Search in sources :

Example 1 with AuthResponse

use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.

the class OktaAuthConnector method authenticate.

/**
 * Authenticates user using Okta Auth SDK.
 */
@Override
public AuthResponse authenticate(String username, String password) {
    CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
    InitialLoginStateHandler stateHandler = new InitialLoginStateHandler(oktaAuthenticationClient, authResponse);
    try {
        oktaAuthenticationClient.authenticate(username, password.toCharArray(), null, stateHandler);
        return authResponse.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.LOGIN_FAILED).withExceptionMessage("Failed to login or failed to wait for Okta Auth Completable Future to complete.").build();
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) InitialLoginStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.InitialLoginStateHandler) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Example 2 with AuthResponse

use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.

the class OktaAuthConnector method mfaCheck.

/**
 * Verifies user's MFA factor using Okta Auth SDK.
 */
@Override
public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken) {
    CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
    MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
    DefaultVerifyPassCodeFactorRequest request = oktaAuthenticationClient.instantiate(DefaultVerifyPassCodeFactorRequest.class);
    request.setPassCode(otpToken);
    request.setStateToken(stateToken);
    try {
        oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler);
        return authResponse.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (FactorValidationException e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.FACTOR_VALIDATE_FAILED).withExceptionMessage("Failed to validate factor.").build();
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to wait for Okta Auth Completable Future to complete.").build();
    }
}
Also used : DefaultVerifyPassCodeFactorRequest(com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest) CompletableFuture(java.util.concurrent.CompletableFuture) FactorValidationException(com.okta.authn.sdk.FactorValidationException) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Example 3 with AuthResponse

use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.

the class OktaAuthConnector method triggerPush.

/**
 * Triggers challenge for SMS or Call factors using Okta Auth SDK.
 */
public AuthResponse triggerPush(String stateToken, String deviceId) {
    CompletableFuture<AuthResponse> authResponseFuture = new CompletableFuture<>();
    PushStateHandler stateHandler = new PushStateHandler(oktaAuthenticationClient, authResponseFuture);
    try {
        oktaAuthenticationClient.verifyFactor(deviceId, stateToken, stateHandler);
        AuthResponse authResponse = authResponseFuture.get(45, TimeUnit.SECONDS);
        long startTime = System.currentTimeMillis();
        while (authResponse.getData().getFactorResult().equals("WAITING") && System.currentTimeMillis() - startTime <= 55000) {
            sleep(100);
            authResponseFuture = new CompletableFuture<>();
            stateHandler = new PushStateHandler(oktaAuthenticationClient, authResponseFuture);
            oktaAuthenticationClient.verifyFactor(deviceId, stateToken, stateHandler);
            authResponse = authResponseFuture.get(45, TimeUnit.SECONDS);
        }
        String factorResult = authResponse.getData().getFactorResult();
        if (!factorResult.equals("SUCCESS")) {
            if (factorResult.equals("TIMEOUT") || factorResult.equals("WAITING")) {
                throw ApiException.newBuilder().withApiErrors(DefaultApiError.OKTA_PUSH_MFA_TIMEOUT).withExceptionMessage(DefaultApiError.OKTA_PUSH_MFA_TIMEOUT.getMessage()).build();
            } else if (factorResult.equals("REJECTED")) {
                throw ApiException.newBuilder().withApiErrors(DefaultApiError.OKTA_PUSH_MFA_REJECTED).withExceptionMessage(DefaultApiError.OKTA_PUSH_MFA_REJECTED.getMessage()).build();
            }
        }
        return authResponseFuture.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
    }
}
Also used : PushStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.PushStateHandler) CompletableFuture(java.util.concurrent.CompletableFuture) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Example 4 with AuthResponse

use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method triggerChallengeSuccess.

@Test
public void triggerChallengeSuccess() {
    String stateToken = "state token";
    MfaCheckRequest challengeRequest = mock(MfaCheckRequest.class);
    AuthResponse expectedResponse = mock(AuthResponse.class);
    AuthData expectedData = mock(AuthData.class);
    when(expectedData.getStateToken()).thenReturn(stateToken);
    when(expectedResponse.getData()).thenReturn(expectedData);
    doAnswer(invocation -> expectedResponse).when(authConnector).triggerChallenge(any(), any());
    AuthResponse actualResponse = authenticationService.triggerChallenge(challengeRequest);
    assertEquals(expectedResponse, actualResponse);
    assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
Also used : MfaCheckRequest(com.nike.cerberus.domain.MfaCheckRequest) AuthData(com.nike.cerberus.auth.connector.AuthData) Matchers.anyString(org.mockito.Matchers.anyString) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) Test(org.junit.Test)

Example 5 with AuthResponse

use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.

the class OktaAuthConnector method triggerChallenge.

/**
 * Triggers challenge for SMS or Call factors using Okta Auth SDK.
 */
public AuthResponse triggerChallenge(String stateToken, String deviceId) {
    CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
    MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
    try {
        oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler);
        return authResponse.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Aggregations

AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)30 Test (org.junit.Test)19 AuthData (com.nike.cerberus.auth.connector.AuthData)9 AuthStatus (com.nike.cerberus.auth.connector.AuthStatus)7 AuthenticationResponse (com.okta.authn.sdk.resource.AuthenticationResponse)7 User (com.okta.authn.sdk.resource.User)7 MfaStateHandler (com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler)6 ApiException (com.nike.backstopper.exception.ApiException)5 FactorValidationException (com.okta.authn.sdk.FactorValidationException)4 CompletableFuture (java.util.concurrent.CompletableFuture)4 InitialLoginStateHandler (com.nike.cerberus.auth.connector.okta.statehandlers.InitialLoginStateHandler)3 DefaultVerifyPassCodeFactorRequest (com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest)3 UserCredentials (com.nike.cerberus.domain.UserCredentials)2 DefaultFactor (com.okta.authn.sdk.impl.resource.DefaultFactor)2 FactorProvider (com.okta.authn.sdk.resource.FactorProvider)2 FactorType (com.okta.authn.sdk.resource.FactorType)2 PrincipalType (com.nike.cerberus.PrincipalType)1 PushStateHandler (com.nike.cerberus.auth.connector.okta.statehandlers.PushStateHandler)1 CerberusAuthToken (com.nike.cerberus.domain.CerberusAuthToken)1 MfaCheckRequest (com.nike.cerberus.domain.MfaCheckRequest)1