diff --git a/modules/distribution/product/src/main/extensions/basicauth.jsp b/modules/distribution/product/src/main/extensions/basicauth.jsp index 3677d95b3d..4099a3be9d 100644 --- a/modules/distribution/product/src/main/extensions/basicauth.jsp +++ b/modules/distribution/product/src/main/extensions/basicauth.jsp @@ -16,6 +16,9 @@ ~ under the License. --%> +<%@ page import="org.apache.cxf.jaxrs.client.Client" %> +<%@ page import="org.apache.cxf.configuration.jsse.TLSClientParameters" %> +<%@ page import="org.apache.cxf.transport.http.HTTPConduit" %> <%@ page import="org.apache.cxf.jaxrs.client.JAXRSClientFactory" %> <%@ page import="org.apache.cxf.jaxrs.provider.json.JSONProvider" %> <%@ page import="org.apache.cxf.jaxrs.client.WebClient" %> @@ -47,6 +50,12 @@ <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApplicationDataRetrievalClientException" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClient" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %> +<%@ page import="org.wso2.carbon.utils.CustomHostNameVerifier" %> +<%@ page import="javax.net.ssl.HostnameVerifier" %> +<%@ page import="static org.wso2.carbon.CarbonConstants.ALLOW_ALL" %> +<%@ page import="static org.wso2.carbon.CarbonConstants.DEFAULT_AND_LOCALHOST" %> +<%@ page import="static org.wso2.carbon.CarbonConstants.HOST_NAME_VERIFIER" %> +<%@ page import="org.apache.http.conn.ssl.AllowAllHostnameVerifier" %> @@ -206,6 +215,32 @@ SelfUserRegistrationResource selfUserRegistrationResource = JAXRSClientFactory .create(url, SelfUserRegistrationResource.class, providers); + + Client client = WebClient.client(selfUserRegistrationResource); + HTTPConduit conduit = WebClient.getConfig(client).getHttpConduit(); + TLSClientParameters tlsParams = conduit.getTlsClientParameters(); + if (tlsParams == null) { + tlsParams = new TLSClientParameters(); + } + HostnameVerifier allowAllHostnameVerifier = new AllowAllHostnameVerifier(); + if (EndpointConfigManager.isHostnameVerificationEnabled()) { + if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) { + /* + * If hostname verifier is set to DefaultAndLocalhost, allow following domains in addition to the + * hostname: + * ["::1", "127.0.0.1", "localhost", "localhost.localdomain"] + */ + tlsParams.setHostnameVerifier(new CustomHostNameVerifier()); + } else if (ALLOW_ALL.equals(System.getProperty(HOST_NAME_VERIFIER))) { + // If hostname verifier is set to AllowAll, disable hostname verification. + tlsParams.setHostnameVerifier(allowAllHostnameVerifier); + } + } else { + // Disable hostname verification + tlsParams.setHostnameVerifier(allowAllHostnameVerifier); + } + conduit.setTlsClientParameters(tlsParams); + WebClient.client(selfUserRegistrationResource).header("Authorization", header); Response selfRegistrationResponse = selfUserRegistrationResource.regenerateCode(selfRegistrationRequest); if (selfRegistrationResponse != null && selfRegistrationResponse.getStatus() == HttpStatus.SC_CREATED) { @@ -233,7 +268,13 @@ } %> - <% if (Boolean.parseBoolean(loginFailed)) { %> + <% if (StringUtils.equals(request.getParameter("errorCode"), IdentityCoreConstants.USER_ACCOUNT_LOCKED_ERROR_CODE) && + StringUtils.equals(request.getParameter("remainingAttempts"), "0") ) { %> +
+ <%=AuthenticationEndpointUtil.i18n(resourceBundle, "error.user.account.locked.incorrect.login.attempts")%> +
+ <% } else if (Boolean.parseBoolean(loginFailed) && + !errorCode.equals(IdentityCoreConstants.USER_ACCOUNT_NOT_CONFIRMED_ERROR_CODE)) { %>
<%= AuthenticationEndpointUtil.i18n(resourceBundle, errorMessage) %>
diff --git a/modules/distribution/product/src/main/extensions/header.jsp b/modules/distribution/product/src/main/extensions/header.jsp index c461e380e5..99d246b21c 100644 --- a/modules/distribution/product/src/main/extensions/header.jsp +++ b/modules/distribution/product/src/main/extensions/header.jsp @@ -31,6 +31,9 @@ <% String tenant = request.getParameter("tenantDomain"); + if (tenant == null) { + tenant = request.getParameter("TenantDomain"); + } if (tenant == null) { String cb = request.getParameter("callback"); cb = StringUtils.replace(cb, " ", ""); @@ -39,7 +42,7 @@ String decodedValue = uri.getQuery(); String[] params = decodedValue.split("&"); for (String param : params) { - if (param.startsWith("tenantDomain=")) { + if (param.startsWith("tenantDomain=") || param.startsWith("TenantDomain=")) { String[] keyVal = param.split("="); tenant = keyVal[1]; } diff --git a/modules/distribution/product/src/main/extensions/login.jsp b/modules/distribution/product/src/main/extensions/login.jsp index af318156f8..839efd9c00 100644 --- a/modules/distribution/product/src/main/extensions/login.jsp +++ b/modules/distribution/product/src/main/extensions/login.jsp @@ -142,28 +142,6 @@ String username = null; String usernameIdentifier = null; - if (isIdentifierFirstLogin(inputType)) { - String authAPIURL = application.getInitParameter(Constants.AUTHENTICATION_REST_ENDPOINT_URL); - if (StringUtils.isBlank(authAPIURL)) { - authAPIURL = IdentityUtil.getServerURL("/api/identity/auth/v1.1/", true, true); - } - if (!authAPIURL.endsWith("/")) { - authAPIURL += "/"; - } - authAPIURL += "context/" + request.getParameter("sessionDataKey"); - String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL); - Gson gson = new Gson(); - Map parameters = gson.fromJson(contextProperties, Map.class); - if (parameters != null) { - username = (String) parameters.get("username"); - usernameIdentifier = (String) parameters.get("username"); - } else { - String redirectURL = "error.do"; - response.sendRedirect(redirectURL); - return; - } - } - // Login context request url. String sessionDataKey = request.getParameter("sessionDataKey"); String appName = request.getParameter("sp"); diff --git a/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp b/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp index cf5cedd06f..f97687b650 100644 --- a/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp +++ b/modules/distribution/product/src/main/extensions/privacy-policy-content.jsp @@ -16,7 +16,7 @@ ~ under the License. --%> -<%-- page content --> +<%-- page content --%>
diff --git a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp index ea299d3ed4..989475414f 100644 --- a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp +++ b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp @@ -27,6 +27,9 @@ <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementServiceUtil" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointUtil" %> +<%@ page import="org.wso2.carbon.identity.recovery.IdentityRecoveryConstants" %> +<%@ page import="org.wso2.carbon.identity.base.IdentityRuntimeException" %> +<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApiException" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.api.ReCaptchaApi" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.ReCaptchaProperties" %> @@ -107,6 +110,22 @@ return; } + try { + if (StringUtils.isNotBlank(callback) && !Utils.validateCallbackURL(callback, tenantDomain, + IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) { + request.setAttribute("error", true); + request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, + "Callback.url.format.invalid")); + request.getRequestDispatcher("error.jsp").forward(request, response); + return; + } + } catch (IdentityRuntimeException e) { + request.setAttribute("error", true); + request.setAttribute("errorMsg", e.getMessage()); + request.getRequestDispatcher("error.jsp").forward(request, response); + return; + } + if (StringUtils.isBlank(callback)) { callback = IdentityManagementEndpointUtil.getUserPortalUrl( application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain); diff --git a/modules/distribution/product/src/main/resources/conf/infer.json b/modules/distribution/product/src/main/resources/conf/infer.json index 57c5a63a5e..7eafae85b9 100644 --- a/modules/distribution/product/src/main/resources/conf/infer.json +++ b/modules/distribution/product/src/main/resources/conf/infer.json @@ -136,5 +136,13 @@ "broker.transport.amqp.enabled": false, "apim.throttling.enable_policy_deployment": false } + }, + "authenticationendpoint.enable_shortened_urls": { + "false": { + "authentication.endpoint.redirect_params.filter_policy": "exclude", + "authentication.endpoint.redirect_params.parameters": [ + "loggedInUser" + ] + } } }