Search in sources :

Example 1 with ActionOnFailedAuthentication

use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.

the class MD5UserAuthenticatorTest method authenticate.

@Test
public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
    MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
    Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
    daoField.setAccessible(true);
    daoField.set(authenticator, dao);
    UserAccountVO account = new UserAccountVO();
    account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
    Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
    Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
    Assert.assertTrue(pair.first());
}
Also used : Field(java.lang.reflect.Field) UserAccountVO(com.cloud.user.UserAccountVO) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Test(org.junit.Test)

Example 2 with ActionOnFailedAuthentication

use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.

the class MD5UserAuthenticatorTest method authenticateBadUser.

@Test
public void authenticateBadUser() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
    MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
    Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
    daoField.setAccessible(true);
    daoField.set(authenticator, dao);
    Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(null);
    Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
    Assert.assertFalse(pair.first());
}
Also used : Field(java.lang.reflect.Field) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Test(org.junit.Test)

Example 3 with ActionOnFailedAuthentication

use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.

the class SAML2UserAuthenticatorTest method authenticate.

@Test
public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
    SAML2UserAuthenticator authenticator = new SAML2UserAuthenticator();
    Field daoField = SAML2UserAuthenticator.class.getDeclaredField("_userAccountDao");
    daoField.setAccessible(true);
    daoField.set(authenticator, userAccountDao);
    Field userDaoField = SAML2UserAuthenticator.class.getDeclaredField("_userDao");
    userDaoField.setAccessible(true);
    userDaoField.set(authenticator, userDao);
    UserAccountVO account = new UserAccountVO();
    account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
    account.setId(1L);
    UserVO user = new UserVO();
    Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
    Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user);
    Pair<Boolean, ActionOnFailedAuthentication> pair;
    Map<String, Object[]> params = new HashMap<String, Object[]>();
    // When there is no SAMLRequest in params
    pair = authenticator.authenticate("someUID", "random", 1l, params);
    Assert.assertFalse(pair.first());
    // When there is SAMLRequest in params and user is same as the mocked one
    params.put(SAMLPluginConstants.SAML_RESPONSE, new String[] { "RandomString" });
    pair = authenticator.authenticate("someUID", "random", 1l, params);
    Assert.assertFalse(pair.first());
    // When there is SAMLRequest in params but username is null
    pair = authenticator.authenticate(null, "random", 1l, params);
    Assert.assertFalse(pair.first());
    // When there is SAMLRequest in params but username is empty
    pair = authenticator.authenticate("", "random", 1l, params);
    Assert.assertFalse(pair.first());
    // When there is SAMLRequest in params but username is not valid
    pair = authenticator.authenticate("someOtherUID", "random", 1l, params);
    Assert.assertFalse(pair.first());
}
Also used : SAML2UserAuthenticator(org.apache.cloudstack.saml.SAML2UserAuthenticator) Field(java.lang.reflect.Field) UserAccountVO(com.cloud.user.UserAccountVO) UserVO(com.cloud.user.UserVO) HashMap(java.util.HashMap) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Test(org.junit.Test)

Example 4 with ActionOnFailedAuthentication

use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.

the class MD5UserAuthenticatorTest method authenticateBadPass.

@Test
public void authenticateBadPass() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
    MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
    Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
    daoField.setAccessible(true);
    daoField.set(authenticator, dao);
    UserAccountVO account = new UserAccountVO();
    account.setPassword("surprise");
    Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
    Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
    Assert.assertFalse(pair.first());
}
Also used : Field(java.lang.reflect.Field) UserAccountVO(com.cloud.user.UserAccountVO) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Test(org.junit.Test)

Example 5 with ActionOnFailedAuthentication

use of com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication in project cloudstack by apache.

the class AccountManagerImpl method getUserAccount.

private UserAccount getUserAccount(String username, String password, Long domainId, Map<String, Object[]> requestParameters) {
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId);
    }
    UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
    boolean authenticated = false;
    HashSet<ActionOnFailedAuthentication> actionsOnFailedAuthenticaion = new HashSet<ActionOnFailedAuthentication>();
    User.Source userSource = userAccount != null ? userAccount.getSource() : User.Source.UNKNOWN;
    for (UserAuthenticator authenticator : _userAuthenticators) {
        if (userSource != User.Source.UNKNOWN) {
            if (!authenticator.getName().equalsIgnoreCase(userSource.name())) {
                continue;
            }
        }
        Pair<Boolean, ActionOnFailedAuthentication> result = authenticator.authenticate(username, password, domainId, requestParameters);
        if (result.first()) {
            authenticated = true;
            break;
        } else if (result.second() != null) {
            actionsOnFailedAuthenticaion.add(result.second());
        }
    }
    boolean updateIncorrectLoginCount = actionsOnFailedAuthenticaion.contains(ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
    if (authenticated) {
        Domain domain = _domainMgr.getDomain(domainId);
        String domainName = null;
        if (domain != null) {
            domainName = domain.getName();
        }
        userAccount = _userAccountDao.getUserAccount(username, domainId);
        if (!userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString()) || !userAccount.getAccountState().equalsIgnoreCase(Account.State.enabled.toString())) {
            if (s_logger.isInfoEnabled()) {
                s_logger.info("User " + username + " in domain " + domainName + " is disabled/locked (or account is disabled/locked)");
            }
            throw new CloudAuthenticationException("User " + username + " (or their account) in domain " + domainName + " is disabled/locked. Please contact the administrator.");
        }
        // Whenever the user is able to log in successfully, reset the login attempts to zero
        if (!isInternalAccount(userAccount.getId()))
            updateLoginAttempts(userAccount.getId(), 0, false);
        return userAccount;
    } else {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Unable to authenticate user with username " + username + " in domain " + domainId);
        }
        if (userAccount == null) {
            s_logger.warn("Unable to find an user with username " + username + " in domain " + domainId);
            return null;
        }
        if (userAccount.getState().equalsIgnoreCase(Account.State.enabled.toString())) {
            if (!isInternalAccount(userAccount.getId())) {
                // Internal accounts are not disabled
                int attemptsMade = userAccount.getLoginAttempts() + 1;
                if (updateIncorrectLoginCount) {
                    if (attemptsMade < _allowedLoginAttempts) {
                        updateLoginAttempts(userAccount.getId(), attemptsMade, false);
                        s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining");
                    } else {
                        updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true);
                        s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
                    }
                }
            }
        } else {
            s_logger.info("User " + userAccount.getUsername() + " is disabled/locked");
        }
        return null;
    }
}
Also used : CloudAuthenticationException(com.cloud.exception.CloudAuthenticationException) UserAuthenticator(com.cloud.server.auth.UserAuthenticator) ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication) Domain(com.cloud.domain.Domain) HashSet(java.util.HashSet)

Aggregations

ActionOnFailedAuthentication (com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)5 Field (java.lang.reflect.Field)4 Test (org.junit.Test)4 UserAccountVO (com.cloud.user.UserAccountVO)3 Domain (com.cloud.domain.Domain)1 CloudAuthenticationException (com.cloud.exception.CloudAuthenticationException)1 UserAuthenticator (com.cloud.server.auth.UserAuthenticator)1 UserVO (com.cloud.user.UserVO)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 SAML2UserAuthenticator (org.apache.cloudstack.saml.SAML2UserAuthenticator)1