Examples with IdmPasswordDto eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto used on opensource projects

Search in sources :

Example 31 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateMustChangePassword.

@Test(expected = MustChangePasswordException.class)
public void testAuthenticateMustChangePassword() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    password.setMustChange(true);
    passwordService.save(password);
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(identity.getPassword());
    // creadentials are valid
    Assert.assertTrue(authenticationManager.validate(loginDto));
    // but two factor authentication is required
    String token = null;
    try {
        authenticationManager.authenticate(loginDto);
    } catch (TwoFactorAuthenticationRequiredException ex) {
        token = ex.getToken();
    }
    Assert.assertNotNull(token);
    // 
    loginDto.setToken(token);
    loginDto.setPassword(manager.generateCode(identity.getId()));
    manager.authenticate(loginDto);
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) TwoFactorRegistrationResponseDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 32 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthenticationManager method validate.

@Override
public boolean validate(LoginDto loginDto) {
    Assert.notNull(loginDto, "Credentials are required to validate.");
    String username = loginDto.getUsername();
    Assert.hasLength(username, "Username is required to validate credentials.");
    // 
    try {
        RuntimeException firstFailture = null;
        boolean result = false;
        // 
        IdmPasswordDto passwordDto = passwordService.findOrCreateByIdentity(username);
        if (passwordDto == null) {
            LOG.info("Identity [{}] not exist, password cannot be inited.", username);
            // 
            return false;
        }
        if (passwordDto.getBlockLoginDate() != null && passwordDto.getBlockLoginDate().isAfter(ZonedDateTime.now())) {
            LOG.info("Identity [{}] has blocked login to IdM.", username);
            // 
            return false;
        }
        // 
        for (Authenticator authenticator : getEnabledAuthenticators()) {
            LOG.debug("AuthenticationManager call validate by [{}].", authenticator.getName());
            try {
                boolean validate = authenticator.validate(cloneLoginDto(loginDto));
                if (validate) {
                    if (authenticator.getExceptedResult() == AuthenticationResponseEnum.SUFFICIENT) {
                        return true;
                    }
                    // at least one of optional registered authenticator succeed
                    result = true;
                }
            } catch (RuntimeException ex) {
                // if excepted response is REQUISITE exit immediately with error
                if (authenticator.getExceptedResult() == AuthenticationResponseEnum.REQUISITE) {
                    if (ex instanceof ResultCodeException) {
                        ExceptionUtils.log(LOG, (ResultCodeException) ex);
                    } else {
                        ExceptionUtils.log(LOG, null, ex);
                    }
                    // 
                    blockLogin(passwordDto, loginDto);
                    // 
                    return false;
                }
                // if otherwise save first failure into exception
                if (firstFailture == null) {
                    firstFailture = ex;
                }
            }
        }
        // authenticator is sorted by implement ordered, return first success authenticate authenticator, if don't exist any otherwise throw first failure
        if (firstFailture != null) {
            if (firstFailture instanceof ResultCodeException) {
                ExceptionUtils.log(LOG, (ResultCodeException) firstFailture);
            } else {
                ExceptionUtils.log(LOG, null, firstFailture);
            }
            // 
            blockLogin(passwordDto, loginDto);
            // 
            return false;
        }
        // 
        return result;
    } catch (RuntimeException ex) {
        LOG.warn("Authentication validation failed", ex);
        // 
        return false;
    }
}
Also used : IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) Authenticator(eu.bcvsolutions.idm.core.security.api.authentication.Authenticator)

Example 33 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class IdmIdentityControllerRestTest method testGetWithBlockLoginDate.

@Test
public void testGetWithBlockLoginDate() {
    IdmIdentityDto identity = createDto();
    IdmPasswordDto password = getHelper().getPassword(identity);
    password.setBlockLoginDate(ZonedDateTime.now().plusDays(1));
    passwordService.save(password);
    // 
    identity = getDto(identity.getId());
    // 
    Assert.assertEquals(password.getBlockLoginDate(), identity.getBlockLoginDate());
}
Also used : IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractReadWriteDtoControllerRestTest(eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest) Test(org.junit.Test)

Example 34 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class IdentityPasswordValidateProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
    IdmIdentityDto identity = event.getContent();
    // 
    Assert.notNull(passwordChangeDto, "Password change dto is required.");
    Assert.notNull(identity, "Identity is required.");
    // 
    LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
    // 
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
    // 
    // Find user accounts
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
    // 
    if (!securityService.isAdmin()) {
        // check accounts and property all_only
        PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
        if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
            // get distinct account ids from identity accounts
            List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
                // filter by ownership
                return (identityAccount.isOwnership());
            }).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
            // 
            if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
                // size of the found accounts must match the account size in the password change - ALL_ONLY
                boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
                if (!containsAll) {
                    throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
                }
            }
        }
    }
    // 
    // validate
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    // get old password for validation - till, from and password history
    IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
    passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
    passwordValidationDto.setIdentity(identity);
    passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
    this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) ProvisioningEvent(eu.bcvsolutions.idm.acc.event.ProvisioningEvent) Autowired(org.springframework.beans.factory.annotation.Autowired) Enabled(eu.bcvsolutions.idm.core.security.api.domain.Enabled) CoreEventProcessor(eu.bcvsolutions.idm.core.api.event.CoreEventProcessor) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmPasswordService(eu.bcvsolutions.idm.core.api.service.IdmPasswordService) SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) EventResult(eu.bcvsolutions.idm.core.api.event.EventResult) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) EntityEvent(eu.bcvsolutions.idm.core.api.event.EntityEvent) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) Description(org.springframework.context.annotation.Description) AccModuleDescriptor(eu.bcvsolutions.idm.acc.AccModuleDescriptor) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) AccIdentityAccountRepository(eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) Component(org.springframework.stereotype.Component) IdmPasswordPolicy(eu.bcvsolutions.idm.core.model.entity.IdmPasswordPolicy) CoreResultCode(eu.bcvsolutions.idm.core.api.domain.CoreResultCode) AccIdentityAccountService(eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService) IdentityConfiguration(eu.bcvsolutions.idm.core.api.config.domain.IdentityConfiguration) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) PasswordChangeType(eu.bcvsolutions.idm.core.api.domain.PasswordChangeType) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 35 with IdmPasswordDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManagerIntegrationTest method testCheckPasswordValidityPasswordFilterNullUniformPassword.

@Test
public void testCheckPasswordValidityPasswordFilterNullUniformPassword() {
    SysSystemDto system = createSystem(false);
    IdmIdentityDto identity = createIdentity(system);
    setPasswordFilter(system, true);
    IdmPasswordPolicyDto passwordPolicyDto = createPasswordPolicy(null, null, null, null, null, true);
    passwordPolicyDto.setMaxPasswordAge(null);
    passwordPolicyDto = passwordPolicyService.save(passwordPolicyDto);
    assignSystem(createUniformDefinition(true), system);
    cleanProvivisioning(identity, system);
    checkChangeInIdm(identity, 0);
    String password = getHelper().createName();
    PasswordRequest request = prepareRequest(identity.getUsername(), system.getCode(), password);
    loginToIdm(identity, password, false);
    checkEcho(identity, system, EchoCheck.DOESNT_EXIST);
    checkChangeInIdm(identity, 0);
    processValidate(request, true);
    checkEcho(identity, system, EchoCheck.VALIDATE);
    processChange(request, true);
    loginToIdm(identity, password, true);
    checkEcho(identity, system, EchoCheck.VALIDATE_AND_CHANGE);
    IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getValidTill());
    assertEquals(LocalDate.now(), passwordDto.getValidFrom());
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) Test(org.junit.Test) AbstractPasswordFilterIntegrationTest(eu.bcvsolutions.idm.acc.AbstractPasswordFilterIntegrationTest)

Aggregations

IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)88 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)71 Test (org.junit.Test)65 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)53 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)52 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)28 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)20 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)19 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)11 Transactional (org.springframework.transaction.annotation.Transactional)11 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)10 AbstractPasswordFilterIntegrationTest (eu.bcvsolutions.idm.acc.AbstractPasswordFilterIntegrationTest)9 IdmLongRunningTaskDto (eu.bcvsolutions.idm.core.scheduler.api.dto.IdmLongRunningTaskDto)9 IdmProcessedTaskItemDto (eu.bcvsolutions.idm.core.scheduler.api.dto.IdmProcessedTaskItemDto)9 IdmScheduledTaskDto (eu.bcvsolutions.idm.core.scheduler.api.dto.IdmScheduledTaskDto)9 ZonedDateTime (java.time.ZonedDateTime)9 UUID (java.util.UUID)9 IdmPasswordFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmPasswordFilter)8 IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)8 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial