use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.
the class OktaAuthConnector method authenticate.
/**
* Authenticates user using Okta Auth SDK.
*/
@Override
public AuthResponse authenticate(String username, String password) {
CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
InitialLoginStateHandler stateHandler = new InitialLoginStateHandler(oktaAuthenticationClient, authResponse);
try {
oktaAuthenticationClient.authenticate(username, password.toCharArray(), null, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.LOGIN_FAILED).withExceptionMessage("Failed to login or failed to wait for Okta Auth Completable Future to complete.").build();
}
}
use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.
the class OktaAuthConnector method mfaCheck.
/**
* Verifies user's MFA factor using Okta Auth SDK.
*/
@Override
public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken) {
CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
DefaultVerifyPassCodeFactorRequest request = oktaAuthenticationClient.instantiate(DefaultVerifyPassCodeFactorRequest.class);
request.setPassCode(otpToken);
request.setStateToken(stateToken);
try {
oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (FactorValidationException e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.FACTOR_VALIDATE_FAILED).withExceptionMessage("Failed to validate factor.").build();
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to wait for Okta Auth Completable Future to complete.").build();
}
}
use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.
the class OktaAuthConnector method triggerPush.
/**
* Triggers challenge for SMS or Call factors using Okta Auth SDK.
*/
public AuthResponse triggerPush(String stateToken, String deviceId) {
CompletableFuture<AuthResponse> authResponseFuture = new CompletableFuture<>();
PushStateHandler stateHandler = new PushStateHandler(oktaAuthenticationClient, authResponseFuture);
try {
oktaAuthenticationClient.verifyFactor(deviceId, stateToken, stateHandler);
AuthResponse authResponse = authResponseFuture.get(45, TimeUnit.SECONDS);
long startTime = System.currentTimeMillis();
while (authResponse.getData().getFactorResult().equals("WAITING") && System.currentTimeMillis() - startTime <= 55000) {
sleep(100);
authResponseFuture = new CompletableFuture<>();
stateHandler = new PushStateHandler(oktaAuthenticationClient, authResponseFuture);
oktaAuthenticationClient.verifyFactor(deviceId, stateToken, stateHandler);
authResponse = authResponseFuture.get(45, TimeUnit.SECONDS);
}
String factorResult = authResponse.getData().getFactorResult();
if (!factorResult.equals("SUCCESS")) {
if (factorResult.equals("TIMEOUT") || factorResult.equals("WAITING")) {
throw ApiException.newBuilder().withApiErrors(DefaultApiError.OKTA_PUSH_MFA_TIMEOUT).withExceptionMessage(DefaultApiError.OKTA_PUSH_MFA_TIMEOUT.getMessage()).build();
} else if (factorResult.equals("REJECTED")) {
throw ApiException.newBuilder().withApiErrors(DefaultApiError.OKTA_PUSH_MFA_REJECTED).withExceptionMessage(DefaultApiError.OKTA_PUSH_MFA_REJECTED.getMessage()).build();
}
}
return authResponseFuture.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
}
}
use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.
the class AuthenticationServiceTest method triggerChallengeSuccess.
@Test
public void triggerChallengeSuccess() {
String stateToken = "state token";
MfaCheckRequest challengeRequest = mock(MfaCheckRequest.class);
AuthResponse expectedResponse = mock(AuthResponse.class);
AuthData expectedData = mock(AuthData.class);
when(expectedData.getStateToken()).thenReturn(stateToken);
when(expectedResponse.getData()).thenReturn(expectedData);
doAnswer(invocation -> expectedResponse).when(authConnector).triggerChallenge(any(), any());
AuthResponse actualResponse = authenticationService.triggerChallenge(challengeRequest);
assertEquals(expectedResponse, actualResponse);
assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
use of com.nike.cerberus.auth.connector.AuthResponse in project cerberus by Nike-Inc.
the class OktaAuthConnector method triggerChallenge.
/**
* Triggers challenge for SMS or Call factors using Okta Auth SDK.
*/
public AuthResponse triggerChallenge(String stateToken, String deviceId) {
CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
try {
oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
}
}
Aggregations