFailureEvent(e.getMessage(), uaaUser, authentication, identityZoneManager.getCurrentIdentityZoneId()));
        throw e;
    }
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) UaaException(org.cloudfoundry.identity.uaa.error.UaaException) PasswordChangeFailureEvent(org.cloudfoundry.identity.uaa.account.event.PasswordChangeFailureEvent) Date(java.util.Date) InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) NoSuchClientException(org.springframework.security.oauth2.provider.NoSuchClientException) UaaException(org.cloudfoundry.identity.uaa.error.UaaException) InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) PasswordChange(org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange) JsonUtils(org.cloudfoundry.identity.uaa.util.JsonUtils) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) NoSuchClientException(org.springframework.security.oauth2.provider.NoSuchClientException)

Example 23 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class UaaResetPasswordService method resetUserPassword.

@Override
public void resetUserPassword(String userId, String password) {
    if (scimUserProvisioning.checkPasswordMatches(userId, password, identityZoneManager.getCurrentIdentityZoneId())) {
        throw new InvalidPasswordException(resourcePropertySource.getProperty("force_password_change.same_as_old").toString(), UNPROCESSABLE_ENTITY);
    }
    passwordValidator.validate(password);
    ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
    UaaUser uaaUser = getUaaUser(user);
    Authentication authentication = constructAuthentication(uaaUser);
    updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, password);
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)

Example 24 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class PasswordResetEndpointTest method passwordsMustSatisfyPolicy.

@Test
void passwordsMustSatisfyPolicy() throws Exception {
    doThrow(new InvalidPasswordException("Password flunks policy")).when(mockPasswordValidator).validate("new_secret");
    when(mockExpiringCodeStore.retrieveCode("emailed_code", currentZoneId)).thenReturn(new ExpiringCode("emailed_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), "{\"user_id\":\"eyedee\",\"username\":\"user@example.com\",\"passwordModifiedTime\":null,\"client_id\":\"\",\"redirect_uri\":\"\"}", null));
    MockHttpServletRequestBuilder post = post("/password_change").contentType(APPLICATION_JSON).content("{\"code\":\"emailed_code\",\"new_password\":\"new_secret\"}").accept(APPLICATION_JSON);
    mockMvc.perform(post).andExpect(status().isUnprocessableEntity()).andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject(new JSONObject().put("error_description", "Password flunks policy").put("message", "Password flunks policy").put("error", "invalid_password"))));
}
Also used : ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) JSONObject(org.json.JSONObject) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Timestamp(java.sql.Timestamp) Test(org.junit.jupiter.api.Test)

Example 25 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ResetPasswordAuthenticationEntryPointTests method test_when_invalid_password_exception.

@Test
public void test_when_invalid_password_exception() throws Exception {
    InvalidPasswordException pe = new InvalidPasswordException(Arrays.asList("one", "two"));
    BadCredentialsException be = new BadCredentialsException("", pe);
    entryPoint.commence(request, response, be);
    verify(request, times(1)).getRequestDispatcher(eq("/reset_password"));
    verify(request, times(1)).setAttribute(eq("message"), eq(pe.getMessagesAsOneString()));
    verify(requestDispatcher, timeout(1)).forward(any(HttpServletRequest.class), same(response));
    verify(response, times(1)).setStatus(eq(HttpStatus.UNPROCESSABLE_ENTITY.value()));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) Test(org.junit.Test)

Aggregations

InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)27 Test (org.junit.jupiter.api.Test)10 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)9 ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)8 Timestamp (java.sql.Timestamp)5 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)5 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)5 Date (java.util.Date)4 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)4 Matchers.containsString (org.hamcrest.Matchers.containsString)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)3 UaaException (org.cloudfoundry.identity.uaa.error.UaaException)3 ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)3 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 PasswordConfirmationValidation (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)2 PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)2