Search in sources :

Example 6 with AuthenticationHandlerExecutionResult

use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.

the class CentralAuthenticationServiceImplWithMockitoTests method prepareNewCAS.

@Before
public void prepareNewCAS() {
    this.authentication = mock(Authentication.class);
    when(this.authentication.getAuthenticationDate()).thenReturn(ZonedDateTime.now(ZoneOffset.UTC));
    final CredentialMetaData metadata = new BasicCredentialMetaData(RegisteredServiceTestUtils.getCredentialsWithSameUsernameAndPassword("principal"));
    final Map<String, AuthenticationHandlerExecutionResult> successes = new HashMap<>();
    successes.put("handler1", new DefaultAuthenticationHandlerExecutionResult(mock(AuthenticationHandler.class), metadata));
    when(this.authentication.getCredentials()).thenReturn(Arrays.asList(metadata));
    when(this.authentication.getSuccesses()).thenReturn(successes);
    when(this.authentication.getPrincipal()).thenReturn(new DefaultPrincipalFactory().createPrincipal(PRINCIPAL));
    final Service service1 = getService(SVC1_ID);
    final ServiceTicket stMock = createMockServiceTicket(ST_ID, service1);
    final TicketGrantingTicket tgtRootMock = createRootTicketGrantingTicket();
    final TicketGrantingTicket tgtMock = createMockTicketGrantingTicket(TGT_ID, stMock, false, tgtRootMock, new ArrayList<>());
    when(tgtMock.getProxiedBy()).thenReturn(getService("proxiedBy"));
    final List<Authentication> authnListMock = mock(List.class);
    // Size is required to be 2, so that we can simulate proxying capabilities
    when(authnListMock.size()).thenReturn(2);
    when(authnListMock.toArray()).thenReturn(new Object[] { this.authentication, this.authentication });
    when(authnListMock.get(anyInt())).thenReturn(this.authentication);
    when(tgtMock.getChainedAuthentications()).thenReturn(authnListMock);
    when(stMock.getTicketGrantingTicket()).thenReturn(tgtMock);
    final Service service2 = getService(SVC2_ID);
    final ServiceTicket stMock2 = createMockServiceTicket(ST2_ID, service2);
    final TicketGrantingTicket tgtMock2 = createMockTicketGrantingTicket(TGT2_ID, stMock2, false, tgtRootMock, authnListMock);
    mockTicketRegistry(stMock, tgtMock, stMock2, tgtMock2);
    final ServicesManager smMock = getServicesManager(service1, service2);
    final TicketFactory factory = getTicketFactory();
    final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies = new DefaultAuthenticationServiceSelectionPlan(new DefaultAuthenticationServiceSelectionStrategy());
    final AuditableExecution enforcer = mock(AuditableExecution.class);
    when(enforcer.execute(any())).thenReturn(new AuditableExecutionResult());
    this.cas = new DefaultCentralAuthenticationService(mock(ApplicationEventPublisher.class), ticketRegMock, smMock, mock(LogoutManager.class), factory, authenticationRequestServiceSelectionStrategies, new AcceptAnyAuthenticationPolicyFactory(), new DefaultPrincipalFactory(), null, enforcer);
    this.cas.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
}
Also used : AcceptAnyAuthenticationPolicyFactory(org.apereo.cas.authentication.policy.AcceptAnyAuthenticationPolicyFactory) DefaultAuthenticationServiceSelectionStrategy(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy) HashMap(java.util.HashMap) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) DefaultAuthenticationServiceSelectionPlan(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan) DefaultAuthenticationServiceSelectionPlan(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan) DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult) AuditableExecution(org.apereo.cas.audit.AuditableExecution) ServicesManager(org.apereo.cas.services.ServicesManager) DefaultTicketFactory(org.apereo.cas.ticket.factory.DefaultTicketFactory) TicketFactory(org.apereo.cas.ticket.TicketFactory) DefaultProxyGrantingTicketFactory(org.apereo.cas.ticket.factory.DefaultProxyGrantingTicketFactory) DefaultProxyTicketFactory(org.apereo.cas.ticket.factory.DefaultProxyTicketFactory) DefaultTransientSessionTicketFactory(org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory) DefaultServiceTicketFactory(org.apereo.cas.ticket.factory.DefaultServiceTicketFactory) DefaultTicketGrantingTicketFactory(org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory) Authentication(org.apereo.cas.authentication.Authentication) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult) AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult) CredentialMetaData(org.apereo.cas.authentication.CredentialMetaData) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) Before(org.junit.Before)

Example 7 with AuthenticationHandlerExecutionResult

use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.

the class AbstractCasWebflowEventResolver method addWarningMessagesToMessageContextIfNeeded.

/**
 * Add warning messages to message context if needed.
 *
 * @param tgtId          the tgt id
 * @param messageContext the message context
 * @return true if warnings were found and added, false otherwise.
 * @since 4.1.0
 */
private static boolean addWarningMessagesToMessageContextIfNeeded(final TicketGrantingTicket tgtId, final MessageContext messageContext) {
    boolean foundAndAddedWarnings = false;
    for (final Map.Entry<String, AuthenticationHandlerExecutionResult> entry : tgtId.getAuthentication().getSuccesses().entrySet()) {
        for (final MessageDescriptor message : entry.getValue().getWarnings()) {
            addMessageDescriptorToMessageContext(messageContext, message);
            foundAndAddedWarnings = true;
        }
    }
    return foundAndAddedWarnings;
}
Also used : MessageDescriptor(org.apereo.cas.authentication.MessageDescriptor) AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult) HashMap(java.util.HashMap) LocalAttributeMap(org.springframework.webflow.core.collection.LocalAttributeMap) Map(java.util.Map) AttributeMap(org.springframework.webflow.core.collection.AttributeMap)

Example 8 with AuthenticationHandlerExecutionResult

use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws PreventedException {
    val tokenCredential = (U2FTokenCredential) credential;
    val authentication = Objects.requireNonNull(WebUtils.getInProgressAuthentication(), "CAS has no reference to an authentication event to locate a principal");
    val principal = this.principalFactory.createPrincipal(authentication.getPrincipal().getId());
    try {
        val authenticateResponse = SignResponse.fromJson(tokenCredential.getToken());
        val requestId = authenticateResponse.getRequestId();
        val authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(requestId, principal.getId());
        if (StringUtils.isBlank(authJson)) {
            throw new PreventedException("Could not get device authentication request from repository for request id " + requestId);
        }
        val authenticateRequest = SignRequestData.fromJson(authJson);
        val registeredDevices = u2FDeviceRepository.getRegisteredDevices(principal.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
        if (registeredDevices.isEmpty()) {
            throw new PreventedException("No registered devices could be found for " + principal.getId());
        }
        val registration = u2f.finishSignature(authenticateRequest, authenticateResponse, registeredDevices);
        val record = U2FDeviceRegistration.builder().record(u2FDeviceRepository.getCipherExecutor().encode(registration.toJsonWithAttestationCert())).username(principal.getId()).build();
        u2FDeviceRepository.verifyRegisteredDevice(record);
        return createHandlerResult(tokenCredential, principal);
    } catch (final Exception e) {
        throw new PreventedException(e);
    }
}
Also used : lombok.val(lombok.val) Unchecked(org.jooq.lambda.Unchecked) SignRequestData(com.yubico.u2f.data.messages.SignRequestData) lombok.val(lombok.val) AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult) U2FDeviceRegistration(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRegistration) StringUtils(org.apache.commons.lang3.StringUtils) Collectors(java.util.stream.Collectors) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) Objects(java.util.Objects) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) U2FDeviceRepository(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository) U2F(com.yubico.u2f.U2F) AbstractPreAndPostProcessingAuthenticationHandler(org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler) MultifactorAuthenticationHandler(org.apereo.cas.authentication.MultifactorAuthenticationHandler) PreventedException(org.apereo.cas.authentication.PreventedException) Credential(org.apereo.cas.authentication.Credential) WebUtils(org.apereo.cas.web.support.WebUtils) SignResponse(com.yubico.u2f.data.messages.SignResponse) ServicesManager(org.apereo.cas.services.ServicesManager) PreventedException(org.apereo.cas.authentication.PreventedException) PreventedException(org.apereo.cas.authentication.PreventedException)

Aggregations

AuthenticationHandlerExecutionResult (org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)8 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)4 CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)4 DefaultAuthenticationHandlerExecutionResult (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)4 BasicIdentifiableCredential (org.apereo.cas.authentication.BasicIdentifiableCredential)3 Principal (org.apereo.cas.authentication.principal.Principal)3 HashMap (java.util.HashMap)2 ServicesManager (org.apereo.cas.services.ServicesManager)2 Test (org.junit.Test)2 FacebookProfile (org.pac4j.oauth.profile.facebook.FacebookProfile)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 U2F (com.yubico.u2f.U2F)1 DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1 SignRequestData (com.yubico.u2f.data.messages.SignRequestData)1 SignResponse (com.yubico.u2f.data.messages.SignResponse)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Collectors (java.util.stream.Collectors)1 lombok.val (lombok.val)1