Search in sources :

Example 1 with InvalidCodeException

use of io.gravitee.am.common.exception.mfa.InvalidCodeException in project gravitee-access-management by gravitee-io.

the class EmailFactorProvider method verify.

@Override
public Completable verify(FactorContext context) {
    final String code = context.getData(FactorContext.KEY_CODE, String.class);
    final EnrolledFactor enrolledFactor = context.getData(FactorContext.KEY_ENROLLED_FACTOR, EnrolledFactor.class);
    return Completable.create(emitter -> {
        try {
            final String otpCode = generateOTP(enrolledFactor);
            if (!code.equals(otpCode)) {
                emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
            }
            // get last connection date of the user to test code
            if (Instant.now().isAfter(Instant.ofEpochMilli(enrolledFactor.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class)))) {
                emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
            }
            emitter.onComplete();
        } catch (Exception ex) {
            logger.error("An error occurs while validating 2FA code", ex);
            emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
        }
    });
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException) TechnicalException(io.gravitee.am.repository.exceptions.TechnicalException) AddressException(javax.mail.internet.AddressException) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException)

Example 2 with InvalidCodeException

use of io.gravitee.am.common.exception.mfa.InvalidCodeException in project gravitee-access-management by gravitee-io.

the class RecoveryCodeFactorProvider method verify.

@Override
public Completable verify(FactorContext context) {
    final String code = context.getData(FactorContext.KEY_CODE, String.class);
    final EnrolledFactor enrolledFactor = context.getData(FactorContext.KEY_ENROLLED_FACTOR, EnrolledFactor.class);
    final List<String> recoveryCodes = (List<String>) enrolledFactor.getSecurity().getAdditionalData().get(RECOVERY_CODE);
    return Completable.create(emitter -> {
        if (recoveryCodes.contains(code)) {
            // remove the code from the list as the recovery is not re-usable
            recoveryCodes.remove(code);
            enrolledFactor.getSecurity().setAdditionalData(Map.of(RECOVERY_CODE, recoveryCodes));
            emitter.onComplete();
        } else {
            emitter.onError(new InvalidCodeException("Invalid recovery code"));
        }
    });
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) List(java.util.List) SecureRandomString(io.gravitee.am.common.utils.SecureRandomString) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException)

Example 3 with InvalidCodeException

use of io.gravitee.am.common.exception.mfa.InvalidCodeException in project gravitee-access-management by gravitee-io.

the class InfobipResourceProvider method verify.

@Override
public Completable verify(MFAChallenge challenge) {
    return Completable.create((emitter) -> {
        String pin = challenge.getCode();
        try {
            TfaVerifyPinResponse verifyResponse = this.tfaApi.verifyTfaPhoneNumber(pinId, new TfaVerifyPinRequest().pin(pin));
            boolean verified = verifyResponse.getVerified();
            LOGGER.debug("Infobip Verification code with ID '{}' verified with status '{}'", this.pinId, verified);
            if (!verified) {
                emitter.onError(new InvalidCodeException("Challenger not verified"));
            } else {
                emitter.onComplete();
            }
        } catch (com.infobip.ApiException e) {
            LOGGER.error("Challenge verification fails", e);
            emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
        }
    });
}
Also used : TfaVerifyPinResponse(com.infobip.model.TfaVerifyPinResponse) TfaVerifyPinRequest(com.infobip.model.TfaVerifyPinRequest) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException)

Example 4 with InvalidCodeException

use of io.gravitee.am.common.exception.mfa.InvalidCodeException in project gravitee-access-management by gravitee-io.

the class TwilioVerifyResourceProvider method verify.

@Override
public Completable verify(MFAChallenge challenge) {
    return Completable.create((emitter) -> {
        try {
            VerificationCheck verification = VerificationCheck.creator(configuration.getSid(), challenge.getCode()).setTo(challenge.getTarget()).create();
            LOGGER.debug("Twilio Verification code with ID '{}' verified with status '{}'", verification.getSid(), verification.getStatus());
            if (!APPROVED.equalsIgnoreCase(verification.getStatus())) {
                emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
            }
            emitter.onComplete();
        } catch (ApiException e) {
            LOGGER.error("Challenge verification fails", e);
            emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
        }
    });
}
Also used : VerificationCheck(com.twilio.rest.verify.v2.service.VerificationCheck) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException) ApiException(com.twilio.exception.ApiException)

Example 5 with InvalidCodeException

use of io.gravitee.am.common.exception.mfa.InvalidCodeException in project gravitee-access-management by gravitee-io.

the class OTPFactorProvider method verify.

@Override
public Completable verify(FactorContext context) {
    final String code = context.getData(FactorContext.KEY_CODE, String.class);
    final EnrolledFactor enrolledFactor = context.getData(FactorContext.KEY_ENROLLED_FACTOR, EnrolledFactor.class);
    return Completable.create(emitter -> {
        try {
            final String otpCode = TOTP.generateTOTP(SharedSecret.base32Str2Hex(enrolledFactor.getSecurity().getValue()));
            if (!code.equals(otpCode)) {
                emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
            }
            emitter.onComplete();
        } catch (Exception ex) {
            logger.error("An error occurs while validating 2FA code", ex);
            emitter.onError(new InvalidCodeException("Invalid 2FA Code"));
        }
    });
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException) InvalidCodeException(io.gravitee.am.common.exception.mfa.InvalidCodeException)

Aggregations

InvalidCodeException (io.gravitee.am.common.exception.mfa.InvalidCodeException)5 EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)3 TfaVerifyPinRequest (com.infobip.model.TfaVerifyPinRequest)1 TfaVerifyPinResponse (com.infobip.model.TfaVerifyPinResponse)1 ApiException (com.twilio.exception.ApiException)1 VerificationCheck (com.twilio.rest.verify.v2.service.VerificationCheck)1 SecureRandomString (io.gravitee.am.common.utils.SecureRandomString)1 TechnicalException (io.gravitee.am.repository.exceptions.TechnicalException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 List (java.util.List)1 AddressException (javax.mail.internet.AddressException)1