Examples with TwoFactorRegistrationConfirmDto eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto used on opensource projects

Search in sources :

Example 1 with TwoFactorRegistrationConfirmDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateMustChangePasswordIsSkipped.

@Test
public void testAuthenticateMustChangePasswordIsSkipped() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    password.setMustChange(true);
    passwordService.save(password);
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(identity.getPassword());
    // creadentials are valid
    Assert.assertTrue(authenticationManager.validate(loginDto));
    // but two factor authentication is required
    String token = null;
    try {
        authenticationManager.authenticate(loginDto);
    } catch (TwoFactorAuthenticationRequiredException ex) {
        token = ex.getToken();
    }
    Assert.assertNotNull(token);
    // 
    loginDto.setToken(token);
    loginDto.setPassword(manager.generateCode(identity.getId()));
    loginDto.setSkipMustChange(true);
    LoginDto authenticated = manager.authenticate(loginDto);
    // 
    Assert.assertNotNull(authenticated);
    Assert.assertNotNull(authenticated.getAuthentication());
    Assert.assertTrue(tokenManager.getToken(authenticated.getAuthentication().getId()).isSecretVerified());
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) TwoFactorRegistrationResponseDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 2 with TwoFactorRegistrationConfirmDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testConfirmRegistrationWithWrongCode.

@Test(expected = ResultCodeException.class)
public void testConfirmRegistrationWithWrongCode() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString("mock"));
    confirm.setVerificationCode(new GuardedString("mock"));
    // 
    manager.confirm(identity.getId(), confirm);
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 3 with TwoFactorRegistrationConfirmDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testGenerateCode.

@Test
public void testGenerateCode() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.APPLICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNotNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    GuardedString generateCode = manager.generateCode(identity.getId());
    Assert.assertNotNull(generateCode);
    Assert.assertFalse(generateCode.asString().isEmpty());
    Assert.assertTrue(manager.verifyCode(identity.getId(), generateCode));
    Assert.assertFalse(manager.verifyCode(identity.getId(), new GuardedString("xxxxxx")));
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) TwoFactorRegistrationResponseDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 4 with TwoFactorRegistrationConfirmDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateTokenNotExpired.

@Test
public void testAuthenticateTokenNotExpired() throws Exception {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(identity.getPassword());
    // creadentials are valid
    Assert.assertTrue(authenticationManager.validate(loginDto));
    // but two factor authentication is required
    String token = null;
    try {
        authenticationManager.authenticate(loginDto);
    } catch (TwoFactorAuthenticationRequiredException ex) {
        token = ex.getToken();
    }
    Assert.assertNotNull(token);
    // 
    // set token expiration
    IdmJwtAuthentication jwt = jwtAuthenticationMapper.readToken(token);
    jwt.setExpiration(ZonedDateTime.now().plusDays(1));
    token = jwtAuthenticationMapper.writeToken(jwt);
    // 
    loginDto.setToken(token);
    loginDto.setPassword(manager.generateCode(identity.getId()));
    // 
    LoginDto authenticated = manager.authenticate(loginDto);
    // 
    Assert.assertNotNull(authenticated);
    Assert.assertNotNull(authenticated.getAuthentication());
    Assert.assertTrue(tokenManager.getToken(authenticated.getAuthentication().getId()).isSecretVerified());
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) TwoFactorRegistrationResponseDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 5 with TwoFactorRegistrationConfirmDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateTokenNotFound.

@Test(expected = ResultCodeException.class)
public void testAuthenticateTokenNotFound() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(manager.generateCode(identity.getId()));
    // 
    manager.authenticate(loginDto);
}
Also used : TwoFactorRegistrationConfirmDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto) TwoFactorRegistrationResponseDto(eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)16 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)16 TwoFactorRegistrationConfirmDto (eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationConfirmDto)16 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)16 Test (org.junit.Test)16 TwoFactorRegistrationResponseDto (eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto)15 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)9 TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)8 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)3 IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)3 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial