Class LoginActionsServiceChecks

  • public class LoginActionsServiceChecks
    extends Object
    • Constructor Detail

      • LoginActionsServiceChecks

        public LoginActionsServiceChecks()
    • Method Detail

      • doesAuthenticationSessionFromCookieMatchOneFromToken

        public static <T extends JsonWebToken> boolean doesAuthenticationSessionFromCookieMatchOneFromToken​(ActionTokenContext<T> context,
                                                                                                            AuthenticationSessionModel authSessionFromCookie,
                                                                                                            String authSessionCompoundIdFromToken)
                                                                                                     throws VerificationException
        This check verifies that current authentication session is consistent with the one specified in token. Examples:
        • 1. Email from administrator with reset e-mail - token does not contain auth session ID
        • 2. Email from "verify e-mail" step within flow - token contains auth session ID.
        • 3. User clicked the link in an e-mail and gets to a new browser - authentication session cookie is not set
        • 4. User clicked the link in an e-mail while having authentication running - authentication session cookie is already set in the browser
        • For combinations 1 and 3, 1 and 4, and 2 and 3: Requests next step
        • For combination 2 and 4:
          • If the auth session IDs from token and cookie match, pass
          • Else if the auth session from cookie was forked and its parent auth session ID matches that of token, replaces current auth session with that of parent and passes
          • Else requests restart by throwing RestartFlow exception
        When the check passes, it also sets the authentication session in token context accordingly.
        Type Parameters:
        T -