use of com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException in project AuthGuard by AuthGuard.
the class UnboundLdapService method authenticate.
@Override
public AccountBO authenticate(final String username, final String password) {
// search
final SearchResult searchResult;
final Map<String, String[]> attributes;
try {
searchResult = ldapSearch.findUser(username);
attributes = ldapAccountMapper.getAttributes(searchResult);
} catch (final LDAPException e) {
LOG.error("Failed to establish a connection the LDAP server or perform a search", e);
throw new ServiceAuthorizationException(ErrorCode.LDAP_ERROR, "Could not perform an LDAP search");
}
if (attributes.isEmpty()) {
throw new ServiceAuthorizationException(ErrorCode.IDENTIFIER_DOES_NOT_EXIST, "Username not found");
}
// bind
try {
ldapBind.bind(searchResult.getSearchEntries().get(0).getDN(), password);
} catch (final LDAPBindException e) {
throw new ServiceAuthorizationException(ErrorCode.GENERIC_AUTH_FAILURE, "Failed to authenticate user");
} catch (final LDAPException e) {
LOG.error("Failed to establish a connection the LDAP server or perform a bind", e);
throw new ServiceAuthorizationException(ErrorCode.LDAP_ERROR, "Could not perform an LDAP search");
}
return ldapAccountMapper.mapAttributes(attributes, config.getFieldMapping()).build();
}
use of com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException in project AuthGuard by AuthGuard.
the class OAuthServiceClient method authorize.
/**
* Sends a request to exchange the authorization code with ID, access,
* and refresh tokens.
*/
public CompletableFuture<TokensResponse> authorize(final String code) {
final MultiMap form = MultiMap.caseInsensitiveMultiMap().set("code", code).set("client_id", clientConfiguration.getClientId()).set("client_secret", clientConfiguration.getClientSecret()).set("redirect_uri", clientConfiguration.getTokenRedirectUrl()).set("grant_type", GrantType.AUTHORIZATION_CODE.type());
final String url = clientConfiguration.getTokenUrl();
final CompletableFuture<TokensResponse> future = new CompletableFuture<>();
final String path = tokenUrl.encodedPath();
webClient.post(tokenUrl.port(), tokenUrl.host(), path).timeout(5000).ssl(tokenUrl.isHttps()).putHeader("Accept", "application/json").sendForm(form, response -> {
if (response.succeeded()) {
final HttpResponse<Buffer> httpResponse = response.result();
final String body = httpResponse.bodyAsString();
LOG.info("Body {}", body);
if (httpResponse.statusCode() == 200) {
processResponse(httpResponse, url, future);
} else {
LOG.warn("Call to {} returned status code {}", url, httpResponse.statusCode());
future.completeExceptionally(new ServiceAuthorizationException(ErrorCode.GENERIC_AUTH_FAILURE, "Unsuccessful call to the identity provider"));
}
} else {
LOG.error("Call to {} failed", url, response.cause());
future.completeExceptionally(new ServiceAuthorizationException(ErrorCode.GENERIC_AUTH_FAILURE, "Unexpected identity provider connection error"));
}
});
return future;
}
use of com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException in project AuthGuard by AuthGuard.
the class OtpVerifier method verifyAccountToken.
@Override
public Either<Exception, String> verifyAccountToken(final String token) {
// TODO: no need to have a special format for the token, just receive the two parts in the request
final String[] parts = token.split(":");
if (parts.length != 2) {
return Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_AUTHORIZATION_FORMAT, "Invalid OTP token format"));
}
final String passwordId = parts[0];
final String otp = parts[1];
final Optional<OneTimePasswordBO> generatedOpt = otpRepository.getById(passwordId).thenApply(optional -> optional.map(serviceMapper::toBO)).join();
if (generatedOpt.isPresent()) {
final OneTimePasswordBO generated = generatedOpt.get();
if (generated.getExpiresAt().isBefore(OffsetDateTime.now())) {
return Either.left(new ServiceAuthorizationException(ErrorCode.EXPIRED_TOKEN, "OTP " + passwordId + " has expired", EntityType.ACCOUNT, generated.getAccountId()));
}
if (generated.getPassword().equals(otp)) {
return Either.right(generated.getAccountId());
} else {
return Either.left(new ServiceAuthorizationException(ErrorCode.PASSWORDS_DO_NOT_MATCH, "OTP " + passwordId + " values did not match", EntityType.ACCOUNT, generated.getAccountId()));
}
} else {
return Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_TOKEN, "Invalid OTP ID"));
}
}
use of com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException in project AuthGuard by AuthGuard.
the class PasswordlessProvider method generateToken.
@Override
public AuthResponseBO generateToken(final AccountBO account) {
if (!account.isActive()) {
throw new ServiceAuthorizationException(ErrorCode.ACCOUNT_INACTIVE, "Account was deactivated");
}
final String token = randomToken();
final AccountTokenDO accountToken = AccountTokenDO.builder().id(ID.generate()).associatedAccountId(account.getId()).token(token).expiresAt(OffsetDateTime.now().plus(tokenTtl)).build();
accountTokensRepository.save(accountToken);
final PasswordlessMessageBody messageBody = new PasswordlessMessageBody(accountToken, account);
messageBus.publish(PASSWORDLESS_CHANNEL, Messages.passwordlessGenerated(messageBody));
return AuthResponseBO.builder().type(TOKEN_TYPE).token(accountToken.getId()).entityType(EntityType.ACCOUNT).entityId(account.getId()).build();
}
use of com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException in project AuthGuard by AuthGuard.
the class AuthenticationServiceImpl method authenticate.
@Override
public Optional<AuthResponseBO> authenticate(final AuthRequestBO authRequest, final RequestContextBO requestContext) {
final AuthResponseBO tokens = exchangeService.exchange(authRequest, FROM_TOKEN_TYPE, generateTokenType, requestContext);
final Collection<AccountLockBO> locks = accountLocksService.getActiveLocksByAccountId(tokens.getEntityId());
if (locks == null || locks.isEmpty()) {
return Optional.of(tokens);
} else {
throw new ServiceAuthorizationException(ErrorCode.ACCOUNT_IS_LOCKED, "There is an active lock on account " + tokens.getEntityId());
}
}
Aggregations