use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication_2.
@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication_2() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=read%20write", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertTrue(location.endsWith("/mfa/challenge?scope=read+write"));
}, HttpStatusCode.FOUND_302, "Found", null);
}
use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldContinue_adaptiveMFA_condition_not_met.
@Test
public void shouldContinue_adaptiveMFA_condition_not_met() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login", HttpStatusCode.OK_200, "OK");
}
use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldContinue_adaptiveMFA_with_step_up_false_strong_auth_true_device_known.
@Test
public void shouldContinue_adaptiveMFA_with_step_up_false_strong_auth_true_device_known() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
final RememberDeviceSettings rememberDevice = new RememberDeviceSettings();
rememberDevice.setActive(true);
mfaSettings.setRememberDevice(rememberDevice);
rc.session().put(DEVICE_ALREADY_EXISTS_KEY, true);
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=read", HttpStatusCode.OK_200, "OK");
}
use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication.
@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0] == 'write'}");
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=write", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertTrue(location.endsWith("/mfa/challenge?scope=write"));
}, HttpStatusCode.FOUND_302, "Found", null);
}
use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_adaptiveMFA_with_step_up_true_strong_auth_true.
@Test
public void shouldRedirectToMFAChallengePage_adaptiveMFA_with_step_up_true_strong_auth_true() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
final RememberDeviceSettings rememberDevice = new RememberDeviceSettings();
rememberDevice.setActive(true);
mfaSettings.setRememberDevice(rememberDevice);
rc.session().put(DEVICE_ALREADY_EXISTS_KEY, true);
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=write", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertTrue(location.endsWith("/mfa/challenge?scope=write"));
}, HttpStatusCode.FOUND_302, "Found", null);
}
Aggregations