diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/handlers/OpenScienceFrameworkAuthenticationHandler.java b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/handlers/OpenScienceFrameworkAuthenticationHandler.java index f2b7469f..eea892e1 100644 --- a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/handlers/OpenScienceFrameworkAuthenticationHandler.java +++ b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/handlers/OpenScienceFrameworkAuthenticationHandler.java @@ -15,35 +15,39 @@ */ package io.cos.cas.adaptors.postgres.handlers; -import java.nio.charset.StandardCharsets; -import java.security.GeneralSecurityException; -import java.security.MessageDigest; -import java.util.HashMap; -import java.util.Map; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import io.cos.cas.adaptors.postgres.daos.OpenScienceFrameworkDaoImpl; import io.cos.cas.adaptors.postgres.models.OpenScienceFrameworkGuid; import io.cos.cas.adaptors.postgres.models.OpenScienceFrameworkTimeBasedOneTimePassword; import io.cos.cas.adaptors.postgres.models.OpenScienceFrameworkUser; -import io.cos.cas.adaptors.postgres.daos.OpenScienceFrameworkDaoImpl; +import io.cos.cas.authentication.exceptions.AccountNotConfirmedIdPLoginException; +import io.cos.cas.authentication.exceptions.AccountNotConfirmedOsfLoginException; import io.cos.cas.authentication.InvalidVerificationKeyException; -import io.cos.cas.authentication.LoginNotAllowedException; import io.cos.cas.authentication.OneTimePasswordFailedLoginException; import io.cos.cas.authentication.OneTimePasswordRequiredException; import io.cos.cas.authentication.OpenScienceFrameworkCredential; - import io.cos.cas.authentication.ShouldNotHappenException; import io.cos.cas.authentication.oath.TotpUtils; + import org.jasig.cas.authentication.AccountDisabledException; import org.jasig.cas.authentication.Credential; -import org.jasig.cas.authentication.HandlerResult; -import org.jasig.cas.authentication.PreventedException; import org.jasig.cas.authentication.handler.NoOpPrincipalNameTransformer; import org.jasig.cas.authentication.handler.PrincipalNameTransformer; import org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler; +import org.jasig.cas.authentication.HandlerResult; +import org.jasig.cas.authentication.PreventedException; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.crypto.bcrypt.BCrypt; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.util.HashMap; +import java.util.Map; + import javax.security.auth.login.AccountNotFoundException; import javax.security.auth.login.FailedLoginException; import javax.validation.constraints.NotNull; @@ -54,7 +58,7 @@ * * @author Michael Haselton * @author Longze Chen - * @since 4.1.0 + * @since 19.0.0 */ public class OpenScienceFrameworkAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler implements InitializingBean { @@ -65,7 +69,8 @@ public class OpenScienceFrameworkAuthenticationHandler extends AbstractPreAndPos // user status private static final String USER_ACTIVE = "ACTIVE"; - private static final String USER_NOT_CONFIRMED = "NOT_CONFIRMED"; + private static final String USER_NOT_CONFIRMED_OSF = "NOT_CONFIRMED_OSF"; + private static final String USER_NOT_CONFIRMED_IDP = "NOT_CONFIRMED_IDP"; private static final String USER_NOT_CLAIMED = "NOT_CLAIMED"; private static final String USER_MERGED = "MERGED"; private static final String USER_DISABLED = "DISABLED"; @@ -183,9 +188,11 @@ protected final HandlerResult authenticateInternal(final OpenScienceFrameworkCre } // Check user's status, and only ACTIVE user can sign in - if (USER_NOT_CONFIRMED.equals(userStatus)) { - throw new LoginNotAllowedException(username + " is registered but not confirmed"); - } else if (USER_DISABLED.equals(userStatus)) { + if (USER_NOT_CONFIRMED_OSF.equals(userStatus)) { + throw new AccountNotConfirmedOsfLoginException(username + " is registered but not confirmed"); + } else if (USER_NOT_CONFIRMED_IDP.equals(userStatus)) { + throw new AccountNotConfirmedIdPLoginException(username + " is registered via external IdP but not confirmed "); + } else if (USER_DISABLED.equals(userStatus)) { throw new AccountDisabledException(username + " is disabled"); } else if (USER_NOT_CLAIMED.equals(userStatus)) { throw new ShouldNotHappenException(username + " is not claimed"); @@ -215,24 +222,28 @@ public boolean supports(final Credential credential) { } /** - * Verify user status. + * Check and verify user status. + * + * USER_ACTIVE: The user is active. + * + * USER_NOT_CONFIRMED_OSF: The user is created via default username / password sign-up but not confirmed. * - * USER_ACTIVE: Active user found, proceed. + * USER_NOT_CONFIRMED_IDP: The user is created via via external IdP (e.g. ORCiD) login but not confirmed. * - * USER_NOT_CONFIRMED: Inform users that the account is created but not confirmed. In addition, provide them - * with a link to resend confirmation email. + * USER_NOT_CLAIMED: The user is created as an unclaimed contributor but not claimed. * - * USER_DISABLED: Inform users that the account is disable and that they should contact OSF support. + * USER_DISABLED: The user has been deactivated. * - * USER_MERGED, - * USER_NOT_CLAIMED, - * USER_STATUS_UNKNOWN: These three are internal or invalid user status that are not supposed to happen with - * normal authentication and authorization flow. + * USER_MERGED: The user has been merged into another user. * - * @param user the OSF user - * @return the user status + * USER_STATUS_UNKNOWN: Unknown or invalid status. This usually indicates that there is something wrong with + * the OSF-CAS auth logic and / or the OSF user model. + * + * @param user an {@link OpenScienceFrameworkUser} instance + * @return a {@link String} that represents the user status */ private String verifyUserStatus(final OpenScienceFrameworkUser user) { + // An active user must be registered, not disabled, not merged and has a not null password. // Only active users can pass the verification. if (user.isActive()) { @@ -240,17 +251,29 @@ private String verifyUserStatus(final OpenScienceFrameworkUser user) { return USER_ACTIVE; } else { // If the user instance is neither registered nor not confirmed, it can be either an unclaimed contributor - // or a newly created user pending confirmation. The difference is whether it has a usable password. + // or a newly created user pending confirmation. if (!user.isRegistered() && !user.isConfirmed()) { if (isUnusablePassword(user.getPassword())) { - // If the user instance has an unusable password, it must be an unclaimed contributor. + // If the user instance has an unusable password but also has a pending external identity "CREATE" + // confirmation, it must be an unconfirmed user created via external IdP login. + try { + if (isCreatedByExternalIdp(user.getExternalIdentity())) { + logger.info("User Status Check: {}", USER_NOT_CONFIRMED_IDP); + return USER_NOT_CONFIRMED_IDP; + } + } catch (final ShouldNotHappenException e) { + logger.error("User Status Check: {}", USER_STATUS_UNKNOWN); + return USER_STATUS_UNKNOWN; + } + // If the user instance has an unusable password without any pending external identity "CREATE" + // confirmation, it must be an unclaimed contributor. logger.info("User Status Check: {}", USER_NOT_CLAIMED); return USER_NOT_CLAIMED; } else if (checkPasswordPrefix(user.getPassword())) { // If the user instance has a password with a valid prefix, it must be a unconfirmed user who // has registered for a new account. - logger.info("User Status Check: {}", USER_NOT_CONFIRMED); - return USER_NOT_CONFIRMED; + logger.info("User Status Check: {}", USER_NOT_CONFIRMED_OSF); + return USER_NOT_CONFIRMED_OSF; } } // If the user instance has been merged by another user, it stays registered and confirmed. The username is @@ -307,6 +330,33 @@ private boolean verifyPassword(final String plainTextPassword, final String user } } + /** + * Check if the user instance is created by an external identity provider and is pending confirmation. + * + * @param externalIdentity a {@link JsonObject} that stores all external identities of a user instance + * @return {@code true} if so and {@code false} otherwise + * @throws ShouldNotHappenException if {@code externalIdentity} fails JSON parsing. + */ + private boolean isCreatedByExternalIdp(final JsonObject externalIdentity) throws ShouldNotHappenException { + + for (final Map.Entry provider : externalIdentity.entrySet()) { + try { + for (final Map.Entry identity : provider.getValue().getAsJsonObject().entrySet()) { + if (!identity.getValue().isJsonPrimitive()) { + throw new ShouldNotHappenException(); + } + if ("CREATE".equals(identity.getValue().getAsString())) { + logger.info("New and unconfirmed OSF user: {} : {}", identity.getKey(), identity.getValue().toString()); + return true; + } + } + } catch (final IllegalStateException e) { + throw new ShouldNotHappenException(); + } + } + return false; + } + /** * Check if the password hash is "django-unusable". * diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/hibernate/OSFPostgreSQLDialect.java b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/hibernate/OSFPostgreSQLDialect.java new file mode 100644 index 00000000..79baa113 --- /dev/null +++ b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/hibernate/OSFPostgreSQLDialect.java @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2020. Center for Open Science + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.cos.cas.adaptors.postgres.hibernate; + +import org.hibernate.dialect.PostgreSQL9Dialect; + +import java.sql.Types; + +/** + * Customized Postgres dialect that supports {@literal jsonb}. + * + * @author Longze Chen + * @since 20.0.0 + */ +public class OSFPostgreSQLDialect extends PostgreSQL9Dialect { + + /** The default constructor. */ + public OSFPostgreSQLDialect() { + this.registerColumnType(Types.JAVA_OBJECT, "jsonb"); + } +} diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/models/OpenScienceFrameworkUser.java b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/models/OpenScienceFrameworkUser.java index faceb683..69e6ea5d 100644 --- a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/models/OpenScienceFrameworkUser.java +++ b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/models/OpenScienceFrameworkUser.java @@ -15,6 +15,15 @@ */ package io.cos.cas.adaptors.postgres.models; +import com.google.gson.JsonObject; + +import io.cos.cas.adaptors.postgres.types.PostgresJsonbUserType; + +import org.hibernate.annotations.Type; +import org.hibernate.annotations.TypeDef; + +import java.util.Date; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; @@ -23,17 +32,17 @@ import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.TemporalType; -import java.util.Date; /** * The Open Science Framework User. * * @author Michael Haselton * @author Longze Chen - * @since 4.1.0 + * @since 19.0.0 */ @Entity @Table(name = "osf_osfuser") +@TypeDef(name = "PostgresJsonb", typeClass = PostgresJsonbUserType.class) public final class OpenScienceFrameworkUser { @Id @@ -46,6 +55,10 @@ public final class OpenScienceFrameworkUser { @Column(name = "password", nullable = false) private String password; + @Column(name = "external_identity") + @Type(type = "PostgresJsonb") + private JsonObject externalIdentity; + @Column(name = "verification_key") private String verificationKey; @@ -85,6 +98,10 @@ public String getPassword() { return password; } + public JsonObject getExternalIdentity() { + return externalIdentity; + } + public String getVerificationKey() { return verificationKey; } diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/PostgresJsonbUserType.java b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/PostgresJsonbUserType.java new file mode 100644 index 00000000..925382e2 --- /dev/null +++ b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/PostgresJsonbUserType.java @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2020. Center for Open Science + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.cos.cas.adaptors.postgres.types; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import org.hibernate.cfg.NotYetImplementedException; +import org.hibernate.engine.spi.SessionImplementor; +import org.hibernate.HibernateException; +import org.hibernate.usertype.UserType; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.Serializable; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Types; + +/** + * Customized Hibernate data type for Postgres {@literal jsonb}. + * + * {@link com.google.gson.JsonObject} is used as the object type / class for Postgres {@literal jsonb}. + * + * CAS only has read-access to the OSF database. Thus, 1) the type is immutable; 2) {@link this#nullSafeGet} is not + * implemented; 3) {@link this#deepCopy} simply returns the argument. Several methods are implemented with default / + * minimal behavior by using the {@link this#deepCopy}. + * + * @author Longze Chen + * @since 20.0.0 + */ +public class PostgresJsonbUserType implements UserType { + + private final Logger logger = LoggerFactory.getLogger(this.getClass()); + + @Override + public int[] sqlTypes() { + return new int[]{Types.JAVA_OBJECT}; + } + + @Override + public Class returnedClass() { + return JsonObject.class; + } + + @Override + public boolean equals(final Object x, final Object y) throws HibernateException { + if (x == null) { + return y == null; + } + return x.equals(y); + } + + @Override + public int hashCode(final Object x) throws HibernateException { + return x.hashCode(); + } + + @Override + public Object nullSafeGet( + final ResultSet rs, + final String[] names, + final SessionImplementor session, + final Object owner + ) throws HibernateException, SQLException { + final String jsonString = rs.getString(names[0]); + if (jsonString == null) { + return null; + } + try { + final JsonParser jsonParser = new JsonParser(); + return jsonParser.parse(jsonString).getAsJsonObject(); + } catch (final JsonSyntaxException | IllegalStateException e) { + logger.error("PostgresJsonbUserType.nullSafeGet(): failed to convert Java JSON String to GSON JsonObject:"); + throw new RuntimeException("Failed to convert Java JSON String to GSON JsonObject: " + e.getMessage()); + } + } + + // There is no need to implement this class since CAS only has read-access to the OSF DB. + @Override + public void nullSafeSet( + final PreparedStatement st, + final Object value, + final int index, + final SessionImplementor session + ) throws HibernateException { + throw new NotYetImplementedException(); + } + + // Immutable object: simply return the argument. + @Override + public Object deepCopy(final Object value) throws HibernateException { + return value; + } + + // Objects of this type is immutable. + @Override + public boolean isMutable() { + return false; + } + + @Override + public Serializable disassemble(final Object value) throws HibernateException { + return (Serializable) this.deepCopy(value); + } + + @Override + public Object assemble(final Serializable cached, final Object owner) throws HibernateException { + return this.deepCopy(cached); + } + + @Override + public Object replace(final Object original, final Object target, final Object owner) throws HibernateException { + return this.deepCopy(original); + } +} diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/StringListUserType.java b/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/StringListUserType.java deleted file mode 100644 index 53aa7472..00000000 --- a/cas-server-support-osf/src/main/java/io/cos/cas/adaptors/postgres/types/StringListUserType.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2016. Center for Open Science - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package io.cos.cas.adaptors.postgres.types; - -import org.hibernate.HibernateException; -import org.hibernate.engine.spi.SessionImplementor; -import org.hibernate.usertype.UserType; - -import java.io.Serializable; -import java.sql.Array; -import java.sql.PreparedStatement; -import java.sql.SQLException; -import java.sql.ResultSet; -import java.sql.Types; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -/** - * The String List User Type. - * - * @author Longze Chen - * @since 4.0.1 - */ -public class StringListUserType implements UserType { - - @Override - public int[] sqlTypes() { - return new int[] {Types.ARRAY}; - } - - @Override - public Class returnedClass() { - return List.class; - } - - @Override - public boolean equals(final Object o1, final Object o2) throws HibernateException { - return o1.equals(o2); - } - - @Override - public int hashCode(final Object o) throws HibernateException { - return o != null ? o.hashCode() : 0; - } - - @Override - public Object nullSafeGet( - final ResultSet resultSet, - final String[] names, - final SessionImplementor sessionImplementor, - final Object owner - ) throws HibernateException, SQLException { - - final Array array = resultSet.getArray(names[0]); - if (!resultSet.wasNull() && array != null) { - return new ArrayList<>(Arrays.asList((String[]) array.getArray())); - } - return null; - } - - @Override - public void nullSafeSet( - final PreparedStatement preparedStatement, - final Object value, - final int index, - final SessionImplementor sessionImplementor - ) throws HibernateException, SQLException { - // no need to implement this method since CAS is postgres readonly. - } - - @Override - public Object deepCopy(final Object value) throws HibernateException { - return value; - } - - @Override - public boolean isMutable() { - return false; - } - - @Override - public Serializable disassemble(final Object value) throws HibernateException { - return (Serializable) value; - } - - @Override - public Object assemble(final Serializable cached, final Object owner) throws HibernateException { - return cached; - } - - @Override - public Object replace(final Object original, final Object target, final Object owner) throws HibernateException { - return original; - } -} diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedIdPLoginException.java b/cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedIdPLoginException.java new file mode 100644 index 00000000..94c9ec02 --- /dev/null +++ b/cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedIdPLoginException.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2020. Center for Open Science + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.cos.cas.authentication.exceptions; + +import javax.security.auth.login.AccountException; + +/** + * Describes an error condition where authentication occurs from an unconfirmed account created by external identity + * provider (IdP) login. This exception only applies to IdPs that require user email confirmation. Currently, there + * is only one: ORCiD. Institution IdPs do not require user email confirmation. + * + * @author Longze Chen + * @since 20.0.0 + */ +public class AccountNotConfirmedIdPLoginException extends AccountException { + + private static final long serialVersionUID = 2165106893184566462L; + + /** Instantiates a new exception (default). */ + public AccountNotConfirmedIdPLoginException() { + super(); + } + + /** + * Instantiates a new exception with a given message. + * + * @param message the message + */ + public AccountNotConfirmedIdPLoginException(final String message) { + super(message); + } +} diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/authentication/LoginNotAllowedException.java b/cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedOsfLoginException.java similarity index 72% rename from cas-server-support-osf/src/main/java/io/cos/cas/authentication/LoginNotAllowedException.java rename to cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedOsfLoginException.java index 2add2e69..7f5d434a 100644 --- a/cas-server-support-osf/src/main/java/io/cos/cas/authentication/LoginNotAllowedException.java +++ b/cas-server-support-osf/src/main/java/io/cos/cas/authentication/exceptions/AccountNotConfirmedOsfLoginException.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015. Center for Open Science + * Copyright (c) 2020. Center for Open Science * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,23 +13,23 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package io.cos.cas.authentication; +package io.cos.cas.authentication.exceptions; import javax.security.auth.login.AccountException; /** - * Describes an error condition where authentication occurs from an registered but not confirmed account. + * Describes an error condition where authentication occurs from a registered (via OSF email-password sign-up) but + * not confirmed account. * - * @author Michael Haselton * @author Longze Chen - * @since 4.1.5 + * @since 20.0.0 */ -public class LoginNotAllowedException extends AccountException { +public class AccountNotConfirmedOsfLoginException extends AccountException { private static final long serialVersionUID = 3376259469680697722L; /** Instantiates a new exception (default). */ - public LoginNotAllowedException() { + public AccountNotConfirmedOsfLoginException() { super(); } @@ -38,7 +38,7 @@ public LoginNotAllowedException() { * * @param message the message */ - public LoginNotAllowedException(final String message) { + public AccountNotConfirmedOsfLoginException(final String message) { super(message); } } diff --git a/cas-server-support-osf/src/main/java/io/cos/cas/web/flow/OpenScienceFrameworkAuthenticationExceptionHandler.java b/cas-server-support-osf/src/main/java/io/cos/cas/web/flow/OpenScienceFrameworkAuthenticationExceptionHandler.java index 6111cd62..9a3eb29a 100644 --- a/cas-server-support-osf/src/main/java/io/cos/cas/web/flow/OpenScienceFrameworkAuthenticationExceptionHandler.java +++ b/cas-server-support-osf/src/main/java/io/cos/cas/web/flow/OpenScienceFrameworkAuthenticationExceptionHandler.java @@ -20,11 +20,12 @@ import java.util.List; import java.util.Set; +import io.cos.cas.authentication.exceptions.AccountNotConfirmedIdPLoginException; +import io.cos.cas.authentication.exceptions.AccountNotConfirmedOsfLoginException; import io.cos.cas.authentication.exceptions.CasClientLoginException; import io.cos.cas.authentication.exceptions.DelegatedLoginException; import io.cos.cas.authentication.exceptions.OrcidClientLoginException; import io.cos.cas.authentication.InvalidVerificationKeyException; -import io.cos.cas.authentication.LoginNotAllowedException; import io.cos.cas.authentication.OneTimePasswordFailedLoginException; import io.cos.cas.authentication.OneTimePasswordRequiredException; import io.cos.cas.authentication.RemoteUserFailedLoginException; @@ -51,7 +52,7 @@ * * @author Michael Haselton * @author Longze Chen - * @since 4.1.5 + * @since 19.0.0 */ public class OpenScienceFrameworkAuthenticationExceptionHandler extends AuthenticationExceptionHandler { @@ -80,7 +81,8 @@ public class OpenScienceFrameworkAuthenticationExceptionHandler extends Authenti // Customized exceptions for OSF static { DEFAULT_ERROR_LIST.add(InvalidVerificationKeyException.class); - DEFAULT_ERROR_LIST.add(LoginNotAllowedException.class); + DEFAULT_ERROR_LIST.add(AccountNotConfirmedOsfLoginException.class); + DEFAULT_ERROR_LIST.add(AccountNotConfirmedIdPLoginException.class); DEFAULT_ERROR_LIST.add(ShouldNotHappenException.class); DEFAULT_ERROR_LIST.add(RemoteUserFailedLoginException.class); DEFAULT_ERROR_LIST.add(OneTimePasswordFailedLoginException.class); diff --git a/cas-server-webapp/src/main/resources/messages.properties b/cas-server-webapp/src/main/resources/messages.properties index 0fdc43e8..3d9c7b03 100644 --- a/cas-server-webapp/src/main/resources/messages.properties +++ b/cas-server-webapp/src/main/resources/messages.properties @@ -144,9 +144,11 @@ screen.badworkstation.heading=You cannot login from this workstation. screen.badworkstation.message=Please contact support@osf.io to regain access. # OSF Login Failure Pages -screen.loginnotallowed.heading=Account not confirmed -screen.loginnotallowed.message=The OSF account associated with the email has been registered but not confirmed. Please check your email (and spam folder) or click the button below to resend your confirmation email. -screen.loginnotallowed.button.resendConfirmation=Resend confirmation email +screen.accountnotconfirmed.osflogin.heading=Account not confirmed +screen.accountnotconfirmed.osflogin.message=The OSF account associated with the email has been registered but not confirmed. Please check your email (and spam folder) or click the button below to resend your confirmation email. +screen.accountnotconfirmed.osflogin.button.resendConfirmation=Resend confirmation email +screen.accountnotconfirmed.idplogin.heading=Account not confirmed +screen.accountnotconfirmed.idplogin.message=The OSF account associated with the email has been registered but not confirmed. Our records show that this account was created via ORCiD login. Please check your email (and spam folder) for the confirmation link. If you believe this should not happen, please contact OSF Support. screen.accountdisabled.heading=Account disabled screen.accountdisabled.message=The OSF account associated with the email has been disabled. Please contact OSF Support to regain access. screen.shouldnothappen.heading=Account not active diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/dataSource.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/dataSource.xml index 5a03b889..518105bb 100644 --- a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/dataSource.xml +++ b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/dataSource.xml @@ -69,9 +69,6 @@ - - - diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedIdPLoginView.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedIdPLoginView.jsp new file mode 100644 index 00000000..37d9237d --- /dev/null +++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedIdPLoginView.jsp @@ -0,0 +1,41 @@ +<%-- + + Copyright (c) 2020. Center for Open Science + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--%> + +<%-- Login exception page: account created via external IdP login but not confirmed --%> + + + +
+

+

+
+ + + + + + + + + + diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginNotAllowedView.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedOsfLoginView.jsp similarity index 80% rename from cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginNotAllowedView.jsp rename to cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedOsfLoginView.jsp index d5fa4844..2410a66e 100644 --- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginNotAllowedView.jsp +++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casAccountNotConfirmedOsfLoginView.jsp @@ -1,6 +1,6 @@ <%-- - Copyright (c) 2015. Center for Open Science + Copyright (c) 2020. Center for Open Science Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -16,19 +16,19 @@ --%> -<%-- Login exception page: account not confirmed --%> +<%-- Login exception page: account created via OSF email-password sign-up but not confirmed --%>
-

-

+

+



diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml b/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml index 669a64cb..9c819409 100644 --- a/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml +++ b/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml @@ -204,7 +204,8 @@ - + + @@ -282,7 +283,8 @@ - + + diff --git a/etc/cas.properties b/etc/cas.properties index e578b977..207985ff 100644 --- a/etc/cas.properties +++ b/etc/cas.properties @@ -99,7 +99,7 @@ osf.database.driverClass=org.postgresql.Driver osf.database.url=jdbc:postgresql://192.168.168.167:5432/osf?targetServerType=master osf.database.user=postgres osf.database.password= -osf.database.hibernate.dialect=org.hibernate.dialect.PostgreSQL82Dialect +osf.database.hibernate.dialect=io.cos.cas.adaptors.postgres.hibernate.OSFPostgreSQLDialect ## # OAuth Provider