From a356798146509c6b2ceb3fc759064d3adbe3fc3e Mon Sep 17 00:00:00 2001 From: gmartins Date: Thu, 9 Jul 2015 17:16:14 -0400 Subject: [PATCH 1/2] added loginSuccessEndpointUrl --- .../com/ohadr/auth_flows/config/AuthFlowsProperties.java | 8 ++++++++ .../auth_flows/core/AuthenticationSuccessHandler.java | 9 +++++++-- .../src/test/resources/client.properties | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java index 48d23cc..edcf2a2 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java @@ -19,6 +19,9 @@ public class AuthFlowsProperties @Value("${com.ohadr.auth-flows.endpoints.accountActivatedEndpointUrl}") private String accountActivatedEndpointUrl; + @Value("${com.ohadr.auth-flows.endpoints.loginSuccessEndpointUrl}") + private String loginSuccessEndpointUrl; + /** * indicates the "from" field of the emails that auth-flows sends. */ @@ -45,6 +48,11 @@ public String getAccountActivatedEndpointUrl() return accountActivatedEndpointUrl; } + public String getLoginSuccessEndpointUrl() + { + return loginSuccessEndpointUrl; + } + public String getAuthFlowsEmailsFromField() { return authFlowsEmailsFromField; diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationSuccessHandler.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationSuccessHandler.java index 0fbf763..db9b225 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationSuccessHandler.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationSuccessHandler.java @@ -13,6 +13,7 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.stereotype.Service; +import com.ohadr.auth_flows.config.AuthFlowsProperties; import com.ohadr.auth_flows.interfaces.AuthenticationFlowsProcessor; import com.ohadr.auth_flows.types.FlowsConstatns; import com.ohadr.crypto.service.CryptoService; @@ -23,6 +24,9 @@ public class AuthenticationSuccessHandler extends { @Autowired private AuthenticationFlowsProcessor processor; + + @Autowired + private AuthFlowsProperties properties; @Autowired private CryptoService cryptoService; @@ -58,8 +62,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo ///////////////////////////////////////// // changeSessionTimeout(request); ///////////////////////////////////////// - - super.onAuthenticationSuccess(request, response, authentication); + response.sendRedirect(properties.getLoginSuccessEndpointUrl()); + //super.setDefaultTargetUrl(properties.getLoginSuccessEndpointUrl()); + //super.onAuthenticationSuccess(request, response, authentication); } private void changeSessionTimeout(HttpServletRequest request) diff --git a/authentication-flows/src/test/resources/client.properties b/authentication-flows/src/test/resources/client.properties index 5ba5162..d5282dd 100644 --- a/authentication-flows/src/test/resources/client.properties +++ b/authentication-flows/src/test/resources/client.properties @@ -7,7 +7,7 @@ com.ohadr.auth-flows.email.fromField=ohadr.com Admin com.ohadr.auth-flows.mail.username=ohadr.developer@gmail.com com.ohadr.auth-flows.mail.password= com.ohadr.auth-flows.endpoints.accountActivatedEndpointUrl=/login/accountActivated.htm - +com.ohadr.auth-flows.endpoints.loginSuccessEndpointUrl=secure/hello # Crypto settings From 5143fd22105ced8196b164341c6b206321cf1c87 Mon Sep 17 00:00:00 2001 From: gmartins Date: Wed, 22 Jul 2015 18:05:26 -0400 Subject: [PATCH 2/2] changePassword fix --- .../config/AuthFlowsProperties.java | 10 ++++- .../AuthenticationFlowsProcessorImpl.java | 40 +++++++++++++++---- .../AuthenticationFlowsProcessor.java | 4 +- .../auth_flows/types/FlowsConstatns.java | 4 +- .../auth_flows/web/UserActionController.java | 36 ++++++++++++----- 5 files changed, 73 insertions(+), 21 deletions(-) diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java index edcf2a2..7861e5c 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java @@ -22,6 +22,9 @@ public class AuthFlowsProperties @Value("${com.ohadr.auth-flows.endpoints.loginSuccessEndpointUrl}") private String loginSuccessEndpointUrl; + @Value("${com.ohadr.auth-flows.email.baseUrlPath}") + private String baseUrlPath; + /** * indicates the "from" field of the emails that auth-flows sends. */ @@ -52,7 +55,12 @@ public String getLoginSuccessEndpointUrl() { return loginSuccessEndpointUrl; } - + + public String getBaseUrlPath() + { + return baseUrlPath; + } + public String getAuthFlowsEmailsFromField() { return authFlowsEmailsFromField; diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationFlowsProcessorImpl.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationFlowsProcessorImpl.java index a2a8d50..3726da1 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationFlowsProcessorImpl.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationFlowsProcessorImpl.java @@ -155,6 +155,8 @@ private void internalCreateAccount( String serverPath ) throws AuthenticationFlowsException { + String baseUrlPath=properties.getBaseUrlPath(); + String finalPath; email = email.toLowerCase(); // issue #23 : username is case-sensitive (https://github.com/OhadR/oAuth2-sample/issues/23) log.info("createAccount() for user " + email); @@ -216,8 +218,12 @@ private void internalCreateAccount( log.info("Manager: sending registration email to " + email + "..."); - - String activationUrl = serverPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT + + if((baseUrlPath!=null) && (!baseUrlPath.isEmpty())) + finalPath=baseUrlPath; + else + finalPath=serverPath; + + String activationUrl = finalPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT + "?" + // "a=" + FlowsConstatns.MailMessage.OAUTH_ACTIVATE_ACCOUNT + "&" + "uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email); @@ -293,7 +299,7 @@ public String handleSetNewPassword( @Override - public void handleChangePassword( + public String handleChangePassword( String currentPassword, String newPassword, String retypedPassword, @@ -302,18 +308,19 @@ public void handleChangePassword( String email = cryptoService.extractString(encUser); internalHandleChangePassword(currentPassword, newPassword, retypedPassword, email); + return email; } @Override - public void handleChangePassword( + public String handleChangePassword( String currentPassword, String newPassword, String retypedPassword) throws AuthenticationFlowsException { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); String email = auth.getName(); //get logged in username - internalHandleChangePassword(currentPassword, newPassword, retypedPassword, email); + return email; } public void internalHandleChangePassword( @@ -427,7 +434,16 @@ public AccountState getAccountState(String email) private void sendPasswordRestoreMail(String email, String serverPath) { - String passwordRestoreUrl = serverPath + FlowsConstatns.RESTORE_PASSWORD_ENDPOINT + + String passwordRestoreUrl; + String finalPath; + String baseUrlPath=properties.getBaseUrlPath(); + + if((baseUrlPath!=null) && (!baseUrlPath.isEmpty())) + finalPath=baseUrlPath; + else + finalPath=serverPath; + + passwordRestoreUrl = finalPath + FlowsConstatns.RESTORE_PASSWORD_ENDPOINT + "?" + // "a=" + FlowsConstatns.MailMessage.OAUTH_ACTIVATE_ACCOUNT + "&" + "uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email); @@ -471,9 +487,17 @@ public void setLoginFailureForUser(String email) public void sendUnlockAccountMail(String email, String serverPath) { + String finalPath; + String baseUrlPath=properties.getBaseUrlPath(); + + if((baseUrlPath!=null) && (!baseUrlPath.isEmpty())) + finalPath=baseUrlPath; + else + finalPath=serverPath; + log.info("Manager: sending Unlock-Account email to " + email + "..."); - String activationUrl = serverPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT + + String activationUrl = finalPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT + "?" + "uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email); @@ -671,4 +695,4 @@ private void validateExpiration(Date linkCreationDate) throws AuthenticationFlow } } -} \ No newline at end of file +} diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/interfaces/AuthenticationFlowsProcessor.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/interfaces/AuthenticationFlowsProcessor.java index 7259b19..9c63dfd 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/interfaces/AuthenticationFlowsProcessor.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/interfaces/AuthenticationFlowsProcessor.java @@ -65,14 +65,14 @@ public String handleSetNewPassword( * the username, encrypted. * @throws AuthenticationFlowsException */ - public void handleChangePassword( + public String handleChangePassword( String currentPassword, String newPassword, String retypedPassword, String encUser) throws AuthenticationFlowsException; - public void handleChangePassword( + public String handleChangePassword( String currentPassword, String newPassword, String retypedPassword) throws AuthenticationFlowsException; diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/types/FlowsConstatns.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/types/FlowsConstatns.java index fc39e37..c8cc31b 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/types/FlowsConstatns.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/types/FlowsConstatns.java @@ -14,7 +14,9 @@ public abstract class FlowsConstatns public static final int ETERNAL_PASSWORD = -1; public static final String LOGIN_FORMS_DIR = "login"; - + public static final String SECURE_FORMS_DIR = "secure"; + public static final String BASE_URL_PATH = "baseUrlPath"; + public static final String LOGIN_URL_SUCCESS = "loginSuccessEndpointUrl"; public static final String EMAIL_PARAM_NAME = "email"; public static final String CONFIRM_PASSWORD_PARAM_NAME = "confirm_password"; diff --git a/authentication-flows/src/main/java/com/ohadr/auth_flows/web/UserActionController.java b/authentication-flows/src/main/java/com/ohadr/auth_flows/web/UserActionController.java index bcb4aea..9eada04 100644 --- a/authentication-flows/src/main/java/com/ohadr/auth_flows/web/UserActionController.java +++ b/authentication-flows/src/main/java/com/ohadr/auth_flows/web/UserActionController.java @@ -12,12 +12,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.View; import org.springframework.web.servlet.view.RedirectView; import com.ohadr.crypto.exception.CryptoException; import com.ohadr.crypto.service.CryptoService; +import com.ohadr.auth_flows.config.AuthFlowsProperties; import com.ohadr.auth_flows.core.FlowsUtil; import com.ohadr.auth_flows.interfaces.AuthenticationFlowsProcessor; import com.ohadr.auth_flows.types.AuthenticationFlowsException; @@ -32,10 +34,10 @@ public class UserActionController public static final String ACCOUNT_LOCKED_OR_DOES_NOT_EXIST = "Account is locked or does not exist"; - - - private static Logger log = Logger.getLogger( UserActionController.class ); + + @Autowired + private AuthFlowsProperties properties; @Autowired private CryptoService cryptoService; @@ -260,7 +262,9 @@ protected View setNewPassword( } - attributes.put(FlowsConstatns.EMAIL_PARAM_NAME, email); + attributes.put(FlowsConstatns.EMAIL_PARAM_NAME, email); + attributes.put(FlowsConstatns.BASE_URL_PATH, properties.getBaseUrlPath()); + attributes.put(FlowsConstatns.LOGIN_URL_SUCCESS, properties.getLoginSuccessEndpointUrl()); //adding attributes to the redirect return value: rv.setAttributesMap(attributes); rv.setUrl(FlowsConstatns.LOGIN_FORMS_DIR +"/" + "passwordSetSuccess.jsp"); @@ -280,19 +284,21 @@ protected View setNewPassword( * @throws Exception */ @RequestMapping("/changePassword") - protected void changePassword( + protected View changePassword( @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword, @RequestParam( FlowsConstatns.CONFIRM_PASSWORD_PARAM_NAME ) String retypedPassword, - @RequestParam(FlowsConstatns.ENCRYPTED_USERNAME_PARAM_NAME) String encUser, + //@RequestParam(FlowsConstatns.ENCRYPTED_USERNAME_PARAM_NAME) String encUser, HttpServletResponse response) throws Exception { + String email=""; + RedirectView rv = new RedirectView(); PrintWriter writer = response.getWriter(); - + Map attributes = new HashMap(); try { - flowsProcessor.handleChangePassword(currentPassword, newPassword, retypedPassword, encUser); + email=flowsProcessor.handleChangePassword(currentPassword, newPassword, retypedPassword); } catch (AuthenticationFlowsException afe) { @@ -306,12 +312,24 @@ protected void changePassword( //UI will redirect back to createAccount page, with error message: writer.println(FlowsConstatns.ERR_MSG + FlowsConstatns.DELIMITER + FlowsUtil.unescapeJaveAndEscapeHtml( afe.getMessage()) ); + + attributes.put(FlowsConstatns.ERR_MSG, afe.getMessage()); + //adding attributes to the redirect return value: + rv.setAttributesMap(attributes); + rv.setUrl(FlowsConstatns.SECURE_FORMS_DIR +"/" + "changePassword.jsp"); - return; + return rv; } writer.println(FlowsConstatns.OK); + attributes.put(FlowsConstatns.EMAIL_PARAM_NAME, email); + attributes.put(FlowsConstatns.BASE_URL_PATH, properties.getBaseUrlPath()); + attributes.put(FlowsConstatns.LOGIN_URL_SUCCESS, properties.getLoginSuccessEndpointUrl()); + //adding attributes to the redirect return value: + rv.setAttributesMap(attributes); + rv.setUrl(FlowsConstatns.LOGIN_FORMS_DIR +"/" + "passwordSetSuccess.jsp"); + return rv; } /**********************************************************************************************************/