Examples with AuthenticatorSecurityException uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException used on opensource projects

Example 1 with AuthenticatorSecurityException

use of uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException in project isaac-api by isaacphysics.

the class FacebookAuthenticator method getUserInfo.

@Override
public synchronized UserFromAuthProvider getUserInfo(final String internalProviderReference) throws NoUserException, AuthenticatorSecurityException {
    Credential credentials = credentialStore.get(internalProviderReference);
    if (verifyAccessTokenIsValid(credentials)) {
        log.debug("Successful Verification of access token with provider.");
    } else {
        log.error("Unable to verify access token - it could be an indication of fraud.");
        throw new AuthenticatorSecurityException("Access token is invalid - the client id returned by the identity provider does not match ours.");
    }
    FacebookUser userInfo = null;
    try {
        GenericUrl url = new GenericUrl(USER_INFO_URL + "?fields=" + requestedFields);
        url.set("access_token", credentials.getAccessToken());
        userInfo = JsonLoader.load(inputStreamToString(url.toURL().openStream()), FacebookUser.class, true);
        log.debug("Retrieved User info from Facebook");
    } catch (IOException e) {
        log.error("An IO error occurred while trying to retrieve user information: " + e);
    }
    if (userInfo != null && userInfo.getId() != null) {
        EmailVerificationStatus emailStatus = userInfo.isVerified() ? EmailVerificationStatus.VERIFIED : EmailVerificationStatus.NOT_VERIFIED;
        String email = userInfo.getEmail();
        if (null == email) {
            email = userInfo.getId() + "-facebook";
            emailStatus = EmailVerificationStatus.DELIVERY_FAILED;
            log.warn("No email address provided by Facebook! Using (" + email + ") instead");
        }
        return new UserFromAuthProvider(userInfo.getId(), userInfo.getFirstName(), userInfo.getLastName(), email, emailStatus, null, null, null);
    } else {
        throw new NoUserException("No user could be created from provider details!");
    }
}

Example 2 with AuthenticatorSecurityException

use of uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException in project isaac-api by isaacphysics.

the class AuthenticationFacade method authenticationCallback.

/**
 * This is the callback url that auth providers should use to send us information about users.
 *
 * @param request
 *            - http request from user
 * @param response
 *            to tell the browser to store the session in our own segue cookie if successful.
 * @param signinProvider
 *            - requested signing provider string
 * @return Redirect response to send the user to the home page.
 */
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/{provider}/callback")
@ApiOperation(value = "SSO callback URL for a given provider.")
public final Response authenticationCallback(@Context final HttpServletRequest request, @Context final HttpServletResponse response, @PathParam("provider") final String signinProvider) {
    try {
        // TODO - review if rememberMe should default to true for SSO logins:
        RegisteredUserDTO userToReturn = userManager.authenticateCallback(request, response, signinProvider, true);
        this.getLogManager().logEvent(userToReturn, request, SegueServerLogType.LOG_IN, Maps.newHashMap());
        return Response.ok(userToReturn).build();
    } catch (IOException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, "Exception while trying to authenticate a user" + " - during callback step.", e);
        log.error(error.getErrorMessage(), e);
        return error.toResponse();
    } catch (NoUserException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.UNAUTHORIZED, "Unable to locate user information.");
        log.error("No userID exception received. Unable to locate user.", e);
        return error.toResponse();
    } catch (AuthenticationCodeException | CrossSiteRequestForgeryException | AuthenticatorSecurityException | CodeExchangeException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.UNAUTHORIZED, e.getMessage());
        log.info("Error detected during authentication: " + e.getClass().toString());
        return error.toResponse();
    } catch (DuplicateAccountException e) {
        log.debug("Duplicate user already exists in the database.", e);
        return new SegueErrorResponse(Status.FORBIDDEN, e.getMessage()).toResponse();
    } catch (AccountAlreadyLinkedException e) {
        log.error("Internal Database error during authentication", e);
        return new SegueErrorResponse(Status.BAD_REQUEST, "The account you are trying to link is already attached to a user of this system.").toResponse();
    } catch (SegueDatabaseException e) {
        log.error("Internal Database error during authentication", e);
        return new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, "Internal database error during authentication.").toResponse();
    } catch (AuthenticationProviderMappingException e) {
        return new SegueErrorResponse(Status.BAD_REQUEST, "Unable to map to a known authenticator. The provider: " + signinProvider + " is unknown").toResponse();
    }
}

Example 3 with AuthenticatorSecurityException

use of uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException in project isaac-api by isaacphysics.

the class GoogleAuthenticator method getUserInfo.

@Override
public synchronized UserFromAuthProvider getUserInfo(final String internalProviderReference) throws NoUserException, AuthenticatorSecurityException {
    Credential credentials = credentialStore.getIfPresent(internalProviderReference);
    if (verifyAccessTokenIsValid(credentials)) {
        log.debug("Successful Verification of access token with provider.");
    } else {
        log.error("Unable to verify access token - it could be an indication of fraud.");
        throw new AuthenticatorSecurityException("Access token is invalid - the client id returned by the identity provider does not match ours.");
    }
    Oauth2 userInfoService = new Oauth2.Builder(new NetHttpTransport(), new JacksonFactory(), credentials).setApplicationName(Constants.APPLICATION_NAME).build();
    Userinfo userInfo = null;
    try {
        userInfo = userInfoService.userinfo().get().execute();
        log.debug("Retrieved User info from google: " + userInfo.toPrettyString());
    } catch (IOException e) {
        log.error("An IO error occurred while trying to retrieve user information: " + e);
    }
    if (userInfo != null && userInfo.getId() != null) {
        EmailVerificationStatus emailStatus = userInfo.isVerifiedEmail() ? EmailVerificationStatus.VERIFIED : EmailVerificationStatus.NOT_VERIFIED;
        String email = userInfo.getEmail();
        if (null == email) {
            email = userInfo.getId() + "-google";
            emailStatus = EmailVerificationStatus.DELIVERY_FAILED;
            log.warn("No email address provided by Google! Using (" + email + ") instead");
        }
        return new UserFromAuthProvider(userInfo.getId(), userInfo.getGivenName(), userInfo.getFamilyName(), email, emailStatus, null, null, null);
    } else {
        throw new NoUserException("No user could be created from provider details!");
    }
}