use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.
the class AuthenticationServiceImplTest method getPersistentLogin.
private PersistentLogin getPersistentLogin() {
PersistentLogin login = new PersistentLogin();
login.setId(PERSISTENT_LOGIN_ID);
login.setTenant(TENANT_NAME);
login.setProfileId(PROFILE1_ID.toString());
login.setToken(PERSISTENT_LOGIN_TOKEN);
login.setTimestamp(new Date());
return login;
}
use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.
the class RememberMeManagerImpl method deserializeLogin.
protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException {
String decryptedLogin;
try {
decryptedLogin = encryptor.decrypt(serializedLogin);
} catch (CryptoException e) {
throw new RememberMeException("Unable to decrypt remember me cookie", e);
}
String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR);
if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) {
PersistentLogin login = new PersistentLogin();
login.setId(splitSerializedLogin[0]);
login.setProfileId(splitSerializedLogin[1]);
login.setToken(splitSerializedLogin[2]);
return login;
} else {
throw new InvalidCookieException("Invalid format of remember me cookie");
}
}
use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.
the class RememberMeManagerImpl method updateRememberMe.
protected void updateRememberMe(String loginId, RequestContext context) throws RememberMeException {
PersistentLogin login;
try {
login = authenticationService.refreshPersistentLoginToken(loginId);
} catch (ProfileException e) {
throw new RememberMeException("Unable to update persistent login '" + loginId + "'", e);
}
logger.debug("Persistent login updated: {}", login);
addRememberMeCookie(serializeLogin(login), context.getResponse());
}
use of org.craftercms.profile.api.PersistentLogin in project engine by craftercms.
the class ProfileRememberMeServices method processAutoLoginCookie.
@Override
protected UserDetails processAutoLoginCookie(final String[] cookieTokens, final HttpServletRequest request, final HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException {
if (cookieTokens.length != 2) {
throw new InvalidCookieException("Cookie token did not contain 2 tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
}
final String presentedId = cookieTokens[0];
final String presentedToken = cookieTokens[1];
try {
PersistentLogin persistentLogin = authenticationService.getPersistentLogin(presentedId);
if (persistentLogin == null) {
// No series match, so we can't authenticate using this cookie
throw new RememberMeAuthenticationException("No persistent token found for id: " + presentedId);
}
// We have a match for this user/series combination
if (!presentedToken.equals(persistentLogin.getToken())) {
// Token doesn't match series value. Delete all logins for this user and throw
// an exception to warn them.
authenticationService.deletePersistentLogin(presentedId);
throw new CookieTheftException("Invalid remember-me token (id/token) mismatch. Implies previous cookie theft attack.");
}
if (persistentLogin.getTimestamp().getTime() + getTokenValiditySeconds() * 1000L < currentTimeMillis()) {
throw new RememberMeAuthenticationException("Remember-me login has expired");
}
// *same* series number.
if (logger.isDebugEnabled()) {
logger.debug("Refreshing persistent login token for profile '" + persistentLogin.getProfileId() + "', id '" + persistentLogin.getId() + "'");
}
persistentLogin = authenticationService.refreshPersistentLoginToken(presentedId);
setCookie(new String[] { persistentLogin.getId(), persistentLogin.getToken() }, getTokenValiditySeconds(), request, response);
return ((ProfileUserDetailsService) getUserDetailsService()).loadUserById(persistentLogin.getProfileId());
} catch (ProfileException e) {
throw new RememberMeAuthenticationException("Error validating persistent login " + presentedId, e);
}
}
Aggregations