use of io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method authenticate.
@Override
public void authenticate(RoutingContext context, JsonObject authInfo, Handler<AsyncResult<User>> handler) {
String username = authInfo.getString(USERNAME_PARAMETER);
String password = authInfo.getString(PASSWORD_PARAMETER);
String clientId = authInfo.getString(Parameters.CLIENT_ID);
String ipAddress = authInfo.getString(Claims.ip_address);
String userAgent = authInfo.getString(Claims.user_agent);
parseClient(clientId, parseClientHandler -> {
if (parseClientHandler.failed()) {
logger.error("Authentication failure: unable to retrieve client " + clientId, parseClientHandler.cause());
handler.handle(Future.failedFuture(parseClientHandler.cause()));
return;
}
// retrieve the client (application)
final Client client = parseClientHandler.result();
// end user authentication
SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(new VertxHttpServerRequest(context.request().getDelegate()));
final Authentication authentication = new EndUserAuthentication(username, password, authenticationContext);
authenticationContext.set(Claims.ip_address, ipAddress);
authenticationContext.set(Claims.user_agent, userAgent);
authenticationContext.set(Claims.domain, client.getDomain());
userAuthenticationManager.authenticate(client, authentication).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
});
}
use of io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User in project gravitee-access-management by gravitee-io.
the class CookieSessionHandler method writeSessionCookie.
private void writeSessionCookie(final RoutingContext context, final CookieSession session) {
io.vertx.ext.auth.User user = context.getDelegate().user();
if (user instanceof User) {
session.putUserId(((User) user).getUser().getId());
}
Cookie cookie = Cookie.cookie(cookieName, session.value());
// set max age if user requested it - else it's a session cookie
if (timeout >= 0) {
cookie.setMaxAge(TimeUnit.MILLISECONDS.toSeconds(timeout));
}
// All other cookie's properties are managed by a dedicated CookieHandler.
context.addCookie(cookie);
}
use of io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User in project gravitee-access-management by gravitee-io.
the class MFAEnrollStep method execute.
@Override
public void execute(RoutingContext routingContext, AuthenticationFlowChain flow) {
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final io.gravitee.am.model.User endUser = ((User) routingContext.user().getDelegate()).getUser();
final Session session = routingContext.session();
var context = new MfaFilterContext(client, session, endUser);
// Rules that makes you skip MFA enroll
var mfaFilterChain = new MfaFilterChain(new ClientNullFilter(client), new NoFactorFilter(client.getFactors(), factorManager), new EndUserEnrolledFilter(context), new AdaptiveMfaFilter(context, ruleEngine, routingContext.request(), routingContext.data()), new StepUpAuthenticationFilter(context, ruleEngine, routingContext.request(), routingContext.data()), new RememberDeviceFilter(context), new MfaSkipFilter(context));
mfaFilterChain.doFilter(this, flow, routingContext);
}
use of io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication_2.
@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication_2() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=read%20write", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertTrue(location.endsWith("/mfa/challenge?scope=read+write"));
}, HttpStatusCode.FOUND_302, "Found", null);
}
use of io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldContinue_adaptiveMFA_condition_not_met.
@Test
public void shouldContinue_adaptiveMFA_condition_not_met() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login", HttpStatusCode.OK_200, "OK");
}
Aggregations