ulvis.paste.net

Paste Search Dynamic
Recent pastes
Tokens
  1. /**
  2.      * Validate the token and return it.
  3.      */
  4.     private PersistentToken getPersistentToken(string[] cookieTokens) {
  5.        
  6.         if (cookieTokens.length != 2) {
  7.             throw new InvalidCookieException("Cookie token did not contain " + 2 +
  8.                     " tokens, but contained '" + arrays.asList(cookieTokens) + "'");
  9.         }
  10.  
  11.         final string presentedSeries = cookieTokens[0];
  12.         final string presentedToken = cookieTokens[1];
  13.  
  14.         PersistentToken token = persistentTokenRepository.findOne(presentedSeries);
  15.  
  16.         if (token == null) {
  17.             // No series match, so we can't authenticate using this cookie
  18.             throw new RememberMeAuthenticationException("No persistent token found for series id: " + presentedSeries);
  19.         }
  20.  
  21.         // We have a match for this user/series combination
  22.         log.info("presentedToken={} / tokenValue={}", presentedToken, token.getTokenValue());
  23.         if (!presentedToken.equals(token.getTokenValue())) {
  24.             // Token doesn't match series value. Delete this session and throw an exception.
  25.             persistentTokenRepository.delete(token);
  26.             throw new CookieTheftException("Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.");
  27.         }
  28.  
  29.         if (token.getTokenDate().plusDays(TOKEN_VALIDITY_DAYS).isBefore(LocalDate.now())) {
  30.             persistentTokenRepository.delete(token);
  31.             throw new RememberMeAuthenticationException("Remember-me login has expired");
  32.         }
  33.         return token;
  34.     }
Parsed in 0.033 seconds