use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.
the class MFAChallengeEndpoint method getEnrolledFactor.
private EnrolledFactor getEnrolledFactor(RoutingContext routingContext, Factor factor, User endUser) {
// enrolled factor can be either in session (if user come from mfa/enroll page)
// or from the user enrolled factor list
final String savedFactorId = routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_ID_KEY);
if (factor.getId().equals(savedFactorId)) {
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId(factor.getId());
switch(factor.getFactorType()) {
case OTP:
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY)));
break;
case SMS:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
break;
case CALL:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
break;
case EMAIL:
Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(endUser)).build();
// For email even if the endUser will contains all relevant information, we extract only the Expiration Date of the code.
// this is done only to enforce the other parameter (shared secret and initialMovingFactor)
getEnrolledFactor(factor, endUser).ifPresent(ef -> {
additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
});
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY), additionalData));
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_EMAIL_ADDRESS)));
break;
case RECOVERY_CODE:
if (endUser.getFactors() != null) {
Optional<EnrolledFactorSecurity> factorSecurity = endUser.getFactors().stream().filter(ftr -> ftr.getSecurity().getType().equals(RECOVERY_CODE)).map(EnrolledFactor::getSecurity).findFirst();
factorSecurity.ifPresent(enrolledFactor::setSecurity);
}
break;
}
enrolledFactor.setCreatedAt(new Date());
enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
return enrolledFactor;
}
return getEnrolledFactor(factor, endUser).orElseThrow(() -> new FactorNotFoundException("No enrolled factor found for the end user"));
}
use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.
the class MFARecoveryCodeEndpoint method renderPage.
private void renderPage(RoutingContext routingContext) {
if (failIfUserIsNotPresent(routingContext)) {
return;
}
try {
final io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
// recovery code
final Optional<EnrolledFactorSecurity> factorSecurity = userEnrolledFactorSecurity(endUser);
if (factorSecurity.isPresent()) {
final List<String> recoveryCodeList = (List<String>) factorSecurity.get().getAdditionalData().get(RECOVERY_CODE);
// add recoveryCodeList to the context for thymeleaf
final String recoveryCodes = "recoveryCodes";
routingContext.put(recoveryCodes, recoveryCodeList);
}
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
final String recoveryCodeUrl = UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/mfa/recovery_code", queryParams, true);
routingContext.put("recoveryCodeURL", recoveryCodeUrl);
// render the mfa recovery code page
this.renderPage(routingContext, generateData(routingContext, domain, client), client, logger, "Unable to render MFA recovery code page");
} catch (Exception ex) {
logger.error("An error occurs while rendering MFA recovery code page", ex);
routingContext.fail(503);
}
}
use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.
the class AccountFactorsEndpointHandler method buildEnrolledFactor.
private EnrolledFactor buildEnrolledFactor(Factor factor, Enrollment enrollment, EnrollmentAccount account, User user) {
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId(factor.getId());
enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
switch(factor.getFactorType()) {
case OTP:
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey()));
break;
case SMS:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, account.getPhoneNumber()));
break;
case CALL:
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, account.getPhoneNumber()));
break;
case EMAIL:
Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(user)).build();
// For email even if the endUser will contain all relevant information, we extract only the Expiration Date of the code.
// this is done only to enforce the other parameter (shared secret and initialMovingFactor)
getEnrolledFactor(factor.getId(), user).ifPresent(ef -> {
additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
});
enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey(), additionalData));
enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, account.getEmail()));
break;
default:
throw new IllegalStateException("Unexpected value: " + factor.getFactorType().getType());
}
enrolledFactor.setCreatedAt(new Date());
enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
return enrolledFactor;
}
use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.
the class AccountFactorsEndpointHandlerTest method addFactors.
private void addFactors(User user) {
final Map<String, Object> recoveryCode = Map.of(RECOVERY_CODE, Arrays.asList("one", "two", "three"));
final EnrolledFactor securityEnrolledFactor = new EnrolledFactor();
securityEnrolledFactor.setSecurity(new EnrolledFactorSecurity(RECOVERY_CODE, "3", recoveryCode));
user.setFactors(Arrays.asList(securityEnrolledFactor, smsFactor()));
}
use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.
the class OrganizationUserRepositoryTest method buildUser.
private User buildUser() {
User user = new User();
String random = UUID.randomUUID().toString();
user.setReferenceType(ReferenceType.ORGANIZATION);
user.setReferenceId("organization" + random);
user.setUsername("username" + random);
user.setEmail(random + "@acme.fr");
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date());
user.setAccountNonExpired(true);
user.setAccountNonLocked(true);
user.setClient("client" + random);
user.setCreatedAt(new Date());
user.setCredentialsNonExpired(true);
user.setDisplayName("display" + random);
user.setEnabled(true);
user.setExternalId("external" + random);
user.setInternal(false);
user.setLastName("last" + random);
user.setLoggedAt(new Date());
user.setFirstName("first" + random);
user.setLoginsCount(5l);
user.setNewsletter(false);
user.setNickName("nick" + random);
user.setSource("gravitee");
user.setPassword("testpassword");
Attribute attribute = new Attribute();
attribute.setPrimary(true);
attribute.setType("attrType");
attribute.setValue("val" + random);
user.setEmails(Arrays.asList(attribute));
user.setPhotos(Arrays.asList(attribute));
user.setPhoneNumbers(Arrays.asList(attribute));
user.setIms(Arrays.asList(attribute));
user.setEntitlements(Arrays.asList("ent" + random));
user.setRoles(Arrays.asList("role" + random));
user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
Address addr = new Address();
addr.setCountry("fr");
user.setAddresses(Arrays.asList(addr));
Certificate certificate = new Certificate();
certificate.setValue("cert" + random);
user.setX509Certificates(Arrays.asList(certificate));
EnrolledFactor fact = new EnrolledFactor();
fact.setAppId("app" + random);
fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
user.setFactors(Arrays.asList(fact));
Map<String, Object> info = new HashMap<>();
info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
user.setAdditionalInformation(info);
return user;
}
Aggregations