Example 1 with User
use of io.vertx.reactivex.ext.auth.User in project gravitee-access-management by gravitee-io.
the class SSOSessionHandler method authorizeUser.
private void authorizeUser(RoutingContext context, Handler<AsyncResult<Void>> handler) {
// retrieve end user and check if it's authorized to call the subsequence handlers
User authenticatedUser = context.user();
io.gravitee.am.model.User endUser = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) authenticatedUser.getDelegate()).getUser();
// check account status
checkAccountStatus(context, endUser, accountHandler -> {
if (accountHandler.failed()) {
handler.handle(Future.failedFuture(accountHandler.cause()));
return;
}
// additional check
checkClient(context, endUser, clientHandler -> {
if (clientHandler.failed()) {
handler.handle(Future.failedFuture(clientHandler.cause()));
return;
}
// continue
handler.handle(Future.succeededFuture());
});
});
}
Also used :
User(io.vertx.reactivex.ext.auth.User)
Example 2 with User
use of io.vertx.reactivex.ext.auth.User in project gravitee-access-management by gravitee-io.
the class SSOSessionHandler method checkClient.
private void checkClient(RoutingContext context, io.gravitee.am.model.User user, Handler<AsyncResult<Void>> handler) {
final String clientId = context.request().getParam(Parameters.CLIENT_ID);
// no client to check, continue
if (clientId == null) {
handler.handle(Future.succeededFuture());
return;
}
// no client to check for the user, continue
if (user.getClient() == null) {
handler.handle(Future.succeededFuture());
return;
}
// check if both clients (requested and user client) share the same identity provider
Single.zip(getClient(clientId), getClient(user.getClient()), (optRequestedClient, optUserClient) -> {
Client requestedClient = optRequestedClient.get();
Client userClient = optUserClient.get();
// no client to check, continue
if (requestedClient == null) {
return Completable.complete();
}
// no client to check for the user, continue
if (userClient == null) {
return Completable.complete();
}
// if same client, nothing to do, continue
if (userClient.getId().equals(requestedClient.getId())) {
return Completable.complete();
}
// both clients are sharing the same provider, continue
if (requestedClient.getClientId() != null && requestedClient.getIdentityProviders().stream().anyMatch(appIdp -> appIdp.getIdentity().equals(user.getSource()))) {
return Completable.complete();
}
// throw error
throw new InvalidRequestException("User is not on a shared identity provider");
}).subscribe(__ -> handler.handle(Future.succeededFuture()), error -> handler.handle(Future.failedFuture(error)));
}
Also used :
AccountStatusException(io.gravitee.am.common.exception.authentication.AccountStatusException)
AccountIllegalStateException(io.gravitee.am.common.exception.authentication.AccountIllegalStateException)
AuthenticationFlowContextService(io.gravitee.am.service.AuthenticationFlowContextService)
Logger(org.slf4j.Logger)
User(io.vertx.reactivex.ext.auth.User)
Client(io.gravitee.am.model.oidc.Client)
AccountDisabledException(io.gravitee.am.common.exception.authentication.AccountDisabledException)
Completable(io.reactivex.Completable)
Maybe(io.reactivex.Maybe)
LoggerFactory(org.slf4j.LoggerFactory)
ConstantKeys(io.gravitee.am.common.utils.ConstantKeys)
CookieSession(io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.CookieSession)
Single(io.reactivex.Single)
Future(io.vertx.core.Future)
RoutingContext(io.vertx.reactivex.ext.web.RoutingContext)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Optional(java.util.Optional)
ClientSyncService(io.gravitee.am.gateway.handler.common.client.ClientSyncService)
AsyncResult(io.vertx.core.AsyncResult)
Handler(io.vertx.core.Handler)
Parameters(io.gravitee.am.common.oauth2.Parameters)
HttpException(io.vertx.ext.web.handler.HttpException)
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
Client(io.gravitee.am.model.oidc.Client)
Example 3 with User
use of io.vertx.reactivex.ext.auth.User in project gravitee-access-management by gravitee-io.
the class UserConsentPrepareContextHandler method handle.
@Override
public void handle(RoutingContext routingContext) {
// user must redirected here after an authorization request
AuthorizationRequest authorizationRequest = routingContext.get(ConstantKeys.AUTHORIZATION_REQUEST_CONTEXT_KEY);
if (authorizationRequest == null) {
routingContext.response().setStatusCode(400).end("An authorization request is required to handle user approval");
return;
}
// check user
User authenticatedUser = routingContext.user();
if (authenticatedUser == null || !(authenticatedUser.getDelegate() instanceof io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User)) {
routingContext.fail(new AccessDeniedException());
return;
}
// prepare context
Client safeClient = new Client(routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY));
safeClient.setClientSecret(null);
io.gravitee.am.model.User user = ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) authenticatedUser.getDelegate()).getUser();
prepareContext(routingContext, safeClient, user);
routingContext.next();
}
Also used :
AccessDeniedException(io.gravitee.am.gateway.handler.oauth2.exception.AccessDeniedException)
AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)
User(io.vertx.reactivex.ext.auth.User)
Client(io.gravitee.am.model.oidc.Client)
Example 4 with User
use of io.vertx.reactivex.ext.auth.User in project gravitee-access-management by gravitee-io.
the class AuthorizationEndpointTest method shouldInvokeAuthorizationEndpoint_emptyScope.
@Test
public void shouldInvokeAuthorizationEndpoint_emptyScope() throws Exception {
final Client client = new Client();
client.setId("client-id");
client.setClientId("client-id");
client.setRedirectUris(Collections.singletonList("http://localhost:9999/callback"));
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setApproved(true);
authorizationRequest.setResponseType(ResponseType.CODE);
authorizationRequest.setRedirectUri("http://localhost:9999/callback");
AuthorizationResponse authorizationResponse = new AuthorizationCodeResponse();
authorizationResponse.setRedirectUri(authorizationRequest.getRedirectUri());
((AuthorizationCodeResponse) authorizationResponse).setCode("test-code");
router.route().order(-1).handler(routingContext -> {
routingContext.setUser(new User(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(new io.gravitee.am.model.User())));
routingContext.next();
});
when(clientSyncService.findByClientId("client-id")).thenReturn(Maybe.just(client));
when(flow.run(any(), any(), any())).thenReturn(Single.just(authorizationResponse));
router.route().order(-1).handler(routingContext -> {
routingContext.put(CLIENT_CONTEXT_KEY, client);
routingContext.next();
});
testRequest(HttpMethod.GET, "/oauth/authorize?response_type=code&client_id=client-id&redirect_uri=http://localhost:9999/callback&scope=", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertEquals("http://localhost:9999/callback?code=test-code", location);
}, HttpStatusCode.FOUND_302, "Found", null);
}
Also used :
JWTAuthorizationCodeResponse(io.gravitee.am.gateway.handler.oauth2.service.response.jwt.JWTAuthorizationCodeResponse)
AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)
User(io.vertx.reactivex.ext.auth.User)
Client(io.gravitee.am.model.oidc.Client)
Test(org.junit.Test)
Example 5 with User
use of io.vertx.reactivex.ext.auth.User in project gravitee-access-management by gravitee-io.
the class AuthorizationEndpointTest method shouldInvokeAuthorizationEndpoint_implicitFlow.
private void shouldInvokeAuthorizationEndpoint_implicitFlow(String responseType, String expectedCallback, Token accessToken, String idToken) throws Exception {
final Client client = new Client();
client.setId("client-id");
client.setClientId("client-id");
client.setScopeSettings(Collections.singletonList(new ApplicationScopeSettings("read")));
client.setRedirectUris(Collections.singletonList("http://localhost:9999/callback"));
client.setAuthorizedGrantTypes(Arrays.asList(GrantType.IMPLICIT));
client.setResponseTypes(Arrays.asList(responseType));
AuthorizationRequest authorizationRequest = new AuthorizationRequest();
authorizationRequest.setApproved(true);
authorizationRequest.setResponseType(responseType);
authorizationRequest.setRedirectUri("http://localhost:9999/callback");
AuthorizationResponse authorizationResponse = null;
if (accessToken != null) {
authorizationResponse = new ImplicitResponse();
((ImplicitResponse) authorizationResponse).setAccessToken(accessToken);
}
if (idToken != null) {
authorizationResponse = new IDTokenResponse();
((IDTokenResponse) authorizationResponse).setIdToken(idToken);
}
authorizationResponse.setRedirectUri(authorizationRequest.getRedirectUri());
router.route().order(-1).handler(routingContext -> {
routingContext.setUser(new User(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(new io.gravitee.am.model.User())));
routingContext.next();
});
when(clientSyncService.findByClientId("client-id")).thenReturn(Maybe.just(client));
when(flow.run(any(), any(), any())).thenReturn(Single.just(authorizationResponse));
testRequest(HttpMethod.GET, "/oauth/authorize?response_type=" + responseType.replaceAll("\\s", "%20") + "&client_id=client-id&nonce=123&redirect_uri=http://localhost:9999/callback", null, resp -> {
String location = resp.headers().get("location");
assertNotNull(location);
assertEquals("http://localhost:9999/callback#" + expectedCallback, location);
}, HttpStatusCode.FOUND_302, "Found", null);
}
Also used :
AuthorizationRequest(io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)
User(io.vertx.reactivex.ext.auth.User)
ApplicationScopeSettings(io.gravitee.am.model.application.ApplicationScopeSettings)
Client(io.gravitee.am.model.oidc.Client)
Aggregations
User (io.vertx.reactivex.ext.auth.User)30
Client (io.gravitee.am.model.oidc.Client)25
AuthorizationRequest (io.gravitee.am.gateway.handler.oauth2.service.request.AuthorizationRequest)20
Test (org.junit.Test)20
JWTAuthorizationCodeResponse (io.gravitee.am.gateway.handler.oauth2.service.response.jwt.JWTAuthorizationCodeResponse)11
ApplicationScopeSettings (io.gravitee.am.model.application.ApplicationScopeSettings)10
Token (io.gravitee.am.gateway.handler.oauth2.service.token.Token)3
AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)3
Date (java.util.Date)3
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)2
AccessDeniedException (io.gravitee.am.gateway.handler.oauth2.exception.AccessDeniedException)2
RoutingContext (io.vertx.reactivex.ext.web.RoutingContext)2
HttpRequestContext (io.crnk.core.engine.http.HttpRequestContext)1
QueryContext (io.crnk.core.engine.query.QueryContext)1
SecurityProvider (io.crnk.core.engine.security.SecurityProvider)1
SecurityProviderContext (io.crnk.core.engine.security.SecurityProviderContext)1
CrnkRequestInterceptor (io.crnk.setup.vertx.CrnkRequestInterceptor)1
AccountDisabledException (io.gravitee.am.common.exception.authentication.AccountDisabledException)1
AccountIllegalStateException (io.gravitee.am.common.exception.authentication.AccountIllegalStateException)1
AccountStatusException (io.gravitee.am.common.exception.authentication.AccountStatusException)1
