use of com.zimbra.cs.account.auth.AuthContext.Protocol in project zm-mailbox by Zimbra.
the class AuthMechanism method doTwoFactorAuth.
/**
* @param acct
* @param password
* @param authCtxt
* @throws ServiceException
* @throws AuthFailedServiceException
*/
public static boolean doTwoFactorAuth(Account acct, String password, Map<String, Object> authCtxt) throws ServiceException, AuthFailedServiceException {
TwoFactorAuth twoFactorManager = TwoFactorAuth.getFactory().getTwoFactorAuth(acct);
AppSpecificPasswords appPasswords = TwoFactorAuth.getFactory().getAppSpecificPasswords(acct);
boolean authDone = false;
if (twoFactorManager.twoFactorAuthRequired() && authCtxt != null) {
//if two-factor auth is enabled, check non-http protocols against app-specific passwords
Protocol proto = (Protocol) authCtxt.get("proto");
switch(proto) {
case soap:
case http_basic:
break;
default:
if (appPasswords.isEnabled()) {
appPasswords.authenticate(password);
authDone = true;
} else {
throw AuthFailedServiceException.AUTH_FAILED(acct.getName(), namePassedIn(authCtxt), "invalid password");
}
}
}
return authDone;
}
use of com.zimbra.cs.account.auth.AuthContext.Protocol in project zm-mailbox by Zimbra.
the class AuthUtil method basicAuthRequest.
public static Account basicAuthRequest(HttpServletRequest req, boolean allowGuest, boolean isDav) throws IOException, ServiceException, UserServletException {
String auth = req.getHeader(HTTP_AUTH_HEADER);
// TODO: more liberal parsing of Authorization value...
if (auth == null || !auth.startsWith("Basic ")) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "must authenticate");
}
// 6 comes from "Basic ".length();
String userPass = new String(Base64.decodeBase64(auth.substring(6).getBytes()), "UTF-8");
int loc = userPass.indexOf(":");
if (loc == -1) {
throw new UserServletException(HttpServletResponse.SC_BAD_REQUEST, "invalid basic auth credentials");
}
String userPassedIn = userPass.substring(0, loc);
String user = userPassedIn;
String pass = userPass.substring(loc + 1);
Provisioning prov = Provisioning.getInstance();
if (user.indexOf('@') == -1) {
String host = HttpUtil.getVirtualHost(req);
if (host != null) {
Domain d = prov.get(Key.DomainBy.virtualHostname, host.toLowerCase());
if (d != null)
user += "@" + d.getName();
}
}
Account acct = prov.get(AccountBy.name, user);
if (acct == null) {
if (allowGuest) {
return new GuestAccount(user, pass);
}
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "invalid username/password");
}
try {
Map<String, Object> authCtxt = new HashMap<String, Object>();
authCtxt.put(AuthContext.AC_ORIGINATING_CLIENT_IP, ZimbraServlet.getOrigIp(req));
authCtxt.put(AuthContext.AC_REMOTE_IP, ZimbraServlet.getClientIp(req));
authCtxt.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, userPassedIn);
authCtxt.put(AuthContext.AC_USER_AGENT, req.getHeader("User-Agent"));
Protocol proto = isDav ? Protocol.http_dav : Protocol.http_basic;
prov.authAccount(acct, pass, proto, authCtxt);
} catch (ServiceException se) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "invalid username/password");
}
return acct;
}
Aggregations