Example 1 with AuthenticationRequestNotFoundException
use of io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException in project gravitee-access-management by gravitee-io.
the class CibaTokenGranter method parseRequest.
@Override
protected Single<TokenRequest> parseRequest(TokenRequest tokenRequest, Client client) {
MultiValueMap<String, String> parameters = tokenRequest.parameters();
final String authReqId = parameters.getFirst(Parameters.AUTH_REQ_ID);
if (isEmpty(authReqId)) {
return Single.error(new InvalidRequestException("Missing parameter: auth_req_id"));
}
return super.parseRequest(tokenRequest, client).flatMap(tokenRequest1 -> authenticationRequestService.retrieve(domain, authReqId).map(cibaRequest -> {
if (!cibaRequest.getClientId().equals(client.getClientId())) {
logger.warn("client_id '{}' requests token using not owned authentication request '{}'", client.getId(), authReqId);
throw new AuthenticationRequestNotFoundException("Authentication request not found");
}
return cibaRequest;
}).map(cibaRequest -> {
// set resource owner
tokenRequest1.setSubject(cibaRequest.getSubject());
// set original scopes
tokenRequest1.setScopes(cibaRequest.getScopes());
// store only the AuthenticationFlowContext.data attributes in order to simplify EL templating
// and provide an up to date set of data if the enrichAuthFlow Policy ius used multiple time in a step
// {#context.attributes['authFlow']['entry']}
tokenRequest1.getContext().put(AUTH_FLOW_CONTEXT_ATTRIBUTES_KEY, emptyMap());
return tokenRequest1;
}));
}
Also used :
InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)
Collections.emptyMap(java.util.Collections.emptyMap)
GrantType(io.gravitee.am.common.oauth2.GrantType)
Logger(org.slf4j.Logger)
UserAuthenticationManager(io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)
TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)
Client(io.gravitee.am.model.oidc.Client)
MultiValueMap(io.gravitee.common.util.MultiValueMap)
Maybe(io.reactivex.Maybe)
LoggerFactory(org.slf4j.LoggerFactory)
AuthenticationRequestService(io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)
Domain(io.gravitee.am.model.Domain)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
AbstractTokenGranter(io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter)
TokenService(io.gravitee.am.gateway.handler.oauth2.service.token.TokenService)
Single(io.reactivex.Single)
Parameters(io.gravitee.am.common.ciba.Parameters)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
TokenRequestResolver(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequestResolver)
StringUtils.isEmpty(org.springframework.util.StringUtils.isEmpty)
User(io.gravitee.am.model.User)
AuthenticationRequestNotFoundException(io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException)
AuthenticationRequestNotFoundException(io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Example 2 with AuthenticationRequestNotFoundException
use of io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestServiceImpl method retrieve.
@Override
public Single<CibaAuthRequest> retrieve(Domain domain, String authReqId) {
LOGGER.debug("Search for authentication request with id '{}'", authReqId);
return this.authRequestRepository.findById(authReqId).switchIfEmpty(Single.error(new AuthenticationRequestNotFoundException(authReqId))).flatMap(request -> {
if ((request.getExpireAt().getTime() - (requestRetentionInSec * 1000)) < Instant.now().toEpochMilli()) {
return Single.error(new AuthenticationRequestExpiredException());
}
switch(AuthenticationRequestStatus.valueOf(request.getStatus())) {
case ONGOING:
// Check if the request interval is respected by the client
// if the client request to often the endpoint, throws a SlowDown error
// otherwise, update the last Access date before sending the pending exception
final int interval = domain.getOidc().getCibaSettings().getTokenReqInterval();
if (request.getLastAccessAt().toInstant().plusSeconds(interval).isAfter(Instant.now())) {
return Single.error(new SlowDownException());
}
request.setLastAccessAt(new Date());
return this.authRequestRepository.update(request).flatMap(__ -> Single.error(new AuthorizationPendingException()));
case REJECTED:
return this.authRequestRepository.delete(authReqId).toSingle(() -> {
throw new AccessDeniedException();
});
default:
return this.authRequestRepository.delete(authReqId).toSingle(() -> request);
}
});
}
Also used :
SlowDownException(io.gravitee.am.gateway.handler.ciba.exception.SlowDownException)
AccessDeniedException(io.gravitee.am.gateway.handler.oauth2.exception.AccessDeniedException)
AuthenticationRequestNotFoundException(io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException)
AuthorizationPendingException(io.gravitee.am.gateway.handler.ciba.exception.AuthorizationPendingException)
AuthenticationRequestExpiredException(io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestExpiredException)
Date(java.util.Date)
Example 3 with AuthenticationRequestNotFoundException
use of io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException in project gravitee-access-management by gravitee-io.
the class AuthenticationRequestServiceImpl method updateAuthDeviceInformation.
@Override
public Single<CibaAuthRequest> updateAuthDeviceInformation(CibaAuthRequest request) {
LOGGER.debug("Update authentication request '{}' with AuthenticationDeviceNotifier information", request.getId());
return this.authRequestRepository.findById(request.getId()).switchIfEmpty(Single.error(new AuthenticationRequestNotFoundException(request.getId()))).flatMap(existingReq -> {
// update only information provided by the AD notifier
existingReq.setExternalTrxId(request.getExternalTrxId());
existingReq.setExternalInformation(request.getExternalInformation());
existingReq.setDeviceNotifierId(request.getDeviceNotifierId());
return this.authRequestRepository.update(existingReq);
});
}
Also used :
AuthenticationRequestNotFoundException(io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException)
Aggregations
AuthenticationRequestNotFoundException (io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestNotFoundException)3
Parameters (io.gravitee.am.common.ciba.Parameters)1
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1
GrantType (io.gravitee.am.common.oauth2.GrantType)1
ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)1
AuthenticationRequestExpiredException (io.gravitee.am.gateway.handler.ciba.exception.AuthenticationRequestExpiredException)1
AuthorizationPendingException (io.gravitee.am.gateway.handler.ciba.exception.AuthorizationPendingException)1
SlowDownException (io.gravitee.am.gateway.handler.ciba.exception.SlowDownException)1
AuthenticationRequestService (io.gravitee.am.gateway.handler.ciba.service.AuthenticationRequestService)1
UserAuthenticationManager (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)1
AccessDeniedException (io.gravitee.am.gateway.handler.oauth2.exception.AccessDeniedException)1
InvalidGrantException (io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException)1
AbstractTokenGranter (io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter)1
TokenRequest (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)1
TokenRequestResolver (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequestResolver)1
TokenService (io.gravitee.am.gateway.handler.oauth2.service.token.TokenService)1
Domain (io.gravitee.am.model.Domain)1
User (io.gravitee.am.model.User)1
Client (io.gravitee.am.model.oidc.Client)1
MultiValueMap (io.gravitee.common.util.MultiValueMap)1
