Search in sources :

Example 1 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordServiceIntegrationTest method testResetUsuccessfulAttemptsAfterPasswordChange.

@Test
@Transactional
public void testResetUsuccessfulAttemptsAfterPasswordChange() {
    IdmIdentityDto identity = getHelper().createIdentity();
    // login
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(new GuardedString("wrong"));
    try {
        loginController.login(loginDto);
    } catch (IdmAuthenticationException ex) {
    // nothing
    }
    try {
        loginController.login(loginDto);
    } catch (IdmAuthenticationException ex) {
    // nothing
    }
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    // 
    Assert.assertEquals(2, password.getUnsuccessfulAttempts());
    // 
    // password change
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setIdm(true);
    passwordChange.setNewPassword(new GuardedString("new"));
    passwordService.save(identity, passwordChange);
    // 
    password = passwordService.findOneByIdentity(identity.getId());
    // 
    Assert.assertEquals(0, password.getUnsuccessfulAttempts());
}
Also used : PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultAuditServiceIntegrationTest method testLoginAuditWithPaginationAndFailed.

@Test
public void testLoginAuditWithPaginationAndFailed() {
    this.logout();
    String password = "password-" + System.currentTimeMillis();
    GuardedString passwordAsGuardedString = new GuardedString(password);
    IdmIdentityDto identity = getHelper().createIdentity(passwordAsGuardedString);
    LoginDto loginDto = new LoginDto(identity.getUsername(), passwordAsGuardedString);
    authenticationManager.authenticate(loginDto);
    this.logout();
    authenticationManager.authenticate(loginDto);
    this.logout();
    authenticationManager.authenticate(loginDto);
    this.logout();
    loginDto = new LoginDto(identity.getUsername(), new GuardedString("test-" + System.currentTimeMillis()));
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException e) {
    // Success
    } catch (Exception e) {
        fail();
    }
    this.logout();
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException e) {
    // Success
    } catch (Exception e) {
        fail();
    }
    this.logout();
    IdmAuditFilter filter = new IdmAuditFilter();
    filter.setOwnerId(identity.getId().toString());
    PageRequest pageable = PageRequest.of(0, 1);
    Page<IdmAuditDto> findLogin = getTransactionTemplate().execute(new TransactionCallback<Page<IdmAuditDto>>() {

        @Override
        public Page<IdmAuditDto> doInTransaction(TransactionStatus status) {
            return auditService.findLogin(filter, pageable);
        }
    });
    assertEquals(5, findLogin.getTotalElements());
    assertEquals(1, findLogin.getContent().size());
}
Also used : IdmAuditDto(eu.bcvsolutions.idm.core.api.audit.dto.IdmAuditDto) IdmAuditFilter(eu.bcvsolutions.idm.core.api.audit.dto.filter.IdmAuditFilter) TransactionStatus(org.springframework.transaction.TransactionStatus) Page(org.springframework.data.domain.Page) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) PageRequest(org.springframework.data.domain.PageRequest) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 3 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class AuthenticationExceptionContextTest method testDisabledOrNotFound.

@Test
public void testDisabledOrNotFound() {
    AuthenticationException e = new IdmAuthenticationException("test");
    AuthenticationExceptionContext ctx = new AuthenticationExceptionContext();
    ctx.setAuthEx(e);
    Assert.assertFalse(ctx.isAuthoritiesChanged());
    Assert.assertTrue(ctx.isDisabledOrNotExists());
    Assert.assertFalse(ctx.isExpired());
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) AuthenticationException(org.springframework.security.core.AuthenticationException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest) Test(org.junit.Test)

Example 4 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method getValidIdentity.

private IdmIdentityDto getValidIdentity(LoginDto loginDto, boolean propagateException) {
    String username = loginDto.getUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity exists
    if (identity == null) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityNotFoundException(validationMessage);
    }
    // identity is valid
    if (identity.isDisabled()) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityDisabledException(validationMessage);
    }
    // GuardedString isn't necessary password is in hash.
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    if (password == null) {
        String validationMessage = MessageFormat.format("Identity [{0}] does not have pasword stored in IdM.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdmAuthenticationException(validationMessage);
    }
    // check if password expired
    if (password.getValidTill() != null && password.getValidTill().isBefore(LocalDate.now())) {
        String validationMessage = MessageFormat.format("Password for identity [{0}] is expired.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new ResultCodeException(CoreResultCode.PASSWORD_EXPIRED);
    }
    // given password is correct
    if (!passwordService.checkPassword(loginDto.getPassword(), password)) {
        String validationMessage = MessageFormat.format("Identity [{0}] password check failed.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdmAuthenticationException(validationMessage);
    }
    // 
    return identity;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 5 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class OAuthAuthenticationManager method verifyAuthentication.

private IdmJwtAuthentication verifyAuthentication(Authentication authentication) {
    if (!(authentication instanceof IdmJwtAuthentication)) {
        throw new UnsupportedOperationException(String.format("JWT authentication is supported only, given [%s].", authentication.getClass().getCanonicalName()));
    }
    IdmJwtAuthentication idmJwtAuthentication = (IdmJwtAuthentication) authentication;
    // 
    // verify persisted token
    boolean tokenVerified = false;
    if (idmJwtAuthentication.getId() != null) {
        // get verified (valid) token
        tokenManager.verifyToken(idmJwtAuthentication.getId());
        tokenVerified = true;
    }
    // verify given authentication (token could not be persisted)
    if (idmJwtAuthentication.isExpired()) {
        throw new ResultCodeException(CoreResultCode.AUTH_EXPIRED);
    }
    if (tokenVerified) {
        // when token is verified, then identity is not disabled => tokens are disabled after identity is disabled
        return idmJwtAuthentication;
    }
    // 
    // verify identity
    IdmIdentityDto identity = identityService.getByUsername(idmJwtAuthentication.getName());
    if (identity == null) {
        throw new IdmAuthenticationException(String.format("Identity [%s] not found!", idmJwtAuthentication.getName()));
    }
    if (identity.isDisabled()) {
        throw new IdmAuthenticationException(String.format("Identity [%s] is disabled!", identity.getId()));
    }
    // 
    return idmJwtAuthentication;
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Aggregations

IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)15 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)11 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)10 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)6 Test (org.junit.Test)5 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)4 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)4 IdentityNotFoundException (eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)4 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)4 IdentityDisabledException (eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)3 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)2 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)2 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)2 TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)2 IdmAuditDto (eu.bcvsolutions.idm.core.api.audit.dto.IdmAuditDto)1 IdmAuditFilter (eu.bcvsolutions.idm.core.api.audit.dto.filter.IdmAuditFilter)1 IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)1 CasTicketValidationException (eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException)1 MustChangePasswordException (eu.bcvsolutions.idm.core.security.api.exception.MustChangePasswordException)1 AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)1