• Home
• io.imunity
• unity-server-vaadin-authentication
• 4.0.1
• source code
• CredentialResetStateVariable.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.imunity.vaadin.auth.extensions.credreset.CredentialResetStateVariable Maven / Gradle / Ivy

/*
 * Copyright (c) 2013 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package io.imunity.vaadin.auth.extensions.credreset;

import com.google.common.collect.Sets;
import com.vaadin.flow.server.VaadinSession;
import com.vaadin.flow.server.WrappedSession;

import java.util.HashSet;
import java.util.Set;

/**
 * Additional security measure: the user's verification progress is recorded to a 
 * variable stored in session. If user is anyhow trying to perform an operation without fulfilling
 * the previous steps the application will stop him. This shouldn't be possible anyway by Vaadin's design
 * but as Unity's engine authZ is not on guard in password reset case let's go secure.
 */
public class CredentialResetStateVariable
{
	private static final String SES_NAME = CredentialResetStateVariable.class.getName();
	public enum ResetPrerequisite {CAPTCHA_PROVIDED, STATIC_CHECK_PASSED, CODE_PROVIDED}
	
	public static Set get()
	{
		CredentialResetSessionData var = getSessionState();
		return var == null ? new HashSet<>() : new HashSet<>(var.fullfilledChecks);
	}

	public static void assertFullfilled(ResetPrerequisite... required)
	{
		CredentialResetSessionData var = getSessionState();
		if (var == null || !var.fullfilledChecks.containsAll(Sets.newHashSet(required)))
			throw new IllegalStateException("Wrong application security state in credential reset!" +
						" This should never happen.");
	}

	
	public static void record(ResetPrerequisite fullfilled)
	{
		CredentialResetSessionData var = getOrCreateSessionState();
		var.fullfilledChecks.add(fullfilled);
	}
	
	public static void reset()
	{
		VaadinSession vSession = VaadinSession.getCurrent();
		WrappedSession session = vSession.getSession();
		session.removeAttribute(SES_NAME);
	}
	
	private static CredentialResetSessionData getOrCreateSessionState()
	{
		CredentialResetSessionData var = getSessionState();
		if (var == null)
		{
			var = new CredentialResetSessionData();
			VaadinSession vSession = VaadinSession.getCurrent();
			WrappedSession session = vSession.getSession();
			session.setAttribute(SES_NAME, var);
		}
		return var;
	}

	private static CredentialResetSessionData getSessionState()
	{
		VaadinSession vSession = VaadinSession.getCurrent();
		WrappedSession session = vSession.getSession();
		return (CredentialResetSessionData) session.getAttribute(SES_NAME);
	}

	
	private static class CredentialResetSessionData
	{
		private final Set fullfilledChecks = new HashSet<>();
	}
}