use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method authenticate.
@Override
public void authenticate(RoutingContext context, JsonObject authInfo, Handler<AsyncResult<User>> handler) {
String username = authInfo.getString(USERNAME_PARAMETER);
String password = authInfo.getString(PASSWORD_PARAMETER);
String clientId = authInfo.getString(Parameters.CLIENT_ID);
String ipAddress = authInfo.getString(Claims.ip_address);
String userAgent = authInfo.getString(Claims.user_agent);
parseClient(clientId, parseClientHandler -> {
if (parseClientHandler.failed()) {
logger.error("Authentication failure: unable to retrieve client " + clientId, parseClientHandler.cause());
handler.handle(Future.failedFuture(parseClientHandler.cause()));
return;
}
// retrieve the client (application)
final Client client = parseClientHandler.result();
// end user authentication
SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(new VertxHttpServerRequest(context.request().getDelegate()));
final Authentication authentication = new EndUserAuthentication(username, password, authenticationContext);
authenticationContext.set(Claims.ip_address, ipAddress);
authenticationContext.set(Claims.user_agent, userAgent);
authenticationContext.set(Claims.domain, client.getDomain());
userAuthenticationManager.authenticate(client, authentication).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
});
}
use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.
the class PolicyChainHandlerImpl method prepareContext.
private void prepareContext(RoutingContext routingContext, Handler<AsyncResult<ExecutionContext>> handler) {
try {
io.vertx.core.http.HttpServerRequest request = routingContext.request().getDelegate();
Request serverRequest = new VertxHttpServerRequest(request);
Response serverResponse = new VertxHttpServerResponse(request, serverRequest.metrics());
ExecutionContext simpleExecutionContext = new SimpleExecutionContext(serverRequest, serverResponse);
ExecutionContext executionContext = executionContextFactory.create(simpleExecutionContext);
// add current context attributes
executionContext.getAttributes().putAll(getEvaluableAttributes(routingContext));
handler.handle(Future.succeededFuture(executionContext));
} catch (Exception ex) {
handler.handle(Future.failedFuture(ex));
}
}
use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.
the class AdaptiveMfaFilter method get.
@Override
public Boolean get() {
if (isNull(isRuleTrue)) {
if (!context.isAmfaActive()) {
context.setAmfaRuleTrue(false);
return false;
}
final Object loginAttempt = context.getLoginAttempt();
data.put(LOGIN_ATTEMPT_KEY, isNull(loginAttempt) ? 0 : loginAttempt);
var parameters = Map.of("request", new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate())), "context", new EvaluableExecutionContext(data));
// We are retaining the value since other features will use it in the chain
context.setAmfaRuleTrue(ruleEngine.evaluate(context.getAmfaRule(), parameters, Boolean.class, false));
}
// If one of the other filter chains are active. We want to make sure that
// if Adaptive MFA skips (rule == true) we want other MFA methods to trigger
var rememberDevice = context.getRememberDeviceSettings();
return !rememberDevice.isActive() && !context.isStepUpActive() && context.isAmfaRuleTrue();
}
use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.
the class IdentifierFirstLoginEndpoint method renderLoginPage.
private void renderLoginPage(RoutingContext routingContext) {
final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
// remove sensible client data
routingContext.put(CLIENT_CONTEXT_KEY, new ClientProperties(client));
// put domain in context data
routingContext.put(DOMAIN_CONTEXT_KEY, domain);
// put request in context
final HttpServerRequest request = routingContext.request();
EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate(), true));
routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
// put login settings in context
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
// put error in context
final String error = request.getParam(ERROR_PARAM_KEY);
final String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM_KEY);
routingContext.put(ERROR_PARAM_KEY, error);
routingContext.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
// put parameters in context (backward compatibility)
Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
params.put(ERROR_PARAM_KEY, error);
params.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
routingContext.put(PARAM_CONTEXT_KEY, params);
// put actions in context
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(request);
routingContext.put(ACTION_KEY, resolveProxyRequest(request, routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
routingContext.put(REGISTER_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
routingContext.put(WEBAUTHN_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
final Map<String, Object> data = generateData(routingContext, domain, client);
data.putAll(botDetectionManager.getTemplateVariables(domain, client));
this.renderPage(routingContext, data, client, logger, "Unable to render Identifier-first login page");
}
use of io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest in project gravitee-access-management by gravitee-io.
the class LoginEndpoint method prepareContext.
private void prepareContext(RoutingContext routingContext, Client client) {
// remove sensible client data
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, new ClientProperties(client));
// put domain in context data
routingContext.put(ConstantKeys.DOMAIN_CONTEXT_KEY, domain);
// put login settings in context data
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
boolean isIdentifierFirstLoginEnabled = optionalSettings.map(LoginSettings::isIdentifierFirstEnabled).orElse(false);
routingContext.put(ALLOW_FORGOT_PASSWORD_CONTEXT_KEY, optionalSettings.map(LoginSettings::isForgotPasswordEnabled).orElse(false));
routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
routingContext.put(HIDE_FORM_CONTEXT_KEY, optionalSettings.map(LoginSettings::isHideForm).orElse(false));
routingContext.put(IDENTIFIER_FIRST_LOGIN_CONTEXT_KEY, isIdentifierFirstLoginEnabled);
// put request in context
EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(routingContext.request().getDelegate(), true));
routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
// put error in context
final String error = routingContext.request().getParam(ConstantKeys.ERROR_PARAM_KEY);
final String errorDescription = routingContext.request().getParam(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY);
routingContext.put(ConstantKeys.ERROR_PARAM_KEY, error);
routingContext.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
// put parameters in context (backward compatibility)
Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
params.put(ConstantKeys.ERROR_PARAM_KEY, error);
params.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
final String loginHint = routingContext.request().getParam(Parameters.LOGIN_HINT);
if (loginHint != null) {
params.put(ConstantKeys.USERNAME_PARAM_KEY, loginHint);
}
routingContext.put(ConstantKeys.PARAM_CONTEXT_KEY, params);
// put action urls in context
final MultiMap queryParams = getCleanedQueryParams(routingContext.request());
routingContext.put(ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true));
routingContext.put(FORGOT_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/forgotPassword", queryParams, true));
routingContext.put(REGISTER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
routingContext.put(WEBAUTHN_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
if (isIdentifierFirstLoginEnabled) {
routingContext.put(LOGIN_IDENTIFIER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
}
}
Aggregations