use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.
the class AssertionOptionsEndpointFilter method doFilter.
// ~ Methods
// ========================================================================================================
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
if (!processFilter(fi.getRequest())) {
chain.doFilter(request, response);
return;
}
try {
AssertionOptions assertionOptions = assertionOptionsProvider.getAssertionOptions(fi.getRequest(), getAuthentication());
writeResponse(fi.getResponse(), assertionOptions);
} catch (RuntimeException e) {
logger.debug(e);
writeErrorResponse(fi.getResponse(), e);
}
}
use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.
the class AssertionOptionsEndpointFilterTest method doFilter_test.
@Test
public void doFilter_test() throws IOException, ServletException {
AssertionOptionsProvider optionsProvider = mock(AssertionOptionsProvider.class);
AssertionOptions assertionOptions = new AssertionOptions(null, null, null, null, null, null);
when(optionsProvider.getAssertionOptions(any(), any())).thenReturn(assertionOptions);
AssertionOptionsEndpointFilter optionsEndpointFilter = new AssertionOptionsEndpointFilter(optionsProvider, objectConverter);
AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
optionsEndpointFilter.setTrustResolver(trustResolver);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(AssertionOptionsEndpointFilter.FILTER_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
optionsEndpointFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.
the class FidoServerAssertionOptionsEndpointFilter method processRequest.
@Override
protected ServerResponse processRequest(HttpServletRequest request) {
InputStream inputStream;
try {
inputStream = request.getInputStream();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try {
ServerPublicKeyCredentialGetOptionsRequest serverRequest = objectConverter.getJsonConverter().readValue(inputStream, ServerPublicKeyCredentialGetOptionsRequest.class);
Challenge challenge = serverEndpointFilterUtil.encodeUserVerification(new DefaultChallenge(), serverRequest.getUserVerification());
challengeRepository.saveChallenge(challenge, request);
// TODO: UsernamePasswordAuthenticationToken should not be used here in this way
AssertionOptions options = optionsProvider.getAssertionOptions(request, new UsernamePasswordAuthenticationToken(serverRequest.getUsername(), null, Collections.emptyList()));
List<ServerPublicKeyCredentialDescriptor> credentials = options.getAllowCredentials().stream().map(credential -> new ServerPublicKeyCredentialDescriptor(credential.getType(), Base64UrlUtil.encodeToString(credential.getId()), credential.getTransports())).collect(Collectors.toList());
AuthenticationExtensionsClientInputs<AuthenticationExtensionClientInput> authenticationExtensionsClientInputs;
if (serverRequest.getExtensions() != null) {
authenticationExtensionsClientInputs = serverRequest.getExtensions();
} else {
authenticationExtensionsClientInputs = options.getExtensions();
}
return new ServerPublicKeyCredentialGetOptionsResponse(Base64UrlUtil.encodeToString(options.getChallenge().getValue()), options.getTimeout(), options.getRpId(), credentials, serverRequest.getUserVerification(), authenticationExtensionsClientInputs);
} catch (DataConversionException e) {
throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
}
}
Aggregations