Examples with PersistentLogin - org.craftercms.profile.api.PersistentLogin

Example 16 with PersistentLogin

use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.

the class AuthenticationServiceImplTest method getPersistentLogin.

private PersistentLogin getPersistentLogin() {
    PersistentLogin login = new PersistentLogin();
    login.setId(PERSISTENT_LOGIN_ID);
    login.setTenant(TENANT_NAME);
    login.setProfileId(PROFILE1_ID.toString());
    login.setToken(PERSISTENT_LOGIN_TOKEN);
    login.setTimestamp(new Date());
    return login;
}

Also used : PersistentLogin(org.craftercms.profile.api.PersistentLogin) Date(java.util.Date)

Example 17 with PersistentLogin

use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.

the class RememberMeManagerImpl method deserializeLogin.

protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException {
    String decryptedLogin;
    try {
        decryptedLogin = encryptor.decrypt(serializedLogin);
    } catch (CryptoException e) {
        throw new RememberMeException("Unable to decrypt remember me cookie", e);
    }
    String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR);
    if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) {
        PersistentLogin login = new PersistentLogin();
        login.setId(splitSerializedLogin[0]);
        login.setProfileId(splitSerializedLogin[1]);
        login.setToken(splitSerializedLogin[2]);
        return login;
    } else {
        throw new InvalidCookieException("Invalid format of remember me cookie");
    }
}

Also used : InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException) CryptoException(org.craftercms.commons.crypto.CryptoException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 18 with PersistentLogin

use of org.craftercms.profile.api.PersistentLogin in project profile by craftercms.

the class RememberMeManagerImpl method updateRememberMe.

protected void updateRememberMe(String loginId, RequestContext context) throws RememberMeException {
    PersistentLogin login;
    try {
        login = authenticationService.refreshPersistentLoginToken(loginId);
    } catch (ProfileException e) {
        throw new RememberMeException("Unable to update persistent login '" + loginId + "'", e);
    }
    logger.debug("Persistent login updated: {}", login);
    addRememberMeCookie(serializeLogin(login), context.getResponse());
}

Also used : ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 19 with PersistentLogin

use of org.craftercms.profile.api.PersistentLogin in project engine by craftercms.

the class ProfileRememberMeServices method processAutoLoginCookie.

@Override
protected UserDetails processAutoLoginCookie(final String[] cookieTokens, final HttpServletRequest request, final HttpServletResponse response) throws RememberMeAuthenticationException, UsernameNotFoundException {
    if (cookieTokens.length != 2) {
        throw new InvalidCookieException("Cookie token did not contain 2 tokens, but contained '" + Arrays.asList(cookieTokens) + "'");
    }
    final String presentedId = cookieTokens[0];
    final String presentedToken = cookieTokens[1];
    try {
        PersistentLogin persistentLogin = authenticationService.getPersistentLogin(presentedId);
        if (persistentLogin == null) {
            // No series match, so we can't authenticate using this cookie
            throw new RememberMeAuthenticationException("No persistent token found for id: " + presentedId);
        }
        // We have a match for this user/series combination
        if (!presentedToken.equals(persistentLogin.getToken())) {
            // Token doesn't match series value. Delete all logins for this user and throw
            // an exception to warn them.
            authenticationService.deletePersistentLogin(presentedId);
            throw new CookieTheftException("Invalid remember-me token (id/token) mismatch. Implies previous cookie theft attack.");
        }
        if (persistentLogin.getTimestamp().getTime() + getTokenValiditySeconds() * 1000L < currentTimeMillis()) {
            throw new RememberMeAuthenticationException("Remember-me login has expired");
        }
        // *same* series number.
        if (logger.isDebugEnabled()) {
            logger.debug("Refreshing persistent login token for profile '" + persistentLogin.getProfileId() + "', id '" + persistentLogin.getId() + "'");
        }
        persistentLogin = authenticationService.refreshPersistentLoginToken(presentedId);
        setCookie(new String[] { persistentLogin.getId(), persistentLogin.getToken() }, getTokenValiditySeconds(), request, response);
        return ((ProfileUserDetailsService) getUserDetailsService()).loadUserById(persistentLogin.getProfileId());
    } catch (ProfileException e) {
        throw new RememberMeAuthenticationException("Error validating persistent login " + presentedId, e);
    }
}

Also used : RememberMeAuthenticationException(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException) InvalidCookieException(org.springframework.security.web.authentication.rememberme.InvalidCookieException) CookieTheftException(org.springframework.security.web.authentication.rememberme.CookieTheftException) ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin)

Aggregations

PersistentLogin (org.craftercms.profile.api.PersistentLogin)19 Test (org.junit.Test)7 ProfileException (org.craftercms.profile.api.exceptions.ProfileException)5 RememberMeException (org.craftercms.security.exception.rememberme.RememberMeException)4 MongoDataException (org.craftercms.commons.mongo.MongoDataException)3 I10nProfileException (org.craftercms.profile.api.exceptions.I10nProfileException)3 Date (java.util.Date)2 InvalidCookieException (org.craftercms.security.exception.rememberme.InvalidCookieException)2 RememberMeAuthenticationException (org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException)2 CryptoException (org.craftercms.commons.crypto.CryptoException)1 Profile (org.craftercms.profile.api.Profile)1 DisabledProfileException (org.craftercms.profile.exceptions.DisabledProfileException)1 NoSuchPersistentLoginException (org.craftercms.profile.exceptions.NoSuchPersistentLoginException)1 Authentication (org.craftercms.security.authentication.Authentication)1 AuthenticationException (org.craftercms.security.exception.AuthenticationException)1 CookieTheftException (org.craftercms.security.exception.rememberme.CookieTheftException)1 CookieTheftException (org.springframework.security.web.authentication.rememberme.CookieTheftException)1 InvalidCookieException (org.springframework.security.web.authentication.rememberme.InvalidCookieException)1