Search in sources :

Example 1 with Protocol

use of com.zimbra.cs.account.auth.AuthContext.Protocol in project zm-mailbox by Zimbra.

the class AuthMechanism method doTwoFactorAuth.

/**
     * @param acct
     * @param password
     * @param authCtxt
     * @throws ServiceException
     * @throws AuthFailedServiceException
     */
public static boolean doTwoFactorAuth(Account acct, String password, Map<String, Object> authCtxt) throws ServiceException, AuthFailedServiceException {
    TwoFactorAuth twoFactorManager = TwoFactorAuth.getFactory().getTwoFactorAuth(acct);
    AppSpecificPasswords appPasswords = TwoFactorAuth.getFactory().getAppSpecificPasswords(acct);
    boolean authDone = false;
    if (twoFactorManager.twoFactorAuthRequired() && authCtxt != null) {
        //if two-factor auth is enabled, check non-http protocols against app-specific passwords
        Protocol proto = (Protocol) authCtxt.get("proto");
        switch(proto) {
            case soap:
            case http_basic:
                break;
            default:
                if (appPasswords.isEnabled()) {
                    appPasswords.authenticate(password);
                    authDone = true;
                } else {
                    throw AuthFailedServiceException.AUTH_FAILED(acct.getName(), namePassedIn(authCtxt), "invalid password");
                }
        }
    }
    return authDone;
}
Also used : TwoFactorAuth(com.zimbra.cs.account.auth.twofactor.TwoFactorAuth) Protocol(com.zimbra.cs.account.auth.AuthContext.Protocol) AppSpecificPasswords(com.zimbra.cs.account.auth.twofactor.AppSpecificPasswords)

Example 2 with Protocol

use of com.zimbra.cs.account.auth.AuthContext.Protocol in project zm-mailbox by Zimbra.

the class AuthUtil method basicAuthRequest.

public static Account basicAuthRequest(HttpServletRequest req, boolean allowGuest, boolean isDav) throws IOException, ServiceException, UserServletException {
    String auth = req.getHeader(HTTP_AUTH_HEADER);
    // TODO: more liberal parsing of Authorization value...
    if (auth == null || !auth.startsWith("Basic ")) {
        throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "must authenticate");
    }
    // 6 comes from "Basic ".length();
    String userPass = new String(Base64.decodeBase64(auth.substring(6).getBytes()), "UTF-8");
    int loc = userPass.indexOf(":");
    if (loc == -1) {
        throw new UserServletException(HttpServletResponse.SC_BAD_REQUEST, "invalid basic auth credentials");
    }
    String userPassedIn = userPass.substring(0, loc);
    String user = userPassedIn;
    String pass = userPass.substring(loc + 1);
    Provisioning prov = Provisioning.getInstance();
    if (user.indexOf('@') == -1) {
        String host = HttpUtil.getVirtualHost(req);
        if (host != null) {
            Domain d = prov.get(Key.DomainBy.virtualHostname, host.toLowerCase());
            if (d != null)
                user += "@" + d.getName();
        }
    }
    Account acct = prov.get(AccountBy.name, user);
    if (acct == null) {
        if (allowGuest) {
            return new GuestAccount(user, pass);
        }
        throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "invalid username/password");
    }
    try {
        Map<String, Object> authCtxt = new HashMap<String, Object>();
        authCtxt.put(AuthContext.AC_ORIGINATING_CLIENT_IP, ZimbraServlet.getOrigIp(req));
        authCtxt.put(AuthContext.AC_REMOTE_IP, ZimbraServlet.getClientIp(req));
        authCtxt.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, userPassedIn);
        authCtxt.put(AuthContext.AC_USER_AGENT, req.getHeader("User-Agent"));
        Protocol proto = isDav ? Protocol.http_dav : Protocol.http_basic;
        prov.authAccount(acct, pass, proto, authCtxt);
    } catch (ServiceException se) {
        throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, "invalid username/password");
    }
    return acct;
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GuestAccount(com.zimbra.cs.account.GuestAccount) ServiceException(com.zimbra.common.service.ServiceException) HashMap(java.util.HashMap) UserServletException(com.zimbra.cs.service.UserServletException) Domain(com.zimbra.cs.account.Domain) Protocol(com.zimbra.cs.account.auth.AuthContext.Protocol) Provisioning(com.zimbra.cs.account.Provisioning)

Aggregations

Protocol (com.zimbra.cs.account.auth.AuthContext.Protocol)2 ServiceException (com.zimbra.common.service.ServiceException)1 Account (com.zimbra.cs.account.Account)1 Domain (com.zimbra.cs.account.Domain)1 GuestAccount (com.zimbra.cs.account.GuestAccount)1 Provisioning (com.zimbra.cs.account.Provisioning)1 AppSpecificPasswords (com.zimbra.cs.account.auth.twofactor.AppSpecificPasswords)1 TwoFactorAuth (com.zimbra.cs.account.auth.twofactor.TwoFactorAuth)1 UserServletException (com.zimbra.cs.service.UserServletException)1 HashMap (java.util.HashMap)1