Examples with ConqueryAuthenticationInfo com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo used on opensource projects

Example 1 with ConqueryAuthenticationInfo

use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.

the class IntrospectionDelegatingRealm method doGetAuthenticationInfo.

@Override
@SneakyThrows
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!(TOKEN_CLASS.isAssignableFrom(token.getClass()))) {
        log.trace("Incompatible token. Expected {}, got {}", TOKEN_CLASS, token.getClass());
        return null;
    }
    log.trace("Token has expected format!");
    TokenIntrospectionSuccessResponse successResponse = tokenCache.get((BearerToken) token);
    log.trace("Got an successful token introspection response.");
    UserId userId = extractId(successResponse);
    User user = getUserOrThrowUnknownAccount(storage, userId);
    return new ConqueryAuthenticationInfo(user, token, this, true);
}

Example 2 with ConqueryAuthenticationInfo

use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.

the class ConqueryTokenRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!(TOKEN_CLASS.isAssignableFrom(token.getClass()))) {
        log.trace("Incompatible token. Expected {}, got {}", TOKEN_CLASS, token.getClass());
        return null;
    }
    log.trace("Token has expected format: {}\tWas: {} ", TOKEN_CLASS, token.getClass());
    DecodedJWT decodedToken = null;
    try {
        decodedToken = jwtConfig.getTokenVerifier(this).verify((String) token.getCredentials());
    } catch (TokenExpiredException e) {
        log.trace("The provided token is expired.");
        throw new ExpiredCredentialsException(e);
    } catch (SignatureVerificationException | InvalidClaimException e) {
        log.trace("The provided token was not successfully verified against its signature or claims.");
        throw new IncorrectCredentialsException(e);
    } catch (JWTVerificationException e) {
        log.trace("The provided token could not be verified.", e);
        throw new AuthenticationException(e);
    } catch (Exception e) {
        log.trace("Unable to decode token", e);
        throw new AuthenticationException(e);
    }
    log.trace("Received valid token.");
    String username = decodedToken.getSubject();
    UserId userId = UserId.Parser.INSTANCE.parse(username);
    final User user = getUserOrThrowUnknownAccount(storage, userId);
    return new ConqueryAuthenticationInfo(user, token, this, true);
}

Example 3 with ConqueryAuthenticationInfo

use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.

the class JwtPkceVerifyingRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Optional<JwtPkceVerifyingRealmFactory.IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
    if (idpConfigurationOpt.isEmpty()) {
        log.warn("Unable to start authentication, because idp configuration is not available.");
        return null;
    }
    JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
    log.trace("Creating token verifier");
    TokenVerifier<AccessToken> verifier = TokenVerifier.create(((BearerToken) token).getToken(), AccessToken.class).withChecks(new TokenVerifier.RealmUrlCheck(idpConfiguration.getIssuer()), TokenVerifier.SUBJECT_EXISTS_CHECK, activeVerifier).withChecks(tokenChecks).publicKey(idpConfiguration.getPublicKey()).audience(allowedAudience);
    String subject;
    log.trace("Verifying token");
    AccessToken accessToken = null;
    try {
        verifier.verify();
        accessToken = verifier.getToken();
    } catch (VerificationException e) {
        log.trace("Verification failed", e);
        throw new IncorrectCredentialsException(e);
    }
    subject = accessToken.getSubject();
    if (subject == null) {
        // Should not happen, as sub is mandatory in an access_token
        throw new UnsupportedTokenException("Unable to extract a subject from the provided token.");
    }
    log.trace("Authentication successfull for subject {}", subject);
    UserId userId = new UserId(subject);
    User user = storage.getUser(userId);
    if (user != null) {
        log.trace("Successfully authenticated user {}", userId);
        return new ConqueryAuthenticationInfo(user, token, this, true);
    }
    // Try alternative ids
    List<UserId> alternativeIds = new ArrayList<>();
    for (String alternativeIdClaim : alternativeIdClaims) {
        Object altId = accessToken.getOtherClaims().get(alternativeIdClaim);
        if (!(altId instanceof String)) {
            log.trace("Found no value for alternative id claim {}", alternativeIdClaim);
            continue;
        }
        userId = new UserId((String) altId);
        user = storage.getUser(userId);
        if (user != null) {
            log.trace("Successfully mapped subject {} using user id {}", subject, userId);
            return new ConqueryAuthenticationInfo(user, token, this, true);
        }
    }
    throw new UnknownAccountException("The user id was unknown: " + subject);
}

Example 4 with ConqueryAuthenticationInfo

use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.

the class ApiTokenRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!(token instanceof ApiToken)) {
        return null;
    }
    final ApiToken apiToken = ((ApiToken) token);
    ApiTokenHash tokenHash = apiToken.hashToken();
    // Clear the token
    apiToken.clear();
    ApiTokenData tokenData = tokenStorage.get(tokenHash);
    if (tokenData == null) {
        log.trace("Unknown token, cannot map token hash to token data. Aborting authentication");
        throw new IncorrectCredentialsException();
    }
    if (LocalDate.now().isAfter(tokenData.getExpirationDate())) {
        log.info("Supplied token expired on: {}", tokenData.getExpirationDate());
        throw new ExpiredCredentialsException("Supplied token is expired");
    }
    final ApiTokenData.MetaData metaData = new ApiTokenData.MetaData(LocalDate.now());
    tokenStorage.updateMetaData(tokenData.getId(), metaData);
    final UserId userId = tokenData.getUserId();
    final User user = storage.getUser(userId);
    if (user == null) {
        throw new UnknownAccountException("The UserId does not map to a user: " + userId);
    }
    return new ConqueryAuthenticationInfo(new TokenScopedUser(user, tokenData), token, this, false);
}

Example 5 with ConqueryAuthenticationInfo

use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.

the class DefaultInitialUserRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!(token instanceof DevelopmentToken)) {
        return null;
    }
    DevelopmentToken devToken = (DevelopmentToken) token;
    final User user = getUserOrThrowUnknownAccount(storage, devToken.getPrincipal());
    return new ConqueryAuthenticationInfo(user, devToken.getCredentials(), this, true);
}