@@ -274,19 +274,19 @@ public class AuthResource { | |||||
final String accountName = NameAndValue.find(data, DATA_ACCOUNT_NAME); | final String accountName = NameAndValue.find(data, DATA_ACCOUNT_NAME); | ||||
final Account account = accountDAO.findById(accountName); | final Account account = accountDAO.findById(accountName); | ||||
if (caller != null && account != null && !caller.getUuid().equals(account.getUuid())) { | if (caller != null && account != null && !caller.getUuid().equals(account.getUuid())) { | ||||
return invalid("err.token.invalid"); | |||||
return invalid("err.totpToken.invalid"); | |||||
} | } | ||||
if (caller == null && account == null) { | if (caller == null && account == null) { | ||||
return invalid("err.token.invalid"); | |||||
return invalid("err.totpToken.invalid"); | |||||
} | } | ||||
caller = account; | caller = account; | ||||
} | } | ||||
final AccountMessage approval = messageService.approve(caller, getRemoteHost(req), token, data); | final AccountMessage approval = messageService.approve(caller, getRemoteHost(req), token, data); | ||||
if (approval == null) return invalid("err.token.invalid"); | |||||
if (approval == null) return invalid("err.totpToken.invalid"); | |||||
final Account account = validateCallerForApproveOrDeny(caller, approval, token); | final Account account = validateCallerForApproveOrDeny(caller, approval, token); | ||||
if (approval.getMessageType() == AccountMessageType.confirmation) { | if (approval.getMessageType() == AccountMessageType.confirmation) { | ||||
if (account == null) return invalid("err.token.invalid"); | |||||
if (account == null) return invalid("err.totpToken.invalid"); | |||||
if (approval.getAction() == AccountAction.login) { | if (approval.getAction() == AccountAction.login) { | ||||
return ok(account.setToken(sessionDAO.create(account))); | return ok(account.setToken(sessionDAO.create(account))); | ||||
} else { | } else { | ||||
@@ -306,7 +306,7 @@ public class AuthResource { | |||||
final Account account = accountDAO.findById(request.getAccount()); | final Account account = accountDAO.findById(request.getAccount()); | ||||
if (account == null) return notFound(request.getAccount()); | if (account == null) return notFound(request.getAccount()); | ||||
if (caller != null) { | if (caller != null) { | ||||
if (!caller.getUuid().equals(account.getUuid())) return invalid("err.token.invalid"); | |||||
if (!caller.getUuid().equals(account.getUuid())) return invalid("err.totpToken.invalid"); | |||||
// authenticatorService requires the Account to have a token, or it will generate one | // authenticatorService requires the Account to have a token, or it will generate one | ||||
account.setToken(caller.getToken()); | account.setToken(caller.getToken()); | ||||
@@ -32,17 +32,17 @@ public class AuthenticatorService { | |||||
if (authenticator == null) throw invalidEx("err.authenticator.notConfigured"); | if (authenticator == null) throw invalidEx("err.authenticator.notConfigured"); | ||||
final Integer code = request.intToken(); | final Integer code = request.intToken(); | ||||
if (code == null) throw invalidEx("err.token.invalid"); | |||||
if (code == null) throw invalidEx("err.totpToken.invalid"); | |||||
final String secret = authenticator.totpInfo().getKey(); | final String secret = authenticator.totpInfo().getKey(); | ||||
if (G_AUTH.authorize(secret, code)) { | if (G_AUTH.authorize(secret, code)) { | ||||
final String sessionToken = request.startSession() ? sessionDAO.create(account) : account.getToken(); | final String sessionToken = request.startSession() ? sessionDAO.create(account) : account.getToken(); | ||||
if (sessionToken == null) throw invalidEx("err.token.noSession"); | |||||
if (sessionToken == null) throw invalidEx("err.totpToken.noSession"); | |||||
getAuthenticatorTimes().set(sessionToken, String.valueOf(now()), EX, policy.getAuthenticatorTimeout()/1000); | getAuthenticatorTimes().set(sessionToken, String.valueOf(now()), EX, policy.getAuthenticatorTimeout()/1000); | ||||
return sessionToken; | return sessionToken; | ||||
} else { | } else { | ||||
throw invalidEx("err.token.invalid"); | |||||
throw invalidEx("err.totpToken.invalid"); | |||||
} | } | ||||
} | } | ||||
@@ -71,7 +71,7 @@ public class AuthenticatorService { | |||||
default: throw invalidEx("err.actionTarget.invalid"); | default: throw invalidEx("err.actionTarget.invalid"); | ||||
} | } | ||||
} | } | ||||
if (!isAuthenticated(account.getToken())) throw invalidEx("err.token.invalid"); | |||||
if (!isAuthenticated(account.getToken())) throw invalidEx("err.totpToken.invalid"); | |||||
} | } | ||||
public void flush(String sessionToken) { getAuthenticatorTimes().del(sessionToken); } | public void flush(String sessionToken) { getAuthenticatorTimes().del(sessionToken); } | ||||
@@ -210,7 +210,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
String json = tokens.get(token); | String json = tokens.get(token); | ||||
if (json == null) { | if (json == null) { | ||||
log.warn("captureResponse("+type+"): regular token not found: "+token); | log.warn("captureResponse("+type+"): regular token not found: "+token); | ||||
throw invalidEx("err.token.invalid"); | |||||
throw invalidEx("err.totpToken.invalid"); | |||||
} | } | ||||
if (NUMERIC_PATTERN.matcher(json).matches()) { | if (NUMERIC_PATTERN.matcher(json).matches()) { | ||||
@@ -219,7 +219,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
json = tokens.get(numericToken); | json = tokens.get(numericToken); | ||||
if (json == null) { | if (json == null) { | ||||
log.warn("captureResponse("+type+"): numeric token not found: "+numericToken+" (token="+token+")"); | log.warn("captureResponse("+type+"): numeric token not found: "+numericToken+" (token="+token+")"); | ||||
throw invalidEx("err.token.invalid"); | |||||
throw invalidEx("err.totpToken.invalid"); | |||||
} | } | ||||
} | } | ||||
@@ -237,7 +237,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
.setTarget(amc.getMessage().getTarget()); | .setTarget(amc.getMessage().getTarget()); | ||||
if (data != null && !getCompletionHandler(toCreate).validate(toCreate, data)) { | if (data != null && !getCompletionHandler(toCreate).validate(toCreate, data)) { | ||||
throw invalidEx("err.token.invalid", type+" request was invalid", json(data)); | |||||
throw invalidEx("err.totpToken.invalid", type+" request was invalid", json(data)); | |||||
} | } | ||||
final AccountMessage message = messageDAO.create(toCreate); | final AccountMessage message = messageDAO.create(toCreate); | ||||
@@ -81,9 +81,9 @@ err.timezone.length=Time zone is too long | |||||
err.timezone.required=Time zone is required | err.timezone.required=Time zone is required | ||||
# Authenticator token errors | # Authenticator token errors | ||||
err.token.invalid=Code is incorrect | |||||
err.token.invalidActionTarget=Action target was invalid (expected 'account' or 'network') | |||||
err.token.noSession=Session required for authenticator | |||||
err.totpToken.invalid=Code is incorrect | |||||
err.totpToken.invalidActionTarget=Action target was invalid (expected 'account' or 'network') | |||||
err.totpToken.noSession=Session required for authenticator | |||||
err.geoCodeService.notFound=GeoCode service not found | err.geoCodeService.notFound=GeoCode service not found | ||||
err.geoLocateService.notFound=GeoLocation service not found | err.geoLocateService.notFound=GeoLocation service not found | ||||
@@ -140,7 +140,7 @@ | |||||
}, | }, | ||||
"response": { | "response": { | ||||
"status": 422, | "status": 422, | ||||
"check": [ {"condition": "json.has('err.token.invalid')"} ] | |||||
"check": [ {"condition": "json.has('err.totpToken.invalid')"} ] | |||||
} | } | ||||
}, | }, | ||||
@@ -48,7 +48,7 @@ | |||||
"response": { | "response": { | ||||
"status": 422, | "status": 422, | ||||
"check": [ | "check": [ | ||||
{"condition": "json.has('err.token.invalid')"} | |||||
{"condition": "json.has('err.totpToken.invalid')"} | |||||
] | ] | ||||
} | } | ||||
}, | }, | ||||
@@ -105,7 +105,7 @@ | |||||
"response": { | "response": { | ||||
"status": 422, | "status": 422, | ||||
"check": [ | "check": [ | ||||
{"condition": "json.has('err.token.invalid')"} | |||||
{"condition": "json.has('err.totpToken.invalid')"} | |||||
] | ] | ||||
} | } | ||||
}, | }, | ||||
@@ -122,7 +122,7 @@ | |||||
"response": { | "response": { | ||||
"status": 422, | "status": 422, | ||||
"check": [ | "check": [ | ||||
{"condition": "json.has('err.token.invalid')"} | |||||
{"condition": "json.has('err.totpToken.invalid')"} | |||||
] | ] | ||||
} | } | ||||
}, | }, | ||||