Search in sources :

Example 1 with OtpProvider

use of com.predic8.membrane.core.interceptor.authentication.session.totp.OtpProvider in project service-proxy by membrane.

the class LoginTest method test.

@Test
public void test() throws IOException, InterruptedException {
    Process2 sl = new Process2.Builder().in(getExampleDir("login")).script("service-proxy").waitForMembrane().start();
    try {
        String form = AssertUtils.getAndAssert200("http://localhost:2000/");
        AssertUtils.assertContains("Username:", form);
        AssertUtils.assertContains("Password:", form);
        form = AssertUtils.postAndAssert(200, "http://localhost:2000/login/", new String[] { "Content-Type", "application/x-www-form-urlencoded" }, "username=john&password=password");
        AssertUtils.assertContains("token:", form);
        String token = new OtpProvider().getNextCode("abcdefghijklmnop", System.currentTimeMillis());
        form = AssertUtils.postAndAssert(200, "http://localhost:2000/login/", new String[] { "Content-Type", "application/x-www-form-urlencoded" }, "token=" + token);
        // successful login?
        AssertUtils.assertContains("This page has moved to", form);
        // access the "protected" page
        form = AssertUtils.getAndAssert200("http://localhost:2000/");
        AssertUtils.assertContains("predic8.com", form);
        // logout
        form = AssertUtils.getAndAssert200("http://localhost:2000/login/logout");
        AssertUtils.assertContains("Username:", form);
    } finally {
        sl.killScript();
    }
}
Also used : Process2(com.predic8.membrane.examples.Process2) OtpProvider(com.predic8.membrane.core.interceptor.authentication.session.totp.OtpProvider) Test(org.junit.Test)

Example 2 with OtpProvider

use of com.predic8.membrane.core.interceptor.authentication.session.totp.OtpProvider in project service-proxy by membrane.

the class TOTPTokenProvider method verifyToken.

@Override
public void verifyToken(Map<String, String> userAttributes, String token) {
    OtpProvider otpp = new OtpProvider();
    String secret;
    synchronized (userAttributes) {
        secret = userAttributes.get("secret");
    }
    long curTime = System.currentTimeMillis();
    if (!otpp.verifyCode(secret, curTime, token, 1)) {
        log.info("The given token was not equal to generated token.\nGenerated token: \"" + otpp.getNextCode(secret, curTime) + "\"\nGiven token: \"" + token + "\"\nUser: \"" + userAttributes.get("username") + "\"");
        throw new NoSuchElementException("INVALID_TOKEN");
    }
}
Also used : OtpProvider(com.predic8.membrane.core.interceptor.authentication.session.totp.OtpProvider) NoSuchElementException(java.util.NoSuchElementException)

Aggregations

OtpProvider (com.predic8.membrane.core.interceptor.authentication.session.totp.OtpProvider)2 Process2 (com.predic8.membrane.examples.Process2)1 NoSuchElementException (java.util.NoSuchElementException)1 Test (org.junit.Test)1