Example 6 with User
use of keywhiz.auth.User in project keywhiz by square.
the class SessionLoginResourceTest method goodCredentialsSetsCookie.
@Test
public void goodCredentialsSetsCookie() throws Exception {
User user = User.named("goodUser");
when(ldapAuthenticator.authenticate(goodCredentials)).thenReturn(Optional.of(user));
Response response = sessionLoginResource.login(LoginRequest.from("good", "credentials".toCharArray()));
assertThat(response.getStatus()).isEqualTo(200);
Map<String, NewCookie> responseCookies = response.getCookies();
assertThat(responseCookies).hasSize(1).containsOnlyKeys("session");
User authUser = cookieAuthenticator.authenticate(responseCookies.get("session")).orElseThrow(RuntimeException::new);
assertThat(authUser).isEqualTo(user);
}Example 7 with User
use of keywhiz.auth.User in project keywhiz by square.
the class BcryptAuthenticator method authenticate.
@Override
public Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException {
User user = null;
String username = credentials.getUsername();
if (!User.isSanitizedUsername(username)) {
logger.info("Username: {} must match pattern: {}", username, User.USERNAME_PATTERN);
return Optional.empty();
}
// Get hashed password column from BCrypt table by username & verify hash against plaintext
String password = credentials.getPassword();
Optional<String> optionalHashedPwForUser = userDAO.getHashedPassword(username);
if (checkPassword(password, optionalHashedPwForUser)) {
user = User.named(username);
}
return Optional.ofNullable(user);
}
Also used :
User(keywhiz.auth.User)
Example 8 with User
use of keywhiz.auth.User in project keywhiz by square.
the class LdapAuthenticator method doAuthenticate.
private Optional<User> doAuthenticate(BasicCredentials credentials) {
User user = null;
try {
String username = credentials.getUsername();
if (!User.isSanitizedUsername(username)) {
logger.info("Username: {} must match pattern: {}", username, User.USERNAME_PATTERN);
return Optional.empty();
}
String userDN = dnFromUsername(username);
String password = credentials.getPassword();
// Must have password for current config
if (Strings.isNullOrEmpty(password)) {
logger.info("No password for user provided");
return Optional.empty();
}
LDAPConnection authenticatedConnection = connectionFactory.getLDAPConnection(userDN, password);
authenticatedConnection.close();
Set<String> requiredRoles = config.getRequiredRoles();
if (!requiredRoles.isEmpty()) {
Set<String> roles = rolesFromDN(userDN);
boolean accessAllowed = false;
for (String requiredRole : requiredRoles) {
if (roles.contains(requiredRole)) {
accessAllowed = true;
}
}
if (!accessAllowed) {
logger.warn("User {} not in one of required LDAP roles: [{}].", username, requiredRoles);
throw new ForbiddenException();
}
}
user = User.named(username);
} catch (LDAPException le) {
// The INVALID_CREDENTIALS case is handled by returning an absent optional from this function
if (le.getResultCode() != ResultCode.INVALID_CREDENTIALS) {
logger.error("Error connecting to LDAP", le);
throw Throwables.propagate(le);
}
} catch (GeneralSecurityException gse) {
logger.error("TLS error connecting to LDAP", gse);
throw Throwables.propagate(gse);
}
return Optional.ofNullable(user);
}
Also used :
ForbiddenException(javax.ws.rs.ForbiddenException)
User(keywhiz.auth.User)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
GeneralSecurityException(java.security.GeneralSecurityException)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
Example 9 with User
use of keywhiz.auth.User in project keywhiz by square.
the class LdapAuthenticator method authenticate.
@Override
public Optional<User> authenticate(BasicCredentials credentials) {
User user = null;
try {
String username = credentials.getUsername();
if (!User.isSanitizedUsername(username)) {
logger.info("Username: {} must match pattern: {}", username, User.USERNAME_PATTERN);
return Optional.empty();
}
String userDN = dnFromUsername(username);
String password = credentials.getPassword();
// Must have password for current config
if (Strings.isNullOrEmpty(password)) {
logger.info("No password for user provided");
return Optional.empty();
}
LDAPConnection authenticatedConnection = connectionFactory.getLDAPConnection(userDN, password);
authenticatedConnection.close();
Set<String> requiredRoles = config.getRequiredRoles();
if (!requiredRoles.isEmpty()) {
Set<String> roles = rolesFromDN(userDN);
boolean accessAllowed = false;
for (String requiredRole : requiredRoles) {
if (roles.contains(requiredRole)) {
accessAllowed = true;
}
}
if (!accessAllowed) {
logger.warn("User {} not in one of required LDAP roles: [{}].", username, requiredRoles);
throw new ForbiddenException();
}
}
user = User.named(username);
} catch (LDAPException le) {
// The INVALID_CREDENTIALS case is handled by returning an absent optional from this function
if (le.getResultCode() != ResultCode.INVALID_CREDENTIALS) {
logger.error("Error connecting to LDAP", le);
throw Throwables.propagate(le);
}
} catch (GeneralSecurityException gse) {
logger.error("TLS error connecting to LDAP", gse);
throw Throwables.propagate(gse);
}
return Optional.ofNullable(user);
}
Also used :
ForbiddenException(javax.ws.rs.ForbiddenException)
User(keywhiz.auth.User)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
GeneralSecurityException(java.security.GeneralSecurityException)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
Example 10 with User
use of keywhiz.auth.User in project keywhiz by square.
the class SessionMeResourceIntegrationTest method getInformation.
@Test
public void getInformation() throws IOException {
User validUser = User.named(DbSeedCommand.defaultUser);
client.newCall(buildLoginPost(validUser.getName(), DbSeedCommand.defaultPassword)).execute();
Request get = new Request.Builder().get().url(testUrl("/admin/me/")).build();
Response response = client.newCall(get).execute();
assertThat(response.body().string()).isEqualTo(mapper.writeValueAsString(validUser));
assertThat(response.code()).isEqualTo(200);
}Aggregations
User (keywhiz.auth.User)17
Test (org.junit.Test)13
BasicCredentials (io.dropwizard.auth.basic.BasicCredentials)8
Ignore (org.junit.Ignore)4
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2
LDAPException (com.unboundid.ldap.sdk.LDAPException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
ForbiddenException (javax.ws.rs.ForbiddenException)2
Cookie (javax.ws.rs.core.Cookie)2
NewCookie (javax.ws.rs.core.NewCookie)2
Response (javax.ws.rs.core.Response)1
SessionCookie (keywhiz.auth.cookie.SessionCookie)1
Request (okhttp3.Request)1
Response (okhttp3.Response)1
