use of org.openkilda.exception.InvalidOtpException in project open-kilda by telstra.
the class LoginController method authenticate.
/**
* Authenticate.
*
* @param username the username
* @param password the password
* @param request the request
* @return the model and view
*/
@RequestMapping(value = "/authenticate", method = RequestMethod.POST)
public ModelAndView authenticate(@RequestParam("username") String username, @RequestParam("password") final String password, final HttpServletRequest request, RedirectAttributes redir) {
ModelAndView modelAndView = new ModelAndView(IConstants.View.LOGIN);
String error = null;
username = username != null ? username.toLowerCase() : null;
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
CustomWebAuthenticationDetails customWebAuthenticationDetails = new CustomWebAuthenticationDetails(request);
token.setDetails(customWebAuthenticationDetails);
try {
HttpSession sessionOld = request.getSession(false);
if (sessionOld != null && !sessionOld.isNew()) {
sessionOld.invalidate();
}
Authentication authenticate = authenticationManager.authenticate(token);
if (authenticate.isAuthenticated()) {
modelAndView.setViewName(IConstants.View.REDIRECT_HOME);
UserInfo userInfo = getLoggedInUser(request);
userService.populateUserInfo(userInfo, username);
request.getSession(true).setAttribute(IConstants.SESSION_OBJECT, userInfo);
SecurityContextHolder.getContext().setAuthentication(authenticate);
userService.updateLoginDetail(username);
} else {
error = "Login failed; Invalid email or password.";
LOGGER.warn("Authentication failure for user: '" + username + "'");
modelAndView.setViewName(IConstants.View.REDIRECT_LOGIN);
}
} catch (TwoFaKeyNotSetException e) {
LOGGER.warn("2 FA Key not set for user: '" + username + "'");
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
String secretKey = TwoFactorUtility.getBase32EncryptedKey();
modelAndView.addObject("key", secretKey);
userService.updateUser2FaKey(username, secretKey);
modelAndView.addObject("applicationName", applicationName);
modelAndView.setViewName(IConstants.View.TWO_FA_GENERATOR);
} catch (OtpRequiredException e) {
LOGGER.warn("OTP required for user: '" + username + "'");
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.addObject("applicationName", applicationName);
modelAndView.setViewName(IConstants.View.OTP);
} catch (InvalidOtpException e) {
LOGGER.warn("Authentication code is invalid for user: '" + username + "'");
error = "Authentication code is invalid";
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.addObject("applicationName", applicationName);
if (customWebAuthenticationDetails.isConfigure2Fa()) {
UserEntity userInfo = userService.getUserByUsername(username);
modelAndView.addObject("key", userInfo.getTwoFaKey());
modelAndView.setViewName(IConstants.View.TWO_FA_GENERATOR);
} else {
modelAndView.setViewName(IConstants.View.OTP);
}
} catch (BadCredentialsException e) {
LOGGER.warn("Authentication failure", e);
error = e.getMessage();
modelAndView.setViewName(IConstants.View.REDIRECT_LOGIN);
} catch (LockedException e) {
error = e.getMessage();
modelAndView.setViewName(IConstants.View.REDIRECT_LOGIN);
} catch (Exception e) {
LOGGER.warn("Authentication failure", e);
error = "Login Failed. Error: " + e.getMessage() + ".";
modelAndView.setViewName(IConstants.View.REDIRECT_LOGIN);
}
if (error != null) {
redir.addFlashAttribute("error", error);
}
return modelAndView;
}
use of org.openkilda.exception.InvalidOtpException in project open-kilda by telstra.
the class CustomAuthenticationProvider method authenticate.
/*
* (non-Javadoc)
*
* @see org.springframework.security.authentication.dao.
* AbstractUserDetailsAuthenticationProvider#authenticate(org.
* springframework.security.core.Authentication)
*/
@Override
public Authentication authenticate(final Authentication auth) throws org.springframework.security.core.AuthenticationException {
CustomWebAuthenticationDetails customWebAuthenticationDetails = ((CustomWebAuthenticationDetails) auth.getDetails());
String verificationCode = customWebAuthenticationDetails.getVerificationCode();
UserEntity user = userRepository.findByUsernameIgnoreCase(auth.getName());
if (user == null || !user.getActiveFlag()) {
throw new BadCredentialsException("Login failed; Invalid email or password.");
}
String loginCount = null;
String unlockTime = null;
if (user.getUserId() != 1) {
loginCount = applicationSettingService.getApplicationSetting(ApplicationSetting.INVALID_LOGIN_ATTEMPT);
unlockTime = applicationSettingService.getApplicationSetting(ApplicationSetting.USER_ACCOUNT_UNLOCK_TIME);
if (!user.getStatusEntity().getStatus().equalsIgnoreCase("ACTIVE")) {
checkUserLoginAttempts(user, loginCount, unlockTime);
}
}
try {
final Authentication result = super.authenticate(auth);
if (user.getIs2FaEnabled()) {
if (!user.getIs2FaConfigured() && !customWebAuthenticationDetails.isConfigure2Fa()) {
throw new TwoFaKeyNotSetException();
} else {
if (verificationCode == null || verificationCode.isEmpty()) {
throw new OtpRequiredException();
} else if (!TwoFactorUtility.validateOtp(verificationCode, user.getTwoFaKey())) {
throw new InvalidOtpException("Invalid verfication code");
}
}
}
return new UsernamePasswordAuthenticationToken(user, result.getCredentials(), result.getAuthorities());
} catch (BadCredentialsException e) {
String error = null;
if (user.getUserId() != 1) {
error = updateInvalidLoginAttempts(user, loginCount, unlockTime);
} else {
error = "Login Failed.Invalid email or password.";
}
throw new BadCredentialsException(error);
}
}
Aggregations