Examples with BadCredentialsException org.springframework.security.authentication.BadCredentialsException used on opensource projects

Example 56 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project molgenis by molgenis.

the class RestController method login.

/**
 * Login to the api.
 * <p>
 * Returns a json object with a token on correct login else throws an AuthenticationException. Clients can use this
 * token when calling the api.
 * <p>
 * Example:
 * <p>
 * Request: {username:admin,password:xxx}
 * <p>
 * Response: {token: b4fd94dc-eae6-4d9a-a1b7-dd4525f2f75d}
 */
@PostMapping(value = "/login", produces = APPLICATION_JSON_VALUE)
@ResponseBody
public LoginResponse login(@Valid @RequestBody LoginRequest login, HttpServletRequest request) {
    if (login == null) {
        throw new HttpMessageNotReadableException("Missing login");
    }
    if (isUser2fa()) {
        throw new BadCredentialsException("Login using /api/v1/login is disabled, two factor authentication is enabled");
    }
    return runAsSystem(() -> {
        UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(login.getUsername(), login.getPassword());
        authToken.setDetails(new WebAuthenticationDetails(request));
        // Authenticate the login
        Authentication authentication = authenticationManager.authenticate(authToken);
        if (!authentication.isAuthenticated()) {
            throw new BadCredentialsException("Unknown username or password");
        }
        User user = dataService.findOne(USER, new QueryImpl<User>().eq(UserMetaData.USERNAME, authentication.getName()), User.class);
        if (user.isChangePassword()) {
            throw new BadCredentialsException("Unable to log in because a password reset is required. Sign in to the website to reset your password.");
        }
        // User authenticated, log the user in
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // Generate a new token for the user
        String token = tokenService.generateAndStoreToken(authentication.getName(), "REST API login");
        return new LoginResponse(token, user.getUsername(), user.getFirstName(), user.getLastName());
    });
}

Example 57 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project molgenis by molgenis.

the class TwoFactorAuthenticationProviderImpl method authenticate.

@Override
public Authentication authenticate(Authentication authentication) {
    if (!supports(authentication.getClass())) {
        throw new IllegalArgumentException("Only TwoFactorAuthenticationToken is supported");
    }
    TwoFactorAuthenticationToken authToken = (TwoFactorAuthenticationToken) authentication;
    if (!twoFactorAuthenticationService.isConfiguredForUser()) {
        if (authToken.getSecretKey() != null) {
            if (otpService.tryVerificationCode(authToken.getVerificationCode(), authToken.getSecretKey())) {
                activateTwoFactorAuthentication(authToken);
                UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                authToken = new TwoFactorAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities(), authToken.getVerificationCode(), authToken.getSecretKey());
            }
        } else {
            throw new BadCredentialsException("Invalid secret generated");
        }
    } else {
        if (authToken.getVerificationCode() != null) {
            if (twoFactorAuthenticationService.isVerificationCodeValidForUser(authToken.getVerificationCode())) {
                UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                // if token is invalid
                authToken = new TwoFactorAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities(), authToken.getVerificationCode(), null);
            }
        } else {
            throw new BadCredentialsException("Invalid verification code entered");
        }
    }
    return authToken;
}

Example 58 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project molgenis by molgenis.

the class RecoveryServiceImpl method useRecoveryCode.

@Override
@Transactional
public void useRecoveryCode(String recoveryCode) {
    String userId = getUser().getId();
    RecoveryCode existingCode = runAsSystem(() -> dataService.query(RECOVERY_CODE, RecoveryCode.class).eq(USER_ID, userId).and().eq(CODE, recoveryCode).findOne());
    if (existingCode != null) {
        runAsSystem(() -> dataService.delete(RECOVERY_CODE, existingCode));
        UserSecret secret = runAsSystem(() -> dataService.query(USER_SECRET, UserSecret.class).eq(UserSecretMetaData.USER_ID, userId).findOne());
        secret.setFailedLoginAttempts(0);
        runAsSystem(() -> dataService.update(USER_SECRET, secret));
    } else {
        throw new BadCredentialsException("Invalid recovery code or code already used");
    }
}

Example 59 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project spring-security by spring-projects.

the class BadCredentialsExceptionMixinTests method serializeBadCredentialsExceptionMixinTest.

// @formatter:on
@Test
public void serializeBadCredentialsExceptionMixinTest() throws JsonProcessingException, JSONException {
    BadCredentialsException exception = new BadCredentialsException("message");
    String serializedJson = this.mapper.writeValueAsString(exception);
    JSONAssert.assertEquals(EXCEPTION_JSON, serializedJson, true);
}

Example 60 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project spring-security by spring-projects.

the class BadCredentialsExceptionMixinTests method deserializeBadCredentialsExceptionMixinTest.

@Test
public void deserializeBadCredentialsExceptionMixinTest() throws IOException {
    BadCredentialsException exception = this.mapper.readValue(EXCEPTION_JSON, BadCredentialsException.class);
    assertThat(exception).isNotNull();
    assertThat(exception.getCause()).isNull();
    assertThat(exception.getMessage()).isEqualTo("message");
    assertThat(exception.getLocalizedMessage()).isEqualTo("message");
}