use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordServiceIntegrationTest method testResetUsuccessfulAttemptsAfterPasswordChange.
@Test
@Transactional
public void testResetUsuccessfulAttemptsAfterPasswordChange() {
IdmIdentityDto identity = getHelper().createIdentity();
// login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString("wrong"));
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(2, password.getUnsuccessfulAttempts());
//
// password change
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setNewPassword(new GuardedString("new"));
passwordService.save(identity, passwordChange);
//
password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(0, password.getUnsuccessfulAttempts());
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultAuditServiceIntegrationTest method testLoginAuditWithPaginationAndFailed.
@Test
public void testLoginAuditWithPaginationAndFailed() {
this.logout();
String password = "password-" + System.currentTimeMillis();
GuardedString passwordAsGuardedString = new GuardedString(password);
IdmIdentityDto identity = getHelper().createIdentity(passwordAsGuardedString);
LoginDto loginDto = new LoginDto(identity.getUsername(), passwordAsGuardedString);
authenticationManager.authenticate(loginDto);
this.logout();
authenticationManager.authenticate(loginDto);
this.logout();
authenticationManager.authenticate(loginDto);
this.logout();
loginDto = new LoginDto(identity.getUsername(), new GuardedString("test-" + System.currentTimeMillis()));
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException e) {
// Success
} catch (Exception e) {
fail();
}
this.logout();
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException e) {
// Success
} catch (Exception e) {
fail();
}
this.logout();
IdmAuditFilter filter = new IdmAuditFilter();
filter.setOwnerId(identity.getId().toString());
PageRequest pageable = PageRequest.of(0, 1);
Page<IdmAuditDto> findLogin = getTransactionTemplate().execute(new TransactionCallback<Page<IdmAuditDto>>() {
@Override
public Page<IdmAuditDto> doInTransaction(TransactionStatus status) {
return auditService.findLogin(filter, pageable);
}
});
assertEquals(5, findLogin.getTotalElements());
assertEquals(1, findLogin.getContent().size());
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class AuthenticationExceptionContextTest method testDisabledOrNotFound.
@Test
public void testDisabledOrNotFound() {
AuthenticationException e = new IdmAuthenticationException("test");
AuthenticationExceptionContext ctx = new AuthenticationExceptionContext();
ctx.setAuthEx(e);
Assert.assertFalse(ctx.isAuthoritiesChanged());
Assert.assertTrue(ctx.isDisabledOrNotExists());
Assert.assertFalse(ctx.isExpired());
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultLoginService method getValidIdentity.
private IdmIdentityDto getValidIdentity(LoginDto loginDto, boolean propagateException) {
String username = loginDto.getUsername();
LOG.info("Identity with username [{}] authenticating", username);
IdmIdentityDto identity = identityService.getByUsername(username);
// identity exists
if (identity == null) {
String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityNotFoundException(validationMessage);
}
// identity is valid
if (identity.isDisabled()) {
String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityDisabledException(validationMessage);
}
// GuardedString isn't necessary password is in hash.
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
if (password == null) {
String validationMessage = MessageFormat.format("Identity [{0}] does not have pasword stored in IdM.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdmAuthenticationException(validationMessage);
}
// check if password expired
if (password.getValidTill() != null && password.getValidTill().isBefore(LocalDate.now())) {
String validationMessage = MessageFormat.format("Password for identity [{0}] is expired.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new ResultCodeException(CoreResultCode.PASSWORD_EXPIRED);
}
// given password is correct
if (!passwordService.checkPassword(loginDto.getPassword(), password)) {
String validationMessage = MessageFormat.format("Identity [{0}] password check failed.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdmAuthenticationException(validationMessage);
}
//
return identity;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class OAuthAuthenticationManager method verifyAuthentication.
private IdmJwtAuthentication verifyAuthentication(Authentication authentication) {
if (!(authentication instanceof IdmJwtAuthentication)) {
throw new UnsupportedOperationException(String.format("JWT authentication is supported only, given [%s].", authentication.getClass().getCanonicalName()));
}
IdmJwtAuthentication idmJwtAuthentication = (IdmJwtAuthentication) authentication;
//
// verify persisted token
boolean tokenVerified = false;
if (idmJwtAuthentication.getId() != null) {
// get verified (valid) token
tokenManager.verifyToken(idmJwtAuthentication.getId());
tokenVerified = true;
}
// verify given authentication (token could not be persisted)
if (idmJwtAuthentication.isExpired()) {
throw new ResultCodeException(CoreResultCode.AUTH_EXPIRED);
}
if (tokenVerified) {
// when token is verified, then identity is not disabled => tokens are disabled after identity is disabled
return idmJwtAuthentication;
}
//
// verify identity
IdmIdentityDto identity = identityService.getByUsername(idmJwtAuthentication.getName());
if (identity == null) {
throw new IdmAuthenticationException(String.format("Identity [%s] not found!", idmJwtAuthentication.getName()));
}
if (identity.isDisabled()) {
throw new IdmAuthenticationException(String.format("Identity [%s] is disabled!", identity.getId()));
}
//
return idmJwtAuthentication;
}
Aggregations