Search in sources :

Example 1 with GoogleAuthenticatorToken

use of org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken in project cas by apereo.

the class GoogleAuthenticatorAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final GoogleAuthenticatorTokenCredential tokenCredential = (GoogleAuthenticatorTokenCredential) credential;
    if (!NumberUtils.isCreatable(tokenCredential.getToken())) {
        throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException("Invalid token " + tokenCredential.getToken()));
    }
    final int otp = Integer.parseInt(tokenCredential.getToken());
    LOGGER.debug("Received OTP [{}]", otp);
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context == null) {
        new IllegalArgumentException("No request context could be found to locate an authentication event");
    }
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
    }
    final String uid = authentication.getPrincipal().getId();
    LOGGER.debug("Received principal id [{}]", uid);
    final String secKey = this.credentialRepository.getSecret(uid);
    if (StringUtils.isBlank(secKey)) {
        throw new AccountNotFoundException(uid + " cannot be found in the registry");
    }
    if (this.tokenRepository.exists(uid, otp)) {
        throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
    }
    final boolean isCodeValid = this.googleAuthenticatorInstance.authorize(secKey, otp);
    if (isCodeValid) {
        this.tokenRepository.store(new GoogleAuthenticatorToken(otp, uid));
        return createHandlerResult(tokenCredential, this.principalFactory.createPrincipal(uid), null);
    }
    throw new FailedLoginException("Failed to authenticate code " + otp);
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) Authentication(org.apereo.cas.authentication.Authentication) AccountExpiredException(javax.security.auth.login.AccountExpiredException) GoogleAuthenticatorToken(org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken) PreventedException(org.apereo.cas.authentication.PreventedException) RequestContext(org.springframework.webflow.execution.RequestContext) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)

Example 2 with GoogleAuthenticatorToken

use of org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken in project cas by apereo.

the class MongoDbGoogleAuthenticatorTokenRepository method exists.

@Override
public boolean exists(final String uid, final Integer otp) {
    try {
        final Query query = new Query();
        query.addCriteria(Criteria.where("userId").is(uid).and("token").is(otp));
        final GoogleAuthenticatorToken r = this.mongoTemplate.findOne(query, GoogleAuthenticatorToken.class, this.collectionName);
        return r != null;
    } catch (final NoResultException e) {
        LOGGER.debug("No record could be found for google authenticator id [{}]", uid);
    }
    return false;
}
Also used : Query(org.springframework.data.mongodb.core.query.Query) GoogleAuthenticatorToken(org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken) NoResultException(javax.persistence.NoResultException)

Aggregations

GoogleAuthenticatorToken (org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken)2 NoResultException (javax.persistence.NoResultException)1 AccountExpiredException (javax.security.auth.login.AccountExpiredException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 Authentication (org.apereo.cas.authentication.Authentication)1 PreventedException (org.apereo.cas.authentication.PreventedException)1 Query (org.springframework.data.mongodb.core.query.Query)1 RequestContext (org.springframework.webflow.execution.RequestContext)1