Search in sources :

Example 1 with VertxHttpServerRequest

use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.

the class UserAuthProviderImpl method authenticate.

@Override
public void authenticate(RoutingContext context, JsonObject authInfo, Handler<AsyncResult<User>> handler) {
    String username = authInfo.getString(USERNAME_PARAMETER);
    String password = authInfo.getString(PASSWORD_PARAMETER);
    String clientId = authInfo.getString(Parameters.CLIENT_ID);
    String ipAddress = authInfo.getString(Claims.ip_address);
    String userAgent = authInfo.getString(Claims.user_agent);
    parseClient(clientId, parseClientHandler -> {
        if (parseClientHandler.failed()) {
            logger.error("Authentication failure: unable to retrieve client " + clientId, parseClientHandler.cause());
            handler.handle(Future.failedFuture(parseClientHandler.cause()));
            return;
        }
        // retrieve the client (application)
        final Client client = parseClientHandler.result();
        // end user authentication
        SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(new VertxHttpServerRequest(context.request().getDelegate()));
        final Authentication authentication = new EndUserAuthentication(username, password, authenticationContext);
        authenticationContext.set(Claims.ip_address, ipAddress);
        authenticationContext.set(Claims.user_agent, userAgent);
        authenticationContext.set(Claims.domain, client.getDomain());
        userAuthenticationManager.authenticate(client, authentication).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
    });
}
Also used : Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) Client(io.gravitee.am.model.oidc.Client) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 2 with VertxHttpServerRequest

use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.

the class PolicyChainHandlerImpl method prepareContext.

private void prepareContext(RoutingContext routingContext, Handler<AsyncResult<ExecutionContext>> handler) {
    try {
        io.vertx.core.http.HttpServerRequest request = routingContext.request().getDelegate();
        Request serverRequest = new VertxHttpServerRequest(request);
        Response serverResponse = new VertxHttpServerResponse(request, serverRequest.metrics());
        ExecutionContext simpleExecutionContext = new SimpleExecutionContext(serverRequest, serverResponse);
        ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
        // add current context attributes
        executionContext.getAttributes().putAll(getEvaluableAttributes(routingContext));
        handler.handle(Future.succeededFuture(executionContext));
    } catch (Exception ex) {
        handler.handle(Future.failedFuture(ex));
    }
}
Also used : VertxHttpServerResponse(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerResponse) Response(io.gravitee.gateway.api.Response) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext) Request(io.gravitee.gateway.api.Request) HttpServerRequest(io.vertx.reactivex.core.http.HttpServerRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) SimpleExecutionContext(io.gravitee.gateway.api.context.SimpleExecutionContext) VertxHttpServerResponse(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerResponse) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) PolicyChainException(io.gravitee.am.gateway.policy.PolicyChainException)

Example 3 with VertxHttpServerRequest

use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.

the class AdaptiveMfaFilter method get.

@Override
public Boolean get() {
    if (isNull(isRuleTrue)) {
        if (!context.isAmfaActive()) {
            context.setAmfaRuleTrue(false);
            return false;
        }
        final Object loginAttempt = context.getLoginAttempt();
        data.put(LOGIN_ATTEMPT_KEY, isNull(loginAttempt) ? 0 : loginAttempt);
        var parameters = Map.of("request", new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate())), "context", new EvaluableExecutionContext(data));
        // We are retaining the value since other features will use it in the chain
        context.setAmfaRuleTrue(ruleEngine.evaluate(context.getAmfaRule(), parameters, Boolean.class, false));
    }
    // If one of the other filter chains are active. We want to make sure that
    // if Adaptive MFA skips (rule == true) we want other MFA methods to trigger
    var rememberDevice = context.getRememberDeviceSettings();
    return !rememberDevice.isActive() && !context.isStepUpActive() && context.isAmfaRuleTrue();
}
Also used : EvaluableExecutionContext(io.gravitee.am.gateway.handler.context.EvaluableExecutionContext) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)

Example 4 with VertxHttpServerRequest

use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.

the class IdentifierFirstLoginEndpoint method renderLoginPage.

private void renderLoginPage(RoutingContext routingContext) {
    final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
    // remove sensible client data
    routingContext.put(CLIENT_CONTEXT_KEY, new ClientProperties(client));
    // put domain in context data
    routingContext.put(DOMAIN_CONTEXT_KEY, domain);
    // put request in context
    final HttpServerRequest request = routingContext.request();
    EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate(), true));
    routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
    // put login settings in context
    LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
    var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
    routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
    routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
    // put error in context
    final String error = request.getParam(ERROR_PARAM_KEY);
    final String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM_KEY);
    routingContext.put(ERROR_PARAM_KEY, error);
    routingContext.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    // put parameters in context (backward compatibility)
    Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
    params.put(ERROR_PARAM_KEY, error);
    params.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    routingContext.put(PARAM_CONTEXT_KEY, params);
    // put actions in context
    final MultiMap queryParams = RequestUtils.getCleanedQueryParams(request);
    routingContext.put(ACTION_KEY, resolveProxyRequest(request, routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
    routingContext.put(REGISTER_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
    routingContext.put(WEBAUTHN_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
    final Map<String, Object> data = generateData(routingContext, domain, client);
    data.putAll(botDetectionManager.getTemplateVariables(domain, client));
    this.renderPage(routingContext, data, client, logger, "Unable to render Identifier-first login page");
}
Also used : ClientProperties(io.gravitee.am.model.safe.ClientProperties) HashMap(java.util.HashMap) HttpServerRequest(io.vertx.reactivex.core.http.HttpServerRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) MultiMap(io.vertx.reactivex.core.MultiMap) LoginSettings(io.gravitee.am.model.login.LoginSettings) Objects(java.util.Objects) Client(io.gravitee.am.model.oidc.Client)

Example 5 with VertxHttpServerRequest

use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.

the class LoginEndpoint method prepareContext.

private void prepareContext(RoutingContext routingContext, Client client) {
    // remove sensible client data
    routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, new ClientProperties(client));
    // put domain in context data
    routingContext.put(ConstantKeys.DOMAIN_CONTEXT_KEY, domain);
    // put login settings in context data
    LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
    var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
    boolean isIdentifierFirstLoginEnabled = optionalSettings.map(LoginSettings::isIdentifierFirstEnabled).orElse(false);
    routingContext.put(ALLOW_FORGOT_PASSWORD_CONTEXT_KEY, optionalSettings.map(LoginSettings::isForgotPasswordEnabled).orElse(false));
    routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
    routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
    routingContext.put(HIDE_FORM_CONTEXT_KEY, optionalSettings.map(LoginSettings::isHideForm).orElse(false));
    routingContext.put(IDENTIFIER_FIRST_LOGIN_CONTEXT_KEY, isIdentifierFirstLoginEnabled);
    // put request in context
    EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(routingContext.request().getDelegate(), true));
    routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
    // put error in context
    final String error = routingContext.request().getParam(ConstantKeys.ERROR_PARAM_KEY);
    final String errorDescription = routingContext.request().getParam(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY);
    routingContext.put(ConstantKeys.ERROR_PARAM_KEY, error);
    routingContext.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    // put parameters in context (backward compatibility)
    Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
    params.put(ConstantKeys.ERROR_PARAM_KEY, error);
    params.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    final String loginHint = routingContext.request().getParam(Parameters.LOGIN_HINT);
    if (loginHint != null) {
        params.put(ConstantKeys.USERNAME_PARAM_KEY, loginHint);
    }
    routingContext.put(ConstantKeys.PARAM_CONTEXT_KEY, params);
    // put action urls in context
    final MultiMap queryParams = getCleanedQueryParams(routingContext.request());
    routingContext.put(ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true));
    routingContext.put(FORGOT_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/forgotPassword", queryParams, true));
    routingContext.put(REGISTER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
    routingContext.put(WEBAUTHN_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
    if (isIdentifierFirstLoginEnabled) {
        routingContext.put(LOGIN_IDENTIFIER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
    }
}
Also used : MultiMap(io.vertx.reactivex.core.MultiMap) ClientProperties(io.gravitee.am.model.safe.ClientProperties) HashMap(java.util.HashMap) LoginSettings(io.gravitee.am.model.login.LoginSettings) Objects(java.util.Objects) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)

Aggregations

VertxHttpServerRequest (io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)14 HttpServerRequest (io.vertx.reactivex.core.http.HttpServerRequest)6 SimpleAuthenticationContext (io.gravitee.am.identityprovider.api.SimpleAuthenticationContext)5 Client (io.gravitee.am.model.oidc.Client)5 EndUserAuthentication (io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)3 VertxHttpServerResponse (io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerResponse)3 EvaluableRequest (io.gravitee.am.gateway.handler.context.EvaluableRequest)3 JsonObject (io.vertx.core.json.JsonObject)3 MultiMap (io.vertx.reactivex.core.MultiMap)3 HashMap (java.util.HashMap)3 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)2 RandomString (io.gravitee.am.common.utils.RandomString)2 FactorContext (io.gravitee.am.factor.api.FactorContext)2 RequestUtils (io.gravitee.am.gateway.handler.common.vertx.utils.RequestUtils)2 User (io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User)2 Authentication (io.gravitee.am.identityprovider.api.Authentication)2 Domain (io.gravitee.am.model.Domain)2 LoginSettings (io.gravitee.am.model.login.LoginSettings)2 ClientProperties (io.gravitee.am.model.safe.ClientProperties)2 EvaluableRequest (io.gravitee.gateway.api.el.EvaluableRequest)2