Search in sources :

Example 1 with EvaluableRequest

use of io.gravitee.am.gateway.handler.context.EvaluableRequest in project gravitee-access-management by gravitee-io.

the class AdaptiveMfaFilter method get.

@Override
public Boolean get() {
    if (isNull(isRuleTrue)) {
        if (!context.isAmfaActive()) {
            context.setAmfaRuleTrue(false);
            return false;
        }
        final Object loginAttempt = context.getLoginAttempt();
        data.put(LOGIN_ATTEMPT_KEY, isNull(loginAttempt) ? 0 : loginAttempt);
        var parameters = Map.of("request", new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate())), "context", new EvaluableExecutionContext(data));
        // We are retaining the value since other features will use it in the chain
        context.setAmfaRuleTrue(ruleEngine.evaluate(context.getAmfaRule(), parameters, Boolean.class, false));
    }
    // If one of the other filter chains are active. We want to make sure that
    // if Adaptive MFA skips (rule == true) we want other MFA methods to trigger
    var rememberDevice = context.getRememberDeviceSettings();
    return !rememberDevice.isActive() && !context.isStepUpActive() && context.isAmfaRuleTrue();
}
Also used : EvaluableExecutionContext(io.gravitee.am.gateway.handler.context.EvaluableExecutionContext) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)

Example 2 with EvaluableRequest

use of io.gravitee.am.gateway.handler.context.EvaluableRequest in project gravitee-access-management by gravitee-io.

the class IdentifierFirstLoginEndpoint method renderLoginPage.

private void renderLoginPage(RoutingContext routingContext) {
    final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
    // remove sensible client data
    routingContext.put(CLIENT_CONTEXT_KEY, new ClientProperties(client));
    // put domain in context data
    routingContext.put(DOMAIN_CONTEXT_KEY, domain);
    // put request in context
    final HttpServerRequest request = routingContext.request();
    EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate(), true));
    routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
    // put login settings in context
    LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
    var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
    routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
    routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
    // put error in context
    final String error = request.getParam(ERROR_PARAM_KEY);
    final String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM_KEY);
    routingContext.put(ERROR_PARAM_KEY, error);
    routingContext.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    // put parameters in context (backward compatibility)
    Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
    params.put(ERROR_PARAM_KEY, error);
    params.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    routingContext.put(PARAM_CONTEXT_KEY, params);
    // put actions in context
    final MultiMap queryParams = RequestUtils.getCleanedQueryParams(request);
    routingContext.put(ACTION_KEY, resolveProxyRequest(request, routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
    routingContext.put(REGISTER_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
    routingContext.put(WEBAUTHN_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
    final Map<String, Object> data = generateData(routingContext, domain, client);
    data.putAll(botDetectionManager.getTemplateVariables(domain, client));
    this.renderPage(routingContext, data, client, logger, "Unable to render Identifier-first login page");
}
Also used : ClientProperties(io.gravitee.am.model.safe.ClientProperties) HashMap(java.util.HashMap) HttpServerRequest(io.vertx.reactivex.core.http.HttpServerRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) MultiMap(io.vertx.reactivex.core.MultiMap) LoginSettings(io.gravitee.am.model.login.LoginSettings) Objects(java.util.Objects) Client(io.gravitee.am.model.oidc.Client)

Example 3 with EvaluableRequest

use of io.gravitee.am.gateway.handler.context.EvaluableRequest in project gravitee-access-management by gravitee-io.

the class LoginEndpoint method prepareContext.

private void prepareContext(RoutingContext routingContext, Client client) {
    // remove sensible client data
    routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, new ClientProperties(client));
    // put domain in context data
    routingContext.put(ConstantKeys.DOMAIN_CONTEXT_KEY, domain);
    // put login settings in context data
    LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
    var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
    boolean isIdentifierFirstLoginEnabled = optionalSettings.map(LoginSettings::isIdentifierFirstEnabled).orElse(false);
    routingContext.put(ALLOW_FORGOT_PASSWORD_CONTEXT_KEY, optionalSettings.map(LoginSettings::isForgotPasswordEnabled).orElse(false));
    routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
    routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
    routingContext.put(HIDE_FORM_CONTEXT_KEY, optionalSettings.map(LoginSettings::isHideForm).orElse(false));
    routingContext.put(IDENTIFIER_FIRST_LOGIN_CONTEXT_KEY, isIdentifierFirstLoginEnabled);
    // put request in context
    EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(routingContext.request().getDelegate(), true));
    routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
    // put error in context
    final String error = routingContext.request().getParam(ConstantKeys.ERROR_PARAM_KEY);
    final String errorDescription = routingContext.request().getParam(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY);
    routingContext.put(ConstantKeys.ERROR_PARAM_KEY, error);
    routingContext.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    // put parameters in context (backward compatibility)
    Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
    params.put(ConstantKeys.ERROR_PARAM_KEY, error);
    params.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
    final String loginHint = routingContext.request().getParam(Parameters.LOGIN_HINT);
    if (loginHint != null) {
        params.put(ConstantKeys.USERNAME_PARAM_KEY, loginHint);
    }
    routingContext.put(ConstantKeys.PARAM_CONTEXT_KEY, params);
    // put action urls in context
    final MultiMap queryParams = getCleanedQueryParams(routingContext.request());
    routingContext.put(ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true));
    routingContext.put(FORGOT_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/forgotPassword", queryParams, true));
    routingContext.put(REGISTER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
    routingContext.put(WEBAUTHN_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
    if (isIdentifierFirstLoginEnabled) {
        routingContext.put(LOGIN_IDENTIFIER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
    }
}
Also used : MultiMap(io.vertx.reactivex.core.MultiMap) ClientProperties(io.gravitee.am.model.safe.ClientProperties) HashMap(java.util.HashMap) LoginSettings(io.gravitee.am.model.login.LoginSettings) Objects(java.util.Objects) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)

Example 4 with EvaluableRequest

use of io.gravitee.am.gateway.handler.context.EvaluableRequest in project gravitee-access-management by gravitee-io.

the class EnrichProfilePolicyTest method init.

@Before
public void init() {
    reset(configuration, executionContext, request, response);
    Request request = new RequestWrapper(mock(Request.class)) {

        @Override
        public MultiValueMap<String, String> parameters() {
            LinkedMultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
            parameters.add(REQUEST_PARAM, PARAM_VALUE);
            return parameters;
        }
    };
    TemplateEngine tplEngine = new SpelTemplateEngineFactory().templateEngine();
    tplEngine.getTemplateContext().setVariable("request", new EvaluableRequest(request));
    when(executionContext.getTemplateEngine()).thenReturn(tplEngine);
    when(executionContext.getComponent(UserRepository.class)).thenReturn(userRepository);
}
Also used : TemplateEngine(io.gravitee.el.TemplateEngine) LinkedMultiValueMap(io.gravitee.common.util.LinkedMultiValueMap) Request(io.gravitee.gateway.api.Request) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) RequestWrapper(io.gravitee.gateway.api.RequestWrapper) SpelTemplateEngineFactory(io.gravitee.el.spel.SpelTemplateEngineFactory) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) Before(org.junit.Before)

Example 5 with EvaluableRequest

use of io.gravitee.am.gateway.handler.context.EvaluableRequest in project gravitee-access-management by gravitee-io.

the class EnrichAuthFlowPolicyTest method init.

@Before
public void init() {
    reset(configuration, executionContext, request, response, authContextRepository);
    Request request = new RequestWrapper(mock(Request.class)) {

        @Override
        public MultiValueMap<String, String> parameters() {
            LinkedMultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
            parameters.add(REQUEST_PARAM, PARAM_VALUE);
            return parameters;
        }
    };
    TemplateEngine tplEngine = new SpelTemplateEngineFactory().templateEngine();
    tplEngine.getTemplateContext().setVariable("request", new EvaluableRequest(request));
    when(executionContext.getTemplateEngine()).thenReturn(tplEngine);
    when(executionContext.getComponent(AuthenticationFlowContextRepository.class)).thenReturn(this.authContextRepository);
    when(environment.getProperty("authenticationFlow.expirationTimeOut", Integer.class, 300)).thenReturn(300);
    when(executionContext.getComponent(Environment.class)).thenReturn(environment);
}
Also used : TemplateEngine(io.gravitee.el.TemplateEngine) LinkedMultiValueMap(io.gravitee.common.util.LinkedMultiValueMap) Request(io.gravitee.gateway.api.Request) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) RequestWrapper(io.gravitee.gateway.api.RequestWrapper) SpelTemplateEngineFactory(io.gravitee.el.spel.SpelTemplateEngineFactory) EvaluableRequest(io.gravitee.am.gateway.handler.context.EvaluableRequest) Before(org.junit.Before)

Aggregations

EvaluableRequest (io.gravitee.am.gateway.handler.context.EvaluableRequest)5 VertxHttpServerRequest (io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)3 LoginSettings (io.gravitee.am.model.login.LoginSettings)2 ClientProperties (io.gravitee.am.model.safe.ClientProperties)2 LinkedMultiValueMap (io.gravitee.common.util.LinkedMultiValueMap)2 TemplateEngine (io.gravitee.el.TemplateEngine)2 SpelTemplateEngineFactory (io.gravitee.el.spel.SpelTemplateEngineFactory)2 Request (io.gravitee.gateway.api.Request)2 RequestWrapper (io.gravitee.gateway.api.RequestWrapper)2 MultiMap (io.vertx.reactivex.core.MultiMap)2 HashMap (java.util.HashMap)2 Objects (java.util.Objects)2 Before (org.junit.Before)2 EvaluableExecutionContext (io.gravitee.am.gateway.handler.context.EvaluableExecutionContext)1 Client (io.gravitee.am.model.oidc.Client)1 HttpServerRequest (io.vertx.reactivex.core.http.HttpServerRequest)1