Search in sources :

Example 1 with RememberMeException

use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.

the class RememberMeManagerImpl method serializeLogin.

protected String serializeLogin(PersistentLogin login) throws RememberMeException {
    StringBuilder serializedLogin = new StringBuilder();
    serializedLogin.append(login.getId()).append(SERIALIZED_LOGIN_SEPARATOR);
    serializedLogin.append(login.getProfileId()).append(SERIALIZED_LOGIN_SEPARATOR);
    serializedLogin.append(login.getToken());
    try {
        return encryptor.encrypt(serializedLogin.toString());
    } catch (CryptoException e) {
        throw new RememberMeException("Unable to encrypt remember me cookie", e);
    }
}
Also used : CryptoException(org.craftercms.commons.crypto.CryptoException) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 2 with RememberMeException

use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.

the class RememberMeManagerImpl method autoLogin.

@Override
public Authentication autoLogin(RequestContext context) throws RememberMeException {
    PersistentLogin login = getPersistentLoginFromCookie(context.getRequest());
    if (login != null) {
        PersistentLogin actualLogin;
        try {
            actualLogin = authenticationService.getPersistentLogin(login.getId());
        } catch (ProfileException e) {
            throw new RememberMeException("Error retrieving persistent login '" + login.getProfileId() + "'");
        }
        if (actualLogin != null) {
            if (!login.getProfileId().equals(actualLogin.getProfileId())) {
                throw new InvalidCookieException("Profile ID mismatch");
            } else if (!login.getToken().equals(actualLogin.getToken())) {
                throw new CookieTheftException("Token mismatch. Implies a cookie theft");
            } else {
                String loginId = actualLogin.getId();
                String profileId = actualLogin.getProfileId();
                logger.debug("Remember me cookie match for {}. Starting auto-login", actualLogin);
                Authentication auth;
                try {
                    auth = authenticate(profileId);
                } catch (AuthenticationException e) {
                    // Delete remember me cookie so that we don't retry auto login in next request
                    disableRememberMe(loginId, context);
                    throw new RememberMeException("Unable to auto-login user '" + profileId + "'", e);
                }
                updateRememberMe(loginId, context);
                return auth;
            }
        } else {
            logger.debug("No persistent login found for ID '{}' (has possibly expired)", login.getId());
            deleteRememberMeCookie(context.getResponse());
            return null;
        }
    } else {
        return null;
    }
}
Also used : InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException) CookieTheftException(org.craftercms.security.exception.rememberme.CookieTheftException) AuthenticationException(org.craftercms.security.exception.AuthenticationException) Authentication(org.craftercms.security.authentication.Authentication) ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 3 with RememberMeException

use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.

the class RememberMeManagerImpl method enableRememberMe.

@Override
public void enableRememberMe(Authentication authentication, RequestContext context) throws RememberMeException {
    String profileId = authentication.getProfile().getId().toString();
    PersistentLogin login;
    try {
        login = authenticationService.createPersistentLogin(profileId);
    } catch (ProfileException e) {
        throw new RememberMeException("Error creating persistent login for profile '" + profileId + "'", e);
    }
    logger.debug("Persistent login created: {}", login);
    addRememberMeCookie(serializeLogin(login), context.getResponse());
}
Also used : ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 4 with RememberMeException

use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.

the class RememberMeManagerImpl method deserializeLogin.

protected PersistentLogin deserializeLogin(String serializedLogin) throws RememberMeException {
    String decryptedLogin;
    try {
        decryptedLogin = encryptor.decrypt(serializedLogin);
    } catch (CryptoException e) {
        throw new RememberMeException("Unable to decrypt remember me cookie", e);
    }
    String[] splitSerializedLogin = StringUtils.split(decryptedLogin, SERIALIZED_LOGIN_SEPARATOR);
    if (ArrayUtils.isNotEmpty(splitSerializedLogin) && splitSerializedLogin.length == 3) {
        PersistentLogin login = new PersistentLogin();
        login.setId(splitSerializedLogin[0]);
        login.setProfileId(splitSerializedLogin[1]);
        login.setToken(splitSerializedLogin[2]);
        return login;
    } else {
        throw new InvalidCookieException("Invalid format of remember me cookie");
    }
}
Also used : InvalidCookieException(org.craftercms.security.exception.rememberme.InvalidCookieException) CryptoException(org.craftercms.commons.crypto.CryptoException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Example 5 with RememberMeException

use of org.craftercms.security.exception.rememberme.RememberMeException in project profile by craftercms.

the class RememberMeManagerImpl method updateRememberMe.

protected void updateRememberMe(String loginId, RequestContext context) throws RememberMeException {
    PersistentLogin login;
    try {
        login = authenticationService.refreshPersistentLoginToken(loginId);
    } catch (ProfileException e) {
        throw new RememberMeException("Unable to update persistent login '" + loginId + "'", e);
    }
    logger.debug("Persistent login updated: {}", login);
    addRememberMeCookie(serializeLogin(login), context.getResponse());
}
Also used : ProfileException(org.craftercms.profile.api.exceptions.ProfileException) PersistentLogin(org.craftercms.profile.api.PersistentLogin) RememberMeException(org.craftercms.security.exception.rememberme.RememberMeException)

Aggregations

RememberMeException (org.craftercms.security.exception.rememberme.RememberMeException)6 PersistentLogin (org.craftercms.profile.api.PersistentLogin)4 ProfileException (org.craftercms.profile.api.exceptions.ProfileException)4 CryptoException (org.craftercms.commons.crypto.CryptoException)2 InvalidCookieException (org.craftercms.security.exception.rememberme.InvalidCookieException)2 Authentication (org.craftercms.security.authentication.Authentication)1 AuthenticationException (org.craftercms.security.exception.AuthenticationException)1 CookieTheftException (org.craftercms.security.exception.rememberme.CookieTheftException)1