use of com.nexblocks.authguard.service.model.OneTimePasswordBO in project AuthGuard by AuthGuard.
the class OtpVerifier method verifyAccountToken.
@Override
public Either<Exception, String> verifyAccountToken(final String token) {
// TODO: no need to have a special format for the token, just receive the two parts in the request
final String[] parts = token.split(":");
if (parts.length != 2) {
return Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_AUTHORIZATION_FORMAT, "Invalid OTP token format"));
}
final String passwordId = parts[0];
final String otp = parts[1];
final Optional<OneTimePasswordBO> generatedOpt = otpRepository.getById(passwordId).thenApply(optional -> optional.map(serviceMapper::toBO)).join();
if (generatedOpt.isPresent()) {
final OneTimePasswordBO generated = generatedOpt.get();
if (generated.getExpiresAt().isBefore(OffsetDateTime.now())) {
return Either.left(new ServiceAuthorizationException(ErrorCode.EXPIRED_TOKEN, "OTP " + passwordId + " has expired", EntityType.ACCOUNT, generated.getAccountId()));
}
if (generated.getPassword().equals(otp)) {
return Either.right(generated.getAccountId());
} else {
return Either.left(new ServiceAuthorizationException(ErrorCode.PASSWORDS_DO_NOT_MATCH, "OTP " + passwordId + " values did not match", EntityType.ACCOUNT, generated.getAccountId()));
}
} else {
return Either.left(new ServiceAuthorizationException(ErrorCode.INVALID_TOKEN, "Invalid OTP ID"));
}
}
use of com.nexblocks.authguard.service.model.OneTimePasswordBO in project AuthGuard by AuthGuard.
the class EmailOtpSubscriber method onMessage.
@Override
public void onMessage(final Message message) {
if (message.getEventType() == EventType.OTP_GENERATED) {
final OtpMessageBody messageBody = (OtpMessageBody) message.getMessageBody();
final AccountBO account = messageBody.getAccount();
final OneTimePasswordBO otp = messageBody.getOtp();
if (messageBody.isByEmail()) {
sendEmail(account, otp);
} else {
LOG.warn("Email OTP subscriber is enabled but a OTP event was received not to be sent by email");
}
}
}
use of com.nexblocks.authguard.service.model.OneTimePasswordBO in project AuthGuard by AuthGuard.
the class EmailOtpSubscriberTest method onValidMessageNoEmail.
@Test
void onValidMessageNoEmail() {
final OneTimePasswordBO otp = OneTimePasswordBO.builder().password("password").build();
final AccountBO account = AccountBO.builder().build();
final OtpMessageBody messageBody = new OtpMessageBody(otp, account, true, false);
final Message message = Messages.otpGenerated(messageBody);
otpSubscriber.onMessage(message);
Mockito.verify(emailProvider, Mockito.never()).send(Mockito.any());
}
use of com.nexblocks.authguard.service.model.OneTimePasswordBO in project AuthGuard by AuthGuard.
the class EmailOtpSubscriberTest method onValidMessage.
@Test
void onValidMessage() {
final OneTimePasswordBO otp = OneTimePasswordBO.builder().password("password").build();
final AccountBO account = AccountBO.builder().email(AccountEmailBO.builder().email("user@test.net").build()).firstName("first").lastName("second").build();
final OtpMessageBody messageBody = new OtpMessageBody(otp, account, true, false);
final Message message = Messages.otpGenerated(messageBody);
final ImmutableEmail expectedEmail = ImmutableEmail.builder().template("otp").to(account.getEmail().getEmail()).parameters(ImmutableMap.of("password", otp.getPassword(), "firstName", account.getFirstName(), "lastName", account.getLastName())).build();
otpSubscriber.onMessage(message);
final ArgumentCaptor<ImmutableEmail> sentEmailCaptor = ArgumentCaptor.forClass(ImmutableEmail.class);
Mockito.verify(emailProvider).send(sentEmailCaptor.capture());
assertThat(sentEmailCaptor.getValue()).isEqualTo(expectedEmail);
}
use of com.nexblocks.authguard.service.model.OneTimePasswordBO in project AuthGuard by AuthGuard.
the class EmailOtpSubscriberTest method onWrongMessageType.
@Test
void onWrongMessageType() {
final OneTimePasswordBO otp = OneTimePasswordBO.builder().password("password").build();
final AccountBO account = AccountBO.builder().email(AccountEmailBO.builder().email("user@test.net").build()).build();
final OtpMessageBody messageBody = new OtpMessageBody(otp, account, true, false);
final Message message = Messages.otpGenerated(messageBody).withEventType(EventType.ADMIN);
otpSubscriber.onMessage(message);
Mockito.verify(emailProvider, Mockito.never()).send(Mockito.any());
}
Aggregations