use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class MFAChallengeAlternativesEndpoint method get.
private void get(RoutingContext routingContext) {
if (routingContext.user() == null) {
logger.warn("User must be authenticated to access MFA challenge alternatives page.");
routingContext.fail(new HttpException(401, "User must be authenticated to access MFA challenge alternatives page."));
return;
}
final User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
if (endUser.getFactors() == null || endUser.getFactors().size() <= 1) {
logger.warn("User must have at least two enrolled factors to access MFA challenge alternatives page.");
routingContext.fail(new HttpException(400, "User must have at least two enrolled factors to access MFA challenge alternatives page."));
return;
}
// prepare context
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final List<Factor> factors = endUser.getFactors().stream().filter(enrolledFactor -> factorManager.get(enrolledFactor.getFactorId()) != null).map(enrolledFactor -> new Factor(factorManager.getFactor(enrolledFactor.getFactorId()), enrolledFactor)).collect(Collectors.toList());
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
final String action = UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true);
routingContext.put(ConstantKeys.FACTORS_KEY, factors);
routingContext.put(ConstantKeys.ACTION_KEY, action);
// render the mfa challenge alternatives page
this.renderPage(routingContext, routingContext.data(), client, logger, "Unable to render MFA challenge alternatives page");
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class MFAEnrollEndpoint method renderPage.
private void renderPage(RoutingContext routingContext) {
try {
if (routingContext.user() == null) {
logger.warn("User must be authenticated to enroll MFA challenge.");
routingContext.fail(401);
return;
}
final io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final Map<io.gravitee.am.model.Factor, FactorProvider> factors = getFactors(client);
// Create post action url.
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
final String action = UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true);
// load factor providers
load(factors, endUser, h -> {
if (h.failed()) {
logger.error("An error occurs while loading factor providers", h.cause());
routingContext.fail(503);
return;
}
// put factors in context
routingContext.put("factors", factorsToRender(h.result()));
if (endUser.getPhoneNumbers() != null && !endUser.getPhoneNumbers().isEmpty()) {
routingContext.put("phoneNumber", endUser.getPhoneNumbers().stream().filter(attribute -> Boolean.TRUE.equals(attribute.isPrimary())).findFirst().orElse(endUser.getPhoneNumbers().get(0)).getValue());
}
if (endUser.getEmail() != null && !endUser.getEmail().isEmpty()) {
routingContext.put("emailAddress", endUser.getEmail());
}
routingContext.put(ConstantKeys.MFA_FORCE_ENROLLMENT, isForceMfaActive(client));
routingContext.put(ConstantKeys.ACTION_KEY, action);
// render the mfa enroll page
this.renderPage(routingContext, generateData(routingContext, domain, client), client, logger, "Unable to render MFA enroll page");
});
} catch (Exception ex) {
logger.error("An error occurs while rendering MFA enroll page", ex);
routingContext.fail(503);
}
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class MFARecoveryCodeEndpoint method renderPage.
private void renderPage(RoutingContext routingContext) {
if (failIfUserIsNotPresent(routingContext)) {
return;
}
try {
final io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser();
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
// recovery code
final Optional<EnrolledFactorSecurity> factorSecurity = userEnrolledFactorSecurity(endUser);
if (factorSecurity.isPresent()) {
final List<String> recoveryCodeList = (List<String>) factorSecurity.get().getAdditionalData().get(RECOVERY_CODE);
// add recoveryCodeList to the context for thymeleaf
final String recoveryCodes = "recoveryCodes";
routingContext.put(recoveryCodes, recoveryCodeList);
}
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
final String recoveryCodeUrl = UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/mfa/recovery_code", queryParams, true);
routingContext.put("recoveryCodeURL", recoveryCodeUrl);
// render the mfa recovery code page
this.renderPage(routingContext, generateData(routingContext, domain, client), client, logger, "Unable to render MFA recovery code page");
} catch (Exception ex) {
logger.error("An error occurs while rendering MFA recovery code page", ex);
routingContext.fail(503);
}
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class ForgotPasswordEndpoint method handle.
@Override
public void handle(RoutingContext routingContext) {
final HttpServerRequest request = routingContext.request();
final String error = request.getParam(ConstantKeys.ERROR_PARAM_KEY);
final String errorDescription = request.getParam(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY);
final String success = request.getParam(ConstantKeys.SUCCESS_PARAM_KEY);
final String warning = request.getParam(ConstantKeys.WARNING_PARAM_KEY);
final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final String clientId = request.getParam(Parameters.CLIENT_ID);
// add query params to context
routingContext.put(ConstantKeys.ERROR_PARAM_KEY, error);
routingContext.put(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, errorDescription);
routingContext.put(ConstantKeys.SUCCESS_PARAM_KEY, success);
routingContext.put(ConstantKeys.WARNING_PARAM_KEY, warning);
// put parameters in context (backward compatibility)
Map<String, String> params = new HashMap<>();
params.computeIfAbsent(Parameters.CLIENT_ID, val -> clientId);
params.computeIfAbsent(ConstantKeys.ERROR_PARAM_KEY, val -> error);
params.computeIfAbsent(ConstantKeys.ERROR_DESCRIPTION_PARAM_KEY, val -> errorDescription);
routingContext.put(ConstantKeys.PARAM_CONTEXT_KEY, params);
final MultiMap queryParams = RequestUtils.getCleanedQueryParams(routingContext.request());
routingContext.put(ConstantKeys.ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.request().path(), queryParams, true));
routingContext.put(ConstantKeys.LOGIN_ACTION_KEY, UriBuilderRequest.resolveProxyRequest(routingContext.request(), routingContext.get(CONTEXT_PATH) + "/login", queryParams, true));
AccountSettings settings = AccountSettings.getInstance(domain, client);
if (settings != null && settings.isResetPasswordCustomForm()) {
// otherwise display custom form (ConfirmIdentity is disabled or an identity confirmation is required)
if (settings.isResetPasswordConfirmIdentity() && !FORGOT_PASSWORD_CONFIRM.equals(warning)) {
routingContext.put(ConstantKeys.FORGOT_PASSWORD_FIELDS_KEY, Arrays.asList(FormField.getEmailField()));
} else {
routingContext.put(ConstantKeys.FORGOT_PASSWORD_FIELDS_KEY, settings.getResetPasswordCustomFormFields());
}
} else {
routingContext.put(ConstantKeys.FORGOT_PASSWORD_FIELDS_KEY, Arrays.asList(FormField.getEmailField()));
}
final Map<String, Object> data = generateData(routingContext, domain, client);
data.putAll(botDetectionManager.getTemplateVariables(domain, client));
this.renderPage(routingContext, data, client, logger, "Unable to render forgot password page");
}
use of io.gravitee.am.model.oidc.Client in project gravitee-access-management by gravitee-io.
the class AuthenticationFlowHandlerTest method shouldRedirectToMFAChallengePage_stepUp_authentication_2.
@Test
public void shouldRedirectToMFAChallengePage_stepUp_authentication_2() throws Exception {
router.route().order(-1).handler(rc -> {
// set client
Client client = new Client();
client.setFactors(Collections.singleton("factor-1"));
rc.put(ConstantKeys.CLIENT_CONTEXT_KEY, client);
MFASettings mfaSettings = new MFASettings();
mfaSettings.setStepUpAuthenticationRule("{#request.params['scope'][0].contains('write')}");
client.setMfaSettings(mfaSettings);
// set user
EnrolledFactor enrolledFactor = new EnrolledFactor();
enrolledFactor.setFactorId("factor-1");
io.gravitee.am.model.User endUser = new io.gravitee.am.model.User();
endUser.setFactors(Collections.singletonList(enrolledFactor));
rc.getDelegate().setUser(new User(endUser));
rc.session().put(ConstantKeys.STRONG_AUTH_COMPLETED_KEY, true);
rc.next();
});
testRequest(HttpMethod.GET, "/login?scope=read%20write", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertTrue(location.endsWith("/mfa/challenge?scope=read+write"));
}, HttpStatusCode.FOUND_302, "Found", null);
}
Aggregations