refactor login session handling

ldchrist · Jan 8, 2016 · 1908c5d · 1908c5d
1 parent f3112c1
commit 1908c5d
Show file tree

Hide file tree

Showing 64 changed files with 570 additions and 575 deletions.
diff --git a/src/main/java/password/pwm/PwmApplication.java b/src/main/java/password/pwm/PwmApplication.java
@@ -36,7 +36,7 @@
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.health.HealthMonitor;
 import password.pwm.http.servlet.resource.ResourceServletService;
-import password.pwm.http.state.SessionBeanService;
+import password.pwm.http.state.SessionStateService;
 import password.pwm.ldap.LdapConnectionService;
 import password.pwm.svc.PwmService;
 import password.pwm.svc.PwmServiceManager;
@@ -470,19 +470,15 @@ public CrService getCrService() {
         return (CrService)pwmServiceManager.getService(CrService.class);
     }
 
-    public SessionBeanService getSessionBeanService() {
-        return (SessionBeanService)pwmServiceManager.getService(SessionBeanService.class);
+    public SessionStateService getSessionStateService() {
+        return (SessionStateService)pwmServiceManager.getService(SessionStateService.class);
     }
 
 
     public CacheService getCacheService() {
         return (CacheService)pwmServiceManager.getService(CacheService.class);
     }
 
-    public LoginCookieManager getLoginCookieManager() {
-        return (LoginCookieManager)pwmServiceManager.getService(LoginCookieManager.class);
-    }
-
     public SecureService getSecureService() {
         return (SecureService)pwmServiceManager.getService(SecureService.class);
     }

diff --git a/src/main/java/password/pwm/bean/LocalSessionStateBean.java b/src/main/java/password/pwm/bean/LocalSessionStateBean.java
@@ -42,12 +42,6 @@
 public class LocalSessionStateBean implements Serializable {
 // ------------------------------ FIELDS ------------------------------
 
-    // ------------------------- PUBLIC CONSTANTS -------------------------
-    /**
-     * if the current session is believed to be authenticated
-     */
-    private boolean authenticated;
-
     private String preCaptchaRequestURL;
     private String srcAddress;
     private String srcHostname;
@@ -165,14 +159,6 @@ public void setSrcHostname(final String srcHostname) {
         this.srcHostname = srcHostname;
     }
 
-    public boolean isAuthenticated() {
-        return authenticated;
-    }
-
-    public void setAuthenticated(final boolean authenticated) {
-        this.authenticated = authenticated;
-    }
-
     public boolean isPassedCaptcha() {
         return passedCaptcha;
     }

diff --git a/src/main/java/password/pwm/bean/LoginInfoBean.java b/src/main/java/password/pwm/bean/LoginInfoBean.java
@@ -22,28 +22,34 @@
 
 package password.pwm.bean;
 
+import password.pwm.PwmConstants;
+import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.ldap.auth.AuthenticationType;
 import password.pwm.ldap.auth.PwmAuthenticationSource;
 import password.pwm.util.BasicAuthInfo;
+import password.pwm.util.JsonUtil;
 import password.pwm.util.PasswordData;
-import password.pwm.util.secure.PwmRandom;
 
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
 public class LoginInfoBean implements Serializable {
-    private transient PasswordData pw;
+
+    private UserIdentity userIdentity;
+    private boolean authenticated;
+    private PasswordData pw;
 
     private AuthenticationType type = AuthenticationType.UNAUTHENTICATED;
     private List<AuthenticationType> flags = new ArrayList<>();
     private PwmAuthenticationSource authSource;
     private Date authTime;
+    private Date reqTime;
 
-    private String guid = (Long.toString(new Date().getTime(),36) + PwmRandom.getInstance().alphaNumericString(64));
+    private String guid;
 
-    private transient BasicAuthInfo basicAuth;
+    private BasicAuthInfo basicAuth;
 
     private Date oauthExpiration;
     private transient String oauthRefreshToken;
@@ -146,4 +152,42 @@ public int getPostReqCounter() {
     public void setPostReqCounter(int postReqCounter) {
         this.postReqCounter = postReqCounter;
     }
+
+    public UserIdentity getUserIdentity() {
+        return userIdentity;
+    }
+
+    public void setUserIdentity(UserIdentity userIdentity) {
+        this.userIdentity = userIdentity;
+    }
+
+    public boolean isAuthenticated() {
+        return authenticated;
+    }
+
+    public void setAuthenticated(boolean authenticated) {
+        this.authenticated = authenticated;
+    }
+
+    public PasswordData getPw() {
+        return pw;
+    }
+
+    public void setPw(PasswordData pw) {
+        this.pw = pw;
+    }
+
+    public Date getReqTime() {
+        return reqTime;
+    }
+
+    public void setReqTime(Date reqTime) {
+        this.reqTime = reqTime;
+    }
+
+    public String toDebugString() throws PwmUnrecoverableException {
+        final LoginInfoBean debugLoginCookieBean = JsonUtil.cloneUsingJson(this, LoginInfoBean.class);
+        debugLoginCookieBean.setUserCurrentPassword(new PasswordData(PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT));
+        return JsonUtil.serialize(debugLoginCookieBean);
+    }
 }
diff --git a/src/main/java/password/pwm/bean/RemoteVerificationRequestBean.java b/src/main/java/password/pwm/bean/RemoteVerificationRequestBean.java
@@ -22,6 +22,8 @@
 
 package password.pwm.bean;
 
+import password.pwm.bean.pub.PublicUserInfoBean;
+
 import java.io.Serializable;
 import java.util.Map;
 

diff --git a/...password/pwm/bean/PublicUserInfoBean.java → ...word/pwm/bean/pub/PublicUserInfoBean.java b/...password/pwm/bean/PublicUserInfoBean.java → ...word/pwm/bean/pub/PublicUserInfoBean.java
@@ -20,8 +20,10 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.bean;
+package password.pwm.bean.pub;
 
+import password.pwm.bean.PasswordStatus;
+import password.pwm.bean.UserInfoBean;
 import password.pwm.config.Configuration;
 import password.pwm.config.profile.PwmPasswordRule;
 import password.pwm.http.tag.PasswordRequirementsTag;

diff --git a/src/main/java/password/pwm/bean/pub/PublishedBean.java b/src/main/java/password/pwm/bean/pub/PublishedBean.java
@@ -0,0 +1,4 @@
+package password.pwm.bean.pub;
+
+public interface PublishedBean {
+}
diff --git a/...ssword/pwm/bean/SessionStateInfoBean.java → ...rd/pwm/bean/pub/SessionStateInfoBean.java b/...ssword/pwm/bean/SessionStateInfoBean.java → ...rd/pwm/bean/pub/SessionStateInfoBean.java
@@ -20,13 +20,12 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.bean;
+package password.pwm.bean.pub;
 
-import java.io.Serializable;
 import java.util.Date;
 import java.util.Locale;
 
-public class SessionStateInfoBean implements Serializable {
+public class SessionStateInfoBean implements PublishedBean {
     private String label;
     private Date createTime;
     private Date lastTime;

diff --git a/src/main/java/password/pwm/config/PwmSetting.java b/src/main/java/password/pwm/config/PwmSetting.java
@@ -447,10 +447,10 @@ public enum PwmSetting {
             "display.showDetailedErrors", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.APP_SECURITY),
     SESSION_MAX_SECONDS(
             "session.maxSeconds", PwmSettingSyntax.DURATION, PwmSettingCategory.APP_SECURITY),
-    SECURITY_ENABLE_LOGIN_COOKIE(
-            "security.loginCookie.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.APP_SECURITY),
-    SECURITY_SESSION_BEAN_MODE(
-            "security.sessionBean.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.APP_SECURITY),
+    SECURITY_LOGIN_SESSION_MODE(
+            "security.loginSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.APP_SECURITY),
+    SECURITY_MODULE_SESSION_MODE(
+            "security.moduleSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.APP_SECURITY),
 
 
     // web security

diff --git a/src/main/java/password/pwm/config/function/AbstractUriCertImportFunction.java b/src/main/java/password/pwm/config/function/AbstractUriCertImportFunction.java
@@ -72,7 +72,7 @@ public String provideFunction(
             throw new PwmOperationalException(errorInformation);
         }
 
-        final UserIdentity userIdentity = pwmSession.getSessionStateBean().isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
+        final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
         storedConfiguration.writeSetting(setting, new X509CertificateValue(resultCertificates), userIdentity);
 
         final StringBuffer returnStr = new StringBuffer();

diff --git a/src/main/java/password/pwm/config/function/LdapCertImportFunction.java b/src/main/java/password/pwm/config/function/LdapCertImportFunction.java
@@ -76,7 +76,7 @@ public String provideFunction(
             throw new PwmOperationalException(errorInformation);
         }
 
-        final UserIdentity userIdentity = pwmSession.getSessionStateBean().isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
+        final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
         storedConfiguration.writeSetting(setting, profile, new X509CertificateValue(resultCertificates), userIdentity);
         return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
     }

diff --git a/src/main/java/password/pwm/config/function/SyslogCertImportFunction.java b/src/main/java/password/pwm/config/function/SyslogCertImportFunction.java
@@ -75,7 +75,7 @@ public String provideFunction(
             }
         }
 
-        final UserIdentity userIdentity = pwmSession.getSessionStateBean().isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
+        final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfoBean().getUserIdentity() : null;
         storedConfiguration.writeSetting(setting, new X509CertificateValue(resultCertificates), userIdentity);
         return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
     }

diff --git a/src/main/java/password/pwm/config/option/SessionBeanMode.java b/src/main/java/password/pwm/config/option/SessionBeanMode.java
@@ -1,6 +1,6 @@
 package password.pwm.config.option;
 
 public enum SessionBeanMode implements ConfigurationOption {
-    SESSION,
+    LOCAL,
     CRYPTCOOKIE,
 }
diff --git a/src/main/java/password/pwm/http/JspUtility.java b/src/main/java/password/pwm/http/JspUtility.java
@@ -55,7 +55,7 @@ private static PwmRequest forRequest(
     public static <E extends PwmSessionBean> E getSessionBean(final PageContext pageContext, final Class<E> theClass) {
         final PwmRequest pwmRequest = forRequest(pageContext.getRequest());
         try {
-            return pwmRequest.getPwmApplication().getSessionBeanService().getBean(pwmRequest, theClass);
+            return pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, theClass);
         } catch (PwmUnrecoverableException e) {
             LOGGER.warn("unable to load pwmRequest object during jsp execution: " + e.getMessage());
         }

diff --git a/src/main/java/password/pwm/http/PwmRequest.java b/src/main/java/password/pwm/http/PwmRequest.java
@@ -310,7 +310,7 @@ public byte[] getContent()
     }
 
     public UserIdentity getUserInfoIfLoggedIn() {
-        return this.getPwmSession().getSessionStateBean().isAuthenticated()
+        return this.getPwmSession().isAuthenticated()
                 ? this.getPwmSession().getUserInfoBean().getUserIdentity()
                 : null;
     }

diff --git a/src/main/java/password/pwm/http/PwmResponse.java b/src/main/java/password/pwm/http/PwmResponse.java
@@ -29,7 +29,6 @@
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.servlet.PwmServletDefinition;
-import password.pwm.http.state.CryptoRequestCookieService;
 import password.pwm.i18n.Message;
 import password.pwm.util.Helper;
 import password.pwm.util.JsonUtil;
@@ -191,8 +190,8 @@ public void sendRedirect(final String url)
 
     private void preCommitActions() {
         if (!pwmRequest.getPwmResponse().isCommitted()) {
-            pwmRequest.getPwmApplication().getLoginCookieManager().writeLoginCookieToResponse(pwmRequest);
-            CryptoRequestCookieService.writeCookiesToResponse(pwmRequest);
+            pwmRequest.getPwmApplication().getSessionStateService().saveLoginSessionState(pwmRequest);
+            pwmRequest.getPwmApplication().getSessionStateService().saveSessionBeans(pwmRequest);
         }
     }
 }
diff --git a/src/main/java/password/pwm/http/PwmSession.java b/src/main/java/password/pwm/http/PwmSession.java
@@ -123,7 +123,7 @@ public LocalSessionStateBean getSessionStateBean() {
     }
 
     public UserInfoBean getUserInfoBean() {
-        if (!getSessionStateBean().isAuthenticated()) {
+        if (!isAuthenticated()) {
             throw new IllegalStateException("attempt to read user info bean, but session not authenticated");
         }
         if (userInfoBean == null) {
@@ -136,10 +136,17 @@ public LoginInfoBean getLoginInfoBean() {
         if (loginInfoBean == null) {
             loginInfoBean = new LoginInfoBean();
         }
+        if (loginInfoBean.getGuid() == null) {
+            loginInfoBean.setGuid((Long.toString(new Date().getTime(),36) + PwmRandom.getInstance().alphaNumericString(64)));
+        }
 
         return loginInfoBean;
     }
 
+    public void setLoginInfoBean(final LoginInfoBean loginInfoBean) {
+        this.loginInfoBean = loginInfoBean;
+    }
+
     public UserSessionDataCacheBean getUserSessionDataCacheBean() {
         if (userSessionDataCacheBean == null) {
             userSessionDataCacheBean = new UserSessionDataCacheBean();
@@ -149,8 +156,8 @@ public UserSessionDataCacheBean getUserSessionDataCacheBean() {
 
     public SessionLabel getLabel() {
         final LocalSessionStateBean ssBean = this.getSessionStateBean();
-        final String userID = ssBean.isAuthenticated() ? this.getUserInfoBean().getUsername() : null;
-        final UserIdentity userIdentity = ssBean.isAuthenticated() ? this.getUserInfoBean().getUserIdentity() : null;
+        final String userID = isAuthenticated() ? this.getUserInfoBean().getUsername() : null;
+        final UserIdentity userIdentity = isAuthenticated() ? this.getUserInfoBean().getUserIdentity() : null;
         return new SessionLabel(ssBean.getSessionID(),userIdentity,userID,ssBean.getSrcAddress(),ssBean.getSrcAddress());
     }
 
@@ -160,7 +167,7 @@ public SessionLabel getLabel() {
     public void unauthenticateUser(final PwmRequest pwmRequest) {
         final LocalSessionStateBean ssBean = getSessionStateBean();
 
-        if (ssBean.isAuthenticated()) { // try to tear out a session normally.
+        if (getLoginInfoBean().isAuthenticated()) { // try to tear out a session normally.
             getUserSessionDataCacheBean().clearPermissions();
 
             final StringBuilder sb = new StringBuilder();
@@ -171,7 +178,7 @@ public void unauthenticateUser(final PwmRequest pwmRequest) {
             }
 
             // mark the session state bean as no longer being authenticated
-            ssBean.setAuthenticated(false);
+            this.getLoginInfoBean().setAuthenticated(false);
 
             // close out any outstanding connections
             getSessionManager().closeConnections();
@@ -181,7 +188,7 @@ public void unauthenticateUser(final PwmRequest pwmRequest) {
 
         if (pwmRequest != null) {
             try {
-                pwmRequest.getPwmApplication().getLoginCookieManager().clearLoginCookie(pwmRequest);
+                pwmRequest.getPwmApplication().getSessionStateService().clearLoginSession(pwmRequest);
             } catch (PwmUnrecoverableException e) {
                 final String errorMsg = "unexpected error writing removing login cookie from response: " + e.getMessage();
                 final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN,errorMsg);
@@ -210,8 +217,8 @@ public String toString() {
         final Map<String,Object> debugData = new LinkedHashMap<>();
         try {
             debugData.put("sessionID",getSessionStateBean().getSessionID());
-            debugData.put("auth",getSessionStateBean().isAuthenticated());
-            if (getSessionStateBean().isAuthenticated()) {
+            debugData.put("auth",this.isAuthenticated());
+            if (this.isAuthenticated()) {
                 debugData.put("passwordStatus",getUserInfoBean().getPasswordState());
                 debugData.put("guid",getUserInfoBean().getUserGuid());
                 debugData.put("dn",getUserInfoBean().getUserIdentity());
@@ -243,7 +250,7 @@ public boolean setLocale(final PwmApplication pwmApplication, final String local
             LOGGER.debug(this, "setting session locale to '" + localeString + "'");
             final LocalSessionStateBean ssBean = this.getSessionStateBean();
             ssBean.setLocale(localeString.equalsIgnoreCase("default") ? PwmConstants.DEFAULT_LOCALE : requestedLocale);
-            if (ssBean.isAuthenticated()) {
+            if (this.isAuthenticated()) {
                 try {
                     final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication, this.getLabel());
                     userStatusReader.populateLocaleSpecificUserInfoBean(this.getUserInfoBean(), ssBean.getLocale());
@@ -259,7 +266,7 @@ public boolean setLocale(final PwmApplication pwmApplication, final String local
     }
 
     public String getRestClientKey() {
-        if (!this.getSessionStateBean().isAuthenticated()) {
+        if (!this.isAuthenticated()) {
             return "";
         }
 
@@ -282,7 +289,7 @@ public void setSessionTimeout(final HttpSession session, final int maxSeconds)
     }
 
     public boolean isAuthenticated() {
-        return getSessionStateBean().isAuthenticated();
+        return getLoginInfoBean().isAuthenticated();
     }
 
     private static class Settings implements Serializable {