Examples with TwoFactorRegistrationResponseDto eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto used on opensource projects

Example 1 with TwoFactorRegistrationResponseDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.

the class LoginControllerRestTest method testChangePasswordWithTwoFactorLogin.

@Test
public void testChangePasswordWithTwoFactorLogin() throws Exception {
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmProfileDto profile = getHelper().createProfile(identity);
    IdmRoleDto role = getHelper().createRole();
    getHelper().createIdentityRole(identity, role);
    getHelper().createBasePolicy(role.getId(), CoreGroupPermission.IDENTITY, IdmIdentity.class, IdmBasePermission.READ);
    // login
    Map<String, String> login = new HashMap<>();
    login.put("username", identity.getUsername());
    login.put("password", identity.getPassword().asString());
    String response = getMockMvc().perform(post(BaseController.BASE_PATH + LoginController.AUTH_PATH).content(serialize(login)).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andReturn().getResponse().getContentAsString();
    String token = getToken(response);
    // 
    // init two factor authentication by profile controller
    response = getMockMvc().perform(put(BaseController.BASE_PATH + "/profiles/" + profile.getId() + "/two-factor/init").param(IdmAuthenticationFilter.AUTHENTICATION_TOKEN_NAME, token).param("twoFactorAuthenticationType", TwoFactorAuthenticationType.APPLICATION.name()).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andReturn().getResponse().getContentAsString();
    TwoFactorRegistrationResponseDto twoFactorInit = getMapper().readValue(response, TwoFactorRegistrationResponseDto.class);
    Assert.assertNotNull(twoFactorInit);
    Assert.assertNotNull(twoFactorInit.getVerificationSecret());
    // 
    // confirm two factor authentication by profile controller
    Map<String, String> twoFactorConfirm = new HashMap<>();
    twoFactorConfirm.put("verificationCode", twoFactorAuthenticationManager.generateCode(new GuardedString(twoFactorInit.getVerificationSecret())).asString());
    twoFactorConfirm.put("verificationSecret", twoFactorInit.getVerificationSecret());
    twoFactorConfirm.put("twoFactorAuthenticationType", TwoFactorAuthenticationType.APPLICATION.name());
    response = getMockMvc().perform(put(BaseController.BASE_PATH + "/profiles/" + profile.getId() + "/two-factor/confirm").param(IdmAuthenticationFilter.AUTHENTICATION_TOKEN_NAME, token).content(serialize(twoFactorConfirm)).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andReturn().getResponse().getContentAsString();
    IdmProfileDto updatedProfile = getMapper().readValue(response, IdmProfileDto.class);
    Assert.assertNotNull(updatedProfile);
    Assert.assertEquals(TwoFactorAuthenticationType.APPLICATION, updatedProfile.getTwoFactorAuthenticationType());
    // 
    // set password must change
    IdmPasswordDto password = getHelper().getPassword(identity);
    password.setMustChange(true);
    passwordService.save(password);
    // 
    // change password
    Map<String, String> passwordChange = new HashMap<>();
    passwordChange.put("oldPassword", identity.getPassword().asString());
    String newPassword = getHelper().createName();
    passwordChange.put("newPassword", newPassword);
    passwordChange.put("idm", Boolean.TRUE.toString());
    getMockMvc().perform(put(BaseController.BASE_PATH + "/public/identities/" + identity.getId() + "/password-change").content(serialize(passwordChange)).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk());
}

Example 2 with TwoFactorRegistrationResponseDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManager method init.

@Override
@Transactional
public TwoFactorRegistrationResponseDto init(UUID identityId, TwoFactorAuthenticationType twoFactorAuthenticationType) {
    Assert.notNull(identityId, "Identity identifier is required.");
    IdmIdentityDto identity = identityService.get(identityId);
    Assert.notNull(identity, "Identity is required.");
    Assert.notNull(twoFactorAuthenticationType, "Two factor authentication method is required.");
    // 
    String secret = secretGenerator.generate();
    // 
    TwoFactorRegistrationResponseDto registration = new TwoFactorRegistrationResponseDto();
    registration.setVerificationSecret(secret);
    registration.setUsername(SpinalCase.format(identity.getUsername()));
    // generate qr code
    if (twoFactorAuthenticationType == TwoFactorAuthenticationType.APPLICATION) {
        QrData qrcode = qrDataFactory.newBuilder().label(registration.getUsername()).secret(secret).issuer(// TODO: ApplicationConfiguration
        "CzechIdM").build();
        try {
            byte[] imageData = qrGenerator.generate(qrcode);
            String mimeType = qrGenerator.getImageMimeType();
            registration.setQrcode(Utils.getDataUriForImage(imageData, mimeType));
        } catch (Exception ex) {
            throw new ResultCodeException(CoreResultCode.TWO_FACTOR_INIT_FAILED, ex);
        }
    } else {
        // NOTIFICATION
        sendVerificationCode(identity, generateCode(new GuardedString(secret)));
    }
    // 
    return registration;
}

Example 3 with TwoFactorRegistrationResponseDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateMustChangePasswordIsSkipped.

@Test
public void testAuthenticateMustChangePasswordIsSkipped() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    password.setMustChange(true);
    passwordService.save(password);
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(identity.getPassword());
    // creadentials are valid
    Assert.assertTrue(authenticationManager.validate(loginDto));
    // but two factor authentication is required
    String token = null;
    try {
        authenticationManager.authenticate(loginDto);
    } catch (TwoFactorAuthenticationRequiredException ex) {
        token = ex.getToken();
    }
    Assert.assertNotNull(token);
    // 
    loginDto.setToken(token);
    loginDto.setPassword(manager.generateCode(identity.getId()));
    loginDto.setSkipMustChange(true);
    LoginDto authenticated = manager.authenticate(loginDto);
    // 
    Assert.assertNotNull(authenticated);
    Assert.assertNotNull(authenticated.getAuthentication());
    Assert.assertTrue(tokenManager.getToken(authenticated.getAuthentication().getId()).isSecretVerified());
}

Example 4 with TwoFactorRegistrationResponseDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testGenerateCode.

@Test
public void testGenerateCode() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.APPLICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNotNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    GuardedString generateCode = manager.generateCode(identity.getId());
    Assert.assertNotNull(generateCode);
    Assert.assertFalse(generateCode.asString().isEmpty());
    Assert.assertTrue(manager.verifyCode(identity.getId(), generateCode));
    Assert.assertFalse(manager.verifyCode(identity.getId(), new GuardedString("xxxxxx")));
}

Example 5 with TwoFactorRegistrationResponseDto

use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateTokenNotExpired.

@Test
public void testAuthenticateTokenNotExpired() throws Exception {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(identity.getPassword());
    // creadentials are valid
    Assert.assertTrue(authenticationManager.validate(loginDto));
    // but two factor authentication is required
    String token = null;
    try {
        authenticationManager.authenticate(loginDto);
    } catch (TwoFactorAuthenticationRequiredException ex) {
        token = ex.getToken();
    }
    Assert.assertNotNull(token);
    // 
    // set token expiration
    IdmJwtAuthentication jwt = jwtAuthenticationMapper.readToken(token);
    jwt.setExpiration(ZonedDateTime.now().plusDays(1));
    token = jwtAuthenticationMapper.writeToken(jwt);
    // 
    loginDto.setToken(token);
    loginDto.setPassword(manager.generateCode(identity.getId()));
    // 
    LoginDto authenticated = manager.authenticate(loginDto);
    // 
    Assert.assertNotNull(authenticated);
    Assert.assertNotNull(authenticated.getAuthentication());
    Assert.assertTrue(tokenManager.getToken(authenticated.getAuthentication().getId()).isSecretVerified());
}