Skip to content

Commit

Permalink
Merge branch 'release/20.1.0'
Browse files Browse the repository at this point in the history
cslzchen committed Apr 14, 2020
2 parents 59a9a7b + 31a382a commit cdcd0d7
Showing 26 changed files with 460 additions and 211 deletions.
13 changes: 11 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -2,8 +2,17 @@

We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.

20.0.3 (2020-2-20)
==================
20.1.0 (2020-04-14)
===================

- Move all OSF-customized auth exceptions to their decidated package
- Split the general institution login exception into three specialized ones
- Fixed an issue where the institution exception may be thrown for general OAuth failures
- Rewrite JavaDoc, comments, log messages and auth exceptions for non-interative login actions
- OSF TOTP model change: the "deleted" field is now a timestamp (which was a boolean)

20.0.3 (2020-02-20)
===================

- Update institutions-auth.xsl to normalize BT attributes

Original file line number Diff line number Diff line change
@@ -24,11 +24,11 @@
import io.cos.cas.adaptors.postgres.models.OpenScienceFrameworkUser;
import io.cos.cas.authentication.exceptions.AccountNotConfirmedIdPLoginException;
import io.cos.cas.authentication.exceptions.AccountNotConfirmedOsfLoginException;
import io.cos.cas.authentication.InvalidVerificationKeyException;
import io.cos.cas.authentication.OneTimePasswordFailedLoginException;
import io.cos.cas.authentication.OneTimePasswordRequiredException;
import io.cos.cas.authentication.exceptions.InvalidVerificationKeyException;
import io.cos.cas.authentication.exceptions.InvalidUserStatusException;
import io.cos.cas.authentication.exceptions.OneTimePasswordFailedLoginException;
import io.cos.cas.authentication.exceptions.OneTimePasswordRequiredException;
import io.cos.cas.authentication.OpenScienceFrameworkCredential;
import io.cos.cas.authentication.ShouldNotHappenException;
import io.cos.cas.authentication.oath.TotpUtils;

import org.jasig.cas.authentication.AccountDisabledException;
@@ -195,11 +195,11 @@ protected final HandlerResult authenticateInternal(final OpenScienceFrameworkCre
} else if (USER_DISABLED.equals(userStatus)) {
throw new AccountDisabledException(username + " is disabled");
} else if (USER_NOT_CLAIMED.equals(userStatus)) {
throw new ShouldNotHappenException(username + " is not claimed");
throw new InvalidUserStatusException(username + " is not claimed");
} else if (USER_MERGED.equals(userStatus)) {
throw new ShouldNotHappenException("Cannot log in to a merged user " + username);
throw new InvalidUserStatusException("Cannot log in to a merged user " + username);
} else if (USER_STATUS_UNKNOWN.equals(userStatus)) {
throw new ShouldNotHappenException(username + " is not active: unknown status");
throw new InvalidUserStatusException(username + " is not active: unknown status");
}
final Map<String, Object> attributes = new HashMap<>();
attributes.put("username", user.getUsername());
@@ -261,7 +261,7 @@ private String verifyUserStatus(final OpenScienceFrameworkUser user) {
logger.info("User Status Check: {}", USER_NOT_CONFIRMED_IDP);
return USER_NOT_CONFIRMED_IDP;
}
} catch (final ShouldNotHappenException e) {
} catch (final InvalidUserStatusException e) {
logger.error("User Status Check: {}", USER_STATUS_UNKNOWN);
return USER_STATUS_UNKNOWN;
}
@@ -335,23 +335,23 @@ private boolean verifyPassword(final String plainTextPassword, final String user
*
* @param externalIdentity a {@link JsonObject} that stores all external identities of a user instance
* @return {@code true} if so and {@code false} otherwise
* @throws ShouldNotHappenException if {@code externalIdentity} fails JSON parsing.
* @throws InvalidUserStatusException if {@code externalIdentity} fails JSON parsing.
*/
private boolean isCreatedByExternalIdp(final JsonObject externalIdentity) throws ShouldNotHappenException {
private boolean isCreatedByExternalIdp(final JsonObject externalIdentity) throws InvalidUserStatusException {

for (final Map.Entry<String, JsonElement> provider : externalIdentity.entrySet()) {
try {
for (final Map.Entry<String, JsonElement> identity : provider.getValue().getAsJsonObject().entrySet()) {
if (!identity.getValue().isJsonPrimitive()) {
throw new ShouldNotHappenException();
throw new InvalidUserStatusException();
}
if ("CREATE".equals(identity.getValue().getAsString())) {
logger.info("New and unconfirmed OSF user: {} : {}", identity.getKey(), identity.getValue().toString());
return true;
}
}
} catch (final IllegalStateException e) {
throw new ShouldNotHappenException();
throw new InvalidUserStatusException();
}
}
return false;
Original file line number Diff line number Diff line change
@@ -23,14 +23,19 @@
import javax.persistence.JoinColumn;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;

import javax.xml.bind.DatatypeConverter;

import java.util.Date;

/**
* The Open Science Framework Two Factor User Settings.
*
* @author Michael Haselton
* @author Longze Chen
* @since 4.1.0
* @since 19.3.0
*/
@Entity
@Table(name = "addons_twofactor_usersettings")
@@ -50,8 +55,9 @@ public class OpenScienceFrameworkTimeBasedOneTimePassword {
@Column(name = "is_confirmed", nullable = false)
private Boolean confirmed;

@Column(name = "is_deleted", nullable = false)
private Boolean deleted;
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "deleted")
private Date deleted;

/** Default Constructor. */
public OpenScienceFrameworkTimeBasedOneTimePassword() {}
@@ -69,7 +75,7 @@ public Boolean isConfirmed() {
}

public Boolean isDeleted() {
return deleted;
return deleted != null;
}

/**
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@
* {@link org.jasig.cas.support.pac4j.web.flow.ClientAction} and {@link org.pac4j.cas.client.CasClient}.
*
* @author Longze Chen
* @since 4.1.5
* @since 19.3.0
*/
public class CasClientLoginException extends DelegatedLoginException {

Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@
* This is a generic login exception for authentication via delegated client.
*
* @author Longze Chen
* @since 4.1.5
* @since 19.3.0
*/
public class DelegatedLoginException extends FailedLoginException {

Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.cos.cas.authentication.exceptions;

/**
* Describes an error condition where institution login fails due to missing required attributes.
*
* @author Longze Chen
* @since 20.1.0
*/
public class InstitutionLoginFailedAttributesMissingException extends InstitutionLoginFailedException {

private static final long serialVersionUID = -5992158588780483730L;

/** Instantiates a new exception (default). */
public InstitutionLoginFailedAttributesMissingException() {
super();
}

/**
* Instantiates a new exception with a given message.
*
* @param message the message
*/
public InstitutionLoginFailedAttributesMissingException(final String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.cos.cas.authentication.exceptions;

/**
* Describes an error condition where institution login fails due to attributes normalization failure.
*
* @author Longze Chen
* @since 20.1.0
*/
public class InstitutionLoginFailedAttributesParsingException extends InstitutionLoginFailedException {

private static final long serialVersionUID = 1678051762557685138L;

/** Instantiates a new exception (default). */
public InstitutionLoginFailedAttributesParsingException() {
super();
}

/**
* Instantiates a new exception with a given message.
*
* @param message the message
*/
public InstitutionLoginFailedAttributesParsingException(final String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016. Center for Open Science
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,23 +13,22 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.cos.cas.authentication;
package io.cos.cas.authentication.exceptions;

import javax.security.auth.login.AccountException;

/**
* Describes an error condition where authentication has failed during authentication delegation.
* Describes an error condition where authentication has failed during institution login.
*
* @author Michael Haselton
* @author Longze Chen
* @since 4.1.5
* @since 20.1.0
*/
public class RemoteUserFailedLoginException extends AccountException {
public class InstitutionLoginFailedException extends AccountException {

private static final long serialVersionUID = 3472948140572518658L;

/** Instantiates a new exception (default). */
public RemoteUserFailedLoginException() {
public InstitutionLoginFailedException() {
super();
}

@@ -38,7 +37,7 @@ public RemoteUserFailedLoginException() {
*
* @param message the message
*/
public RemoteUserFailedLoginException(final String message) {
public InstitutionLoginFailedException(final String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.cos.cas.authentication.exceptions;

/**
* Describes an error condition where institution login fails when communicating with OSF API.
*
* @author Longze Chen
* @since 20.1.0
*/
public class InstitutionLoginFailedOsfApiException extends InstitutionLoginFailedException {

private static final long serialVersionUID = 1737367176204402913L;

/** Instantiates a new exception (default). */
public InstitutionLoginFailedOsfApiException() {
super();
}

/**
* Instantiates a new exception with a given message.
*
* @param message the message
*/
public InstitutionLoginFailedOsfApiException(final String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016. Center for Open Science
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,26 +13,27 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.cos.cas.authentication;
package io.cos.cas.authentication.exceptions;

import javax.security.auth.login.AccountException;

/**
* Describes an error condition where authentication occurs from an account that:
* Describes an error condition where user status is invalid, which currently includes the following cases.
*
* 1. is an unclaimed user which has been created as a new contributor
* 2. is an inactive user which has been merged into another account
* 3. has other undefined/unknown status, possibly due to internal bug or user model changes
* 3. has an external identity that can not be parsed
* 4. has other undefined status, possibly due to internal bug or user model changes
*
* @author Longze Chen
* @since 4.1.5
* @since 20.1.0
*/
public class ShouldNotHappenException extends AccountException {
public class InvalidUserStatusException extends AccountException {

private static final long serialVersionUID = 8296529645368130304L;

/** Instantiates a new exception (default). */
public ShouldNotHappenException() {
public InvalidUserStatusException() {
super();
}

@@ -41,7 +42,7 @@ public ShouldNotHappenException() {
*
* @param message the message
*/
public ShouldNotHappenException(final String message) {
public InvalidUserStatusException(final String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018. Center for Open Science
* Copyright (c) 2020. Center for Open Science
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,15 +13,15 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.cos.cas.authentication;
package io.cos.cas.authentication.exceptions;

import javax.security.auth.login.AccountException;

/**
* Describes an error condition where authentication failed with invalid verification key.
*
* @author Longze Chen
* @since 4.1.5
* @since 20.1.0
*/
public class InvalidVerificationKeyException extends AccountException {

Loading

0 comments on commit cdcd0d7

Please sign in to comment.