Changeset 8040


Ignore:
Timestamp:
Jun 2, 2022, 10:00:56 AM (8 months ago)
Author:
Nicklas Nordborg
Message:

References #2278: Improvements to login page for better extensions

Added a verifyOnly flag to the LoginRequest class which means that the login procedure is aborted after the login information has been verified. This also works when a user is logged in and is needed for the "Switch user" functionality with the first step of the WebAuthn authentication.

Location:
branches/3.19-stable/src/core/net/sf/basedb/core
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.19-stable/src/core/net/sf/basedb/core/SessionControl.java

    r8038 r8040  
    576576    updateLastAccess();
    577577    // Are we already logged in?
    578     if (isLoggedIn())
    579     {
    580       throw new AlreadyLoggedInException(loginInfo.userLogin);
    581     }
    582578    if (loginRequest == null) throw new InvalidUseOfNullException("loginRequest");
    583579    if (loginRequest.getLogin() == null) throw new InvalidUseOfNullException("loginRequest.login");
     580    if (isLoggedIn() && !loginRequest.isVerifyOnly())
     581    {
     582      throw new AlreadyLoggedInException(loginInfo.userLogin);
     583    }
    584584
    585585    org.hibernate.Session session = null;
     
    617617        throw new LoginException(ex.getMessage(), ex);
    618618      }
     619     
     620      // Return now if the login request is for verification only
     621      if (loginRequest.isVerifyOnly()) return;
    619622     
    620623      // The login was ok so far... check device verification
     
    12981301    currentContexts.clear();
    12991302    allowedClients.clear();
    1300     sessionSettings.clear();
    13011303    loginInfo = null;
    13021304  }
  • branches/3.19-stable/src/core/net/sf/basedb/core/authentication/LoginRequest.java

    r7408 r8040  
    2424import java.util.HashMap;
    2525import java.util.Map;
     26
     27import net.sf.basedb.core.SessionControl;
    2628
    2729/**
     
    3436public class LoginRequest
    3537{
    36 
     38  private boolean verifyOnly;
    3739  private int userId;
    3840  private String login;
     
    8688  }
    8789
     90  /**
     91    Set a flag to indicate if the login request should only verify
     92    the login parameters and not do a full login.
     93    @since 3.19.3
     94  */
     95  public void setVerifyOnly(boolean verifyOnly)
     96  {
     97    this.verifyOnly = verifyOnly;
     98  }
     99 
     100  /**
     101    If this flag is set, the login parameters are only verified and
     102    the actual login is aborted. If the verification is successful, the
     103    {@link SessionControl#login(LoginRequest)} returns normally, otherwise
     104    an exception is thrown.
     105    @since 3.19.3
     106  */
     107  public boolean isVerifyOnly()
     108  {
     109    return verifyOnly;
     110  }
    88111 
    89112  /**
Note: See TracChangeset for help on using the changeset viewer.