use of io.gravitee.am.model.login.LoginSettings in project gravitee-access-management by gravitee-io.
the class WebAuthnRegisterStep method execute.
@Override
public void execute(RoutingContext routingContext, AuthenticationFlowChain flow) {
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final Session session = routingContext.session();
// check if WebAuthn is enabled
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
if (loginSettings == null || !loginSettings.isPasswordlessEnabled()) {
flow.doNext(routingContext);
return;
}
// check if user is already authenticated with passwordless
if (Boolean.TRUE.equals(session.get(ConstantKeys.PASSWORDLESS_AUTH_COMPLETED_KEY))) {
flow.doNext(routingContext);
return;
}
// check if user has skipped registration step
if (Boolean.TRUE.equals(session.get(ConstantKeys.WEBAUTHN_SKIPPED_KEY))) {
flow.doNext(routingContext);
return;
}
// else go to the WebAuthn registration page
flow.exit(this);
}
use of io.gravitee.am.model.login.LoginSettings in project gravitee-access-management by gravitee-io.
the class IdentifierFirstLoginEndpoint method renderLoginPage.
private void renderLoginPage(RoutingContext routingContext) {
final Client client = routingContext.get(CLIENT_CONTEXT_KEY);
// remove sensible client data
routingContext.put(CLIENT_CONTEXT_KEY, new ClientProperties(client));
// put domain in context data
routingContext.put(DOMAIN_CONTEXT_KEY, domain);
// put request in context
final HttpServerRequest request = routingContext.request();
EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(request.getDelegate(), true));
routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
// put login settings in context
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
// put error in context
final String error = request.getParam(ERROR_PARAM_KEY);
final String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM_KEY);
routingContext.put(ERROR_PARAM_KEY, error);
routingContext.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
// put parameters in context (backward compatibility)
Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
params.put(ERROR_PARAM_KEY, error);
params.put(ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
routingContext.put(PARAM_CONTEXT_KEY, params);
// put actions in context
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(request);
routingContext.put(ACTION_KEY, resolveProxyRequest(request, routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
routingContext.put(REGISTER_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
routingContext.put(WEBAUTHN_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
final Map<String, Object> data = generateData(routingContext, domain, client);
data.putAll(botDetectionManager.getTemplateVariables(domain, client));
this.renderPage(routingContext, data, client, logger, "Unable to render Identifier-first login page");
}
use of io.gravitee.am.model.login.LoginSettings in project gravitee-access-management by gravitee-io.
the class LoginEndpoint method prepareContext.
private void prepareContext(RoutingContext routingContext, Client client) {
// remove sensible client data
routingContext.put(ConstantKeys.CLIENT_CONTEXT_KEY, new ClientProperties(client));
// put domain in context data
routingContext.put(ConstantKeys.DOMAIN_CONTEXT_KEY, domain);
// put login settings in context data
LoginSettings loginSettings = LoginSettings.getInstance(domain, client);
var optionalSettings = ofNullable(loginSettings).filter(Objects::nonNull);
boolean isIdentifierFirstLoginEnabled = optionalSettings.map(LoginSettings::isIdentifierFirstEnabled).orElse(false);
routingContext.put(ALLOW_FORGOT_PASSWORD_CONTEXT_KEY, optionalSettings.map(LoginSettings::isForgotPasswordEnabled).orElse(false));
routingContext.put(ALLOW_REGISTER_CONTEXT_KEY, optionalSettings.map(LoginSettings::isRegisterEnabled).orElse(false));
routingContext.put(ALLOW_PASSWORDLESS_CONTEXT_KEY, optionalSettings.map(LoginSettings::isPasswordlessEnabled).orElse(false));
routingContext.put(HIDE_FORM_CONTEXT_KEY, optionalSettings.map(LoginSettings::isHideForm).orElse(false));
routingContext.put(IDENTIFIER_FIRST_LOGIN_CONTEXT_KEY, isIdentifierFirstLoginEnabled);
// put request in context
EvaluableRequest evaluableRequest = new EvaluableRequest(new VertxHttpServerRequest(routingContext.request().getDelegate(), true));
routingContext.put(REQUEST_CONTEXT_KEY, evaluableRequest);
// put error in context
final String error = routingContext.request().getParam(ConstantKeys.ERROR_PARAM_KEY);
final String errorDescription = routingContext.request().getParam(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY);
routingContext.put(ConstantKeys.ERROR_PARAM_KEY, error);
routingContext.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
// put parameters in context (backward compatibility)
Map<String, String> params = new HashMap<>(evaluableRequest.getParams().toSingleValueMap());
params.put(ConstantKeys.ERROR_PARAM_KEY, error);
params.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
final String loginHint = routingContext.request().getParam(Parameters.LOGIN_HINT);
if (loginHint != null) {
params.put(ConstantKeys.USERNAME_PARAM_KEY, loginHint);
}
routingContext.put(ConstantKeys.PARAM_CONTEXT_KEY, params);
// put action urls in context
final MultiMap queryParams = getCleanedQueryParams(routingContext.request());
routingContext.put(ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true));
routingContext.put(FORGOT_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/forgotPassword", queryParams, true));
routingContext.put(REGISTER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/register", queryParams, true));
routingContext.put(WEBAUTHN_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/webauthn/login", queryParams, true));
if (isIdentifierFirstLoginEnabled) {
routingContext.put(LOGIN_IDENTIFIER_ACTION_KEY, resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/login/identifier", queryParams, true));
}
}
use of io.gravitee.am.model.login.LoginSettings in project gravitee-access-management by gravitee-io.
the class ApplicationRepositoryTest method buildApplicationSettings.
private static ApplicationSettings buildApplicationSettings() {
ApplicationSettings settings = new ApplicationSettings();
settings.setLogin(new LoginSettings());
ApplicationOAuthSettings oauth = new ApplicationOAuthSettings();
oauth.setGrantTypes(Collections.singletonList("authorization_code"));
settings.setOauth(oauth);
oauth.setBackchannelAuthRequestSignAlg("test");
oauth.setBackchannelUserCodeParameter(true);
oauth.setBackchannelTokenDeliveryMode("poll");
oauth.setBackchannelClientNotificationEndpoint("ciba_endpoint");
ApplicationScopeSettings scopeSettings = new ApplicationScopeSettings();
scopeSettings.setScope("scopename");
scopeSettings.setDefaultScope(true);
scopeSettings.setScopeApproval(42);
oauth.setScopeSettings(List.of(scopeSettings));
return settings;
}
use of io.gravitee.am.model.login.LoginSettings in project gravitee-access-management by gravitee-io.
the class PatchDomainTest method testGetRequiredPermissions.
@Test
public void testGetRequiredPermissions() {
PatchDomain patchDomain = new PatchDomain();
assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
patchDomain.setName(Optional.of("patchName"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setDescription(Optional.of("patchDescription"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setEnabled(Optional.of(true));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setPath(Optional.of("patchPath"));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setLoginSettings(Optional.of(new LoginSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setAccountSettings(Optional.of(new AccountSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setTags(Optional.of(Collections.singleton("patchTag")));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
PatchOIDCSettings oidcSettings = new PatchOIDCSettings();
patchDomain.setOidc(Optional.of(oidcSettings));
assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
oidcSettings.setClientRegistrationSettings(Optional.of(new PatchClientRegistrationSettings()));
oidcSettings.setRedirectUriStrictMatching(Optional.of(true));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_OPENID)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setScim(Optional.of(new SCIMSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
patchDomain = new PatchDomain();
patchDomain.setUma(Optional.of(new UMASettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_UMA)), patchDomain.getRequiredPermissions());
// Check multiple permissions.
patchDomain = new PatchDomain();
patchDomain.setPath(Optional.of("patchPath"));
patchDomain.setOidc(Optional.of(oidcSettings));
patchDomain.setScim(Optional.of(new SCIMSettings()));
assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS, Permission.DOMAIN_OPENID, Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
}
Aggregations