better url route handling

authentication-flows/src/main/java/com/ohadr/auth_flows/config/AuthFlowsProperties.java

@@ -19,6 +19,12 @@ public class AuthFlowsProperties
 	@Value("${com.ohadr.auth-flows.endpoints.accountActivatedEndpointUrl}")
 	private String accountActivatedEndpointUrl;
 
+	@Value("${com.ohadr.auth-flows.endpoints.loginSuccessEndpointUrl}")
+	private String loginSuccessEndpointUrl;
+
+	@Value("${com.ohadr.auth-flows.email.baseUrlPath}")
+	private String baseUrlPath;
+
 	/**
 	 * indicates the "from" field of the emails that auth-flows sends.
 	 */
@@ -45,6 +51,16 @@ public String getAccountActivatedEndpointUrl()
 		return accountActivatedEndpointUrl;
 	}
 
+	public String getLoginSuccessEndpointUrl()
+	{
+		return loginSuccessEndpointUrl;
+	}
+
+	public String getBaseUrlPath()
+	{
+		return baseUrlPath;
+	}	
+
 	public String getAuthFlowsEmailsFromField()
 	{
 		return authFlowsEmailsFromField;

authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationFlowsProcessorImpl.java

@@ -155,6 +155,8 @@ private void internalCreateAccount(
 			String serverPath
 			) throws AuthenticationFlowsException
 	{
+		String baseUrlPath=properties.getBaseUrlPath();
+		String finalPath;
 		email = email.toLowerCase();		// issue #23 : username is case-sensitive (https://github.com/OhadR/oAuth2-sample/issues/23)
 		log.info("createAccount() for user " + email);
 
@@ -216,8 +218,12 @@ private void internalCreateAccount(
 
 		log.info("Manager: sending registration email to " + email + "...");
 
-
-		String activationUrl = serverPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT +
+		if((baseUrlPath!=null) && (!baseUrlPath.isEmpty()))
+			finalPath=baseUrlPath;
+		else
+			finalPath=serverPath;
+
+		String activationUrl = finalPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT +
 			"?" + 
 //			"a=" + FlowsConstatns.MailMessage.OAUTH_ACTIVATE_ACCOUNT + "&" + 
 			"uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email);
@@ -293,7 +299,7 @@ public String handleSetNewPassword(
 
 
 	@Override
-	public void handleChangePassword( 
+	public String handleChangePassword( 
 			String currentPassword,
 			String newPassword,
 			String retypedPassword,
@@ -302,18 +308,19 @@ public void handleChangePassword(
 		String email = cryptoService.extractString(encUser);
 
 		internalHandleChangePassword(currentPassword, newPassword, retypedPassword, email);
+		return email;
 	}
 
 	@Override
-	public void handleChangePassword( 
+	public String handleChangePassword( 
 			String currentPassword,
 			String newPassword,
 			String retypedPassword) throws AuthenticationFlowsException
 	{
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		String email = auth.getName(); //get logged in username
-
 		internalHandleChangePassword(currentPassword, newPassword, retypedPassword, email);
+		return email;
 	}
 
 	public void internalHandleChangePassword( 
@@ -427,7 +434,16 @@ public AccountState getAccountState(String email)
 	private void sendPasswordRestoreMail(String email,
 			String serverPath) 
 	{
-		String passwordRestoreUrl = serverPath + FlowsConstatns.RESTORE_PASSWORD_ENDPOINT +
+		String passwordRestoreUrl;
+		String finalPath;
+		String baseUrlPath=properties.getBaseUrlPath();
+
+		if((baseUrlPath!=null) && (!baseUrlPath.isEmpty()))
+                        finalPath=baseUrlPath;
+                else
+                        finalPath=serverPath;
+
+		passwordRestoreUrl = finalPath + FlowsConstatns.RESTORE_PASSWORD_ENDPOINT +
 				"?" + 
 //				"a=" + FlowsConstatns.MailMessage.OAUTH_ACTIVATE_ACCOUNT + "&" + 
 				"uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email);
@@ -471,9 +487,17 @@ public void setLoginFailureForUser(String email)
 	public void sendUnlockAccountMail(String email, 
 			String serverPath)
 	{
+                String finalPath;
+                String baseUrlPath=properties.getBaseUrlPath();
+
+                if((baseUrlPath!=null) && (!baseUrlPath.isEmpty()))
+                        finalPath=baseUrlPath;
+                else
+                        finalPath=serverPath;
+
 		log.info("Manager: sending Unlock-Account email to " + email + "...");
 
-		String activationUrl = serverPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT +
+		String activationUrl = finalPath + FlowsConstatns.ACTIVATE_ACCOUNT_ENDPOINT +
 			"?" + 
 			"uts=" + cryptoService.createEncodedContent( new Date(System.currentTimeMillis()), email);
 
@@ -671,4 +695,4 @@ private void validateExpiration(Date linkCreationDate) throws AuthenticationFlow
 		}
 	}
 
-}
+}

authentication-flows/src/main/java/com/ohadr/auth_flows/core/AuthenticationSuccessHandler.java

@@ -13,6 +13,7 @@
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.stereotype.Service;
 
+import com.ohadr.auth_flows.config.AuthFlowsProperties;
 import com.ohadr.auth_flows.interfaces.AuthenticationFlowsProcessor;
 import com.ohadr.auth_flows.types.FlowsConstatns;
 import com.ohadr.crypto.service.CryptoService;
@@ -23,6 +24,9 @@ public class AuthenticationSuccessHandler extends
 {
 	@Autowired
 	private AuthenticationFlowsProcessor processor;
+
+	@Autowired
+	private AuthFlowsProperties properties;
 
 	@Autowired
 	private CryptoService cryptoService;
@@ -58,8 +62,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 		/////////////////////////////////////////
 		// changeSessionTimeout(request);
 		/////////////////////////////////////////
-
-    	super.onAuthenticationSuccess(request, response, authentication);
+		response.sendRedirect(properties.getLoginSuccessEndpointUrl());
+		//super.setDefaultTargetUrl(properties.getLoginSuccessEndpointUrl());
+    	//super.onAuthenticationSuccess(request, response, authentication);
     }
 
     private void changeSessionTimeout(HttpServletRequest request)

authentication-flows/src/main/java/com/ohadr/auth_flows/interfaces/AuthenticationFlowsProcessor.java

@@ -65,14 +65,14 @@ public String handleSetNewPassword(
 	 * the username, encrypted.
 	 * @throws AuthenticationFlowsException
 	 */
-	public void handleChangePassword( 
+	public String handleChangePassword( 
 			String currentPassword,
 			String newPassword,
 			String retypedPassword,
 			String encUser) throws AuthenticationFlowsException;
 
 
-	public void handleChangePassword(
+	public String handleChangePassword(
 			String currentPassword,
 			String newPassword, 
 			String retypedPassword) throws AuthenticationFlowsException;

authentication-flows/src/main/java/com/ohadr/auth_flows/types/FlowsConstatns.java

@@ -14,7 +14,9 @@ public abstract class FlowsConstatns
 	public static final int ETERNAL_PASSWORD = -1;
 
 	public static final String LOGIN_FORMS_DIR = "login";
-
+	public static final String SECURE_FORMS_DIR = "secure";
+	public static final String BASE_URL_PATH = "baseUrlPath";
+	public static final String LOGIN_URL_SUCCESS = "loginSuccessEndpointUrl";
 
 	public static final String EMAIL_PARAM_NAME = "email";
 	public static final String CONFIRM_PASSWORD_PARAM_NAME = "confirm_password";

authentication-flows/src/main/java/com/ohadr/auth_flows/web/UserActionController.java

@@ -12,12 +12,14 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.View;
 import org.springframework.web.servlet.view.RedirectView;
 
 import com.ohadr.crypto.exception.CryptoException;
 import com.ohadr.crypto.service.CryptoService;
+import com.ohadr.auth_flows.config.AuthFlowsProperties;
 import com.ohadr.auth_flows.core.FlowsUtil;
 import com.ohadr.auth_flows.interfaces.AuthenticationFlowsProcessor;
 import com.ohadr.auth_flows.types.AuthenticationFlowsException;
@@ -32,10 +34,10 @@ public class UserActionController
 
 	public static final String ACCOUNT_LOCKED_OR_DOES_NOT_EXIST = "Account is locked or does not exist";
 
-
-
-
 	private static Logger log = Logger.getLogger( UserActionController.class );
+
+	@Autowired
+	private AuthFlowsProperties properties;
 
 	@Autowired
 	private CryptoService cryptoService;
@@ -260,7 +262,9 @@ protected View setNewPassword(
 		}
 
 
-		attributes.put(FlowsConstatns.EMAIL_PARAM_NAME,  email);		
+		attributes.put(FlowsConstatns.EMAIL_PARAM_NAME,  email);
+		attributes.put(FlowsConstatns.BASE_URL_PATH, properties.getBaseUrlPath());
+		attributes.put(FlowsConstatns.LOGIN_URL_SUCCESS, properties.getLoginSuccessEndpointUrl());
 		//adding attributes to the redirect return value:
 		rv.setAttributesMap(attributes);
 		rv.setUrl(FlowsConstatns.LOGIN_FORMS_DIR +"/" + "passwordSetSuccess.jsp");
@@ -280,19 +284,21 @@ protected View setNewPassword(
 	 * @throws Exception
 	 */
 	@RequestMapping("/changePassword")
-	protected void changePassword( 
+	protected View changePassword( 
 								@RequestParam("currentPassword") String currentPassword,
 								@RequestParam("newPassword") String newPassword,
 								@RequestParam( FlowsConstatns.CONFIRM_PASSWORD_PARAM_NAME ) String retypedPassword,
-								@RequestParam(FlowsConstatns.ENCRYPTED_USERNAME_PARAM_NAME) String encUser,
+								//@RequestParam(FlowsConstatns.ENCRYPTED_USERNAME_PARAM_NAME) String encUser,
 								HttpServletResponse response) throws Exception
 	{
+		String email="";
+		RedirectView rv = new RedirectView();
 		PrintWriter writer = response.getWriter();
-
+		Map<String, String> attributes = new HashMap<String, String>();
 
 		try
 		{
-			flowsProcessor.handleChangePassword(currentPassword, newPassword, retypedPassword, encUser);
+			email=flowsProcessor.handleChangePassword(currentPassword, newPassword, retypedPassword);
 		}
 		catch (AuthenticationFlowsException afe)
 		{
@@ -306,12 +312,24 @@ protected void changePassword(
 			//UI will redirect back to createAccount page, with error message:
 			writer.println(FlowsConstatns.ERR_MSG + FlowsConstatns.DELIMITER + 
 					FlowsUtil.unescapeJaveAndEscapeHtml( afe.getMessage()) );
+
+			attributes.put(FlowsConstatns.ERR_MSG,  afe.getMessage());		
+			//adding attributes to the redirect return value:
+			rv.setAttributesMap(attributes);
+			rv.setUrl(FlowsConstatns.SECURE_FORMS_DIR +"/" + "changePassword.jsp");
 
-			return;
+			return rv;
 		}
 
 
 		writer.println(FlowsConstatns.OK);
+		attributes.put(FlowsConstatns.EMAIL_PARAM_NAME,  email);
+		attributes.put(FlowsConstatns.BASE_URL_PATH, properties.getBaseUrlPath());
+		attributes.put(FlowsConstatns.LOGIN_URL_SUCCESS, properties.getLoginSuccessEndpointUrl());
+		//adding attributes to the redirect return value:
+		rv.setAttributesMap(attributes);		
+		rv.setUrl(FlowsConstatns.LOGIN_FORMS_DIR +"/" + "passwordSetSuccess.jsp");
+		return rv;
 	}
 	/**********************************************************************************************************/
 

authentication-flows/src/test/resources/client.properties

@@ -7,7 +7,7 @@ com.ohadr.auth-flows.email.fromField=ohadr.com Admin
 com.ohadr.auth-flows.mail.username=ohadr.developer@gmail.com
 com.ohadr.auth-flows.mail.password=
 com.ohadr.auth-flows.endpoints.accountActivatedEndpointUrl=/login/accountActivated.htm
-
+com.ohadr.auth-flows.endpoints.loginSuccessEndpointUrl=secure/hello
 
 
 # Crypto settings