Example 1 with SecurityQuestionAnswerType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.
the class SecurityQuestionsPolicyEvaluator method validateCredentialContainerValues.
@Override
protected void validateCredentialContainerValues(PrismContainerValue<SecurityQuestionsCredentialsType> cVal) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
SecurityQuestionsCredentialsType securityQuestions = cVal.asContainerable();
if (securityQuestions != null) {
List<SecurityQuestionAnswerType> questionAnswers = securityQuestions.getQuestionAnswer();
for (SecurityQuestionAnswerType questionAnswer : questionAnswers) {
ProtectedStringType answer = questionAnswer.getQuestionAnswer();
validateProtectedStringValue(answer);
}
}
}
Also used :
SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Example 2 with SecurityQuestionAnswerType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.
the class MidpointRestSecurityQuestionsAuthenticator method createAuthenticationContext.
@Override
protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy policy, ContainerRequestContext requestCtx) {
JsonFactory f = new JsonFactory();
ObjectMapper mapper = new ObjectMapper(f);
JsonNode node = null;
try {
node = mapper.readTree(policy.getAuthorization());
} catch (IOException e) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
JsonNode userNameNode = node.findPath("user");
if (userNameNode instanceof MissingNode) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
String userName = userNameNode.asText();
policy.setUserName(userName);
JsonNode answerNode = node.findPath("answer");
if (answerNode instanceof MissingNode) {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
SearchResultList<PrismObject<UserType>> users = null;
try {
users = searchUser(userName);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
if (users.size() != 1) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
PrismObject<UserType> user = users.get(0);
PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
String questionChallenge = "";
List<SecurityQuestionDefinitionType> questions = null;
try {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
questions = getQuestions(user);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
Collection<SecurityQuestionAnswerType> questionAnswers = questionAnswerContainer.getRealValues();
Iterator<SecurityQuestionAnswerType> questionAnswerIterator = questionAnswers.iterator();
while (questionAnswerIterator.hasNext()) {
SecurityQuestionAnswerType questionAnswer = questionAnswerIterator.next();
SecurityQuestionDefinitionType question = questions.stream().filter(q -> q.getIdentifier().equals(questionAnswer.getQuestionIdentifier())).findFirst().get();
String challenge = QUESTION.replace(Q_ID, question.getIdentifier());
questionChallenge += challenge.replace(Q_TXT, question.getQuestionText());
if (questionAnswerIterator.hasNext()) {
questionChallenge += ",";
}
}
String userChallenge = USER_CHALLENGE.replace("username", userName);
String challenge = "{" + userChallenge + ", \"answer\" : [" + questionChallenge + "]}";
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, challenge);
return null;
}
ArrayNode answers = (ArrayNode) answerNode;
Iterator<JsonNode> answersList = answers.elements();
Map<String, String> questionAnswers = new HashMap<>();
while (answersList.hasNext()) {
JsonNode answer = answersList.next();
String questionId = answer.findPath("qid").asText();
String questionAnswer = answer.findPath("qans").asText();
questionAnswers.put(questionId, questionAnswer);
}
return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
HashMap(java.util.HashMap)
JsonFactory(com.fasterxml.jackson.core.JsonFactory)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
MissingNode(com.fasterxml.jackson.databind.node.MissingNode)
IOException(java.io.IOException)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)
ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 3 with SecurityQuestionAnswerType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.
the class PageMyPasswordQuestions method updateQuestions.
private void updateQuestions(String useroid, AjaxRequestTarget target) {
Task task = createSimpleTask(OPERATION_SAVE_QUESTIONS);
OperationResult result = new OperationResult(OPERATION_SAVE_QUESTIONS);
SchemaRegistry registry = getPrismContext().getSchemaRegistry();
SecurityQuestionAnswerType[] answerTypeList = new SecurityQuestionAnswerType[questionNumber];
try {
int listnum = 0;
for (Iterator iterator = pqPanels.iterator(); iterator.hasNext(); ) {
MyPasswordQuestionsPanel type = (MyPasswordQuestionsPanel) iterator.next();
SecurityQuestionAnswerType answerType = new SecurityQuestionAnswerType();
ProtectedStringType answer = new ProtectedStringType();
answer.setClearValue(((TextField<String>) type.get(MyPasswordQuestionsPanel.F_ANSWER)).getModelObject());
answerType.setQuestionAnswer(answer);
//used apache's unescapeHtml method for special chars like \'
String results = StringEscapeUtils.unescapeHtml((type.get(MyPasswordQuestionsPanel.F_QUESTION)).getDefaultModelObjectAsString());
answerType.setQuestionIdentifier(getQuestionIdentifierFromQuestion(results));
answerTypeList[listnum] = answerType;
listnum++;
}
//if(answerTypeList.length !=)
// fill in answerType data here
ItemPath path = new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_SECURITY_QUESTIONS, SecurityQuestionsCredentialsType.F_QUESTION_ANSWER);
ObjectDelta<UserType> objectDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, useroid, path, getPrismContext(), answerTypeList);
Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(objectDelta);
getModelService().executeChanges(deltas, null, task, result);
/*
System.out.println("getModel");
Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
PasswordQuestionsDto dto = new PasswordQuestionsDto();
PrismObjectDefinition objDef =registry.findObjectDefinitionByCompileTimeClass(UserType.class);
Class<? extends ObjectType> type = UserType.class;
final ItemPath valuePath = new ItemPath(SchemaConstantsGenerated.C_CREDENTIALS,
CredentialsType.F_SECURITY_QUESTIONS, SecurityQuestionsCredentialsType.F_QUESTION_ANSWER);
SecurityQuestionAnswerType secQuesAnsType= new SecurityQuestionAnswerType();
ProtectedStringType protStrType= new ProtectedStringType();
protStrType.setClearValue("deneme");
secQuesAnsType.setQuestionAnswer(protStrType);
dto.setSecurityAnswers(new ArrayList<SecurityQuestionAnswerType>());
dto.getSecurityAnswers().add(secQuesAnsType);
PropertyDelta delta = PropertyDelta.createModificationReplaceProperty(valuePath, objDef, dto.getSecurityAnswers().get(0).getQuestionAnswer());
// PropertyDelta delta= PropertyDelta.createModifica
System.out.println("Update Questions3");
deltas.add(ObjectDelta.createModifyDelta(useroid, delta, type, getPrismContext()));
System.out.println("Update Questions4");
getModelService().executeChanges(deltas, null, createSimpleTask(OPERATION_SAVE_QUESTIONS), result);
System.out.println("Update Questions5");
*/
success(getString("message.success"));
target.add(getFeedbackPanel());
} catch (Exception ex) {
error(getString("message.error"));
target.add(getFeedbackPanel());
ex.printStackTrace();
}
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
RestartResponseException(org.apache.wicket.RestartResponseException)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
Iterator(java.util.Iterator)
MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
SchemaRegistry(com.evolveum.midpoint.prism.schema.SchemaRegistry)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 4 with SecurityQuestionAnswerType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.
the class PageSecurityQuestions method createUsersSecurityQuestionsList.
public List<SecurityQuestionAnswerDTO> createUsersSecurityQuestionsList(PrismObject<UserType> user) {
SecurityQuestionsCredentialsType credentialsPolicyType = user.asObjectable().getCredentials().getSecurityQuestions();
if (credentialsPolicyType == null) {
return null;
}
List<SecurityQuestionAnswerType> secQuestAnsList = credentialsPolicyType.getQuestionAnswer();
if (secQuestAnsList != null) {
List<SecurityQuestionAnswerDTO> secQuestAnswListDTO = new ArrayList<SecurityQuestionAnswerDTO>();
for (Iterator iterator = secQuestAnsList.iterator(); iterator.hasNext(); ) {
SecurityQuestionAnswerType securityQuestionAnswerType = (SecurityQuestionAnswerType) iterator.next();
Protector protector = getPrismContext().getDefaultProtector();
String decoded = "";
if (securityQuestionAnswerType.getQuestionAnswer().getEncryptedDataType() != null) {
try {
decoded = protector.decryptString(securityQuestionAnswerType.getQuestionAnswer());
} catch (EncryptionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
secQuestAnswListDTO.add(new SecurityQuestionAnswerDTO(securityQuestionAnswerType.getQuestionIdentifier(), decoded));
}
return secQuestAnswListDTO;
} else {
return null;
}
}
Also used :
SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)
SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
Protector(com.evolveum.midpoint.prism.crypto.Protector)
Example 5 with SecurityQuestionAnswerType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.
the class TestAbstractRestService method test600modifySecurityQuestionAnswer.
@Test
public void test600modifySecurityQuestionAnswer() throws Exception {
final String TEST_NAME = "test600modifySecurityQuestionAnswer";
displayTestTile(this, TEST_NAME);
WebClient client = prepareClient();
client.path("/users/" + USER_DARTHADDER_OID);
getDummyAuditService().clear();
TestUtil.displayWhen(TEST_NAME);
Response response = client.post(getRequestFile(MODIFICATION_REPLACE_ANSWER));
TestUtil.displayThen(TEST_NAME);
displayResponse(response);
traceResponse(response);
assertEquals("Expected 204 but got " + response.getStatus(), 204, response.getStatus());
IntegrationTestTools.display("Audit", getDummyAuditService());
getDummyAuditService().assertRecords(4);
getDummyAuditService().assertLoginLogout(SchemaConstants.CHANNEL_REST_URI);
getDummyAuditService().assertHasDelta(1, ChangeType.MODIFY, UserType.class);
TestUtil.displayWhen(TEST_NAME);
response = client.get();
TestUtil.displayThen(TEST_NAME);
displayResponse(response);
assertEquals("Expected 200 but got " + response.getStatus(), 200, response.getStatus());
UserType userDarthadder = response.readEntity(UserType.class);
CredentialsType credentials = userDarthadder.getCredentials();
assertNotNull("No credentials in user. Something is wrong.", credentials);
SecurityQuestionsCredentialsType securityQuestions = credentials.getSecurityQuestions();
assertNotNull("No security questions defined for user. Something is wrong.", securityQuestions);
List<SecurityQuestionAnswerType> secQuestionAnswers = securityQuestions.getQuestionAnswer();
assertEquals("Expected just one question-answer couple, but found " + secQuestionAnswers.size(), 1, secQuestionAnswers.size());
SecurityQuestionAnswerType secQuestionAnswer = secQuestionAnswers.iterator().next();
String decrypted = getPrismContext().getDefaultProtector().decryptString(secQuestionAnswer.getQuestionAnswer());
assertEquals("Unexpected answer " + decrypted + ". Expected 'newAnswer'.", "newAnswer", decrypted);
}
Also used :
Response(javax.ws.rs.core.Response)
SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)
CredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)
SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
Test(org.testng.annotations.Test)
Aggregations
SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)8
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3
SecurityQuestionsCredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)3
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)3
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)3
Iterator (java.util.Iterator)3
Protector (com.evolveum.midpoint.prism.crypto.Protector)2
SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)2
ArrayList (java.util.ArrayList)2
SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
SchemaRegistry (com.evolveum.midpoint.prism.schema.SchemaRegistry)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
Task (com.evolveum.midpoint.task.api.Task)1
MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)1
CredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)1
ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)1
SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)1
