Merge branch 'master' of github.com:Evolveum/midpoint

Evolveum · Mar 14, 2023 · 82d70b1 · 82d70b1
2 parents 779b3e5 + 1491114
commit 82d70b1
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 10 deletions.
diff --git a/...hentication-api/src/main/java/com/evolveum/midpoint/authentication/api/util/AuthUtil.java b/...hentication-api/src/main/java/com/evolveum/midpoint/authentication/api/util/AuthUtil.java
@@ -11,6 +11,7 @@
 
 import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
 import com.evolveum.midpoint.model.api.util.AuthenticationEvaluatorUtil;
+import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
@@ -263,4 +264,18 @@ public static AuthenticationAttemptDataType findOrCreateAuthenticationAttemptDat
 //        data.setChannel(connectionEnvironment.getChannel());
         return data;
     }
+
+    public static String generateBadCredentialsMessageKey(Authentication authentication) {
+        String defaultPrefix = "web.security.provider.";
+        String defaultSuffix = "invalid.credentials";
+        if (!(authentication instanceof MidpointAuthentication)) {
+            return defaultPrefix + defaultSuffix;
+        }
+        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
+        //todo generate another message keys for self registration?
+        if (SchemaConstants.CHANNEL_RESET_PASSWORD_URI.equals(mpAuthentication.getAuthenticationChannel().getChannelId())) {
+            return defaultPrefix + SchemaConstants.CHANNEL_RESET_PASSWORD_QNAME.getLocalPart() + "." + defaultSuffix;
+        }
+        return defaultPrefix + defaultSuffix;
+   }
 }
diff --git a/...java/com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.java b/...java/com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.java
@@ -103,7 +103,7 @@ public UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment co
             }
         } else {
             recordModuleAuthenticationFailure(principal.getUsername(), principal, connEnv, credentialsPolicy, "password mismatch");
-            throw new BadCredentialsException("web.security.provider.invalid.credentials");
+            throw new BadCredentialsException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
 
         checkAuthorizations(principal, connEnv, authnCtx);
@@ -126,7 +126,7 @@ public FocusType checkCredentials(ConnectionEnvironment connEnv, T authnCtx)
 
         if (!checkCredentials(principal, authnCtx, connEnv)) {
             recordModuleAuthenticationFailure(principal.getUsername(), principal, connEnv, credentialsPolicy, "password mismatch");
-            throw new BadCredentialsException("web.security.provider.invalid.credentials");
+            throw new BadCredentialsException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
         checkAuthorizations(principal, connEnv, authnCtx);
         recordModuleAuthenticationSuccess(principal, connEnv, false);
@@ -149,7 +149,7 @@ private boolean checkCredentials(MidPointPrincipal principal, T authnCtx, Connec
         CredentialsType credentials = focusType.getCredentials();
         if (credentials == null || getCredential(credentials) == null) {
             recordModuleAuthenticationFailure(principal.getUsername(), principal, connEnv, getCredentialsPolicy(principal, authnCtx), "no credentials in user");
-            throw new AuthenticationCredentialsNotFoundException("web.security.provider.invalid.credentials");
+            throw new AuthenticationCredentialsNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
 
         CredentialPolicyType credentialsPolicy = getCredentialsPolicy(principal, authnCtx);
@@ -263,7 +263,7 @@ protected <C extends AbstractAuthenticationContext> MidPointPrincipal getAndChec
             principal = focusProfileService.getPrincipal(query, clazz);
         } catch (ObjectNotFoundException e) {
             recordModuleAuthenticationFailure(username, null, connEnv, null, "no focus");
-            throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
+            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         } catch (SchemaException e) {
             recordModuleAuthenticationFailure(username, null, connEnv, null, "schema error");
             throw new InternalAuthenticationServiceException("web.security.provider.invalid");
@@ -283,7 +283,7 @@ protected <C extends AbstractAuthenticationContext> MidPointPrincipal getAndChec
 
         if (principal == null) {
             recordModuleAuthenticationFailure(username, null, connEnv, null, "no focus");
-            throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
+            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
 
         if (supportActivationCheck && !principal.isEnabled()) {

diff --git a/...idpoint/authentication/impl/evaluator/FocusIdentificationAuthenticationEvaluatorImpl.java b/...idpoint/authentication/impl/evaluator/FocusIdentificationAuthenticationEvaluatorImpl.java
@@ -6,6 +6,7 @@
  */
 package com.evolveum.midpoint.authentication.impl.evaluator;
 
+import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -20,6 +21,7 @@
 import org.jetbrains.annotations.NotNull;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 
@@ -31,12 +33,12 @@ protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAu
         if (StringUtils.isBlank(authCtx.getUsername())) {
             recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty login provided");
 //            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty login provided", authCtx.getPrincipalType(), false);
-            throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
+            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
         if (StringUtils.isBlank(authCtx.getPassword())) {
             recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
 //            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
-            throw new BadCredentialsException("web.security.provider.invalid.credentials");
+            throw new BadCredentialsException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
     }
 

diff --git a/.../evolveum/midpoint/authentication/impl/evaluator/PasswordAuthenticationEvaluatorImpl.java b/.../evolveum/midpoint/authentication/impl/evaluator/PasswordAuthenticationEvaluatorImpl.java
@@ -6,10 +6,13 @@
  */
 package com.evolveum.midpoint.authentication.impl.evaluator;
 
+import com.evolveum.midpoint.authentication.api.util.AuthUtil;
+
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 
@@ -31,12 +34,12 @@ protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAu
         if (StringUtils.isBlank(authCtx.getUsername())) {
             recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty login provided");
 //            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty login provided", authCtx.getPrincipalType(), false);
-            throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
+            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
         if (StringUtils.isBlank(authCtx.getPassword())) {
             recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
 //            recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
-            throw new BadCredentialsException("web.security.provider.invalid.credentials");
+            throw new BadCredentialsException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
         }
     }
 

diff --git a/...olveum/midpoint/authentication/impl/filter/MidpointRequestHeaderAuthenticationFilter.java b/...olveum/midpoint/authentication/impl/filter/MidpointRequestHeaderAuthenticationFilter.java
@@ -18,6 +18,8 @@
 
 import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
 
+import com.evolveum.midpoint.authentication.api.util.AuthUtil;
+
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -92,7 +94,8 @@ private void doAuthenticate(HttpServletRequest request, HttpServletResponse resp
         Object credentials = getPreAuthenticatedCredentials(request);
 
         if (principal == null) {
-            AuthenticationException failed = new AuthenticationCredentialsNotFoundException("web.security.provider.invalid.credentials");
+            AuthenticationException failed = new AuthenticationCredentialsNotFoundException(
+                    AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
             unsuccessfulAuthentication(request, response, failed);
             return;
         }