Example 1 with InvalidCookieException
use of org.craftercms.security.exception.rememberme.InvalidCookieException in project profile by craftercms.
the class RememberMeManagerImpl method autoLogin.
@Override
public Authentication autoLogin(RequestContext context) throws RememberMeException {
PersistentLogin login = getPersistentLoginFromCookie(context.getRequest());
if (login != null) {
PersistentLogin actualLogin;
try {
actualLogin = authenticationService.getPersistentLogin(login.getId());
} catch (ProfileException e) {
throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'");
}
if (actualLogin != null) {
if (!login.getProfileId().equals(actualLogin.getProfileId())) {
throw new InvalidCookieException("Profile ID mismatch");
} else if (!login.getToken().equals(actualLogin.getToken())) {
throw new CookieTheftException("Token mismatch. Implies a cookie theft");
} else {
String loginId = actualLogin.getId();
String profileId = actualLogin.getProfileId();
logger.debug("Remember me cookie match for {}. Starting auto-login", actualLogin);
Authentication auth;
try {
auth = authenticate(profileId);
} catch (AuthenticationException e) {
// Delete remember me cookie so that we don't retry auto login in next request
disableRememberMe(loginId, context);
throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
}
updateRememberMe(loginId, context);
return auth;
}
} else {
logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());
deleteRememberMeCookie(context.getResponse());
return null;
}
} else {
return null;
}
}
Also used :
InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException)
CookieTheftException(org.craftercms.security.exception.rememberme.CookieTheftException)
AuthenticationException(org.craftercms.security.exception.AuthenticationException)
Authentication(org.craftercms.security.authentication.Authentication)
ProfileException(org.craftercms.profile.api.exceptions.ProfileException)
PersistentLogin(org.craftercms.profile.api.PersistentLogin)
RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)
Example 2 with InvalidCookieException
use of org.craftercms.security.exception.rememberme.InvalidCookieException in project profile by craftercms.
the class RememberMeManagerImpl method deserializeLogin.
protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException {
String decryptedLogin;
try {
decryptedLogin = encryptor.decrypt(serializedLogin);
} catch (CryptoException e) {
throw new RememberMeException("Unable to decrypt remember me cookie", e);
}
String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR);
if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) {
PersistentLogin login = new PersistentLogin();
login.setId(splitSerializedLogin[0]);
login.setProfileId(splitSerializedLogin[1]);
login.setToken(splitSerializedLogin[2]);
return login;
} else {
throw new InvalidCookieException("Invalid format of remember me cookie");
}
}
Also used :
InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException)
CryptoException(org.craftercms.commons.crypto.CryptoException)
PersistentLogin(org.craftercms.profile.api.PersistentLogin)
RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)
Aggregations
PersistentLogin (org.craftercms.profile.api.PersistentLogin)2
InvalidCookieException (org.craftercms.security.exception.rememberme.InvalidCookieException)2
RememberMeException (org.craftercms.security.exception.rememberme.RememberMeException)2
CryptoException (org.craftercms.commons.crypto.CryptoException)1
ProfileException (org.craftercms.profile.api.exceptions.ProfileException)1
Authentication (org.craftercms.security.authentication.Authentication)1
AuthenticationException (org.craftercms.security.exception.AuthenticationException)1
CookieTheftException (org.craftercms.security.exception.rememberme.CookieTheftException)1
