use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.
the class IntrospectionDelegatingRealm method doGetAuthenticationInfo.
@Override
@SneakyThrows
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!(TOKEN_CLASS.isAssignableFrom(token.getClass()))) {
log.trace("Incompatible token. Expected {}, got {}", TOKEN_CLASS, token.getClass());
return null;
}
log.trace("Token has expected format!");
TokenIntrospectionSuccessResponse successResponse = tokenCache.get((BearerToken) token);
log.trace("Got an successful token introspection response.");
UserId userId = extractId(successResponse);
User user = getUserOrThrowUnknownAccount(storage, userId);
return new ConqueryAuthenticationInfo(user, token, this, true);
}
use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.
the class ConqueryTokenRealm method doGetAuthenticationInfo.
@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!(TOKEN_CLASS.isAssignableFrom(token.getClass()))) {
log.trace("Incompatible token. Expected {}, got {}", TOKEN_CLASS, token.getClass());
return null;
}
log.trace("Token has expected format: {}\tWas: {} ", TOKEN_CLASS, token.getClass());
DecodedJWT decodedToken = null;
try {
decodedToken = jwtConfig.getTokenVerifier(this).verify((String) token.getCredentials());
} catch (TokenExpiredException e) {
log.trace("The provided token is expired.");
throw new ExpiredCredentialsException(e);
} catch (SignatureVerificationException | InvalidClaimException e) {
log.trace("The provided token was not successfully verified against its signature or claims.");
throw new IncorrectCredentialsException(e);
} catch (JWTVerificationException e) {
log.trace("The provided token could not be verified.", e);
throw new AuthenticationException(e);
} catch (Exception e) {
log.trace("Unable to decode token", e);
throw new AuthenticationException(e);
}
log.trace("Received valid token.");
String username = decodedToken.getSubject();
UserId userId = UserId.Parser.INSTANCE.parse(username);
final User user = getUserOrThrowUnknownAccount(storage, userId);
return new ConqueryAuthenticationInfo(user, token, this, true);
}
use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.
the class JwtPkceVerifyingRealm method doGetAuthenticationInfo.
@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
Optional<JwtPkceVerifyingRealmFactory.IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
if (idpConfigurationOpt.isEmpty()) {
log.warn("Unable to start authentication, because idp configuration is not available.");
return null;
}
JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
log.trace("Creating token verifier");
TokenVerifier<AccessToken> verifier = TokenVerifier.create(((BearerToken) token).getToken(), AccessToken.class).withChecks(new TokenVerifier.RealmUrlCheck(idpConfiguration.getIssuer()), TokenVerifier.SUBJECT_EXISTS_CHECK, activeVerifier).withChecks(tokenChecks).publicKey(idpConfiguration.getPublicKey()).audience(allowedAudience);
String subject;
log.trace("Verifying token");
AccessToken accessToken = null;
try {
verifier.verify();
accessToken = verifier.getToken();
} catch (VerificationException e) {
log.trace("Verification failed", e);
throw new IncorrectCredentialsException(e);
}
subject = accessToken.getSubject();
if (subject == null) {
// Should not happen, as sub is mandatory in an access_token
throw new UnsupportedTokenException("Unable to extract a subject from the provided token.");
}
log.trace("Authentication successfull for subject {}", subject);
UserId userId = new UserId(subject);
User user = storage.getUser(userId);
if (user != null) {
log.trace("Successfully authenticated user {}", userId);
return new ConqueryAuthenticationInfo(user, token, this, true);
}
// Try alternative ids
List<UserId> alternativeIds = new ArrayList<>();
for (String alternativeIdClaim : alternativeIdClaims) {
Object altId = accessToken.getOtherClaims().get(alternativeIdClaim);
if (!(altId instanceof String)) {
log.trace("Found no value for alternative id claim {}", alternativeIdClaim);
continue;
}
userId = new UserId((String) altId);
user = storage.getUser(userId);
if (user != null) {
log.trace("Successfully mapped subject {} using user id {}", subject, userId);
return new ConqueryAuthenticationInfo(user, token, this, true);
}
}
throw new UnknownAccountException("The user id was unknown: " + subject);
}
use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.
the class ApiTokenRealm method doGetAuthenticationInfo.
@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!(token instanceof ApiToken)) {
return null;
}
final ApiToken apiToken = ((ApiToken) token);
ApiTokenHash tokenHash = apiToken.hashToken();
// Clear the token
apiToken.clear();
ApiTokenData tokenData = tokenStorage.get(tokenHash);
if (tokenData == null) {
log.trace("Unknown token, cannot map token hash to token data. Aborting authentication");
throw new IncorrectCredentialsException();
}
if (LocalDate.now().isAfter(tokenData.getExpirationDate())) {
log.info("Supplied token expired on: {}", tokenData.getExpirationDate());
throw new ExpiredCredentialsException("Supplied token is expired");
}
final ApiTokenData.MetaData metaData = new ApiTokenData.MetaData(LocalDate.now());
tokenStorage.updateMetaData(tokenData.getId(), metaData);
final UserId userId = tokenData.getUserId();
final User user = storage.getUser(userId);
if (user == null) {
throw new UnknownAccountException("The UserId does not map to a user: " + userId);
}
return new ConqueryAuthenticationInfo(new TokenScopedUser(user, tokenData), token, this, false);
}
use of com.bakdata.conquery.models.auth.ConqueryAuthenticationInfo in project conquery by bakdata.
the class DefaultInitialUserRealm method doGetAuthenticationInfo.
@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!(token instanceof DevelopmentToken)) {
return null;
}
DevelopmentToken devToken = (DevelopmentToken) token;
final User user = getUserOrThrowUnknownAccount(storage, devToken.getPrincipal());
return new ConqueryAuthenticationInfo(user, devToken.getCredentials(), this, true);
}
Aggregations