Search in sources :

Example 1 with EnrolledFactorChannel

use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.

the class MFAChallengeEndpoint method getEnrolledFactor.

private EnrolledFactor getEnrolledFactor(RoutingContext routingContext, Factor factor, User endUser) {
    // enrolled factor can be either in session (if user come from mfa/enroll page)
    // or from the user enrolled factor list
    final String savedFactorId = routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_ID_KEY);
    if (factor.getId().equals(savedFactorId)) {
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId(factor.getId());
        switch(factor.getFactorType()) {
            case OTP:
                enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY)));
                break;
            case SMS:
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
                break;
            case CALL:
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
                break;
            case EMAIL:
                Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(endUser)).build();
                // For email even if the endUser will contains all relevant information, we extract only the Expiration Date of the code.
                // this is done only to enforce the other parameter (shared secret and initialMovingFactor)
                getEnrolledFactor(factor, endUser).ifPresent(ef -> {
                    additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
                });
                enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY), additionalData));
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_EMAIL_ADDRESS)));
                break;
            case RECOVERY_CODE:
                if (endUser.getFactors() != null) {
                    Optional<EnrolledFactorSecurity> factorSecurity = endUser.getFactors().stream().filter(ftr -> ftr.getSecurity().getType().equals(RECOVERY_CODE)).map(EnrolledFactor::getSecurity).findFirst();
                    factorSecurity.ifPresent(enrolledFactor::setSecurity);
                }
                break;
        }
        enrolledFactor.setCreatedAt(new Date());
        enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
        return enrolledFactor;
    }
    return getEnrolledFactor(factor, endUser).orElseThrow(() -> new FactorNotFoundException("No enrolled factor found for the end user"));
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) FactorNotFoundException(io.gravitee.am.service.exception.FactorNotFoundException) EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 2 with EnrolledFactorChannel

use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.

the class AccountFactorsEndpointHandler method buildEnrolledFactor.

private EnrolledFactor buildEnrolledFactor(Factor factor, Enrollment enrollment, EnrollmentAccount account, User user) {
    EnrolledFactor enrolledFactor = new EnrolledFactor();
    enrolledFactor.setFactorId(factor.getId());
    enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
    switch(factor.getFactorType()) {
        case OTP:
            enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey()));
            break;
        case SMS:
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, account.getPhoneNumber()));
            break;
        case CALL:
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, account.getPhoneNumber()));
            break;
        case EMAIL:
            Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(user)).build();
            // For email even if the endUser will contain all relevant information, we extract only the Expiration Date of the code.
            // this is done only to enforce the other parameter (shared secret and initialMovingFactor)
            getEnrolledFactor(factor.getId(), user).ifPresent(ef -> {
                additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
            });
            enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey(), additionalData));
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, account.getEmail()));
            break;
        default:
            throw new IllegalStateException("Unexpected value: " + factor.getFactorType().getType());
    }
    enrolledFactor.setCreatedAt(new Date());
    enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
    return enrolledFactor;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) UpdateEnrolledFactor(io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor) JsonObject(io.vertx.core.json.JsonObject) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 3 with EnrolledFactorChannel

use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.

the class OrganizationUserRepositoryTest method buildUser.

private User buildUser() {
    User user = new User();
    String random = UUID.randomUUID().toString();
    user.setReferenceType(ReferenceType.ORGANIZATION);
    user.setReferenceId("organization" + random);
    user.setUsername("username" + random);
    user.setEmail(random + "@acme.fr");
    user.setAccountLockedAt(new Date());
    user.setAccountLockedUntil(new Date());
    user.setAccountNonExpired(true);
    user.setAccountNonLocked(true);
    user.setClient("client" + random);
    user.setCreatedAt(new Date());
    user.setCredentialsNonExpired(true);
    user.setDisplayName("display" + random);
    user.setEnabled(true);
    user.setExternalId("external" + random);
    user.setInternal(false);
    user.setLastName("last" + random);
    user.setLoggedAt(new Date());
    user.setFirstName("first" + random);
    user.setLoginsCount(5l);
    user.setNewsletter(false);
    user.setNickName("nick" + random);
    user.setSource("gravitee");
    user.setPassword("testpassword");
    Attribute attribute = new Attribute();
    attribute.setPrimary(true);
    attribute.setType("attrType");
    attribute.setValue("val" + random);
    user.setEmails(Arrays.asList(attribute));
    user.setPhotos(Arrays.asList(attribute));
    user.setPhoneNumbers(Arrays.asList(attribute));
    user.setIms(Arrays.asList(attribute));
    user.setEntitlements(Arrays.asList("ent" + random));
    user.setRoles(Arrays.asList("role" + random));
    user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
    Address addr = new Address();
    addr.setCountry("fr");
    user.setAddresses(Arrays.asList(addr));
    Certificate certificate = new Certificate();
    certificate.setValue("cert" + random);
    user.setX509Certificates(Arrays.asList(certificate));
    EnrolledFactor fact = new EnrolledFactor();
    fact.setAppId("app" + random);
    fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
    fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
    user.setFactors(Arrays.asList(fact));
    Map<String, Object> info = new HashMap<>();
    info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
    user.setAdditionalInformation(info);
    return user;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Address(io.gravitee.am.model.scim.Address) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity) Certificate(io.gravitee.am.model.scim.Certificate)

Example 4 with EnrolledFactorChannel

use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.

the class UserRepositoryTest method buildUser.

private User buildUser() {
    User user = new User();
    String random = UUID.randomUUID().toString();
    user.setReferenceType(ReferenceType.DOMAIN);
    user.setReferenceId("domain" + random);
    user.setUsername("username" + random);
    user.setEmail(random + "@acme.fr");
    user.setAccountLockedAt(new Date());
    user.setAccountLockedUntil(new Date());
    user.setAccountNonExpired(true);
    user.setAccountNonLocked(true);
    user.setClient("client" + random);
    user.setCreatedAt(new Date());
    user.setMfaEnrollmentSkippedAt(new Date());
    user.setCredentialsNonExpired(true);
    user.setDisplayName("display" + random);
    user.setEnabled(true);
    user.setExternalId("external" + random);
    user.setInternal(false);
    user.setLastName("last" + random);
    user.setLoggedAt(new Date());
    user.setLastPasswordReset(new Date());
    user.setFirstName("first" + random);
    user.setLoginsCount(5l);
    user.setNewsletter(false);
    user.setNickName("nick" + random);
    user.setSource("test");
    Attribute attribute = new Attribute();
    attribute.setPrimary(true);
    attribute.setType("attrType");
    attribute.setValue("val" + random);
    user.setEmails(Arrays.asList(attribute));
    user.setPhotos(Arrays.asList(attribute));
    user.setPhoneNumbers(Arrays.asList(attribute));
    user.setIms(Arrays.asList(attribute));
    user.setEntitlements(Arrays.asList("ent" + random));
    user.setRoles(Arrays.asList("role" + random));
    user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
    Address addr = new Address();
    addr.setCountry("fr");
    user.setAddresses(Arrays.asList(addr));
    Certificate certificate = new Certificate();
    certificate.setValue("cert" + random);
    user.setX509Certificates(Arrays.asList(certificate));
    EnrolledFactor fact = new EnrolledFactor();
    fact.setAppId("app" + random);
    fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
    fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
    user.setFactors(Arrays.asList(fact));
    Map<String, Object> info = new HashMap<>();
    info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
    user.setAdditionalInformation(info);
    return user;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Address(io.gravitee.am.model.scim.Address) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity) Certificate(io.gravitee.am.model.scim.Certificate)

Example 5 with EnrolledFactorChannel

use of io.gravitee.am.model.factor.EnrolledFactorChannel in project gravitee-access-management by gravitee-io.

the class CallFactorProviderTest method shouldValidatePhoneNumber.

@Test
public void shouldValidatePhoneNumber() {
    when(configuration.countries()).thenReturn(Arrays.asList("fr"));
    EnrolledFactor factor = new EnrolledFactor();
    factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.CALL, "+33615492508"));
    assertTrue(provider.checkSecurityFactor(factor));
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) Test(org.junit.Test)

Aggregations

EnrolledFactorChannel (io.gravitee.am.model.factor.EnrolledFactorChannel)22 EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)21 Test (org.junit.Test)15 EnrolledFactorSecurity (io.gravitee.am.model.factor.EnrolledFactorSecurity)10 User (io.gravitee.am.model.User)8 Attribute (io.gravitee.am.model.scim.Attribute)5 Maps (io.gravitee.common.util.Maps)4 HashMap (java.util.HashMap)4 Date (java.util.Date)3 Address (io.gravitee.am.model.scim.Address)2 Certificate (io.gravitee.am.model.scim.Certificate)2 InvalidCodeException (io.gravitee.am.common.exception.mfa.InvalidCodeException)1 FactorDataKeys (io.gravitee.am.common.factor.FactorDataKeys)1 FactorSecurityType (io.gravitee.am.common.factor.FactorSecurityType)1 FactorContext (io.gravitee.am.factor.api.FactorContext)1 EmailFactorConfiguration (io.gravitee.am.factor.email.EmailFactorConfiguration)1 UpdateEnrolledFactor (io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor)1 EmailService (io.gravitee.am.gateway.handler.common.email.EmailService)1 ResourceManager (io.gravitee.am.gateway.handler.manager.resource.ResourceManager)1 UserService (io.gravitee.am.gateway.handler.root.service.user.UserService)1