Examples with OneTimeTokenAccount - org.apereo.cas.authentication.OneTimeTokenAccount

Example 1 with OneTimeTokenAccount

use of org.apereo.cas.authentication.OneTimeTokenAccount in project cas by apereo.

the class LdapGoogleAuthenticatorTokenCredentialRepository method update.

@Override
public OneTimeTokenAccount update(final OneTimeTokenAccount account) {
    if (account.getId() < 0) {
        account.setId(RandomUtils.nextLong());
    }
    LOGGER.debug("Storing account [{}]", account);
    val entry = locateLdapEntryFor(account.getUsername());
    val ldapAttribute = Objects.requireNonNull(entry, () -> String.format("Unable to locate LDAP entry for %s", account.getUsername())).getAttribute(ldapProperties.getAccountAttributeName());
    if (ldapAttribute == null || ldapAttribute.getStringValues().isEmpty()) {
        LOGGER.debug("Adding new account for LDAP entry [{}]", entry);
        updateAccount(account, entry);
    } else {
        val existingAccounts = ldapAttribute.getStringValues().stream().map(LdapGoogleAuthenticatorTokenCredentialRepository::mapFromJson).filter(Objects::nonNull).flatMap(List::stream).map(this::decode).collect(Collectors.toSet());
        val matchingAccount = existingAccounts.stream().filter(acct -> acct.getId() == account.getId()).findFirst();
        matchingAccount.ifPresentOrElse(ac -> {
            ac.setValidationCode(account.getValidationCode());
            ac.setScratchCodes(account.getScratchCodes());
            ac.setSecretKey(account.getSecretKey());
        }, () -> existingAccounts.add(account));
        val accountsToSave = existingAccounts.stream().map(acct -> encode(account)).filter(Objects::nonNull).map(acct -> mapToJson(CollectionUtils.wrapArrayList(acct))).collect(Collectors.toSet());
        executeModifyOperation(accountsToSave, entry);
    }
    return account;
}

Also used : lombok.val(lombok.val) RandomUtils(org.apereo.cas.util.RandomUtils) ConnectionFactory(org.ldaptive.ConnectionFactory) Getter(lombok.Getter) SneakyThrows(lombok.SneakyThrows) CipherExecutor(org.apereo.cas.util.crypto.CipherExecutor) LdapGoogleAuthenticatorMultifactorProperties(org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) CollectionUtils(org.apereo.cas.util.CollectionUtils) TypeReference(com.fasterxml.jackson.core.type.TypeReference) LinkedHashSet(java.util.LinkedHashSet) Collection(java.util.Collection) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) lombok.val(lombok.val) IGoogleAuthenticator(com.warrenstrange.googleauth.IGoogleAuthenticator) Set(java.util.Set) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) OneTimeTokenAccount(org.apereo.cas.authentication.OneTimeTokenAccount) JacksonObjectMapperFactory(org.apereo.cas.util.serialization.JacksonObjectMapperFactory) DisposableBean(org.springframework.beans.factory.DisposableBean) LdapEntry(org.ldaptive.LdapEntry) LdapUtils(org.apereo.cas.util.LdapUtils) Objects(java.util.Objects) ArrayList(java.util.ArrayList) List(java.util.List)

Example 2 with OneTimeTokenAccount

use of org.apereo.cas.authentication.OneTimeTokenAccount in project cas by apereo.

the class CouchDbGoogleAuthenticatorTokenCredentialRepository method update.

@Override
public OneTimeTokenAccount update(final OneTimeTokenAccount account) {
    val records = couchDbRepository.findByUsername(account.getUsername());
    if (records == null || records.isEmpty()) {
        val newAccount = CouchDbGoogleAuthenticatorAccount.from(encode(account));
        couchDbRepository.add(newAccount);
        return newAccount;
    }
    records.stream().filter(rec -> rec.getId() == account.getId()).map(CouchDbGoogleAuthenticatorAccount.class::cast).findFirst().ifPresent(act -> couchDbRepository.update(CouchDbGoogleAuthenticatorAccount.from(account)));
    return account;
}

Also used : lombok.val(lombok.val) CouchDbGoogleAuthenticatorAccount(org.apereo.cas.couchdb.gauth.credential.CouchDbGoogleAuthenticatorAccount) Slf4j(lombok.extern.slf4j.Slf4j) OneTimeTokenAccount(org.apereo.cas.authentication.OneTimeTokenAccount) CipherExecutor(org.apereo.cas.util.crypto.CipherExecutor) Collection(java.util.Collection) lombok.val(lombok.val) IGoogleAuthenticator(com.warrenstrange.googleauth.IGoogleAuthenticator) GoogleAuthenticatorAccountCouchDbRepository(org.apereo.cas.couchdb.gauth.credential.GoogleAuthenticatorAccountCouchDbRepository) ArrayList(java.util.ArrayList) CouchDbGoogleAuthenticatorAccount(org.apereo.cas.couchdb.gauth.credential.CouchDbGoogleAuthenticatorAccount)

Example 3 with OneTimeTokenAccount

use of org.apereo.cas.authentication.OneTimeTokenAccount in project cas by apereo.

the class GoogleAuthenticatorOneTimeTokenCredentialValidator method getAuthorizedScratchCodeForToken.

/**
 * Gets authorized scratch code for token.
 *
 * @param tokenCredential the token credential
 * @param authentication  the authentication
 * @param accounts        the accounts
 * @return the authorized scratch code for token
 */
protected Optional<GoogleAuthenticatorAccount> getAuthorizedScratchCodeForToken(final GoogleAuthenticatorTokenCredential tokenCredential, final Authentication authentication, final Collection<? extends OneTimeTokenAccount> accounts) {
    val uid = authentication.getPrincipal().getId();
    val otp = Integer.parseInt(tokenCredential.getToken());
    return accounts.stream().filter(ac -> isCredentialAssignedToAccount(tokenCredential, ac) && ac.getScratchCodes().contains(otp)).map(GoogleAuthenticatorAccount.class::cast).peek(acct -> {
        LOGGER.info("Using scratch code [{}] to authenticate user [{}]. Scratch code will be removed", otp, uid);
        acct.getScratchCodes().removeIf(token -> token == otp);
        credentialRepository.update(acct);
    }).findFirst();
}

Also used : lombok.val(lombok.val) OneTimeTokenCredentialRepository(org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository) Getter(lombok.Getter) Collection(java.util.Collection) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) IGoogleAuthenticator(com.warrenstrange.googleauth.IGoogleAuthenticator) OneTimeTokenRepository(org.apereo.cas.otp.repository.token.OneTimeTokenRepository) OneTimeTokenCredentialValidator(org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialValidator) StringUtils(org.apache.commons.lang3.StringUtils) AccountExpiredException(javax.security.auth.login.AccountExpiredException) Slf4j(lombok.extern.slf4j.Slf4j) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) GeneralSecurityException(java.security.GeneralSecurityException) OneTimeTokenAccount(org.apereo.cas.authentication.OneTimeTokenAccount) Authentication(org.apereo.cas.authentication.Authentication) GoogleAuthenticatorToken(org.apereo.cas.gauth.token.GoogleAuthenticatorToken) Optional(java.util.Optional) PreventedException(org.apereo.cas.authentication.PreventedException)

Aggregations

IGoogleAuthenticator (com.warrenstrange.googleauth.IGoogleAuthenticator)3 Collection (java.util.Collection)3 Slf4j (lombok.extern.slf4j.Slf4j)3 lombok.val (lombok.val)3 OneTimeTokenAccount (org.apereo.cas.authentication.OneTimeTokenAccount)3 ArrayList (java.util.ArrayList)2 Getter (lombok.Getter)2 StringUtils (org.apache.commons.lang3.StringUtils)2 CipherExecutor (org.apereo.cas.util.crypto.CipherExecutor)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 GeneralSecurityException (java.security.GeneralSecurityException)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1 List (java.util.List)1 Objects (java.util.Objects)1 Optional (java.util.Optional)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1