use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.
the class MD5UserAuthenticatorTest method authenticate.
@Test
public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
UserAccountVO account = new UserAccountVO();
account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertTrue(pair.first());
}
use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.
the class MD5UserAuthenticatorTest method authenticateBadUser.
@Test
public void authenticateBadUser() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(null);
Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertFalse(pair.first());
}
use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.
the class SAML2UserAuthenticatorTest method authenticate.
@Test
public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
SAML2UserAuthenticator authenticator = new SAML2UserAuthenticator();
Field daoField = SAML2UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, userAccountDao);
Field userDaoField = SAML2UserAuthenticator.class.getDeclaredField("_userDao");
userDaoField.setAccessible(true);
userDaoField.set(authenticator, userDao);
UserAccountVO account = new UserAccountVO();
account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
account.setId(1L);
UserVO user = new UserVO();
Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user);
Pair<Boolean, ActionOnFailedAuthentication> pair;
Map<String, Object[]> params = new HashMap<String, Object[]>();
// When there is no SAMLRequest in params
pair = authenticator.authenticate("someUID", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params and user is same as the mocked one
params.put(SAMLPluginConstants.SAML_RESPONSE, new String[] { "RandomString" });
pair = authenticator.authenticate("someUID", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is null
pair = authenticator.authenticate(null, "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is empty
pair = authenticator.authenticate("", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is not valid
pair = authenticator.authenticate("someOtherUID", "random", 1l, params);
Assert.assertFalse(pair.first());
}
use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.
the class MD5UserAuthenticatorTest method authenticateBadPass.
@Test
public void authenticateBadPass() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
UserAccountVO account = new UserAccountVO();
account.setPassword("surprise");
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertFalse(pair.first());
}
use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.
the class AccountManagerImpl method getUserAccount.
private UserAccount getUserAccount(String username, String password, Long domainId, Map<String, Object[]> requestParameters) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId);
}
UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
boolean authenticated = false;
HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion = new HashSet<ActionOnFailedAuthentication>();
User.Source userSource = userAccount != null ? userAccount.getSource() : User.Source.UNKNOWN;
for (UserAuthenticator authenticator : _userAuthenticators) {
if (userSource != User.Source.UNKNOWN) {
if (!authenticator.getName().equalsIgnoreCase(userSource.name())) {
continue;
}
}
Pair<Boolean, ActionOnFailedAuthentication> result = authenticator.authenticate(username, password, domainId, requestParameters);
if (result.first()) {
authenticated = true;
break;
} else if (result.second() != null) {
actionsOnFailedAuthenticaion.add(result.second());
}
}
boolean updateIncorrectLoginCount = actionsOnFailedAuthenticaion.contains(ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
if (authenticated) {
Domain domain = _domainMgr.getDomain(domainId);
String domainName = null;
if (domain != null) {
domainName = domain.getName();
}
userAccount = _userAccountDao.getUserAccount(username, domainId);
if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) || !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (s_logger.isInfoEnabled()) {
s_logger.info("User " + username + " in domain " + domainName + " is disabled/locked (or account is disabled/locked)");
}
throw new CloudAuthenticationException("User " + username + " (or their account) in domain " + domainName + " is disabled/locked. Please contact the administrator.");
}
// Whenever the user is able to log in successfully, reset the login attempts to zero
if (!isInternalAccount(userAccount.getId()))
updateLoginAttempts(userAccount.getId(), 0, false);
return userAccount;
} else {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
}
if (userAccount == null) {
s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
return null;
}
if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
if (!isInternalAccount(userAccount.getId())) {
// Internal accounts are not disabled
int attemptsMade = userAccount.getLoginAttempts() + 1;
if (updateIncorrectLoginCount) {
if (attemptsMade < _allowedLoginAttempts) {
updateLoginAttempts(userAccount.getId(), attemptsMade, false);
s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
} else {
updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
}
}
}
} else {
s_logger.info("User " + userAccount.getUsername() + " is disabled/locked");
}
return null;
}
}
Aggregations