Search in sources :

Example 1 with EnrolledFactorSecurity

use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.

the class MFAChallengeEndpoint method getEnrolledFactor.

private EnrolledFactor getEnrolledFactor(RoutingContext routingContext, Factor factor, User endUser) {
    // enrolled factor can be either in session (if user come from mfa/enroll page)
    // or from the user enrolled factor list
    final String savedFactorId = routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_ID_KEY);
    if (factor.getId().equals(savedFactorId)) {
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId(factor.getId());
        switch(factor.getFactorType()) {
            case OTP:
                enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY)));
                break;
            case SMS:
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
                break;
            case CALL:
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_PHONE_NUMBER)));
                break;
            case EMAIL:
                Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(endUser)).build();
                // For email even if the endUser will contains all relevant information, we extract only the Expiration Date of the code.
                // this is done only to enforce the other parameter (shared secret and initialMovingFactor)
                getEnrolledFactor(factor, endUser).ifPresent(ef -> {
                    additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
                });
                enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_SECURITY_VALUE_KEY), additionalData));
                enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, routingContext.session().get(ConstantKeys.ENROLLED_FACTOR_EMAIL_ADDRESS)));
                break;
            case RECOVERY_CODE:
                if (endUser.getFactors() != null) {
                    Optional<EnrolledFactorSecurity> factorSecurity = endUser.getFactors().stream().filter(ftr -> ftr.getSecurity().getType().equals(RECOVERY_CODE)).map(EnrolledFactor::getSecurity).findFirst();
                    factorSecurity.ifPresent(enrolledFactor::setSecurity);
                }
                break;
        }
        enrolledFactor.setCreatedAt(new Date());
        enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
        return enrolledFactor;
    }
    return getEnrolledFactor(factor, endUser).orElseThrow(() -> new FactorNotFoundException("No enrolled factor found for the end user"));
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) FactorNotFoundException(io.gravitee.am.service.exception.FactorNotFoundException) EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 2 with EnrolledFactorSecurity

use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.

the class MFARecoveryCodeEndpoint method renderPage.

private void renderPage(RoutingContext routingContext) {
    if (failIfUserIsNotPresent(routingContext)) {
        return;
    }
    try {
        final io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
        final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
        // recovery code
        final Optional<EnrolledFactorSecurity> factorSecurity = userEnrolledFactorSecurity(endUser);
        if (factorSecurity.isPresent()) {
            final List<String> recoveryCodeList = (List<String>) factorSecurity.get().getAdditionalData().get(RECOVERY_CODE);
            // add recoveryCodeList to the context for thymeleaf
            final String recoveryCodes = "recoveryCodes";
            routingContext.put(recoveryCodes, recoveryCodeList);
        }
        final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
        final String recoveryCodeUrl = UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/mfa/recovery_code", queryParams, true);
        routingContext.put("recoveryCodeURL", recoveryCodeUrl);
        // render the mfa recovery code page
        this.renderPage(routingContext, generateData(routingContext, domain, client), client, logger, "Unable to render MFA recovery code page");
    } catch (Exception ex) {
        logger.error("An error occurs while rendering MFA recovery code page", ex);
        routingContext.fail(503);
    }
}
Also used : DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) User(io.gravitee.am.model.User) MultiMap(io.vertx.reactivex.core.MultiMap) List(java.util.List) User(io.gravitee.am.model.User) Client(io.gravitee.am.model.oidc.Client) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 3 with EnrolledFactorSecurity

use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.

the class AccountFactorsEndpointHandler method buildEnrolledFactor.

private EnrolledFactor buildEnrolledFactor(Factor factor, Enrollment enrollment, EnrollmentAccount account, User user) {
    EnrolledFactor enrolledFactor = new EnrolledFactor();
    enrolledFactor.setFactorId(factor.getId());
    enrolledFactor.setStatus(FactorStatus.PENDING_ACTIVATION);
    switch(factor.getFactorType()) {
        case OTP:
            enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey()));
            break;
        case SMS:
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.SMS, account.getPhoneNumber()));
            break;
        case CALL:
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.CALL, account.getPhoneNumber()));
            break;
        case EMAIL:
            Map<String, Object> additionalData = new Maps.MapBuilder(new HashMap()).put(FactorDataKeys.KEY_MOVING_FACTOR, generateInitialMovingFactor(user)).build();
            // For email even if the endUser will contain all relevant information, we extract only the Expiration Date of the code.
            // this is done only to enforce the other parameter (shared secret and initialMovingFactor)
            getEnrolledFactor(factor.getId(), user).ifPresent(ef -> {
                additionalData.put(FactorDataKeys.KEY_EXPIRE_AT, ef.getSecurity().getData(FactorDataKeys.KEY_EXPIRE_AT, Long.class));
            });
            enrolledFactor.setSecurity(new EnrolledFactorSecurity(SHARED_SECRET, enrollment.getKey(), additionalData));
            enrolledFactor.setChannel(new EnrolledFactorChannel(Type.EMAIL, account.getEmail()));
            break;
        default:
            throw new IllegalStateException("Unexpected value: " + factor.getFactorType().getType());
    }
    enrolledFactor.setCreatedAt(new Date());
    enrolledFactor.setUpdatedAt(enrolledFactor.getCreatedAt());
    return enrolledFactor;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) UpdateEnrolledFactor(io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor) JsonObject(io.vertx.core.json.JsonObject) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 4 with EnrolledFactorSecurity

use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.

the class AccountFactorsEndpointHandlerTest method addFactors.

private void addFactors(User user) {
    final Map<String, Object> recoveryCode = Map.of(RECOVERY_CODE, Arrays.asList("one", "two", "three"));
    final EnrolledFactor securityEnrolledFactor = new EnrolledFactor();
    securityEnrolledFactor.setSecurity(new EnrolledFactorSecurity(RECOVERY_CODE, "3", recoveryCode));
    user.setFactors(Arrays.asList(securityEnrolledFactor, smsFactor()));
}
Also used : EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity)

Example 5 with EnrolledFactorSecurity

use of io.gravitee.am.model.factor.EnrolledFactorSecurity in project gravitee-access-management by gravitee-io.

the class OrganizationUserRepositoryTest method buildUser.

private User buildUser() {
    User user = new User();
    String random = UUID.randomUUID().toString();
    user.setReferenceType(ReferenceType.ORGANIZATION);
    user.setReferenceId("organization" + random);
    user.setUsername("username" + random);
    user.setEmail(random + "@acme.fr");
    user.setAccountLockedAt(new Date());
    user.setAccountLockedUntil(new Date());
    user.setAccountNonExpired(true);
    user.setAccountNonLocked(true);
    user.setClient("client" + random);
    user.setCreatedAt(new Date());
    user.setCredentialsNonExpired(true);
    user.setDisplayName("display" + random);
    user.setEnabled(true);
    user.setExternalId("external" + random);
    user.setInternal(false);
    user.setLastName("last" + random);
    user.setLoggedAt(new Date());
    user.setFirstName("first" + random);
    user.setLoginsCount(5l);
    user.setNewsletter(false);
    user.setNickName("nick" + random);
    user.setSource("gravitee");
    user.setPassword("testpassword");
    Attribute attribute = new Attribute();
    attribute.setPrimary(true);
    attribute.setType("attrType");
    attribute.setValue("val" + random);
    user.setEmails(Arrays.asList(attribute));
    user.setPhotos(Arrays.asList(attribute));
    user.setPhoneNumbers(Arrays.asList(attribute));
    user.setIms(Arrays.asList(attribute));
    user.setEntitlements(Arrays.asList("ent" + random));
    user.setRoles(Arrays.asList("role" + random));
    user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
    Address addr = new Address();
    addr.setCountry("fr");
    user.setAddresses(Arrays.asList(addr));
    Certificate certificate = new Certificate();
    certificate.setValue("cert" + random);
    user.setX509Certificates(Arrays.asList(certificate));
    EnrolledFactor fact = new EnrolledFactor();
    fact.setAppId("app" + random);
    fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
    fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
    user.setFactors(Arrays.asList(fact));
    Map<String, Object> info = new HashMap<>();
    info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
    user.setAdditionalInformation(info);
    return user;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Address(io.gravitee.am.model.scim.Address) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity) Certificate(io.gravitee.am.model.scim.Certificate)

Aggregations

EnrolledFactorSecurity (io.gravitee.am.model.factor.EnrolledFactorSecurity)13 EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)10 EnrolledFactorChannel (io.gravitee.am.model.factor.EnrolledFactorChannel)10 User (io.gravitee.am.model.User)4 Maps (io.gravitee.common.util.Maps)4 HashMap (java.util.HashMap)4 Test (org.junit.Test)4 Date (java.util.Date)3 Address (io.gravitee.am.model.scim.Address)2 Attribute (io.gravitee.am.model.scim.Attribute)2 Certificate (io.gravitee.am.model.scim.Certificate)2 InvalidCodeException (io.gravitee.am.common.exception.mfa.InvalidCodeException)1 FactorDataKeys (io.gravitee.am.common.factor.FactorDataKeys)1 FactorSecurityType (io.gravitee.am.common.factor.FactorSecurityType)1 FactorContext (io.gravitee.am.factor.api.FactorContext)1 EmailFactorConfiguration (io.gravitee.am.factor.email.EmailFactorConfiguration)1 UpdateEnrolledFactor (io.gravitee.am.gateway.handler.account.model.UpdateEnrolledFactor)1 EmailService (io.gravitee.am.gateway.handler.common.email.EmailService)1 ResourceManager (io.gravitee.am.gateway.handler.manager.resource.ResourceManager)1 UserService (io.gravitee.am.gateway.handler.root.service.user.UserService)1