Examples with CookieTheftException - org.craftercms.security.exception.rememberme.CookieTheftException

Example 1 with CookieTheftException

use of org.craftercms.security.exception.rememberme.CookieTheftException in project profile by craftercms.

the class RememberMeManagerImpl method autoLogin.

@Override
public Authentication autoLogin(RequestContext context) throws RememberMeException {
    PersistentLogin login = getPersistentLoginFromCookie(context.getRequest());
    if (login != null) {
        PersistentLogin actualLogin;
        try {
            actualLogin = authenticationService.getPersistentLogin(login.getId());
        } catch (ProfileException e) {
            throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'");
        }
        if (actualLogin != null) {
            if (!login.getProfileId().equals(actualLogin.getProfileId())) {
                throw new InvalidCookieException("Profile ID mismatch");
            } else if (!login.getToken().equals(actualLogin.getToken())) {
                throw new CookieTheftException("Token mismatch. Implies a cookie theft");
            } else {
                String loginId = actualLogin.getId();
                String profileId = actualLogin.getProfileId();
                logger.debug("Remember me cookie match for {}. Starting auto-login", actualLogin);
                Authentication auth;
                try {
                    auth = authenticate(profileId);
                } catch (AuthenticationException e) {
                    // Delete remember me cookie so that we don't retry auto login in next request
                    disableRememberMe(loginId, context);
                    throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
                }
                updateRememberMe(loginId, context);
                return auth;
            }
        } else {
            logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());
            deleteRememberMeCookie(context.getResponse());
            return null;
        }
    } else {
        return null;
    }
}

Also used : InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException) CookieTheftException(org.craftercms.security.exception.rememberme.CookieTheftException) AuthenticationException(org.craftercms.security.exception.AuthenticationException) Authentication(org.craftercms.security.authentication.Authentication) ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Aggregations

PersistentLogin (org.craftercms.profile.api.PersistentLogin)1 ProfileException (org.craftercms.profile.api.exceptions.ProfileException)1 Authentication (org.craftercms.security.authentication.Authentication)1 AuthenticationException (org.craftercms.security.exception.AuthenticationException)1 CookieTheftException (org.craftercms.security.exception.rememberme.CookieTheftException)1 InvalidCookieException (org.craftercms.security.exception.rememberme.InvalidCookieException)1 RememberMeException (org.craftercms.security.exception.rememberme.RememberMeException)1