Example 21 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class AccountsController method sendActivationEmail.
@RequestMapping(value = "/create_account.do", method = POST)
public String sendActivationEmail(Model model, HttpServletResponse response, @RequestParam(value = "client_id", required = false) String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, @Valid @ModelAttribute("email") ValidEmail email, BindingResult result, @RequestParam("password") String password, @RequestParam("password_confirmation") String passwordConfirmation, @RequestParam(value = "does_user_consent", required = false) boolean doesUserConsent) {
BrandingInformation zoneBranding = IdentityZoneHolder.get().getConfig().getBranding();
if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) {
return handleUnprocessableEntity(model, response, "error_message_code", "missing_consent");
}
if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) {
return handleSelfServiceDisabled(model, response, "error_message_code", "self_service_disabled");
}
if (result.hasErrors()) {
return handleUnprocessableEntity(model, response, "error_message_code", "invalid_email");
}
List<IdentityProvider> identityProviderList = DomainFilter.getIdpsForEmailDomain(identityProviderProvisioning.retrieveAll(true, IdentityZoneHolder.get().getId()), email.getEmail());
identityProviderList = identityProviderList.stream().filter(idp -> !idp.getOriginKey().equals(OriginKeys.UAA)).collect(Collectors.toList());
if (!identityProviderList.isEmpty()) {
model.addAttribute("email", email.getEmail());
return handleUnprocessableEntity(model, response, "error_message_code", "other_idp");
}
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(password, passwordConfirmation);
if (!validation.valid()) {
return handleUnprocessableEntity(model, response, "error_message_code", validation.getMessageCode());
}
try {
accountCreationService.beginActivation(email.getEmail(), password, clientId, redirectUri);
} catch (UaaException e) {
return handleUnprocessableEntity(model, response, "error_message_code", "username_exists");
} catch (InvalidPasswordException e) {
return handleUnprocessableEntity(model, response, "error_message", e.getMessagesAsOneString());
}
return "redirect:accounts/email_sent";
}
Also used :
BrandingInformation(org.cloudfoundry.identity.uaa.zone.BrandingInformation)
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 22 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaResetPasswordService method changePasswordCodeAuthenticated.
private ResetPasswordResponse changePasswordCodeAuthenticated(ExpiringCode expiringCode, String newPassword) {
String userId;
String userName;
Date passwordLastModified;
String clientId;
String redirectUri;
PasswordChange change;
try {
change = JsonUtils.readValue(expiringCode.getData(), PasswordChange.class);
} catch (JsonUtils.JsonUtilException x) {
throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
}
userId = change.getUserId();
userName = change.getUsername();
passwordLastModified = change.getPasswordModifiedTime();
clientId = change.getClientId();
redirectUri = change.getRedirectUri();
ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
UaaUser uaaUser = getUaaUser(user);
Authentication authentication = constructAuthentication(uaaUser);
try {
if (scimUserProvisioning.checkPasswordMatches(userId, newPassword, identityZoneManager.getCurrentIdentityZoneId())) {
throw new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY);
}
if (isUserModified(user, userName, passwordLastModified)) {
throw new UaaException("Invalid password reset request.");
}
if (!user.isVerified()) {
scimUserProvisioning.verifyUser(userId, -1, identityZoneManager.getCurrentIdentityZoneId());
}
updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, newPassword);
String redirectLocation = "home";
if (!isEmpty(clientId) && !isEmpty(redirectUri)) {
try {
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId());
Set<String> redirectUris = clientDetails.getRegisteredRedirectUri() == null ? Collections.emptySet() : clientDetails.getRegisteredRedirectUri();
String matchingRedirectUri = UaaUrlUtils.findMatchingRedirectUri(redirectUris, redirectUri, redirectLocation);
if (matchingRedirectUri != null) {
redirectLocation = matchingRedirectUri;
}
} catch (NoSuchClientException nsce) {
}
}
return new ResetPasswordResponse(user, redirectLocation, clientId);
} catch (Exception e) {
publish(new PasswordChangeFailureEvent(e.getMessage(), uaaUser, authentication, identityZoneManager.getCurrentIdentityZoneId()));
throw e;
}
}
Also used :
ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser)
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
PasswordChangeFailureEvent(org.cloudfoundry.identity.uaa.account.event.PasswordChangeFailureEvent)
Date(java.util.Date)
InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
NoSuchClientException(org.springframework.security.oauth2.provider.NoSuchClientException)
UaaException(org.cloudfoundry.identity.uaa.error.UaaException)
InvalidCodeException(org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
PasswordChange(org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange)
JsonUtils(org.cloudfoundry.identity.uaa.util.JsonUtils)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
NoSuchClientException(org.springframework.security.oauth2.provider.NoSuchClientException)
Example 23 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class UaaResetPasswordService method resetUserPassword.
@Override
public void resetUserPassword(String userId, String password) {
if (scimUserProvisioning.checkPasswordMatches(userId, password, identityZoneManager.getCurrentIdentityZoneId())) {
throw new InvalidPasswordException(resourcePropertySource.getProperty("force_password_change.same_as_old").toString(), UNPROCESSABLE_ENTITY);
}
passwordValidator.validate(password);
ScimUser user = scimUserProvisioning.retrieve(userId, identityZoneManager.getCurrentIdentityZoneId());
UaaUser uaaUser = getUaaUser(user);
Authentication authentication = constructAuthentication(uaaUser);
updatePasswordAndPublishEvent(scimUserProvisioning, uaaUser, authentication, password);
}
Also used :
ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
Example 24 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class PasswordResetEndpointTest method passwordsMustSatisfyPolicy.
@Test
void passwordsMustSatisfyPolicy() throws Exception {
doThrow(new InvalidPasswordException("Password flunks policy")).when(mockPasswordValidator).validate("new_secret");
when(mockExpiringCodeStore.retrieveCode("emailed_code", currentZoneId)).thenReturn(new ExpiringCode("emailed_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), "{\"user_id\":\"eyedee\",\"username\":\"user@example.com\",\"passwordModifiedTime\":null,\"client_id\":\"\",\"redirect_uri\":\"\"}", null));
MockHttpServletRequestBuilder post = post("/password_change").contentType(APPLICATION_JSON).content("{\"code\":\"emailed_code\",\"new_password\":\"new_secret\"}").accept(APPLICATION_JSON);
mockMvc.perform(post).andExpect(status().isUnprocessableEntity()).andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject(new JSONObject().put("error_description", "Password flunks policy").put("message", "Password flunks policy").put("error", "invalid_password"))));
}
Also used :
ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode)
JSONObject(org.json.JSONObject)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
Timestamp(java.sql.Timestamp)
Test(org.junit.jupiter.api.Test)
Example 25 with InvalidPasswordException
use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.
the class ResetPasswordAuthenticationEntryPointTests method test_when_invalid_password_exception.
@Test
public void test_when_invalid_password_exception() throws Exception {
InvalidPasswordException pe = new InvalidPasswordException(Arrays.asList("one", "two"));
BadCredentialsException be = new BadCredentialsException("", pe);
entryPoint.commence(request, response, be);
verify(request, times(1)).getRequestDispatcher(eq("/reset_password"));
verify(request, times(1)).setAttribute(eq("message"), eq(pe.getMessagesAsOneString()));
verify(requestDispatcher, timeout(1)).forward(any(HttpServletRequest.class), same(response));
verify(response, times(1)).setStatus(eq(HttpStatus.UNPROCESSABLE_ENTITY.value()));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Test(org.junit.Test)
Aggregations
InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)27
Test (org.junit.jupiter.api.Test)10
ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)9
ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)8
Timestamp (java.sql.Timestamp)5
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)5
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)5
Date (java.util.Date)4
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)4
Matchers.containsString (org.hamcrest.Matchers.containsString)4
Test (org.junit.Test)4
Authentication (org.springframework.security.core.Authentication)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4
InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)3
UaaException (org.cloudfoundry.identity.uaa.error.UaaException)3
ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)3
UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3
SecurityContext (org.springframework.security.core.context.SecurityContext)3
PasswordConfirmationValidation (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)2
PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)2
