Examples with IdmPasswordDto eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto used on opensource projects

Example 86 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManagerIntegrationTest method testCheckPasswordValidityWithoutUniformPassword.

@Test
public void testCheckPasswordValidityWithoutUniformPassword() {
    IdmPasswordPolicyDto passwordPolicy = createPasswordPolicy(null, null, null, null, null, true);
    passwordPolicy.setMaxPasswordAge(20);
    passwordPolicy = passwordPolicyService.save(passwordPolicy);
    SysSystemDto system = createSystem(true);
    IdmIdentityDto identity = createIdentity(system);
    setPasswordFilter(system, true);
    String password = getHelper().createName();
    PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
    passwordChangeDto.setAll(true);
    passwordChangeDto.setIdm(true);
    passwordChangeDto.setNewPassword(new GuardedString(password));
    List<OperationResult> results = identityService.passwordChange(identity, passwordChangeDto);
    assertEquals(2, results.size());
    checkEcho(identity, system, EchoCheck.VALIDATE_AND_CHANGE);
    checkPassword(prepareUid(identity, system), password, true);
    checkActivePasswordOperation(identity, system, 0, password);
    loginToIdm(identity, password, true);
    IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertEquals(LocalDate.now().plusDays(20), passwordDto.getValidTill());
    Assert.assertNull(passwordDto.getValidFrom());
}

Example 87 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthenticationManager method authenticate.

@Override
public LoginDto authenticate(LoginDto loginDto) {
    List<LoginDto> resultsList = new LinkedList<>();
    RuntimeException firstFailure = null;
    String logAction = siemLogger.buildAction(SiemLoggerManager.LOGIN_LEVEL_KEY, SiemLoggerManager.LOGIN_SUBLEVEL_KEY);
    IdmIdentityDto identity = identityService.getByUsername(loginDto.getUsername());
    if (identity == null) {
        // just for logging purpose
        identity = new IdmIdentityDto();
        identity.setUsername(loginDto.getUsername());
    }
    // check if user can log in and hasn't administrator permission
    try {
        IdmPasswordDto passwordDto = passwordService.findOrCreateByIdentity(loginDto.getUsername());
        if (passwordDto == null) {
            throw new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.");
        }
        if (passwordDto.getBlockLoginDate() != null && passwordDto.getBlockLoginDate().isAfter(ZonedDateTime.now())) {
            LOG.info("Identity {} has blocked login to IdM.", loginDto.getUsername());
            IdmIdentityDto identityDto = DtoUtils.getEmbedded(passwordDto, IdmPassword_.identity);
            DateTimeFormatter formatter = DateTimeFormatter.ofPattern(configurationService.getDateTimeSecondsFormat());
            ZonedDateTime blockLoginDate = passwordDto.getBlockLoginDate();
            String dateAsString = blockLoginDate.format(formatter);
            // Block login date can be set manually by password metadata,
            // so block login date can be more than int amount.
            long blockMillies = blockLoginDate.toInstant().toEpochMilli();
            long nowMillis = ZonedDateTime.now().toInstant().toEpochMilli();
            long different = blockMillies - nowMillis;
            different = different / 1000;
            throw new ResultCodeException(CoreResultCode.AUTH_BLOCKED, ImmutableMap.of("username", identityDto.getUsername(), "date", dateAsString, "seconds", different, "unsuccessfulAttempts", passwordDto.getUnsuccessfulAttempts()));
        }
        // 
        for (Authenticator authenticator : getEnabledAuthenticators()) {
            LOG.debug("AuthenticationManager call authenticate by [{}].", authenticator.getName());
            try {
                LoginDto result = authenticator.authenticate(cloneLoginDto(loginDto));
                if (result == null) {
                    // continue, authenticator is not implemented or etc.
                    continue;
                }
                if (authenticator.getExceptedResult() == AuthenticationResponseEnum.SUFFICIENT) {
                    checkAdditionalAuthenticationRequirements(passwordDto, result);
                    passwordDto = passwordService.setLastSuccessfulLogin(passwordDto);
                    siemLogger.log(logAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, identity, null, null, null);
                    return result;
                }
                // if otherwise add result too list and continue
                resultsList.add(result);
            } catch (MustChangePasswordException | TwoFactorAuthenticationRequiredException ex) {
                // publish additional authentication requirement
                throw ex;
            } catch (RuntimeException e) {
                // if excepted response is REQUISITE exit immediately with error
                if (authenticator.getExceptedResult() == AuthenticationResponseEnum.REQUISITE) {
                    blockLogin(passwordDto, loginDto);
                    // 
                    throw e;
                }
                // if otherwise save first failure into exception
                if (firstFailure == null) {
                    firstFailure = e;
                }
            }
        }
        // authenticator is sorted by implement ordered, return first success authenticate authenticator, if don't exist any otherwise throw first failure
        if (resultsList.isEmpty()) {
            blockLogin(passwordDto, loginDto);
            throw firstFailure;
        }
        // 
        LoginDto result = resultsList.get(0);
        checkAdditionalAuthenticationRequirements(passwordDto, result);
        passwordDto = passwordService.setLastSuccessfulLogin(passwordDto);
        // 
        siemLogger.log(logAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, identity, null, null, null);
        return result;
    } catch (TwoFactorAuthenticationRequiredException tfaEx) {
        // skip logging, 2FA is needed, result will be logged there
        throw tfaEx;
    } catch (Exception e) {
        siemLogger.log(logAction, SiemLoggerManager.FAILED_ACTION_STATUS, identity, null, null, e.getMessage());
        throw e;
    }
}

Example 88 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class PasswordExpirationWarningTaskExecutor method getItemsToProcess.

@Override
public Page<IdmPasswordDto> getItemsToProcess(Pageable pageable) {
    IdmPasswordFilter filter = new IdmPasswordFilter();
    filter.setValidTill(expiration);
    filter.setIdentityDisabled(Boolean.FALSE);
    Page<IdmPasswordDto> result = passwordService.find(filter, pageable);
    return result;
}