Search in sources :

Example 1 with MFASettings

use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.

the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication_2.

@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication_2() throws Exception {
    router.route().order(-1).handler(rc -> {
        // set client
        Client client = new Client();
        client.setFactors(Collections.singleton("factor-1"));
        rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        MFASettings mfaSettings = new MFASettings();
        mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
        client.setMfaSettings(mfaSettings);
        // set user
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId("factor-1");
        io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
        endUser.setFactors(Collections.singletonList(enrolledFactor));
        rc.getDelegate().setUser(new User(endUser));
        rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
        rc.next();
    });
    testRequest(HttpMethod.GET, "/login?scope=read%20write", null, resp -> {
        String location = resp.headers().get("location");
        assertNotNull(location);
        assertTrue(location.endsWith("/mfa/challenge?scope=read+write"));
    }, HttpStatusCode.FOUND_302, "Found", null);
}
Also used : User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) MFASettings(io.gravitee.am.model.MFASettings) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 2 with MFASettings

use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.

the class AuthenticationFlowHandlerTest method shouldContinue_adaptiveMFA_condition_not_met.

@Test
public void shouldContinue_adaptiveMFA_condition_not_met() throws Exception {
    router.route().order(-1).handler(rc -> {
        // set client
        Client client = new Client();
        client.setFactors(Collections.singleton("factor-1"));
        rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        MFASettings mfaSettings = new MFASettings();
        mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
        rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
        client.setMfaSettings(mfaSettings);
        // set user
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId("factor-1");
        io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
        endUser.setFactors(Collections.singletonList(enrolledFactor));
        rc.getDelegate().setUser(new User(endUser));
        rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
        rc.next();
    });
    testRequest(HttpMethod.GET, "/login", HttpStatusCode.OK_200, "OK");
}
Also used : User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) MFASettings(io.gravitee.am.model.MFASettings) JsonObject(io.vertx.core.json.JsonObject) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 3 with MFASettings

use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.

the class AuthenticationFlowHandlerTest method shouldContinue_adaptiveMFA_with_step_up_false_strong_auth_true_device_known.

@Test
public void shouldContinue_adaptiveMFA_with_step_up_false_strong_auth_true_device_known() throws Exception {
    router.route().order(-1).handler(rc -> {
        // set client
        Client client = new Client();
        client.setFactors(Collections.singleton("factor-1"));
        rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        MFASettings mfaSettings = new MFASettings();
        final RememberDeviceSettings rememberDevice = new RememberDeviceSettings();
        rememberDevice.setActive(true);
        mfaSettings.setRememberDevice(rememberDevice);
        rc.session().put(DEVICE_ALREADY_EXISTS_KEY, true);
        mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
        mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
        rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
        client.setMfaSettings(mfaSettings);
        // set user
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId("factor-1");
        io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
        endUser.setFactors(Collections.singletonList(enrolledFactor));
        rc.getDelegate().setUser(new User(endUser));
        rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
        rc.next();
    });
    testRequest(HttpMethod.GET, "/login?scope=read", HttpStatusCode.OK_200, "OK");
}
Also used : User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) RememberDeviceSettings(io.gravitee.am.model.RememberDeviceSettings) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) MFASettings(io.gravitee.am.model.MFASettings) JsonObject(io.vertx.core.json.JsonObject) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with MFASettings

use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.

the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication.

@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication() throws Exception {
    router.route().order(-1).handler(rc -> {
        // set client
        Client client = new Client();
        client.setFactors(Collections.singleton("factor-1"));
        rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        MFASettings mfaSettings = new MFASettings();
        mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0] == 'write'}");
        client.setMfaSettings(mfaSettings);
        // set user
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId("factor-1");
        io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
        endUser.setFactors(Collections.singletonList(enrolledFactor));
        rc.getDelegate().setUser(new User(endUser));
        rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
        rc.next();
    });
    testRequest(HttpMethod.GET, "/login?scope=write", null, resp -> {
        String location = resp.headers().get("location");
        assertNotNull(location);
        assertTrue(location.endsWith("/mfa/challenge?scope=write"));
    }, HttpStatusCode.FOUND_302, "Found", null);
}
Also used : User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) MFASettings(io.gravitee.am.model.MFASettings) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 5 with MFASettings

use of io.gravitee.am.model.MFASettings in project gravitee-access-management by gravitee-io.

the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_adaptiveMFA_with_step_up_true_strong_auth_true.

@Test
public void shouldRedirectToMFAChallengePage_adaptiveMFA_with_step_up_true_strong_auth_true() throws Exception {
    router.route().order(-1).handler(rc -> {
        // set client
        Client client = new Client();
        client.setFactors(Collections.singleton("factor-1"));
        rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
        MFASettings mfaSettings = new MFASettings();
        final RememberDeviceSettings rememberDevice = new RememberDeviceSettings();
        rememberDevice.setActive(true);
        mfaSettings.setRememberDevice(rememberDevice);
        rc.session().put(DEVICE_ALREADY_EXISTS_KEY, true);
        mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
        mfaSettings.setAdaptiveAuthenticationRule("{#context.attributes['geoip']['country_iso_code'] == 'FR'}");
        rc.put(ConstantKeys.GEOIP_KEY, new JsonObject().put("country_iso_code", "FR").getMap());
        client.setMfaSettings(mfaSettings);
        // set user
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId("factor-1");
        io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
        endUser.setFactors(Collections.singletonList(enrolledFactor));
        rc.getDelegate().setUser(new User(endUser));
        rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
        rc.next();
    });
    testRequest(HttpMethod.GET, "/login?scope=write", null, resp -> {
        String location = resp.headers().get("location");
        assertNotNull(location);
        assertTrue(location.endsWith("/mfa/challenge?scope=write"));
    }, HttpStatusCode.FOUND_302, "Found", null);
}
Also used : User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) RememberDeviceSettings(io.gravitee.am.model.RememberDeviceSettings) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) MFASettings(io.gravitee.am.model.MFASettings) JsonObject(io.vertx.core.json.JsonObject) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Aggregations

MFASettings (io.gravitee.am.model.MFASettings)36 Test (org.junit.Test)33 Client (io.gravitee.am.model.oidc.Client)22 RememberDeviceSettings (io.gravitee.am.model.RememberDeviceSettings)16 User (io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User)13 EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)11 JsonObject (io.vertx.core.json.JsonObject)7 User (io.gravitee.am.model.User)5 EnrollmentSettings (io.gravitee.am.model.EnrollmentSettings)4 MockHttpServerRequest (io.gravitee.am.gateway.handler.root.resources.handler.dummies.MockHttpServerRequest)1 Before (org.junit.Before)1