Example 1 with EnrolledFactorChannel
use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.
the class MFAChallengeEndpoint method getEnrolledFactor.
private EnrolledFactor getEnrolledFactor(RoutingContext routingContext, Factor factor, User endUser) {
// enrolled factor can be either in session (if user come from mfa/enroll page)
// or from the user enrolled factor list
final String savedFactorId = routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_ID_KEY);
if (factor.getId().equals(savedFactorId)) {
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId(factor.getId());
switch(factor.getFactorType()) {
case OTP:
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY)));
break;
case SMS:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
break;
case CALL:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
break;
case EMAIL:
Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(endUser)).build();
// For email even if the endUser will contains all relevant information, we extract only the Expiration Date of the code.
// this is done only to enforce the other parameter (shared secret and initialMovingFactor)
getEnrolledFactor(factor, endUser).ifPresent(ef -> {
additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
});
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY), additionalData));
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_EMAIL_ADDRESS)));
break;
case RECOVERY_CODE:
if (endUser.getFactors() != null) {
Optional<EnrolledFactorSecurity> factorSecurity = endUser.getFactors().stream().filter(ftr -> ftr.getSecurity().getType().equals(RECOVERY_CODE)).map(EnrolledFactor::getSecurity).findFirst();
factorSecurity.ifPresent(enrolledFactor::setSecurity);
}
break;
}
enrolledFactor.setCreatedAt(new Date());
enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
return enrolledFactor;
}
return getEnrolledFactor(factor, endUser).orElseThrow(() -> new FactorNotFoundException("No enrolled factor found for the end user"));
}
Also used :
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
FactorNotFoundException(io.gravitee.am.service.exception.FactorNotFoundException)
EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel)
EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)
Example 2 with EnrolledFactorChannel
use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.
the class AccountFactorsEndpointHandler method buildEnrolledFactor.
private EnrolledFactor buildEnrolledFactor(Factor factor, Enrollment enrollment, EnrollmentAccount account, User user) {
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId(factor.getId());
enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
switch(factor.getFactorType()) {
case OTP:
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey()));
break;
case SMS:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, account.getPhoneNumber()));
break;
case CALL:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, account.getPhoneNumber()));
break;
case EMAIL:
Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(user)).build();
// For email even if the endUser will contain all relevant information, we extract only the Expiration Date of the code.
// this is done only to enforce the other parameter (shared secret and initialMovingFactor)
getEnrolledFactor(factor.getId(), user).ifPresent(ef -> {
additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
});
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey(), additionalData));
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, account.getEmail()));
break;
default:
throw new IllegalStateException("Unexpected value: " + factor.getFactorType().getType());
}
enrolledFactor.setCreatedAt(new Date());
enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
return enrolledFactor;
}
Also used :
EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel)
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
UpdateEnrolledFactor(io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor)
JsonObject(io.vertx.core.json.JsonObject)
EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)
Example 3 with EnrolledFactorChannel
use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.
the class OrganizationUserRepositoryTest method buildUser.
private User buildUser() {
User user = new User();
String random = UUID.randomUUID().toString();
user.setReferenceType(ReferenceType.ORGANIZATION);
user.setReferenceId("organization" + random);
user.setUsername("username" + random);
user.setEmail(random + "@acme.fr");
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date());
user.setAccountNonExpired(true);
user.setAccountNonLocked(true);
user.setClient("client" + random);
user.setCreatedAt(new Date());
user.setCredentialsNonExpired(true);
user.setDisplayName("display" + random);
user.setEnabled(true);
user.setExternalId("external" + random);
user.setInternal(false);
user.setLastName("last" + random);
user.setLoggedAt(new Date());
user.setFirstName("first" + random);
user.setLoginsCount(5l);
user.setNewsletter(false);
user.setNickName("nick" + random);
user.setSource("gravitee");
user.setPassword("testpassword");
Attribute attribute = new Attribute();
attribute.setPrimary(true);
attribute.setType("attrType");
attribute.setValue("val" + random);
user.setEmails(Arrays.asList(attribute));
user.setPhotos(Arrays.asList(attribute));
user.setPhoneNumbers(Arrays.asList(attribute));
user.setIms(Arrays.asList(attribute));
user.setEntitlements(Arrays.asList("ent" + random));
user.setRoles(Arrays.asList("role" + random));
user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
Address addr = new Address();
addr.setCountry("fr");
user.setAddresses(Arrays.asList(addr));
Certificate certificate = new Certificate();
certificate.setValue("cert" + random);
user.setX509Certificates(Arrays.asList(certificate));
EnrolledFactor fact = new EnrolledFactor();
fact.setAppId("app" + random);
fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
user.setFactors(Arrays.asList(fact));
Map<String, Object> info = new HashMap<>();
info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
user.setAdditionalInformation(info);
return user;
}
Also used :
EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel)
User(io.gravitee.am.model.User)
Address(io.gravitee.am.model.scim.Address)
Attribute(io.gravitee.am.model.scim.Attribute)
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)
Certificate(io.gravitee.am.model.scim.Certificate)
Example 4 with EnrolledFactorChannel
use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.
the class UserRepositoryTest method buildUser.
private User buildUser() {
User user = new User();
String random = UUID.randomUUID().toString();
user.setReferenceType(ReferenceType.DOMAIN);
user.setReferenceId("domain" + random);
user.setUsername("username" + random);
user.setEmail(random + "@acme.fr");
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date());
user.setAccountNonExpired(true);
user.setAccountNonLocked(true);
user.setClient("client" + random);
user.setCreatedAt(new Date());
user.setMfaEnrollmentSkippedAt(new Date());
user.setCredentialsNonExpired(true);
user.setDisplayName("display" + random);
user.setEnabled(true);
user.setExternalId("external" + random);
user.setInternal(false);
user.setLastName("last" + random);
user.setLoggedAt(new Date());
user.setLastPasswordReset(new Date());
user.setFirstName("first" + random);
user.setLoginsCount(5l);
user.setNewsletter(false);
user.setNickName("nick" + random);
user.setSource("test");
Attribute attribute = new Attribute();
attribute.setPrimary(true);
attribute.setType("attrType");
attribute.setValue("val" + random);
user.setEmails(Arrays.asList(attribute));
user.setPhotos(Arrays.asList(attribute));
user.setPhoneNumbers(Arrays.asList(attribute));
user.setIms(Arrays.asList(attribute));
user.setEntitlements(Arrays.asList("ent" + random));
user.setRoles(Arrays.asList("role" + random));
user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
Address addr = new Address();
addr.setCountry("fr");
user.setAddresses(Arrays.asList(addr));
Certificate certificate = new Certificate();
certificate.setValue("cert" + random);
user.setX509Certificates(Arrays.asList(certificate));
EnrolledFactor fact = new EnrolledFactor();
fact.setAppId("app" + random);
fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
user.setFactors(Arrays.asList(fact));
Map<String, Object> info = new HashMap<>();
info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
user.setAdditionalInformation(info);
return user;
}
Also used :
EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel)
User(io.gravitee.am.model.User)
Address(io.gravitee.am.model.scim.Address)
Attribute(io.gravitee.am.model.scim.Attribute)
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)
Certificate(io.gravitee.am.model.scim.Certificate)
Example 5 with EnrolledFactorChannel
use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.
the class CallFactorProviderTest method shouldValidatePhoneNumber.
@Test
public void shouldValidatePhoneNumber() {
when(configuration.countries()).thenReturn(Arrays.asList("fr"));
EnrolledFactor factor = new EnrolledFactor();
factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.CALL, "+33615492508"));
assertTrue(provider.checkSecurityFactor(factor));
}
Also used :
EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel)
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
Test(org.junit.Test)
Aggregations
EnrolledFactorChannel (io.gravitee.am.model.factor.EnrolledFactorChannel)22
EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)21
Test (org.junit.Test)15
EnrolledFactorSecurity (io.gravitee.am.model.factor.EnrolledFactorSecurity)10
User (io.gravitee.am.model.User)8
Attribute (io.gravitee.am.model.scim.Attribute)5
Maps (io.gravitee.common.util.Maps)4
HashMap (java.util.HashMap)4
Date (java.util.Date)3
Address (io.gravitee.am.model.scim.Address)2
Certificate (io.gravitee.am.model.scim.Certificate)2
InvalidCodeException (io.gravitee.am.common.exception.mfa.InvalidCodeException)1
FactorDataKeys (io.gravitee.am.common.factor.FactorDataKeys)1
FactorSecurityType (io.gravitee.am.common.factor.FactorSecurityType)1
FactorContext (io.gravitee.am.factor.api.FactorContext)1
EmailFactorConfiguration (io.gravitee.am.factor.email.EmailFactorConfiguration)1
UpdateEnrolledFactor (io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor)1
EmailService (io.gravitee.am.gateway.handler.common.email.EmailService)1
ResourceManager (io.gravitee.am.gateway.handler.manager.resource.ResourceManager)1
UserService (io.gravitee.am.gateway.handler.root.service.user.UserService)1
