Examples with RegistrationNotAllowed org.gluu.oxauth.model.fido.u2f.exception.RegistrationNotAllowed used on opensource projects

Search in sources :

Example 1 with RegistrationNotAllowed

use of org.gluu.oxauth.model.fido.u2f.exception.RegistrationNotAllowed in project oxAuth by GluuFederation.

the class U2fRegistrationWS method startRegistration.

@GET
@Produces({ "application/json" })
public Response startRegistration(@QueryParam("username") String userName, @QueryParam("application") String appId, @QueryParam("session_id") String sessionId, @QueryParam("enrollment_code") String enrollmentCode) {
    // Parameter username is deprecated. We uses it only to determine is it's one or two step workflow
    try {
        if (appConfiguration.getDisableU2fEndpoint()) {
            return Response.status(Status.FORBIDDEN).build();
        }
        log.debug("Startig registration with username '{}' for appId '{}'. session_id '{}', enrollment_code '{}'", userName, appId, sessionId, enrollmentCode);
        String userInum = null;
        boolean sessionBasedEnrollment = false;
        boolean twoStep = StringHelper.isNotEmpty(userName);
        if (twoStep) {
            boolean removeEnrollment = false;
            if (StringHelper.isNotEmpty(sessionId)) {
                boolean valid = u2fValidationService.isValidSessionId(userName, sessionId);
                if (!valid) {
                    throw new BadInputException(String.format("session_id '%s' is invalid", sessionId));
                }
                sessionBasedEnrollment = true;
            } else if (StringHelper.isNotEmpty(enrollmentCode)) {
                boolean valid = u2fValidationService.isValidEnrollmentCode(userName, enrollmentCode);
                if (!valid) {
                    throw new BadInputException(String.format("enrollment_code '%s' is invalid", enrollmentCode));
                }
                removeEnrollment = true;
            } else {
                throw new BadInputException("session_id or enrollment_code is mandatory");
            }
            User user = userService.getUser(userName);
            userInum = userService.getUserInum(user);
            if (StringHelper.isEmpty(userInum)) {
                throw new BadInputException(String.format("Failed to find user '%s' in LDAP", userName));
            }
            if (removeEnrollment) {
                // We allow to use enrollment code only one time
                user.setAttribute(U2fConstants.U2F_ENROLLMENT_CODE_ATTRIBUTE, "");
                userService.updateUser(user);
            }
        }
        if (sessionBasedEnrollment) {
            List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
            if (deviceRegistrations.size() > 0 && !isCurrentAuthenticationLevelCorrespondsToU2fLevel(sessionId)) {
                throw new RegistrationNotAllowed(String.format("It's not possible to start registration with user_name and session_id because user '%s' has already enrolled device", userName));
            }
        }
        RegisterRequestMessage registerRequestMessage = u2fRegistrationService.builRegisterRequestMessage(appId, userInum);
        u2fRegistrationService.storeRegisterRequestMessage(registerRequestMessage, userInum, sessionId);
        // Convert manually to avoid possible conflict between resteasy providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(registerRequestMessage);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        if (ex instanceof RegistrationNotAllowed) {
            throw new WebApplicationException(Response.status(Response.Status.NOT_ACCEPTABLE).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.REGISTRATION_NOT_ALLOWED)).build());
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
    }
}
Also used : BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) User(org.gluu.oxauth.model.common.User) RegistrationNotAllowed(org.gluu.oxauth.model.fido.u2f.exception.RegistrationNotAllowed) RegisterRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.RegisterRequestMessage) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)

Aggregations

User (org.gluu.oxauth.model.common.User)1 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1 RegistrationNotAllowed (org.gluu.oxauth.model.fido.u2f.exception.RegistrationNotAllowed)1 RegisterRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.RegisterRequestMessage)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial