use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class BindModeSearchDatabaseAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException, PreventedException {
if (getDataSource() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly");
}
Connection connection = null;
try {
final String username = credential.getUsername();
final String password = credential.getPassword();
connection = this.getDataSource().getConnection(username, password);
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), new ArrayList<>(0));
} catch (final SQLException e) {
throw new FailedLoginException(e.getMessage());
} catch (final Exception e) {
throw new PreventedException("Unexpected SQL connection error", e);
} finally {
if (connection != null) {
DataSourceUtils.releaseConnection(connection, this.getDataSource());
}
}
}
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class QueryAndEncodeDatabaseAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
if (StringUtils.isBlank(this.sql) || StringUtils.isBlank(this.algorithmName) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly");
}
final String username = transformedCredential.getUsername();
try {
final Map<String, Object> values = getJdbcTemplate().queryForMap(this.sql, username);
final String digestedPassword = digestEncodedPassword(transformedCredential.getPassword(), values);
if (!values.get(this.passwordFieldName).equals(digestedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
if (StringUtils.isNotBlank(this.expiredFieldName)) {
final Object dbExpired = values.get(this.expiredFieldName);
if (dbExpired != null && (Boolean.TRUE.equals(BooleanUtils.toBoolean(dbExpired.toString())) || dbExpired.equals(Integer.valueOf(1)))) {
throw new AccountPasswordMustChangeException("Password has expired");
}
}
if (StringUtils.isNotBlank(this.disabledFieldName)) {
final Object dbDisabled = values.get(this.disabledFieldName);
if (dbDisabled != null && (Boolean.TRUE.equals(BooleanUtils.toBoolean(dbDisabled.toString())) || dbDisabled.equals(1))) {
throw new AccountDisabledException("Account has been disabled");
}
}
return createHandlerResult(transformedCredential, this.principalFactory.createPrincipal(username), new ArrayList<>(0));
} catch (final IncorrectResultSizeDataAccessException e) {
if (e.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
}
throw new FailedLoginException("Multiple records found for " + username);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
}
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class SearchModeSearchDatabaseAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException, PreventedException {
String sql = null;
if (StringUtils.isNotBlank(tableUsers) || StringUtils.isNotBlank(fieldUser) || StringUtils.isNotBlank(fieldPassword)) {
sql = "SELECT COUNT('x') FROM ".concat(this.tableUsers).concat(" WHERE ").concat(this.fieldUser).concat(" = ? AND ").concat(this.fieldPassword).concat("= ?");
}
if (StringUtils.isBlank(sql) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly. " + "No SQL statement or JDBC template found");
}
final String username = credential.getUsername();
try {
LOGGER.debug("Executing SQL query [{}]", sql);
final int count = getJdbcTemplate().queryForObject(sql, Integer.class, username, credential.getPassword());
if (count == 0) {
throw new FailedLoginException(username + " not found with SQL query.");
}
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), new ArrayList<>(0));
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
}
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class GoogleAuthenticatorAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final GoogleAuthenticatorTokenCredential tokenCredential = (GoogleAuthenticatorTokenCredential) credential;
if (!StringUtils.isNumeric(tokenCredential.getToken())) {
throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException("Invalid token " + tokenCredential.getToken()));
}
final int otp = Integer.parseInt(tokenCredential.getToken());
LOGGER.debug("Received OTP [{}]", otp);
@NonNull final Authentication authentication = WebUtils.getInProgressAuthentication();
final String uid = authentication.getPrincipal().getId();
LOGGER.debug("Received principal id [{}]", uid);
final OneTimeTokenAccount acct = this.credentialRepository.get(uid);
if (acct == null || StringUtils.isBlank(acct.getSecretKey())) {
throw new AccountNotFoundException(uid + " cannot be found in the registry");
}
if (this.tokenRepository.exists(uid, otp)) {
throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
}
boolean isCodeValid = this.googleAuthenticatorInstance.authorize(acct.getSecretKey(), otp);
if (!isCodeValid && acct.getScratchCodes().contains(otp)) {
LOGGER.warn("Using scratch code [{}] to authenticate user [{}]. Scratch code will be removed", otp, uid);
acct.getScratchCodes().removeIf(token -> token == otp);
this.credentialRepository.update(acct);
isCodeValid = true;
}
if (isCodeValid) {
this.tokenRepository.store(new GoogleAuthenticatorToken(otp, uid));
return createHandlerResult(tokenCredential, this.principalFactory.createPrincipal(uid));
}
throw new FailedLoginException("Failed to authenticate code " + otp);
}
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class FileAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
try {
if (this.fileName == null) {
throw new FileNotFoundException("Filename does not exist");
}
final String username = transformedCredential.getUsername();
final String passwordOnRecord = getPasswordOnRecord(username);
if (StringUtils.isBlank(passwordOnRecord)) {
throw new AccountNotFoundException(username + " not found in backing file.");
}
if (matches(originalPassword, passwordOnRecord)) {
return createHandlerResult(transformedCredential, this.principalFactory.createPrincipal(username), new ArrayList<>(0));
}
} catch (final IOException e) {
throw new PreventedException("IO error reading backing file", e);
}
throw new FailedLoginException();
}
Aggregations