Example 11 with IdmTokenDto
use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.
the class DefaultTokenManagerIntegrationTest method createToken.
protected IdmTokenDto createToken(IdmIdentityDto owner, String tokenType, ZonedDateTime expiration) {
IdmTokenDto token = new IdmTokenDto();
token.setIssuedAt(ZonedDateTime.now());
token.setToken("mock");
token.setExpiration(expiration);
if (tokenType != null) {
token.setTokenType(tokenType);
} else {
token.setTokenType("mock");
}
//
return manager.saveToken(owner, token);
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
Example 12 with IdmTokenDto
use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.
the class DefaultTokenManagerIntegrationTest method testVerifyTokenDisabled.
@Test(expected = ResultCodeException.class)
public void testVerifyTokenDisabled() {
IdmIdentityDto owner = new IdmIdentityDto(UUID.randomUUID());
IdmTokenDto token = createToken(owner, null, ZonedDateTime.now().minusNanos(1));
token.setDisabled(true);
token = manager.saveToken(owner, token);
//
manager.verifyToken(token.getId());
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
Test(org.junit.Test)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Example 13 with IdmTokenDto
use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.
the class DefaultLoginService method switchUser.
@Override
public LoginDto switchUser(IdmIdentityDto identity, BasePermission... permission) {
Assert.notNull(identity, "Target identity (to switch) is required.");
String loggedAction = siemLogger.buildAction(SiemLoggerManager.LOGIN_LEVEL_KEY, SiemLoggerManager.SWITCH_SUBLEVEL_KEY);
String targetUuid = Objects.toString(identity.getId(), "");
String subjectUsername = securityService.getCurrentUsername();
String subjectUuid = Objects.toString(securityService.getCurrentId(), "");
try {
identityService.checkAccess(identity, permission);
//
IdmTokenDto currentToken = tokenManager.getCurrentToken();
ConfigurationMap properties = currentToken.getProperties();
// Preserve the first original user => switch is available repetitively, but original user is preserved.
properties.putIfAbsent(JwtAuthenticationMapper.PROPERTY_ORIGINAL_USERNAME, securityService.getCurrentUsername());
properties.putIfAbsent(JwtAuthenticationMapper.PROPERTY_ORIGINAL_IDENTITY_ID, securityService.getCurrentId());
currentToken.setProperties(properties);
IdmTokenDto switchedToken = jwtTokenMapper.createToken(identity, currentToken);
//
// login by updated token
LOG.info("Identity with username [{}] - login as switched user [{}].", properties.get(JwtAuthenticationMapper.PROPERTY_ORIGINAL_USERNAME), identity.getUsername());
//
LoginDto login = login(identity, switchedToken);
siemLogger.log(loggedAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, identity.getUsername(), targetUuid, subjectUsername, subjectUuid, null, null);
return login;
} catch (Exception e) {
siemLogger.log(loggedAction, SiemLoggerManager.FAILED_ACTION_STATUS, identity.getUsername(), targetUuid, subjectUsername, subjectUuid, null, e.getMessage());
throw e;
}
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)
IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)
Example 14 with IdmTokenDto
use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.
the class DefaultLoginService method switchUserLogout.
@Override
public LoginDto switchUserLogout() {
IdmTokenDto currentToken = tokenManager.getCurrentToken();
ConfigurationMap properties = currentToken.getProperties();
String originalUsername = properties.getString(JwtAuthenticationMapper.PROPERTY_ORIGINAL_USERNAME);
UUID originalId = properties.getUuid(JwtAuthenticationMapper.PROPERTY_ORIGINAL_IDENTITY_ID);
String loggedAction = siemLogger.buildAction(SiemLoggerManager.LOGIN_LEVEL_KEY, SiemLoggerManager.SWITCH_SUBLEVEL_KEY);
String subjectUsername = securityService.getCurrentUsername();
String subjectUuid = Objects.toString(securityService.getCurrentId(), "");
String targetUuid = Objects.toString(originalId, "");
try {
//
if (originalId == null) {
throw new ResultCodeException(CoreResultCode.NULL_ATTRIBUTE, ImmutableMap.of("attribute", "originalUsername"));
}
// change logged token authorities
IdmIdentityDto identity = identityService.get(originalId);
if (identity == null) {
throw new EntityNotFoundException(IdmIdentity.class, originalId);
}
//
// Preserve the first original user => switch is available repetitively, but original user is preserved.
properties.remove(JwtAuthenticationMapper.PROPERTY_ORIGINAL_USERNAME);
properties.remove(JwtAuthenticationMapper.PROPERTY_ORIGINAL_IDENTITY_ID);
currentToken.setProperties(properties);
IdmTokenDto switchedToken = jwtTokenMapper.createToken(identity, currentToken);
//
// login by updated token
LOG.info("Identity with username [{}] - logout from switched user [{}].", originalUsername, securityService.getCurrentUsername());
//
LoginDto login = login(identity, switchedToken);
siemLogger.log(loggedAction, SiemLoggerManager.SUCCESS_ACTION_STATUS, originalUsername, targetUuid, subjectUsername, subjectUuid, null, null);
return login;
} catch (Exception e) {
siemLogger.log(loggedAction, SiemLoggerManager.FAILED_ACTION_STATUS, originalUsername, targetUuid, subjectUsername, subjectUuid, null, e.getMessage());
throw e;
}
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)
EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException)
UUID(java.util.UUID)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)
IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)
Example 15 with IdmTokenDto
use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManager method requireTwoFactorAuthentication.
@Override
@Transactional
public boolean requireTwoFactorAuthentication(UUID identityId, UUID tokenId) {
// check two factor authentication is enabled
TwoFactorAuthenticationType twoFactorAuthenticationType = getTwoFactorAuthenticationType(identityId);
if (twoFactorAuthenticationType == null) {
return false;
}
//
IdmTokenDto token = tokenManager.getToken(tokenId);
if (token.isSecretVerified()) {
// token was already verified
return false;
}
//
if (TwoFactorAuthenticationType.NOTIFICATION == twoFactorAuthenticationType) {
IdmPasswordDto password = passwordService.findOneByIdentity(identityId);
if (password == null) {
throw new EntityNotFoundException(IdmIdentityDto.class, identityId);
}
sendVerificationCode(identityService.get(identityId), generateCode(new GuardedString(password.getVerificationSecret())));
}
//
return true;
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
TwoFactorAuthenticationType(eu.bcvsolutions.idm.core.security.api.domain.TwoFactorAuthenticationType)
IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)
EntityNotFoundException(eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)58
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)38
Test (org.junit.Test)34
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)16
UUID (java.util.UUID)16
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)15
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)9
IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)8
IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)8
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)7
IdmJwtAuthenticationDto (eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto)7
LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)7
AbstractRestTest (eu.bcvsolutions.idm.test.api.AbstractRestTest)7
ConfigurationMap (eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)6
Transactional (org.springframework.transaction.annotation.Transactional)6
ZonedDateTime (java.time.ZonedDateTime)5
IdmTokenFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmTokenFilter)4
EntityNotFoundException (eu.bcvsolutions.idm.core.api.exception.EntityNotFoundException)4
AbstractReadWriteDtoControllerRestTest (eu.bcvsolutions.idm.core.api.rest.AbstractReadWriteDtoControllerRestTest)4
TwoFactorRegistrationResponseDto (eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto)4
