Example 6 with AuthenticationHandlerExecutionResult
use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.
the class CentralAuthenticationServiceImplWithMockitoTests method prepareNewCAS.
@Before
public void prepareNewCAS() {
this.authentication = mock(Authentication.class);
when(this.authentication.getAuthenticationDate()).thenReturn(ZonedDateTime.now(ZoneOffset.UTC));
final CredentialMetaData metadata = new BasicCredentialMetaData(RegisteredServiceTestUtils.getCredentialsWithSameUsernameAndPassword("principal"));
final Map<String, AuthenticationHandlerExecutionResult> successes = new HashMap<>();
successes.put("handler1", new DefaultAuthenticationHandlerExecutionResult(mock(AuthenticationHandler.class), metadata));
when(this.authentication.getCredentials()).thenReturn(Arrays.asList(metadata));
when(this.authentication.getSuccesses()).thenReturn(successes);
when(this.authentication.getPrincipal()).thenReturn(new DefaultPrincipalFactory().createPrincipal(PRINCIPAL));
final Service service1 = getService(SVC1_ID);
final ServiceTicket stMock = createMockServiceTicket(ST_ID, service1);
final TicketGrantingTicket tgtRootMock = createRootTicketGrantingTicket();
final TicketGrantingTicket tgtMock = createMockTicketGrantingTicket(TGT_ID, stMock, false, tgtRootMock, new ArrayList<>());
when(tgtMock.getProxiedBy()).thenReturn(getService("proxiedBy"));
final List<Authentication> authnListMock = mock(List.class);
// Size is required to be 2, so that we can simulate proxying capabilities
when(authnListMock.size()).thenReturn(2);
when(authnListMock.toArray()).thenReturn(new Object[] { this.authentication, this.authentication });
when(authnListMock.get(anyInt())).thenReturn(this.authentication);
when(tgtMock.getChainedAuthentications()).thenReturn(authnListMock);
when(stMock.getTicketGrantingTicket()).thenReturn(tgtMock);
final Service service2 = getService(SVC2_ID);
final ServiceTicket stMock2 = createMockServiceTicket(ST2_ID, service2);
final TicketGrantingTicket tgtMock2 = createMockTicketGrantingTicket(TGT2_ID, stMock2, false, tgtRootMock, authnListMock);
mockTicketRegistry(stMock, tgtMock, stMock2, tgtMock2);
final ServicesManager smMock = getServicesManager(service1, service2);
final TicketFactory factory = getTicketFactory();
final AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies = new DefaultAuthenticationServiceSelectionPlan(new DefaultAuthenticationServiceSelectionStrategy());
final AuditableExecution enforcer = mock(AuditableExecution.class);
when(enforcer.execute(any())).thenReturn(new AuditableExecutionResult());
this.cas = new DefaultCentralAuthenticationService(mock(ApplicationEventPublisher.class), ticketRegMock, smMock, mock(LogoutManager.class), factory, authenticationRequestServiceSelectionStrategies, new AcceptAnyAuthenticationPolicyFactory(), new DefaultPrincipalFactory(), null, enforcer);
this.cas.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
}
Also used :
AcceptAnyAuthenticationPolicyFactory(org.apereo.cas.authentication.policy.AcceptAnyAuthenticationPolicyFactory)
DefaultAuthenticationServiceSelectionStrategy(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy)
HashMap(java.util.HashMap)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
DefaultAuthenticationServiceSelectionPlan(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan)
DefaultAuthenticationServiceSelectionPlan(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
AuditableExecution(org.apereo.cas.audit.AuditableExecution)
ServicesManager(org.apereo.cas.services.ServicesManager)
DefaultTicketFactory(org.apereo.cas.ticket.factory.DefaultTicketFactory)
TicketFactory(org.apereo.cas.ticket.TicketFactory)
DefaultProxyGrantingTicketFactory(org.apereo.cas.ticket.factory.DefaultProxyGrantingTicketFactory)
DefaultProxyTicketFactory(org.apereo.cas.ticket.factory.DefaultProxyTicketFactory)
DefaultTransientSessionTicketFactory(org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory)
DefaultServiceTicketFactory(org.apereo.cas.ticket.factory.DefaultServiceTicketFactory)
DefaultTicketGrantingTicketFactory(org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory)
Authentication(org.apereo.cas.authentication.Authentication)
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)
CredentialMetaData(org.apereo.cas.authentication.CredentialMetaData)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
Before(org.junit.Before)
Example 7 with AuthenticationHandlerExecutionResult
use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.
the class AbstractCasWebflowEventResolver method addWarningMessagesToMessageContextIfNeeded.
/**
* Add warning messages to message context if needed.
*
* @param tgtId the tgt id
* @param messageContext the message context
* @return true if warnings were found and added, false otherwise.
* @since 4.1.0
*/
private static boolean addWarningMessagesToMessageContextIfNeeded(final TicketGrantingTicket tgtId, final MessageContext messageContext) {
boolean foundAndAddedWarnings = false;
for (final Map.Entry<String, AuthenticationHandlerExecutionResult> entry : tgtId.getAuthentication().getSuccesses().entrySet()) {
for (final MessageDescriptor message : entry.getValue().getWarnings()) {
addMessageDescriptorToMessageContext(messageContext, message);
foundAndAddedWarnings = true;
}
}
return foundAndAddedWarnings;
}
Also used :
MessageDescriptor(org.apereo.cas.authentication.MessageDescriptor)
AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)
HashMap(java.util.HashMap)
LocalAttributeMap(org.springframework.webflow.core.collection.LocalAttributeMap)
Map(java.util.Map)
AttributeMap(org.springframework.webflow.core.collection.AttributeMap)
Example 8 with AuthenticationHandlerExecutionResult
use of org.apereo.cas.authentication.AuthenticationHandlerExecutionResult in project cas by apereo.
the class U2FAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws PreventedException {
val tokenCredential = (U2FTokenCredential) credential;
val authentication = Objects.requireNonNull(WebUtils.getInProgressAuthentication(), "CAS has no reference to an authentication event to locate a principal");
val principal = this.principalFactory.createPrincipal(authentication.getPrincipal().getId());
try {
val authenticateResponse = SignResponse.fromJson(tokenCredential.getToken());
val requestId = authenticateResponse.getRequestId();
val authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(requestId, principal.getId());
if (StringUtils.isBlank(authJson)) {
throw new PreventedException("Could not get device authentication request from repository for request id " + requestId);
}
val authenticateRequest = SignRequestData.fromJson(authJson);
val registeredDevices = u2FDeviceRepository.getRegisteredDevices(principal.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
if (registeredDevices.isEmpty()) {
throw new PreventedException("No registered devices could be found for " + principal.getId());
}
val registration = u2f.finishSignature(authenticateRequest, authenticateResponse, registeredDevices);
val record = U2FDeviceRegistration.builder().record(u2FDeviceRepository.getCipherExecutor().encode(registration.toJsonWithAttestationCert())).username(principal.getId()).build();
u2FDeviceRepository.verifyRegisteredDevice(record);
return createHandlerResult(tokenCredential, principal);
} catch (final Exception e) {
throw new PreventedException(e);
}
}
Also used :
lombok.val(lombok.val)
Unchecked(org.jooq.lambda.Unchecked)
SignRequestData(com.yubico.u2f.data.messages.SignRequestData)
lombok.val(lombok.val)
AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)
U2FDeviceRegistration(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRegistration)
StringUtils(org.apache.commons.lang3.StringUtils)
Collectors(java.util.stream.Collectors)
DeviceRegistration(com.yubico.u2f.data.DeviceRegistration)
Objects(java.util.Objects)
PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory)
U2FDeviceRepository(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository)
U2F(com.yubico.u2f.U2F)
AbstractPreAndPostProcessingAuthenticationHandler(org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler)
MultifactorAuthenticationHandler(org.apereo.cas.authentication.MultifactorAuthenticationHandler)
PreventedException(org.apereo.cas.authentication.PreventedException)
Credential(org.apereo.cas.authentication.Credential)
WebUtils(org.apereo.cas.web.support.WebUtils)
SignResponse(com.yubico.u2f.data.messages.SignResponse)
ServicesManager(org.apereo.cas.services.ServicesManager)
PreventedException(org.apereo.cas.authentication.PreventedException)
PreventedException(org.apereo.cas.authentication.PreventedException)
Aggregations
AuthenticationHandlerExecutionResult (org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)8
BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)4
CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)4
DefaultAuthenticationHandlerExecutionResult (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)4
BasicIdentifiableCredential (org.apereo.cas.authentication.BasicIdentifiableCredential)3
Principal (org.apereo.cas.authentication.principal.Principal)3
HashMap (java.util.HashMap)2
ServicesManager (org.apereo.cas.services.ServicesManager)2
Test (org.junit.Test)2
FacebookProfile (org.pac4j.oauth.profile.facebook.FacebookProfile)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
U2F (com.yubico.u2f.U2F)1
DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1
SignRequestData (com.yubico.u2f.data.messages.SignRequestData)1
SignResponse (com.yubico.u2f.data.messages.SignResponse)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
Objects (java.util.Objects)1
Collectors (java.util.stream.Collectors)1
lombok.val (lombok.val)1
