use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.
the class RememberMeManagerImpl method serializeLogin.
protected String serializeLogin(PersistentLogin login) throws RememberMeException {
StringBuilder serializedLogin = new StringBuilder();
serializedLogin.append(login.getId()).append(SERIALIZED_LOGIN_SEPARATOR);
serializedLogin.append(login.getProfileId()).append(SERIALIZED_LOGIN_SEPARATOR);
serializedLogin.append(login.getToken());
try {
return encryptor.encrypt(serializedLogin.toString());
} catch (CryptoException e) {
throw new RememberMeException("Unable to encrypt remember me cookie", e);
}
}
use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.
the class RememberMeManagerImpl method autoLogin.
@Override
public Authentication autoLogin(RequestContext context) throws RememberMeException {
PersistentLogin login = getPersistentLoginFromCookie(context.getRequest());
if (login != null) {
PersistentLogin actualLogin;
try {
actualLogin = authenticationService.getPersistentLogin(login.getId());
} catch (ProfileException e) {
throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'");
}
if (actualLogin != null) {
if (!login.getProfileId().equals(actualLogin.getProfileId())) {
throw new InvalidCookieException("Profile ID mismatch");
} else if (!login.getToken().equals(actualLogin.getToken())) {
throw new CookieTheftException("Token mismatch. Implies a cookie theft");
} else {
String loginId = actualLogin.getId();
String profileId = actualLogin.getProfileId();
logger.debug("Remember me cookie match for {}. Starting auto-login", actualLogin);
Authentication auth;
try {
auth = authenticate(profileId);
} catch (AuthenticationException e) {
// Delete remember me cookie so that we don't retry auto login in next request
disableRememberMe(loginId, context);
throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
}
updateRememberMe(loginId, context);
return auth;
}
} else {
logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());
deleteRememberMeCookie(context.getResponse());
return null;
}
} else {
return null;
}
}
use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.
the class RememberMeManagerImpl method enableRememberMe.
@Override
public void enableRememberMe(Authentication authentication, RequestContext context) throws RememberMeException {
String profileId = authentication.getProfile().getId().toString();
PersistentLogin login;
try {
login = authenticationService.createPersistentLogin(profileId);
} catch (ProfileException e) {
throw new RememberMeException("Error creating persistent login for profile '" + profileId + "'", e);
}
logger.debug("Persistent login created: {}", login);
addRememberMeCookie(serializeLogin(login), context.getResponse());
}
use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.
the class RememberMeManagerImpl method deserializeLogin.
protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException {
String decryptedLogin;
try {
decryptedLogin = encryptor.decrypt(serializedLogin);
} catch (CryptoException e) {
throw new RememberMeException("Unable to decrypt remember me cookie", e);
}
String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR);
if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) {
PersistentLogin login = new PersistentLogin();
login.setId(splitSerializedLogin[0]);
login.setProfileId(splitSerializedLogin[1]);
login.setToken(splitSerializedLogin[2]);
return login;
} else {
throw new InvalidCookieException("Invalid format of remember me cookie");
}
}
use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.
the class RememberMeManagerImpl method updateRememberMe.
protected void updateRememberMe(String loginId, RequestContext context) throws RememberMeException {
PersistentLogin login;
try {
login = authenticationService.refreshPersistentLoginToken(loginId);
} catch (ProfileException e) {
throw new RememberMeException("Unable to update persistent login '" + loginId + "'", e);
}
logger.debug("Persistent login updated: {}", login);
addRememberMeCookie(serializeLogin(login), context.getResponse());
}
Aggregations