Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.tecnics.proxy.controllers;
- import com.tecnics.proxy.filters.FilterUtils;
- import com.tecnics.proxy.models.MFA;
- import com.tecnics.proxy.models.User;
- import com.tecnics.proxy.service.*;
- import com.tecnics.proxy.utils.Constants;
- import com.tecnics.proxy.utils.HttpUtils;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.core.io.ClassPathResource;
- import org.springframework.http.*;
- import org.springframework.stereotype.Controller;
- import org.springframework.ui.Model;
- import org.springframework.util.StreamUtils;
- import org.springframework.validation.BindingResult;
- import org.springframework.web.bind.annotation.*;
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import javax.validation.Valid;
- import java.io.IOException;
- import java.util.List;
- import java.util.Map;
- /**
- * Created by tecnicsdev on 2/7/18.
- */
- @Controller
- public class LoginController {
- private Logger logger = LoggerFactory.getLogger(LoginController.class);
- LoginService loginService;
- ProxyServer proxyServer;
- FilterUtils filterUtils;
- CacheService cacheService;
- DataServices dataServices;
- HttpServletRequest request;
- @Value("${okta-redirect-url}")
- String oktaRedirectUrl;
- @Value("${okta-cookie-name}")
- String oktaCookieName;
- @Value("${server.servlet.context-path}")
- String proxyServerContextPath;
- @Value("${resourceServerLandingPage}")
- String resourceServerLandingPage;
- @Value("${login-page}")
- String loginPage;
- String redirect="redirect:";
- @Autowired
- LoginController(LoginService loginService, ProxyServer proxyServer, FilterUtils filterUtils,
- CacheService cacheService, DataServices dataServices, HttpServletRequest request){
- this.loginService=loginService;
- this.proxyServer=proxyServer;
- this.filterUtils=filterUtils;
- this.cacheService=cacheService;
- this.dataServices=dataServices;
- this.request=request;
- }
- @GetMapping(value = "${login-page}")
- public String loginOkta(Model model, HttpServletResponse response){
- removeCookies(response);
- prepareLoginModel(model, null, null);
- return "signin";
- }
- void prepareLoginModel(Model model, String errorMsg, String successMsg){
- List<Map<String, String>> institutionList = cacheService.getInstitutions();
- model.addAttribute("user", new User());
- model.addAttribute("institutionList", institutionList);
- model.addAttribute("error", errorMsg);
- model.addAttribute("success", successMsg);
- }
- @PostMapping(value = "${login-page}")
- public String login(@ModelAttribute @Valid User user, BindingResult result, Model model){
- if(result.hasErrors()){
- prepareLoginModel(model, "Invalid data submitted", null);
- return "signin";
- }
- logger.debug("login initiated");
- HttpSession session = request.getSession(true);
- String username=HttpUtils.buildUsername(user);
- int institutionId = user.getInstitutionId();
- String password = user.getPassword();
- user.setUsername(username);
- session.setAttribute("username", username);
- session.setAttribute("institutionId", institutionId);
- session.setAttribute("password", password);
- return processLogin(user, "sso", model);
- }
- String processLogin(User user, String loginType, Model model){
- Map<String, Object> authMap= loginService.login(user, loginType);
- if(authMap!=null){
- String status = (String) authMap.get("status");
- if(status.equals(Constants.SUCCESS)){
- String redirectUrl =(String) authMap.get("redirectUrl");
- String nonce =(String) authMap.get("nonce");
- HttpUtils.storeNonceInSession(request, nonce);
- ResponseEntity<String> responseEntity = loginService.executeRedirectUri(redirectUrl, null);
- HttpHeaders headers = responseEntity.getHeaders();
- Map<String, String> paramMap = loginService.parseCodeAndStateFromHeaders(headers);
- if(paramMap!=null){
- String code=paramMap.get("code");
- String state=paramMap.get("state");
- return String.format("%s%s?code=%s&state=%s", redirect, oktaRedirectUrl, code, state);
- }
- return redirect+loginPage;
- }else if(status.equals(Constants.MFAREQUIRED)){
- List<Map<String, String>> factors = (List<Map<String, String>>) authMap.get(Constants.FACTORS);
- model.addAttribute(Constants.FACTORS, factors);
- model.addAttribute("contextPath", proxyServerContextPath);
- model.addAttribute("mfa", new MFA());
- return "verifyFactor";
- }else if(status.equals(Constants.LOCKEDOUT)){
- prepareLoginModel(model, "Your account is locked. Please contact your Administrator.", null);
- dataServices.postSecurityEvent(user.getUsername(), user.getInstitutionId(), Constants.LOGINEVENT, Constants.LOCKOUTERRMSG, Constants.FAILED);
- HttpUtils.invalidateSession(request);
- return loginPage;
- }else if(status.equals(Constants.MFAENROLL)){
- List<Map<String, String>> factors = (List<Map<String, String>>) authMap.get(Constants.FACTORS);
- model.addAttribute(Constants.FACTORS, factors);
- model.addAttribute("contextPath", proxyServerContextPath);
- return "factorSetup";
- }else if(status.equals(Constants.PASSWORD_EXPIRED)){
- String stateToken = (String) authMap.get(Constants.STATETOKEN);
- model.addAttribute(Constants.STATETOKEN, stateToken);
- model.addAttribute("logintype", loginType);
- return "passwordExpired";
- }else {
- dataServices.postSecurityEvent(user.getUsername(), user.getInstitutionId(), Constants.LOGINEVENT, Constants.ERRORLOGINMSG, Constants.FAILED);
- HttpUtils.invalidateSession(request);
- prepareLoginModel(model, "Your credentials are incorrect. Please re-enter your information.", null);
- return loginPage;
- }
- }else {
- dataServices.postSecurityEvent(user.getUsername(), user.getInstitutionId(), Constants.LOGINEVENT, Constants.ERRORLOGINMSG, Constants.FAILED);
- HttpUtils.invalidateSession(request);
- prepareLoginModel(model, "Your credentials are incorrect. Please re-enter your information.", null);
- return loginPage;
- }
- }
- @GetMapping(value = "authorization-code/callback")
- public void redirectCallback(@RequestParam("code") String code, @RequestParam("state") String state,
- HttpServletResponse response, HttpServletRequest request) throws IOException {
- HttpSession session = request.getSession();
- String username= (String) session.getAttribute("username");
- int institutionId= (int) session.getAttribute("institutionId");
- String accessToken = loginService.exchangeCode(code);
- if(username!=null && institutionId !=0){
- dataServices.postSecurityEvent(username, institutionId, Constants.LOGINEVENT, Constants.SUCCESSLOGINMSG, Constants.SUCCESS);
- HttpUtils.invalidateSession(request);
- }
- response=filterUtils.removeTokenCookies(request, response);
- if(accessToken!=null){
- Cookie cookie = new Cookie(oktaCookieName, accessToken);
- cookie.setPath(proxyServerContextPath);
- response.addCookie(cookie);
- if(state.equals("sso")){
- loginService.executeSSOCall(accessToken);
- }else {
- response.sendRedirect(proxyServerContextPath + resourceServerLandingPage);
- }
- }else {
- response.sendRedirect(proxyServerContextPath + loginPage);
- }
- }
- @GetMapping(value = "logo/{imageName}", produces = MediaType.IMAGE_PNG_VALUE)
- public ResponseEntity<byte[]> loadimage(@PathVariable("imageName") String imageName) throws IOException {
- ClassPathResource imgFile = new ClassPathResource("static/" + imageName + ".png");
- byte[] bytes = StreamUtils.copyToByteArray(imgFile.getInputStream());
- return ResponseEntity
- .ok()
- .contentType(MediaType.IMAGE_PNG)
- .body(bytes);
- }
- @ResponseBody
- @GetMapping(value = "logout")
- public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException {
- removeCookies(response);
- response.sendRedirect(proxyServerContextPath + loginPage);
- }
- @GetMapping(value = "**/resource/{fileName}", produces = {"text/javascript", "text/css"})
- public ResponseEntity<byte[]> loadStaticJsFile(@PathVariable("fileName") String fileName) throws IOException {
- byte[] bytes = null;
- if(fileName.endsWith(".js")){
- ClassPathResource imgFile = new ClassPathResource("static/public/js/" + fileName);
- bytes = StreamUtils.copyToByteArray(imgFile.getInputStream());
- } else if(fileName.endsWith(".css")){
- ClassPathResource imgFile = new ClassPathResource("static/public/css/" + fileName);
- bytes = StreamUtils.copyToByteArray(imgFile.getInputStream());
- }
- return ResponseEntity
- .ok()
- .body(bytes);
- }
- void removeCookies(HttpServletResponse response){
- Cookie[] cookies = request.getCookies();
- if(cookies!=null && cookies.length>0){
- for (Cookie cookie:cookies) {
- String cookieName = cookie.getName();
- String cookieValue = cookie.getValue();
- if(cookieName.equals(oktaCookieName)){
- cacheService.removeTokens(cookieValue);
- }
- }
- filterUtils.removeTokenCookies(request, response);
- }
- }
- }
Add Comment
Please, Sign In to add comment