Jonathan Cobb
4 years ago
6 changed files with 19 additions and 19 deletions
Unified View
Diff Options
-
+5 -5bubble-server/src/main/java/bubble/resources/account/AuthResource.java
-
+4 -4bubble-server/src/main/java/bubble/service/AuthenticatorService.java
-
+3 -3bubble-server/src/main/java/bubble/service/account/StandardAccountMessageService.java
-
+3 -3bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
-
+1 -1bubble-server/src/test/resources/models/tests/auth/account_crud.json
-
+3 -3bubble-server/src/test/resources/models/tests/auth/network_auth.json
+ 5
- 5
bubble-server/src/main/java/bubble/resources/account/AuthResource.java
View File
| @@ -274,19 +274,19 @@ public class AuthResource { | |||||
| final String accountName = NameAndValue.find(data, DATA_ACCOUNT_NAME); | final String accountName = NameAndValue.find(data, DATA_ACCOUNT_NAME); | ||||
| final Account account = accountDAO.findById(accountName); | final Account account = accountDAO.findById(accountName); | ||||
| if (caller != null && account != null && !caller.getUuid().equals(account.getUuid())) { | if (caller != null && account != null && !caller.getUuid().equals(account.getUuid())) { | ||||
| return invalid("err.token.invalid"); | |||||
| return invalid("err.totpToken.invalid"); | |||||
| } | } | ||||
| if (caller == null && account == null) { | if (caller == null && account == null) { | ||||
| return invalid("err.token.invalid"); | |||||
| return invalid("err.totpToken.invalid"); | |||||
| } | } | ||||
| caller = account; | caller = account; | ||||
| } | } | ||||
| final AccountMessage approval = messageService.approve(caller, getRemoteHost(req), token, data); | final AccountMessage approval = messageService.approve(caller, getRemoteHost(req), token, data); | ||||
| if (approval == null) return invalid("err.token.invalid"); | |||||
| if (approval == null) return invalid("err.totpToken.invalid"); | |||||
| final Account account = validateCallerForApproveOrDeny(caller, approval, token); | final Account account = validateCallerForApproveOrDeny(caller, approval, token); | ||||
| if (approval.getMessageType() == AccountMessageType.confirmation) { | if (approval.getMessageType() == AccountMessageType.confirmation) { | ||||
| if (account == null) return invalid("err.token.invalid"); | |||||
| if (account == null) return invalid("err.totpToken.invalid"); | |||||
| if (approval.getAction() == AccountAction.login) { | if (approval.getAction() == AccountAction.login) { | ||||
| return ok(account.setToken(sessionDAO.create(account))); | return ok(account.setToken(sessionDAO.create(account))); | ||||
| } else { | } else { | ||||
| @@ -306,7 +306,7 @@ public class AuthResource { | |||||
| final Account account = accountDAO.findById(request.getAccount()); | final Account account = accountDAO.findById(request.getAccount()); | ||||
| if (account == null) return notFound(request.getAccount()); | if (account == null) return notFound(request.getAccount()); | ||||
| if (caller != null) { | if (caller != null) { | ||||
| if (!caller.getUuid().equals(account.getUuid())) return invalid("err.token.invalid"); | |||||
| if (!caller.getUuid().equals(account.getUuid())) return invalid("err.totpToken.invalid"); | |||||
| // authenticatorService requires the Account to have a token, or it will generate one | // authenticatorService requires the Account to have a token, or it will generate one | ||||
| account.setToken(caller.getToken()); | account.setToken(caller.getToken()); | ||||
+ 4
- 4
bubble-server/src/main/java/bubble/service/AuthenticatorService.java
View File
| @@ -32,17 +32,17 @@ public class AuthenticatorService { | |||||
| if (authenticator == null) throw invalidEx("err.authenticator.notConfigured"); | if (authenticator == null) throw invalidEx("err.authenticator.notConfigured"); | ||||
| final Integer code = request.intToken(); | final Integer code = request.intToken(); | ||||
| if (code == null) throw invalidEx("err.token.invalid"); | |||||
| if (code == null) throw invalidEx("err.totpToken.invalid"); | |||||
| final String secret = authenticator.totpInfo().getKey(); | final String secret = authenticator.totpInfo().getKey(); | ||||
| if (G_AUTH.authorize(secret, code)) { | if (G_AUTH.authorize(secret, code)) { | ||||
| final String sessionToken = request.startSession() ? sessionDAO.create(account) : account.getToken(); | final String sessionToken = request.startSession() ? sessionDAO.create(account) : account.getToken(); | ||||
| if (sessionToken == null) throw invalidEx("err.token.noSession"); | |||||
| if (sessionToken == null) throw invalidEx("err.totpToken.noSession"); | |||||
| getAuthenticatorTimes().set(sessionToken, String.valueOf(now()), EX, policy.getAuthenticatorTimeout()/1000); | getAuthenticatorTimes().set(sessionToken, String.valueOf(now()), EX, policy.getAuthenticatorTimeout()/1000); | ||||
| return sessionToken; | return sessionToken; | ||||
| } else { | } else { | ||||
| throw invalidEx("err.token.invalid"); | |||||
| throw invalidEx("err.totpToken.invalid"); | |||||
| } | } | ||||
| } | } | ||||
| @@ -71,7 +71,7 @@ public class AuthenticatorService { | |||||
| default: throw invalidEx("err.actionTarget.invalid"); | default: throw invalidEx("err.actionTarget.invalid"); | ||||
| } | } | ||||
| } | } | ||||
| if (!isAuthenticated(account.getToken())) throw invalidEx("err.token.invalid"); | |||||
| if (!isAuthenticated(account.getToken())) throw invalidEx("err.totpToken.invalid"); | |||||
| } | } | ||||
| public void flush(String sessionToken) { getAuthenticatorTimes().del(sessionToken); } | public void flush(String sessionToken) { getAuthenticatorTimes().del(sessionToken); } | ||||
+ 3
- 3
bubble-server/src/main/java/bubble/service/account/StandardAccountMessageService.java
View File
| @@ -210,7 +210,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
| String json = tokens.get(token); | String json = tokens.get(token); | ||||
| if (json == null) { | if (json == null) { | ||||
| log.warn("captureResponse("+type+"): regular token not found: "+token); | log.warn("captureResponse("+type+"): regular token not found: "+token); | ||||
| throw invalidEx("err.token.invalid"); | |||||
| throw invalidEx("err.totpToken.invalid"); | |||||
| } | } | ||||
| if (NUMERIC_PATTERN.matcher(json).matches()) { | if (NUMERIC_PATTERN.matcher(json).matches()) { | ||||
| @@ -219,7 +219,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
| json = tokens.get(numericToken); | json = tokens.get(numericToken); | ||||
| if (json == null) { | if (json == null) { | ||||
| log.warn("captureResponse("+type+"): numeric token not found: "+numericToken+" (token="+token+")"); | log.warn("captureResponse("+type+"): numeric token not found: "+numericToken+" (token="+token+")"); | ||||
| throw invalidEx("err.token.invalid"); | |||||
| throw invalidEx("err.totpToken.invalid"); | |||||
| } | } | ||||
| } | } | ||||
| @@ -237,7 +237,7 @@ public class StandardAccountMessageService implements AccountMessageService { | |||||
| .setTarget(amc.getMessage().getTarget()); | .setTarget(amc.getMessage().getTarget()); | ||||
| if (data != null && !getCompletionHandler(toCreate).validate(toCreate, data)) { | if (data != null && !getCompletionHandler(toCreate).validate(toCreate, data)) { | ||||
| throw invalidEx("err.token.invalid", type+" request was invalid", json(data)); | |||||
| throw invalidEx("err.totpToken.invalid", type+" request was invalid", json(data)); | |||||
| } | } | ||||
| final AccountMessage message = messageDAO.create(toCreate); | final AccountMessage message = messageDAO.create(toCreate); | ||||
+ 3
- 3
bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
View File
| @@ -81,9 +81,9 @@ err.timezone.length=Time zone is too long | |||||
| err.timezone.required=Time zone is required | err.timezone.required=Time zone is required | ||||
| # Authenticator token errors | # Authenticator token errors | ||||
| err.token.invalid=Code is incorrect | |||||
| err.token.invalidActionTarget=Action target was invalid (expected 'account' or 'network') | |||||
| err.token.noSession=Session required for authenticator | |||||
| err.totpToken.invalid=Code is incorrect | |||||
| err.totpToken.invalidActionTarget=Action target was invalid (expected 'account' or 'network') | |||||
| err.totpToken.noSession=Session required for authenticator | |||||
| err.geoCodeService.notFound=GeoCode service not found | err.geoCodeService.notFound=GeoCode service not found | ||||
| err.geoLocateService.notFound=GeoLocation service not found | err.geoLocateService.notFound=GeoLocation service not found | ||||
+ 1
- 1
bubble-server/src/test/resources/models/tests/auth/account_crud.json
View File
| @@ -140,7 +140,7 @@ | |||||
| }, | }, | ||||
| "response": { | "response": { | ||||
| "status": 422, | "status": 422, | ||||
| "check": [ {"condition": "json.has('err.token.invalid')"} ] | |||||
| "check": [ {"condition": "json.has('err.totpToken.invalid')"} ] | |||||
| } | } | ||||
| }, | }, | ||||
+ 3
- 3
bubble-server/src/test/resources/models/tests/auth/network_auth.json
View File
| @@ -48,7 +48,7 @@ | |||||
| "response": { | "response": { | ||||
| "status": 422, | "status": 422, | ||||
| "check": [ | "check": [ | ||||
| {"condition": "json.has('err.token.invalid')"} | |||||
| {"condition": "json.has('err.totpToken.invalid')"} | |||||
| ] | ] | ||||
| } | } | ||||
| }, | }, | ||||
| @@ -105,7 +105,7 @@ | |||||
| "response": { | "response": { | ||||
| "status": 422, | "status": 422, | ||||
| "check": [ | "check": [ | ||||
| {"condition": "json.has('err.token.invalid')"} | |||||
| {"condition": "json.has('err.totpToken.invalid')"} | |||||
| ] | ] | ||||
| } | } | ||||
| }, | }, | ||||
| @@ -122,7 +122,7 @@ | |||||
| "response": { | "response": { | ||||
| "status": 422, | "status": 422, | ||||
| "check": [ | "check": [ | ||||
| {"condition": "json.has('err.token.invalid')"} | |||||
| {"condition": "json.has('err.totpToken.invalid')"} | |||||
| ] | ] | ||||
| } | } | ||||
| }, | }, | ||||