Search in sources :

Example 1 with MfaStateHandler

use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.

the class OktaAuthConnector method mfaCheck.

/**
 * Verifies user's MFA factor using Okta Auth SDK.
 */
@Override
public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken) {
    CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
    MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
    DefaultVerifyPassCodeFactorRequest request = oktaAuthenticationClient.instantiate(DefaultVerifyPassCodeFactorRequest.class);
    request.setPassCode(otpToken);
    request.setStateToken(stateToken);
    try {
        oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler);
        return authResponse.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (FactorValidationException e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.FACTOR_VALIDATE_FAILED).withExceptionMessage("Failed to validate factor.").build();
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to wait for Okta Auth Completable Future to complete.").build();
    }
}
Also used : DefaultVerifyPassCodeFactorRequest(com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest) CompletableFuture(java.util.concurrent.CompletableFuture) FactorValidationException(com.okta.authn.sdk.FactorValidationException) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Example 2 with MfaStateHandler

use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.

the class OktaAuthConnector method triggerChallenge.

/**
 * Triggers challenge for SMS or Call factors using Okta Auth SDK.
 */
public AuthResponse triggerChallenge(String stateToken, String deviceId) {
    CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
    MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
    try {
        oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler);
        return authResponse.get(45, TimeUnit.SECONDS);
    } catch (ApiException e) {
        throw e;
    } catch (Exception e) {
        throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) ApiException(com.nike.backstopper.exception.ApiException) FactorValidationException(com.okta.authn.sdk.FactorValidationException) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) ApiException(com.nike.backstopper.exception.ApiException)

Example 3 with MfaStateHandler

use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.

the class OktaAuthConnectorTest method triggerChallengeFails.

@Test(expected = ApiException.class)
public void triggerChallengeFails() throws Exception {
    String stateToken = "state token";
    String deviceId = "device id";
    AuthResponse expectedResponse = mock(AuthResponse.class);
    AuthData expectedData = mock(AuthData.class);
    when(expectedData.getStateToken()).thenReturn(stateToken);
    when(expectedResponse.getData()).thenReturn(expectedData);
    doAnswer(invocation -> {
        MfaStateHandler stateHandler = (MfaStateHandler) invocation.getArguments()[2];
        stateHandler.authenticationResponseFuture.cancel(true);
        return null;
    }).when(client).challengeFactor(any(), any(), any());
    // do the call
    AuthResponse actualResponse = this.oktaAuthConnector.triggerChallenge(stateToken, deviceId);
    // verify results
    assertEquals(expectedResponse, actualResponse);
    assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
Also used : AuthData(com.nike.cerberus.auth.connector.AuthData) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) Test(org.junit.Test)

Example 4 with MfaStateHandler

use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.

the class OktaAuthConnectorTest method mfaCheckFails.

@Test(expected = ApiException.class)
public void mfaCheckFails() throws Exception {
    String stateToken = "state token";
    String deviceId = "device id";
    String otpToken = "otp token";
    AuthResponse expectedResponse = mock(AuthResponse.class);
    when(expectedResponse.getStatus()).thenReturn(AuthStatus.SUCCESS);
    DefaultVerifyPassCodeFactorRequest request = mock(DefaultVerifyPassCodeFactorRequest.class);
    doAnswer(invocation -> {
        request.setPassCode(stateToken);
        request.setStateToken(otpToken);
        return request;
    }).when(client).instantiate(DefaultVerifyPassCodeFactorRequest.class);
    doAnswer(invocation -> {
        MfaStateHandler stateHandler = (MfaStateHandler) invocation.getArguments()[2];
        stateHandler.authenticationResponseFuture.cancel(true);
        return null;
    }).when(client).verifyFactor(any(), isA(DefaultVerifyPassCodeFactorRequest.class), any());
    // do the call
    AuthResponse actualResponse = this.oktaAuthConnector.mfaCheck(stateToken, deviceId, otpToken);
    // verify results
    assertEquals(expectedResponse, actualResponse);
}
Also used : DefaultVerifyPassCodeFactorRequest(com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest) MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) AuthResponse(com.nike.cerberus.auth.connector.AuthResponse) Test(org.junit.Test)

Example 5 with MfaStateHandler

use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.

the class MfaStateHandlerTest method setup.

@Before
public void setup() {
    initMocks(this);
    authenticationResponseFuture = new CompletableFuture<>();
    // create test object
    this.mfaStateHandler = new MfaStateHandler(client, authenticationResponseFuture) {
    };
}
Also used : MfaStateHandler(com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler) Before(org.junit.Before)

Aggregations

MfaStateHandler (com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler)7 AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)6 Test (org.junit.Test)4 DefaultVerifyPassCodeFactorRequest (com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest)3 ApiException (com.nike.backstopper.exception.ApiException)2 AuthData (com.nike.cerberus.auth.connector.AuthData)2 FactorValidationException (com.okta.authn.sdk.FactorValidationException)2 CompletableFuture (java.util.concurrent.CompletableFuture)2 Before (org.junit.Before)1