Example 91 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class OAuth20AccessTokenControllerTests method verifyRefreshTokenExpiredToken.
@Test
public void verifyRefreshTokenExpiredToken() throws Exception {
final Principal principal = createPrincipal();
final RegisteredService registeredService = addRegisteredService();
final Authentication authentication = getAuthentication(principal);
final WebApplicationServiceFactory factory = new WebApplicationServiceFactory();
final Service service = factory.createService(registeredService.getServiceId());
final DefaultRefreshTokenFactory expiringRefreshTokenFactory = new DefaultRefreshTokenFactory(new AlwaysExpiresExpirationPolicy());
final RefreshToken refreshToken = expiringRefreshTokenFactory.create(service, authentication);
oAuth20AccessTokenController.getTicketRegistry().addTicket(refreshToken);
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
mockRequest.setParameter(OAuthConstants.GRANT_TYPE, OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
mockRequest.setParameter(OAuthConstants.REFRESH_TOKEN, refreshToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
oAuth20AccessTokenController.handleRequestInternal(mockRequest, mockResponse);
assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
assertEquals(ERROR_EQUALS + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
}
Also used :
DefaultRefreshTokenFactory(org.apereo.cas.ticket.refreshtoken.DefaultRefreshTokenFactory)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
RegisteredService(org.apereo.cas.services.RegisteredService)
RefreshToken(org.apereo.cas.ticket.refreshtoken.RefreshToken)
Authentication(org.apereo.cas.authentication.Authentication)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
WebApplicationServiceFactory(org.apereo.cas.authentication.principal.WebApplicationServiceFactory)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy)
Principal(org.apereo.cas.authentication.principal.Principal)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 92 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class MultifactorAuthenticationSetTrustAction method doExecute.
@Override
public Event doExecute(final RequestContext requestContext) throws Exception {
final Authentication c = WebUtils.getAuthentication(requestContext);
if (c == null) {
LOGGER.error("Could not determine authentication from the request context");
return error();
}
AuthenticationCredentialsLocalBinder.bindCurrent(c);
final String principal = c.getPrincipal().getId();
if (!MultifactorAuthenticationTrustUtils.isMultifactorAuthenticationTrustedInScope(requestContext)) {
LOGGER.debug("Attempt to store trusted authentication record for [{}]", principal);
final MultifactorAuthenticationTrustRecord record = MultifactorAuthenticationTrustRecord.newInstance(principal, MultifactorAuthenticationTrustUtils.generateGeography());
if (requestContext.getRequestParameters().contains(PARAM_NAME_DEVICE_NAME)) {
final String deviceName = requestContext.getRequestParameters().get(PARAM_NAME_DEVICE_NAME);
if (StringUtils.isNotBlank(deviceName)) {
record.setName(deviceName);
}
}
storage.set(record);
LOGGER.debug("Saved trusted authentication record for [{}] under [{}]", principal, record.getName());
}
LOGGER.debug("Trusted authentication session exists for [{}]", principal);
MultifactorAuthenticationTrustUtils.trackTrustedMultifactorAuthenticationAttribute(c, trustedProperties.getAuthenticationContextAttribute());
return success();
}
Also used :
MultifactorAuthenticationTrustRecord(org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord)
Authentication(org.apereo.cas.authentication.Authentication)
Example 93 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class MultifactorAuthenticationVerifyTrustAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final Authentication c = WebUtils.getAuthentication(requestContext);
if (c == null) {
LOGGER.warn("Could not determine authentication from the request context");
return no();
}
final String principal = c.getPrincipal().getId();
final LocalDate onOrAfter = LocalDate.now().minus(trustedProperties.getExpiration(), DateTimeUtils.toChronoUnit(trustedProperties.getTimeUnit()));
LOGGER.warn("Retrieving trusted authentication records for [{}] that are on/after [{}]", principal, onOrAfter);
final Set<MultifactorAuthenticationTrustRecord> results = storage.get(principal, onOrAfter);
if (results.isEmpty()) {
LOGGER.debug("No valid trusted authentication records could be found for [{}]", principal);
return no();
}
final String geography = MultifactorAuthenticationTrustUtils.generateGeography();
LOGGER.debug("Retrieving authentication records for [{}] that match [{}]", principal, geography);
if (results.stream().noneMatch(entry -> entry.getGeography().equals(geography))) {
LOGGER.debug("No trusted authentication records could be found for [{}] to match the current geography", principal);
return no();
}
LOGGER.debug("Trusted authentication records found for [{}] that matches the current geography", principal);
MultifactorAuthenticationTrustUtils.setMultifactorAuthenticationTrustedInScope(requestContext);
MultifactorAuthenticationTrustUtils.trackTrustedMultifactorAuthenticationAttribute(c, trustedProperties.getAuthenticationContextAttribute());
return yes();
}
Also used :
MultifactorAuthenticationTrustRecord(org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord)
Authentication(org.apereo.cas.authentication.Authentication)
LocalDate(java.time.LocalDate)
Example 94 with Authentication
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class U2FAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final U2FTokenCredential tokenCredential = (U2FTokenCredential) credential;
final RequestContext context = RequestContextHolder.getRequestContext();
if (context == null) {
new IllegalArgumentException("No request context could be found to locate an authentication event");
}
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
}
final Principal p = authentication.getPrincipal();
final AuthenticateResponse authenticateResponse = AuthenticateResponse.fromJson(tokenCredential.getToken());
final String authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(authenticateResponse.getRequestId(), p.getId());
final AuthenticateRequestData authenticateRequest = AuthenticateRequestData.fromJson(authJson);
DeviceRegistration registration = null;
try {
registration = u2f.finishAuthentication(authenticateRequest, authenticateResponse, u2FDeviceRepository.getRegisteredDevices(p.getId()));
return createHandlerResult(tokenCredential, p, null);
} catch (final DeviceCompromisedException e) {
registration = e.getDeviceRegistration();
throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
} finally {
u2FDeviceRepository.authenticateDevice(p.getId(), registration);
}
}
Also used :
AuthenticateResponse(com.yubico.u2f.data.messages.AuthenticateResponse)
AuthenticateRequestData(com.yubico.u2f.data.messages.AuthenticateRequestData)
Authentication(org.apereo.cas.authentication.Authentication)
DeviceRegistration(com.yubico.u2f.data.DeviceRegistration)
RequestContext(org.springframework.webflow.execution.RequestContext)
DeviceCompromisedException(com.yubico.u2f.exceptions.DeviceCompromisedException)
PreventedException(org.apereo.cas.authentication.PreventedException)
Principal(org.apereo.cas.authentication.principal.Principal)
Aggregations
Authentication (org.apereo.cas.authentication.Authentication)94
Test (org.junit.Test)45
RegisteredService (org.apereo.cas.services.RegisteredService)37
Principal (org.apereo.cas.authentication.principal.Principal)23
Service (org.apereo.cas.authentication.principal.Service)23
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)19
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)17
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17
Assertion (org.apereo.cas.validation.Assertion)12
Event (org.springframework.webflow.execution.Event)12
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)11
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)11
NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)11
HashMap (java.util.HashMap)10
HttpServletRequest (javax.servlet.http.HttpServletRequest)10
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)9
Collection (java.util.Collection)8
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)8
AuthenticationRiskScore (org.apereo.cas.api.AuthenticationRiskScore)8
Audit (org.apereo.inspektr.audit.annotation.Audit)8
