use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.
the class OktaAuthConnector method mfaCheck.
/**
* Verifies user's MFA factor using Okta Auth SDK.
*/
@Override
public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken) {
CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
DefaultVerifyPassCodeFactorRequest request = oktaAuthenticationClient.instantiate(DefaultVerifyPassCodeFactorRequest.class);
request.setPassCode(otpToken);
request.setStateToken(stateToken);
try {
oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (FactorValidationException e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.FACTOR_VALIDATE_FAILED).withExceptionMessage("Failed to validate factor.").build();
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to wait for Okta Auth Completable Future to complete.").build();
}
}
use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.
the class OktaAuthConnector method triggerChallenge.
/**
* Triggers challenge for SMS or Call factors using Okta Auth SDK.
*/
public AuthResponse triggerChallenge(String stateToken, String deviceId) {
CompletableFuture<AuthResponse> authResponse = new CompletableFuture<>();
MfaStateHandler stateHandler = new MfaStateHandler(oktaAuthenticationClient, authResponse);
try {
oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder().withExceptionCause(e).withApiErrors(DefaultApiError.AUTH_RESPONSE_WAIT_FAILED).withExceptionMessage("Failed to trigger challenge due to timeout. Please try again.").build();
}
}
use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.
the class OktaAuthConnectorTest method triggerChallengeFails.
@Test(expected = ApiException.class)
public void triggerChallengeFails() throws Exception {
String stateToken = "state token";
String deviceId = "device id";
AuthResponse expectedResponse = mock(AuthResponse.class);
AuthData expectedData = mock(AuthData.class);
when(expectedData.getStateToken()).thenReturn(stateToken);
when(expectedResponse.getData()).thenReturn(expectedData);
doAnswer(invocation -> {
MfaStateHandler stateHandler = (MfaStateHandler) invocation.getArguments()[2];
stateHandler.authenticationResponseFuture.cancel(true);
return null;
}).when(client).challengeFactor(any(), any(), any());
// do the call
AuthResponse actualResponse = this.oktaAuthConnector.triggerChallenge(stateToken, deviceId);
// verify results
assertEquals(expectedResponse, actualResponse);
assertEquals(expectedResponse.getData().getStateToken(), actualResponse.getData().getStateToken());
}
use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.
the class OktaAuthConnectorTest method mfaCheckFails.
@Test(expected = ApiException.class)
public void mfaCheckFails() throws Exception {
String stateToken = "state token";
String deviceId = "device id";
String otpToken = "otp token";
AuthResponse expectedResponse = mock(AuthResponse.class);
when(expectedResponse.getStatus()).thenReturn(AuthStatus.SUCCESS);
DefaultVerifyPassCodeFactorRequest request = mock(DefaultVerifyPassCodeFactorRequest.class);
doAnswer(invocation -> {
request.setPassCode(stateToken);
request.setStateToken(otpToken);
return request;
}).when(client).instantiate(DefaultVerifyPassCodeFactorRequest.class);
doAnswer(invocation -> {
MfaStateHandler stateHandler = (MfaStateHandler) invocation.getArguments()[2];
stateHandler.authenticationResponseFuture.cancel(true);
return null;
}).when(client).verifyFactor(any(), isA(DefaultVerifyPassCodeFactorRequest.class), any());
// do the call
AuthResponse actualResponse = this.oktaAuthConnector.mfaCheck(stateToken, deviceId, otpToken);
// verify results
assertEquals(expectedResponse, actualResponse);
}
use of com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler in project cerberus by Nike-Inc.
the class MfaStateHandlerTest method setup.
@Before
public void setup() {
initMocks(this);
authenticationResponseFuture = new CompletableFuture<>();
// create test object
this.mfaStateHandler = new MfaStateHandler(client, authenticationResponseFuture) {
};
}
Aggregations