use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testRequireTwoFactorAuthenticationApplication.
@Test
public void testRequireTwoFactorAuthenticationApplication() {
// password is needed
IdmIdentityDto identity = getHelper().createIdentity();
//
TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.APPLICATION);
Assert.assertNotNull(initResponse);
Assert.assertNotNull(initResponse.getVerificationSecret());
Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
Assert.assertNotNull(initResponse.getQrcode());
//
// confirm
TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.APPLICATION);
Assert.assertTrue(manager.confirm(identity.getId(), confirm));
Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
//
IdmTokenDto token = createToken(identity, false);
//
Assert.assertTrue(manager.requireTwoFactorAuthentication(identity.getId(), token.getId()));
}
use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticateIdentityIsDeleted.
@Test(expected = EntityNotFoundException.class)
public void testAuthenticateIdentityIsDeleted() {
// password is needed
IdmIdentityDto identity = getHelper().createIdentity();
//
TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertNotNull(initResponse);
Assert.assertNotNull(initResponse.getVerificationSecret());
Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
Assert.assertNull(initResponse.getQrcode());
//
// confirm
TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertTrue(manager.confirm(identity.getId(), confirm));
Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
//
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(identity.getPassword());
// creadentials are valid
Assert.assertTrue(authenticationManager.validate(loginDto));
// but two factor authentication is required
String token = null;
try {
authenticationManager.authenticate(loginDto);
} catch (TwoFactorAuthenticationRequiredException ex) {
token = ex.getToken();
}
Assert.assertNotNull(token);
//
loginDto.setToken(token);
loginDto.setPassword(manager.generateCode(identity.getId()));
//
// delete password
getHelper().deleteIdentity(identity.getId());
//
manager.authenticate(loginDto);
}
use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testAuthenticate.
@Test
public void testAuthenticate() {
// password is needed
IdmIdentityDto identity = getHelper().createIdentity();
//
TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertNotNull(initResponse);
Assert.assertNotNull(initResponse.getVerificationSecret());
Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
Assert.assertNull(initResponse.getQrcode());
//
// confirm
TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertTrue(manager.confirm(identity.getId(), confirm));
Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
//
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(identity.getPassword());
// creadentials are valid
Assert.assertTrue(authenticationManager.validate(loginDto));
// but two factor authentication is required
String token = null;
try {
authenticationManager.authenticate(loginDto);
} catch (TwoFactorAuthenticationRequiredException ex) {
token = ex.getToken();
}
Assert.assertNotNull(token);
//
loginDto.setToken(token);
loginDto.setPassword(manager.generateCode(identity.getId()));
LoginDto authenticated = manager.authenticate(loginDto);
//
Assert.assertNotNull(authenticated);
Assert.assertNotNull(authenticated.getAuthentication());
Assert.assertTrue(tokenManager.getToken(authenticated.getAuthentication().getId()).isSecretVerified());
}
use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testRegistrationApplication.
@Test
public void testRegistrationApplication() {
// password is needed
IdmIdentityDto identity = getHelper().createIdentity();
//
TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.APPLICATION);
Assert.assertNotNull(initResponse);
Assert.assertNotNull(initResponse.getVerificationSecret());
Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
Assert.assertNotNull(initResponse.getQrcode());
//
// confirm
TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.APPLICATION);
Assert.assertTrue(manager.confirm(identity.getId(), confirm));
Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
Assert.assertEquals(TwoFactorAuthenticationType.APPLICATION, manager.getTwoFactorAuthenticationType(identity.getId()));
}
use of eu.bcvsolutions.idm.core.security.api.dto.TwoFactorRegistrationResponseDto in project CzechIdMng by bcvsolutions.
the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testRequireTwoFactorAuthenticationNotification.
@Test
public void testRequireTwoFactorAuthenticationNotification() {
// password is needed
IdmIdentityDto identity = getHelper().createIdentity();
//
TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertNotNull(initResponse);
Assert.assertNotNull(initResponse.getVerificationSecret());
Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
Assert.assertNull(initResponse.getQrcode());
//
// confirm
TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
Assert.assertTrue(manager.confirm(identity.getId(), confirm));
Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
//
IdmTokenDto token = createToken(identity, false);
//
Assert.assertTrue(manager.requireTwoFactorAuthentication(identity.getId(), token.getId()));
}
Aggregations