Search in sources :

Example 1 with DuplicateAccountException

use of uk.ac.cam.cl.dtg.segue.auth.exceptions.DuplicateAccountException in project isaac-api by isaacphysics.

the class UsersFacade method createUserObjectAndLogIn.

/**
 * Create a user object. This method allows new user objects to be created.
 *
 * @param request
 *            - so that we can identify the user
 * @param response
 *            to tell the browser to store the session in our own segue cookie.
 * @param userObjectFromClient
 *            - the new user object from the clients perspective.
 * @param newPassword
 *            - the new password for the user.
 * @param userPreferenceObject
 * 			  - the new preferences for this user
 * @param rememberMe
 *            - Boolean to indicate whether or not this cookie expiry duration should be long or short
 * @return the updated user object.
 */
private Response createUserObjectAndLogIn(final HttpServletRequest request, final HttpServletResponse response, final RegisteredUser userObjectFromClient, final String newPassword, final Map<String, Map<String, Boolean>> userPreferenceObject, final boolean rememberMe) throws InvalidKeySpecException, NoSuchAlgorithmException {
    try {
        RegisteredUserDTO savedUser = userManager.createUserObjectAndSession(request, response, userObjectFromClient, newPassword, rememberMe);
        if (userPreferenceObject != null) {
            List<UserPreference> userPreferences = userPreferenceObjectToList(userPreferenceObject, savedUser.getId());
            userPreferenceManager.saveUserPreferences(userPreferences);
        }
        return Response.ok(savedUser).build();
    } catch (InvalidPasswordException e) {
        log.warn("Invalid password exception occurred during registration!");
        return new SegueErrorResponse(Status.BAD_REQUEST, e.getMessage()).toResponse();
    } catch (FailedToHashPasswordException e) {
        log.error("Failed to hash password during user registration!");
        return new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, "Unable to set a password.").toResponse();
    } catch (MissingRequiredFieldException e) {
        log.warn("Missing field during update operation. ", e);
        return new SegueErrorResponse(Status.BAD_REQUEST, "You are missing a required field. " + "Please make sure you have specified all mandatory fields in your response.").toResponse();
    } catch (DuplicateAccountException e) {
        log.warn(String.format("Duplicate account registration attempt for (%s)", userObjectFromClient.getEmail()));
        return new SegueErrorResponse(Status.BAD_REQUEST, e.getMessage()).toResponse();
    } catch (SegueDatabaseException e) {
        String errorMsg = "Unable to set a password, due to an internal database error.";
        log.error(errorMsg, e);
        return new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, errorMsg).toResponse();
    } catch (EmailMustBeVerifiedException e) {
        log.warn("Someone attempted to register with an Isaac email address: " + userObjectFromClient.getEmail());
        return new SegueErrorResponse(Status.BAD_REQUEST, "You cannot register with an Isaac email address.").toResponse();
    } catch (InvalidNameException e) {
        log.warn("Invalid name provided during registration.");
        return new SegueErrorResponse(Status.BAD_REQUEST, e.getMessage()).toResponse();
    }
}
Also used : SegueErrorResponse(uk.ac.cam.cl.dtg.segue.dto.SegueErrorResponse) MissingRequiredFieldException(uk.ac.cam.cl.dtg.segue.auth.exceptions.MissingRequiredFieldException) InvalidNameException(uk.ac.cam.cl.dtg.segue.auth.exceptions.InvalidNameException) RegisteredUserDTO(uk.ac.cam.cl.dtg.segue.dto.users.RegisteredUserDTO) SegueDatabaseException(uk.ac.cam.cl.dtg.segue.dao.SegueDatabaseException) InvalidPasswordException(uk.ac.cam.cl.dtg.segue.auth.exceptions.InvalidPasswordException) UserPreference(uk.ac.cam.cl.dtg.segue.dos.UserPreference) EmailMustBeVerifiedException(uk.ac.cam.cl.dtg.segue.comm.EmailMustBeVerifiedException) DuplicateAccountException(uk.ac.cam.cl.dtg.segue.auth.exceptions.DuplicateAccountException) FailedToHashPasswordException(uk.ac.cam.cl.dtg.segue.auth.exceptions.FailedToHashPasswordException)

Example 2 with DuplicateAccountException

use of uk.ac.cam.cl.dtg.segue.auth.exceptions.DuplicateAccountException in project isaac-api by isaacphysics.

the class AuthenticationFacade method authenticationCallback.

/**
 * This is the callback url that auth providers should use to send us information about users.
 *
 * @param request
 *            - http request from user
 * @param response
 *            to tell the browser to store the session in our own segue cookie if successful.
 * @param signinProvider
 *            - requested signing provider string
 * @return Redirect response to send the user to the home page.
 */
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/{provider}/callback")
@ApiOperation(value = "SSO callback URL for a given provider.")
public final Response authenticationCallback(@Context final HttpServletRequest request, @Context final HttpServletResponse response, @PathParam("provider") final String signinProvider) {
    try {
        // TODO - review if rememberMe should default to true for SSO logins:
        RegisteredUserDTO userToReturn = userManager.authenticateCallback(request, response, signinProvider, true);
        this.getLogManager().logEvent(userToReturn, request, SegueServerLogType.LOG_IN, Maps.newHashMap());
        return Response.ok(userToReturn).build();
    } catch (IOException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, "Exception while trying to authenticate a user" + " - during callback step.", e);
        log.error(error.getErrorMessage(), e);
        return error.toResponse();
    } catch (NoUserException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.UNAUTHORIZED, "Unable to locate user information.");
        log.error("No userID exception received. Unable to locate user.", e);
        return error.toResponse();
    } catch (AuthenticationCodeException | CrossSiteRequestForgeryException | AuthenticatorSecurityException | CodeExchangeException e) {
        SegueErrorResponse error = new SegueErrorResponse(Status.UNAUTHORIZED, e.getMessage());
        log.info("Error detected during authentication: " + e.getClass().toString());
        return error.toResponse();
    } catch (DuplicateAccountException e) {
        log.debug("Duplicate user already exists in the database.", e);
        return new SegueErrorResponse(Status.FORBIDDEN, e.getMessage()).toResponse();
    } catch (AccountAlreadyLinkedException e) {
        log.error("Internal Database error during authentication", e);
        return new SegueErrorResponse(Status.BAD_REQUEST, "The account you are trying to link is already attached to a user of this system.").toResponse();
    } catch (SegueDatabaseException e) {
        log.error("Internal Database error during authentication", e);
        return new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, "Internal database error during authentication.").toResponse();
    } catch (AuthenticationProviderMappingException e) {
        return new SegueErrorResponse(Status.BAD_REQUEST, "Unable to map to a known authenticator. The provider: " + signinProvider + " is unknown").toResponse();
    }
}
Also used : AuthenticationCodeException(uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticationCodeException) NoUserException(uk.ac.cam.cl.dtg.segue.auth.exceptions.NoUserException) SegueDatabaseException(uk.ac.cam.cl.dtg.segue.dao.SegueDatabaseException) CrossSiteRequestForgeryException(uk.ac.cam.cl.dtg.segue.auth.exceptions.CrossSiteRequestForgeryException) IOException(java.io.IOException) DuplicateAccountException(uk.ac.cam.cl.dtg.segue.auth.exceptions.DuplicateAccountException) AccountAlreadyLinkedException(uk.ac.cam.cl.dtg.segue.auth.exceptions.AccountAlreadyLinkedException) SegueErrorResponse(uk.ac.cam.cl.dtg.isaac.dto.SegueErrorResponse) RegisteredUserDTO(uk.ac.cam.cl.dtg.isaac.dto.users.RegisteredUserDTO) AuthenticatorSecurityException(uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException) CodeExchangeException(uk.ac.cam.cl.dtg.segue.auth.exceptions.CodeExchangeException) AuthenticationProviderMappingException(uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticationProviderMappingException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

DuplicateAccountException (uk.ac.cam.cl.dtg.segue.auth.exceptions.DuplicateAccountException)2 SegueDatabaseException (uk.ac.cam.cl.dtg.segue.dao.SegueDatabaseException)2 ApiOperation (io.swagger.annotations.ApiOperation)1 IOException (java.io.IOException)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 SegueErrorResponse (uk.ac.cam.cl.dtg.isaac.dto.SegueErrorResponse)1 RegisteredUserDTO (uk.ac.cam.cl.dtg.isaac.dto.users.RegisteredUserDTO)1 AccountAlreadyLinkedException (uk.ac.cam.cl.dtg.segue.auth.exceptions.AccountAlreadyLinkedException)1 AuthenticationCodeException (uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticationCodeException)1 AuthenticationProviderMappingException (uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticationProviderMappingException)1 AuthenticatorSecurityException (uk.ac.cam.cl.dtg.segue.auth.exceptions.AuthenticatorSecurityException)1 CodeExchangeException (uk.ac.cam.cl.dtg.segue.auth.exceptions.CodeExchangeException)1 CrossSiteRequestForgeryException (uk.ac.cam.cl.dtg.segue.auth.exceptions.CrossSiteRequestForgeryException)1 FailedToHashPasswordException (uk.ac.cam.cl.dtg.segue.auth.exceptions.FailedToHashPasswordException)1 InvalidNameException (uk.ac.cam.cl.dtg.segue.auth.exceptions.InvalidNameException)1 InvalidPasswordException (uk.ac.cam.cl.dtg.segue.auth.exceptions.InvalidPasswordException)1 MissingRequiredFieldException (uk.ac.cam.cl.dtg.segue.auth.exceptions.MissingRequiredFieldException)1 NoUserException (uk.ac.cam.cl.dtg.segue.auth.exceptions.NoUserException)1