Search in sources :

Example 1 with AuthData

use of com.nike.cerberus.auth.connector.AuthData in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method triggerChallengeSuccess.

@Test
public void triggerChallengeSuccess() {
    String stateToken = "state token";
    MfaCheckRequest challengeRequest = mock(MfaCheckRequest.class);
    AuthResponse expectedResponse = mock(AuthResponse.class);
    AuthData expectedData = mock(AuthData.class);
    when(expectedData.getStateToken()).thenReturn(stateToken);
    when(expectedResponse.getData()).thenReturn(expectedData);
    doAnswer(invocation -> expectedResponse).when(authConnector).triggerChallenge(any(), any());
    AuthResponse actualResponse = authenticationService.triggerChallenge(challengeRequest);
    assertEquals(expectedResponse, actualResponse);
    assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
Also used : MfaCheckRequest(com.nike.cerberus.domain.MfaCheckRequest) AuthData(com.nike.cerberus.auth.connector.AuthData) Matchers.anyString(org.mockito.Matchers.anyString) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) Test(org.junit.Test)

Example 2 with AuthData

use of com.nike.cerberus.auth.connector.AuthData in project cerberus by Nike-Inc.

the class MfaStateHandler method handleMfaChallenge.

/**
 * Handles MFA Challenge, when a MFA challenge has been initiated for call or sms.
 *
 * @param mfaChallengeResponse - Authentication response from the Completable Future
 */
@Override
public void handleMfaChallenge(AuthenticationResponse mfaChallengeResponse) {
    final String userId = mfaChallengeResponse.getUser().getId();
    final String userLogin = mfaChallengeResponse.getUser().getLogin();
    final AuthData authData = AuthData.builder().userId(userId).username(userLogin).build();
    AuthResponse authResponse = AuthResponse.builder().data(authData).status(AuthStatus.MFA_CHALLENGE).build();
    authenticationResponseFuture.complete(authResponse);
}
Also used : AuthData(com.nike.cerberus.auth.connector.AuthData) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse)

Example 3 with AuthData

use of com.nike.cerberus.auth.connector.AuthData in project cerberus by Nike-Inc.

the class OktaAuthConnectorTest method triggerChallengeFails.

@Test(expected = ApiException.class)
public void triggerChallengeFails() throws Exception {
    String stateToken = "state token";
    String deviceId = "device id";
    AuthResponse expectedResponse = mock(AuthResponse.class);
    AuthData expectedData = mock(AuthData.class);
    when(expectedData.getStateToken()).thenReturn(stateToken);
    when(expectedResponse.getData()).thenReturn(expectedData);
    doAnswer(invocation -> {
        MfaStateHandler stateHandler = (MfaStateHandler) invocation.getArguments()[2];
        stateHandler.authenticationResponseFuture.cancel(true);
        return null;
    }).when(client).challengeFactor(any(), any(), any());
    // do the call
    AuthResponse actualResponse = this.oktaAuthConnector.triggerChallenge(stateToken, deviceId);
    // verify results
    assertEquals(expectedResponse, actualResponse);
    assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
Also used : AuthData(com.nike.cerberus.auth.connector.AuthData) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) Test(org.junit.Test)

Example 4 with AuthData

use of com.nike.cerberus.auth.connector.AuthData in project cerberus by Nike-Inc.

the class AuthenticationService method refreshUserToken.

/**
 * Since tokens are immutable, there are certain situations where refreshing the token used by a
 * user is necessary. Anytime permissions change, this is required to reflect that to the user.
 *
 * @param authPrincipal The principal for the caller
 * @return The auth response with the token and metadata
 */
public AuthResponse refreshUserToken(final CerberusPrincipal authPrincipal) {
    if (!PrincipalType.USER.equals(authPrincipal.getPrincipalType())) {
        String msg = "The principal: %s attempted to use the user token refresh method";
        throw ApiException.newBuilder().withApiErrors(CustomApiError.createCustomApiError(DefaultApiError.USER_ONLY_RESOURCE, msg)).withExceptionMessage(msg).build();
    }
    Integer currentTokenRefreshCount = authPrincipal.getTokenRefreshCount();
    if (currentTokenRefreshCount >= maxTokenRefreshCount) {
        throw ApiException.newBuilder().withApiErrors(DefaultApiError.MAXIMUM_TOKEN_REFRESH_COUNT_REACHED).withExceptionMessage(String.format("The principal %s attempted to refresh its token but has " + "reached the maximum number of refreshes allowed", authPrincipal.getName())).build();
    }
    revoke(authPrincipal, authPrincipal.getTokenExpires());
    final AuthData authData = AuthData.builder().username(authPrincipal.getName()).clientToken(generateToken(authPrincipal.getName(), authPrincipal.getUserGroups(), currentTokenRefreshCount + 1)).build();
    final AuthResponse authResponse = AuthResponse.builder().status(AuthStatus.SUCCESS).data(authData).build();
    return authResponse;
}
Also used : AuthData(com.nike.cerberus.auth.connector.AuthData) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse)

Example 5 with AuthData

use of com.nike.cerberus.auth.connector.AuthData in project cerberus by Nike-Inc.

the class AbstractOktaStateHandler method handleSuccess.

/**
 * Handles authentication success.
 *
 * @param successResponse - Authentication response from the Completable Future
 */
@Override
public void handleSuccess(AuthenticationResponse successResponse) {
    final String userId = successResponse.getUser().getId();
    final String userLogin = successResponse.getUser().getLogin();
    final AuthData authData = AuthData.builder().userId(userId).username(userLogin).build();
    AuthResponse authResponse = AuthResponse.builder().data(authData).status(AuthStatus.SUCCESS).build();
    authenticationResponseFuture.complete(authResponse);
}
Also used : AuthData(com.nike.cerberus.auth.connector.AuthData) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse)

Aggregations

AuthData (com.nike.cerberus.auth.connector.AuthData)9 AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)9 Test (org.junit.Test)3 MfaStateHandler (com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler)2 MfaCheckRequest (com.nike.cerberus.domain.MfaCheckRequest)1 Factor (com.okta.authn.sdk.resource.Factor)1 ArrayList (java.util.ArrayList)1 Matchers.anyString (org.mockito.Matchers.anyString)1