use of io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFARecoveryCodeEndpoint in project gravitee-access-management by gravitee-io.
the class RootProvider method doStart.
@Override
protected void doStart() throws Exception {
super.doStart();
// create the root router
final Router rootRouter = Router.router(vertx);
// body handler
bodyHandler(rootRouter);
// static handler
staticHandler(rootRouter);
// session cookie handler
sessionAndCookieHandler(rootRouter);
// GraviteeContext handler
authFlowContextHandler(rootRouter);
// CSRF handler
csrfHandler(rootRouter);
// CSP Handler
cspHandler(rootRouter);
// common handler
Handler<RoutingContext> userTokenRequestParseHandler = new UserTokenRequestParseHandler(userService);
Handler<RoutingContext> clientRequestParseHandler = new ClientRequestParseHandler(clientSyncService).setRequired(true);
Handler<RoutingContext> clientRequestParseHandlerOptional = new ClientRequestParseHandler(clientSyncService);
Handler<RoutingContext> passwordPolicyRequestParseHandler = new PasswordPolicyRequestParseHandler(passwordService, domain);
Handler<RoutingContext> botDetectionHandler = new BotDetectionHandler(domain, botDetectionManager);
Handler<RoutingContext> geoIpHandler = new GeoIpHandler(vertx.eventBus());
Handler<RoutingContext> loginAttemptHandler = new LoginAttemptHandler(domain, identityProviderManager, loginAttemptService);
Handler<RoutingContext> rememberDeviceSettingsHandler = new RememberDeviceSettingsHandler();
final DeviceIdentifierHandler deviceIdentifierHandler = new DeviceIdentifierHandler(deviceService);
// Root policy chain handler
rootRouter.route().handler(new ClientRequestParseHandler(clientSyncService).setContinueOnError(true)).handler(geoIpHandler).handler(policyChainHandler.create(ExtensionPoint.ROOT));
// Identifier First Login route
rootRouter.route(PATH_IDENTIFIER_FIRST_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(new IdentifierFirstLoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
// login route
rootRouter.get(PATH_LOGIN).handler(clientRequestParseHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginHideFormHandler(domain)).handler(new LoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager, deviceIdentifierManager));
rootRouter.post(PATH_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(loginAttemptHandler).handler(new LoginFormHandler(userAuthProvider)).handler(deviceIdentifierHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
rootRouter.route(PATH_LOGIN).failureHandler(new LoginFailureHandler(authenticationFlowContextService));
// logout route
rootRouter.route(PATH_LOGOUT).handler(new LogoutEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, identityProviderManager, certificateManager, webClient));
rootRouter.route(PATH_LOGOUT_CALLBACK).handler(new LogoutCallbackEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, certificateManager));
// SSO/Social login route
Handler<RoutingContext> socialAuthHandler = SocialAuthHandler.create(new SocialAuthenticationProvider(userAuthenticationManager, eventManager, domain));
Handler<RoutingContext> loginCallbackParseHandler = new LoginCallbackParseHandler(clientSyncService, identityProviderManager, jwtService, certificateManager);
Handler<RoutingContext> loginCallbackOpenIDConnectFlowHandler = new LoginCallbackOpenIDConnectFlowHandler(thymeleafTemplateEngine);
Handler<RoutingContext> loginCallbackFailureHandler = new LoginCallbackFailureHandler(authenticationFlowContextService);
Handler<RoutingContext> loginCallbackEndpoint = new LoginCallbackEndpoint();
Handler<RoutingContext> loginSSOPOSTEndpoint = new LoginSSOPOSTEndpoint(thymeleafTemplateEngine);
rootRouter.get(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
rootRouter.post(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
rootRouter.get(PATH_LOGIN_SSO_POST).handler(loginSSOPOSTEndpoint);
rootRouter.get(PATH_LOGIN_SSO_SPNEGO).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginNegotiateAuthenticationHandler(userAuthProvider, thymeleafTemplateEngine)).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
// MFA route
rootRouter.route(PATH_MFA_ENROLL).handler(clientRequestParseHandler).handler(new MFAEnrollEndpoint(factorManager, thymeleafTemplateEngine, userService, domain));
rootRouter.route(PATH_MFA_CHALLENGE).handler(clientRequestParseHandler).handler(rememberDeviceSettingsHandler).handler(new MFAChallengeEndpoint(factorManager, userService, thymeleafTemplateEngine, deviceService, applicationContext, domain));
rootRouter.route(PATH_MFA_CHALLENGE_ALTERNATIVES).handler(clientRequestParseHandler).handler(new MFAChallengeAlternativesEndpoint(thymeleafTemplateEngine, factorManager));
rootRouter.route(PATH_MFA_RECOVERY_CODE).handler(clientRequestParseHandler).handler(new MFARecoveryCodeEndpoint(thymeleafTemplateEngine, domain, userService));
// WebAuthn route
Handler<RoutingContext> webAuthnAccessHandler = new WebAuthnAccessHandler(domain);
rootRouter.route(PATH_WEBAUTHN_REGISTER).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnRegisterEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine));
rootRouter.route(PATH_WEBAUTHN_LOGIN).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnLoginEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine, deviceIdentifierManager, deviceService));
rootRouter.post(PATH_WEBAUTHN_RESPONSE).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnResponseEndpoint(userAuthenticationManager, webAuthn, credentialService, domain));
// Registration route
Handler<RoutingContext> registerAccessHandler = new RegisterAccessHandler(domain);
rootRouter.route(HttpMethod.GET, PATH_REGISTER).handler(clientRequestParseHandler).handler(registerAccessHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_REGISTER)).handler(new RegisterEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
rootRouter.route(HttpMethod.POST, PATH_REGISTER).handler(new RegisterSubmissionRequestParseHandler()).handler(clientRequestParseHandlerOptional).handler(botDetectionHandler).handler(registerAccessHandler).handler(passwordPolicyRequestParseHandler).handler(new RegisterProcessHandler(userService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterSubmissionEndpoint());
rootRouter.route(PATH_REGISTER).failureHandler(new RegisterFailureHandler());
rootRouter.route(HttpMethod.GET, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(new RegisterConfirmationEndpoint(thymeleafTemplateEngine, domain));
rootRouter.route(HttpMethod.POST, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterConfirmationSubmissionEndpoint(userService));
// Forgot password route
Handler<RoutingContext> forgotPasswordAccessHandler = new ForgotPasswordAccessHandler(domain);
rootRouter.route(HttpMethod.GET, PATH_FORGOT_PASSWORD).handler(clientRequestParseHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
rootRouter.route(HttpMethod.POST, PATH_FORGOT_PASSWORD).handler(new ForgotPasswordSubmissionRequestParseHandler(domain)).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordSubmissionEndpoint(userService, domain));
rootRouter.route(HttpMethod.GET, PATH_RESET_PASSWORD).handler(new ResetPasswordRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(policyChainHandler.create(ExtensionPoint.PRE_RESET_PASSWORD)).handler(new ResetPasswordEndpoint(thymeleafTemplateEngine, domain));
rootRouter.route(HttpMethod.POST, PATH_RESET_PASSWORD).handler(new ResetPasswordSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_RESET_PASSWORD)).handler(new ResetPasswordSubmissionEndpoint(userService));
// error route
rootRouter.route(HttpMethod.GET, PATH_ERROR).handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
// error handler
errorHandler(rootRouter);
// mount root router
router.mountSubRouter(path(), rootRouter);
}
Aggregations