Example 6 with UserAccountVO
use of com.cloud.user.UserAccountVO in project cloudstack by apache.
the class SAML2UserAuthenticatorTest method authenticate.
@Test
public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
SAML2UserAuthenticator authenticator = new SAML2UserAuthenticator();
Field daoField = SAML2UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, userAccountDao);
Field userDaoField = SAML2UserAuthenticator.class.getDeclaredField("_userDao");
userDaoField.setAccessible(true);
userDaoField.set(authenticator, userDao);
UserAccountVO account = new UserAccountVO();
account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
account.setId(1L);
UserVO user = new UserVO();
Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Mockito.when(userDao.getUser(Mockito.anyLong())).thenReturn(user);
Pair<Boolean, ActionOnFailedAuthentication> pair;
Map<String, Object[]> params = new HashMap<String, Object[]>();
// When there is no SAMLRequest in params
pair = authenticator.authenticate("someUID", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params and user is same as the mocked one
params.put(SAMLPluginConstants.SAML_RESPONSE, new String[] { "RandomString" });
pair = authenticator.authenticate("someUID", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is null
pair = authenticator.authenticate(null, "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is empty
pair = authenticator.authenticate("", "random", 1l, params);
Assert.assertFalse(pair.first());
// When there is SAMLRequest in params but username is not valid
pair = authenticator.authenticate("someOtherUID", "random", 1l, params);
Assert.assertFalse(pair.first());
}
Also used :
SAML2UserAuthenticator(org.apache.cloudstack.saml.SAML2UserAuthenticator)
Field(java.lang.reflect.Field)
UserAccountVO(com.cloud.user.UserAccountVO)
UserVO(com.cloud.user.UserVO)
HashMap(java.util.HashMap)
ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)
Test(org.junit.Test)
Example 7 with UserAccountVO
use of com.cloud.user.UserAccountVO in project cloudstack by apache.
the class PBKD2UserAuthenticatorTest method authenticateValidTest.
@Test
public void authenticateValidTest() throws IllegalAccessException, NoSuchFieldException {
PBKDF2UserAuthenticator authenticator = new PBKDF2UserAuthenticator();
Field daoField = PBKDF2UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
UserAccountVO account = new UserAccountVO();
account.setPassword("FMDMdx/2QjrZniqNRAgOAC1ai/CY/C+2kmKhp3vo+98pkqhO+AR6hCyUl0bOXtkq3XWqNiSQTwbi7KTiwuWhyw==:+u8T5LzCtikCPvKnUDn6JDezf1Hg2bood/ke5Oo93pz9s1eD9k/JLsa497Z3h9QWfOQfq0zvCRmkzfXMF913vQ==:4096");
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertTrue(pair.first());
}
Also used :
Field(java.lang.reflect.Field)
UserAccountVO(com.cloud.user.UserAccountVO)
Test(org.junit.Test)
Example 8 with UserAccountVO
use of com.cloud.user.UserAccountVO in project cloudstack by apache.
the class PBKD2UserAuthenticatorTest method authenticateInValidTest.
@Test
public void authenticateInValidTest() throws IllegalAccessException, NoSuchFieldException {
PBKDF2UserAuthenticator authenticator = new PBKDF2UserAuthenticator();
Field daoField = PBKDF2UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
UserAccountVO account = new UserAccountVO();
account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertFalse(pair.first());
}
Also used :
Field(java.lang.reflect.Field)
UserAccountVO(com.cloud.user.UserAccountVO)
Test(org.junit.Test)
Example 9 with UserAccountVO
use of com.cloud.user.UserAccountVO in project cloudstack by apache.
the class ListAndSwitchSAMLAccountCmd method authenticate.
@Override
public String authenticate(final String command, final Map<String, Object[]> params, final HttpSession session, InetAddress remoteAddress, final String responseType, final StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
if (session == null || session.isNew()) {
throw new ServerApiException(ApiErrorCode.UNAUTHORIZED, _apiServer.getSerializedApiError(ApiErrorCode.UNAUTHORIZED.getHttpCode(), "Only authenticated saml users can request this API", params, responseType));
}
if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
throw new ServerApiException(ApiErrorCode.UNAUTHORIZED, _apiServer.getSerializedApiError(ApiErrorCode.UNAUTHORIZED.getHttpCode(), "Unauthorized session, please re-login", params, responseType));
}
final long currentUserId = (Long) session.getAttribute("userid");
final UserAccount currentUserAccount = _accountService.getUserAccountById(currentUserId);
if (currentUserAccount == null || currentUserAccount.getSource() != User.Source.SAML2) {
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "Only authenticated saml users can request this API", params, responseType));
}
String userUuid = null;
String domainUuid = null;
if (params.containsKey(ApiConstants.USER_ID)) {
userUuid = ((String[]) params.get(ApiConstants.USER_ID))[0];
}
if (params.containsKey(ApiConstants.DOMAIN_ID)) {
domainUuid = ((String[]) params.get(ApiConstants.DOMAIN_ID))[0];
}
if (userUuid != null && domainUuid != null) {
final User user = _userDao.findByUuid(userUuid);
final Domain domain = _domainDao.findByUuid(domainUuid);
final UserAccount nextUserAccount = _accountService.getUserAccountById(user.getId());
if (nextUserAccount != null && !nextUserAccount.getAccountState().equals(Account.State.enabled.toString())) {
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.PARAM_ERROR.getHttpCode(), "The requested user account is locked and cannot be switched to, please contact your administrator.", params, responseType));
}
if (nextUserAccount == null || !nextUserAccount.getAccountState().equals(Account.State.enabled.toString()) || !nextUserAccount.getUsername().equals(currentUserAccount.getUsername()) || !nextUserAccount.getExternalEntity().equals(currentUserAccount.getExternalEntity()) || (nextUserAccount.getDomainId() != domain.getId()) || (nextUserAccount.getSource() != User.Source.SAML2)) {
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.PARAM_ERROR.getHttpCode(), "User account is not allowed to switch to the requested account", params, responseType));
}
try {
if (_apiServer.verifyUser(nextUserAccount.getId())) {
final LoginCmdResponse loginResponse = (LoginCmdResponse) _apiServer.loginUser(session, nextUserAccount.getUsername(), nextUserAccount.getUsername() + nextUserAccount.getSource().toString(), nextUserAccount.getDomainId(), null, remoteAddress, params);
SAMLUtils.setupSamlUserCookies(loginResponse, resp);
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
return ApiResponseSerializer.toSerializedString(loginResponse, responseType);
}
} catch (CloudAuthenticationException | IOException exception) {
s_logger.debug("Failed to switch to request SAML user account due to: " + exception.getMessage());
}
} else {
List<UserAccountVO> switchableAccounts = _userAccountDao.getAllUsersByNameAndEntity(currentUserAccount.getUsername(), currentUserAccount.getExternalEntity());
if (switchableAccounts != null && switchableAccounts.size() > 0 && currentUserId != User.UID_SYSTEM) {
List<SamlUserAccountResponse> accountResponses = new ArrayList<SamlUserAccountResponse>();
for (UserAccountVO userAccount : switchableAccounts) {
User user = _userDao.getUser(userAccount.getId());
Domain domain = _domainService.getDomain(userAccount.getDomainId());
SamlUserAccountResponse accountResponse = new SamlUserAccountResponse();
accountResponse.setUserId(user.getUuid());
accountResponse.setUserName(user.getUsername());
accountResponse.setDomainId(domain.getUuid());
accountResponse.setDomainName(domain.getName());
accountResponse.setAccountName(userAccount.getAccountName());
accountResponse.setIdpId(user.getExternalEntity());
accountResponses.add(accountResponse);
}
ListResponse<SamlUserAccountResponse> response = new ListResponse<SamlUserAccountResponse>();
response.setResponses(accountResponses);
response.setResponseName(getCommandName());
return ApiResponseSerializer.toSerializedString(response, responseType);
}
}
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "Unable to switch to requested SAML account. Please make sure your user/account is enabled. Please contact your administrator.", params, responseType));
}
Also used :
User(com.cloud.user.User)
ListResponse(org.apache.cloudstack.api.response.ListResponse)
CloudAuthenticationException(com.cloud.exception.CloudAuthenticationException)
SamlUserAccountResponse(org.apache.cloudstack.api.response.SamlUserAccountResponse)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
UserAccountVO(com.cloud.user.UserAccountVO)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
Domain(com.cloud.domain.Domain)
UserAccount(com.cloud.user.UserAccount)
LoginCmdResponse(org.apache.cloudstack.api.response.LoginCmdResponse)
Example 10 with UserAccountVO
use of com.cloud.user.UserAccountVO in project cloudstack by apache.
the class MD5UserAuthenticatorTest method authenticateBadPass.
@Test
public void authenticateBadPass() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
daoField.setAccessible(true);
daoField.set(authenticator, dao);
UserAccountVO account = new UserAccountVO();
account.setPassword("surprise");
Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
Assert.assertFalse(pair.first());
}
Also used :
Field(java.lang.reflect.Field)
UserAccountVO(com.cloud.user.UserAccountVO)
ActionOnFailedAuthentication(com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)
Test(org.junit.Test)
Aggregations
UserAccountVO (com.cloud.user.UserAccountVO)10
Field (java.lang.reflect.Field)7
Test (org.junit.Test)7
ServerApiException (org.apache.cloudstack.api.ServerApiException)4
ActionOnFailedAuthentication (com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication)3
IOException (java.io.IOException)3
HashMap (java.util.HashMap)3
LoginCmdResponse (org.apache.cloudstack.api.response.LoginCmdResponse)3
CloudAuthenticationException (com.cloud.exception.CloudAuthenticationException)2
UserAccount (com.cloud.user.UserAccount)2
UserVO (com.cloud.user.UserVO)2
SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)2
Domain (com.cloud.domain.Domain)1
DomainVO (com.cloud.domain.DomainVO)1
User (com.cloud.user.User)1
XStream (com.thoughtworks.xstream.XStream)1
DomDriver (com.thoughtworks.xstream.io.xml.DomDriver)1
InputStream (java.io.InputStream)1
ObjectInputStream (java.io.ObjectInputStream)1
InetAddress (java.net.InetAddress)1
