use of org.orcid.frontend.web.exception.VerificationCodeFor2FARequiredException in project ORCID-Source by ORCID.
the class OauthLoginController method authenticateAndAuthorize.
@RequestMapping(value = { "/oauth/custom/signin.json", "/oauth/custom/login.json" }, method = RequestMethod.POST)
@ResponseBody
public OauthAuthorizeForm authenticateAndAuthorize(HttpServletRequest request, HttpServletResponse response, @RequestBody OauthAuthorizeForm form) {
// Clean form errors
form.setErrors(new ArrayList<String>());
RequestInfoForm requestInfoForm = (RequestInfoForm) request.getSession().getAttribute(REQUEST_INFO_FORM);
boolean willBeRedirected = false;
if (form.getApproved()) {
// Validate name and password
validateUserNameAndPassword(form);
if (form.getErrors().isEmpty()) {
try {
// Authenticate user
copy2FAFields(form, request);
Authentication auth = authenticateUser(request, form.getUserName().getValue(), form.getPassword().getValue());
profileEntityManager.updateLastLoginDetails(auth.getName(), OrcidRequestUtil.getIpAddress(request));
// Create authorization params
SimpleSessionStatus status = new SimpleSessionStatus();
Map<String, Object> model = new HashMap<String, Object>();
Map<String, String> params = new HashMap<String, String>();
Map<String, String> approvalParams = new HashMap<String, String>();
fillOauthParams(requestInfoForm, params, approvalParams, form.getPersistentTokenEnabled(), form.isEmailAccessAllowed());
// Authorize
try {
authorizationEndpoint.authorize(model, params, status, auth);
} catch (RedirectMismatchException rUriError) {
String redirectUri = this.getBaseUri() + REDIRECT_URI_ERROR;
// Set the client id
redirectUri = redirectUri.replace("{0}", requestInfoForm.getClientId());
// Set the response type if needed
if (!PojoUtil.isEmpty(requestInfoForm.getResponseType()))
redirectUri += "&response_type=" + requestInfoForm.getResponseType();
// Set the redirect uri
if (!PojoUtil.isEmpty(requestInfoForm.getRedirectUrl()))
redirectUri += "&redirect_uri=" + requestInfoForm.getRedirectUrl();
// Set the scope param
if (!PojoUtil.isEmpty(requestInfoForm.getScopesAsString()))
redirectUri += "&scope=" + requestInfoForm.getScopesAsString();
// Copy the state param if present
if (!PojoUtil.isEmpty(requestInfoForm.getStateParam()))
redirectUri += "&state=" + requestInfoForm.getStateParam();
form.setRedirectUrl(redirectUri);
LOGGER.info("OauthLoginController being sent to client browser: " + form.getRedirectUrl());
return form;
}
// Approve
RedirectView view = (RedirectView) authorizationEndpoint.approveOrDeny(approvalParams, model, status, auth);
form.setRedirectUrl(view.getUrl());
willBeRedirected = true;
} catch (AuthenticationException ae) {
if (ae.getCause() instanceof DisabledException) {
// Handle this message in angular to allow AJAX action
form.getErrors().add("orcid.frontend.security.orcid_deactivated");
} else if (ae.getCause() instanceof UnclaimedProfileExistsException) {
String email = PojoUtil.isEmpty(form.getUserName()) ? null : form.getUserName().getValue();
String resendEmailUrl = createResendClaimUrl(email, request);
String errorMessage = getMessage("orcid.frontend.security.unclaimed_exists_1");
errorMessage += "<a href=\"" + resendEmailUrl + "\">";
errorMessage += getMessage("orcid.frontend.security.unclaimed_exists_2");
errorMessage += "</a>" + getMessage("orcid.frontend.security.unclaimed_exists_3");
form.getErrors().add(errorMessage);
} else if (ae instanceof VerificationCodeFor2FARequiredException) {
form.setVerificationCodeRequired(true);
} else if (ae instanceof Bad2FAVerificationCodeException) {
form.getErrors().add(getMessage("orcid.frontend.security.2fa.bad_verification_code"));
} else if (ae instanceof Bad2FARecoveryCodeException) {
form.getErrors().add(getMessage("orcid.frontend.security.2fa.bad_recovery_code"));
} else {
form.getErrors().add(getMessage("orcid.frontend.security.bad_credentials"));
}
}
}
} else {
form.setRedirectUrl(buildDenyRedirectUri(requestInfoForm.getRedirectUrl(), requestInfoForm.getStateParam()));
willBeRedirected = true;
}
// not be redirected yet
if (willBeRedirected) {
if (new HttpSessionRequestCache().getRequest(request, response) != null)
new HttpSessionRequestCache().removeRequest(request, response);
LOGGER.info("OauthConfirmAccessController form.getRedirectUri being sent to client browser: " + requestInfoForm.getRedirectUrl());
}
return form;
}
use of org.orcid.frontend.web.exception.VerificationCodeFor2FARequiredException in project ORCID-Source by ORCID.
the class AjaxAuthenticationFailureHandler method onAuthenticationFailure.
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.setContentType("application/json");
PrintWriter writer = response.getWriter();
writer.println("{");
writer.println("\"success\": false");
if (exception.getCause() instanceof UnclaimedProfileExistsException) {
writer.println(",");
writer.println("\"unclaimed\": true");
} else if (exception.getCause() instanceof DeprecatedProfileException) {
writer.println(",");
writer.println("\"deprecated\": true");
DeprecatedProfileException exc = (DeprecatedProfileException) exception.getCause();
if (exc != null && exc.getPrimary() != null) {
writer.println(",");
writer.println("\"primary\":\"" + exc.getPrimary() + "\"");
}
} else if (exception.getCause() instanceof DisabledException) {
writer.println(",");
writer.println("\"disabled\": true");
} else if (exception instanceof VerificationCodeFor2FARequiredException) {
writer.println(",");
writer.println("\"verificationCodeRequired\": true");
} else if (exception instanceof Bad2FAVerificationCodeException) {
writer.println(",");
writer.println("\"badVerificationCode\": true");
writer.println(",");
writer.println("\"verificationCodeRequired\": true");
} else if (exception instanceof Bad2FARecoveryCodeException) {
writer.println(",");
writer.println("\"badRecoveryCode\": true");
}
writer.println("}");
}
use of org.orcid.frontend.web.exception.VerificationCodeFor2FARequiredException in project ORCID-Source by ORCID.
the class OrcidAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
Authentication result = super.authenticate(auth);
if (!result.isAuthenticated()) {
return result;
}
ProfileEntity profile = getProfileEntity(auth.getName());
if ((profile == null)) {
throw new BadCredentialsException("Invalid username or password");
}
if (profile.getUsing2FA()) {
String recoveryCode = ((OrcidWebAuthenticationDetails) auth.getDetails()).getRecoveryCode();
if (recoveryCode != null && !recoveryCode.isEmpty()) {
if (!backupCodeManager.verify(profile.getId(), recoveryCode)) {
throw new Bad2FARecoveryCodeException();
}
} else {
String verificationCode = ((OrcidWebAuthenticationDetails) auth.getDetails()).getVerificationCode();
if (verificationCode == null || verificationCode.isEmpty()) {
throw new VerificationCodeFor2FARequiredException();
}
if (!twoFactorAuthenticationManager.verificationCodeIsValid(verificationCode, profile)) {
throw new Bad2FAVerificationCodeException();
}
}
}
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(profile.getId(), result.getCredentials(), result.getAuthorities());
authentication.setDetails(orcidUserDetailsService.loadUserByProfile(profile));
return authentication;
}
Aggregations