use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class DefaultChainingMultifactorAuthenticationBypassProviderTests method verifyOperation.
@Test
public void verifyOperation() {
val applicationContext = new StaticApplicationContext();
applicationContext.refresh();
val request = new MockHttpServletRequest();
request.addHeader("headerbypass", "true");
val props = new MultifactorAuthenticationProviderBypassProperties();
props.setHttpRequestHeaders("headerbypass");
val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser");
val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal);
val p = new DefaultChainingMultifactorAuthenticationBypassProvider();
p.addMultifactorAuthenticationProviderBypassEvaluator(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId()));
assertFalse(p.isEmpty());
assertNotNull(p.getId());
assertNotNull(p.getProviderId());
assertEquals(1, p.size());
assertFalse(p.isMultifactorAuthenticationBypassed(authentication, provider.getId()));
p.rememberBypass(authentication, provider);
mockRememberBypass(provider, authentication);
assertTrue(p.isMultifactorAuthenticationBypassed(authentication, provider.getId()));
when(authentication.getAttributes()).thenReturn(new HashMap<>());
p.forgetBypass(authentication);
assertFalse(p.isMultifactorAuthenticationBypassed(authentication, provider.getId()));
val service = MultifactorAuthenticationTestUtils.getRegisteredService();
assertFalse(p.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
assertTrue(p.belongsToMultifactorAuthenticationProvider(provider.getId()).isPresent());
assertFalse(p.filterMultifactorAuthenticationProviderBypassEvaluatorsBy(provider.getId()).isEmpty());
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class AuthyAuthenticationMultifactorProviderBypassConfiguration method authyBypassEvaluator.
@ConditionalOnMissingBean(name = "authyBypassEvaluator")
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator authyBypassEvaluator(final CasConfigurationProperties casProperties, @Qualifier("authyPrincipalMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyPrincipalMultifactorAuthenticationProviderBypass, @Qualifier("authyRegisteredServiceMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyRegisteredServiceMultifactorAuthenticationProviderBypass, @Qualifier("authyRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator") final MultifactorAuthenticationProviderBypassEvaluator authyRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator, @Qualifier("authyAuthenticationMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyAuthenticationMultifactorAuthenticationProviderBypass, @Qualifier("authyCredentialMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyCredentialMultifactorAuthenticationProviderBypass, @Qualifier("authyHttpRequestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyHttpRequestMultifactorAuthenticationProviderBypass, @Qualifier("authyGroovyMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyGroovyMultifactorAuthenticationProviderBypass, @Qualifier("authyRestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator authyRestMultifactorAuthenticationProviderBypass) {
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
val props = casProperties.getAuthn().getMfa().getAuthy().getBypass();
if (StringUtils.isNotBlank(props.getPrincipalAttributeName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyPrincipalMultifactorAuthenticationProviderBypass);
}
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyRegisteredServiceMultifactorAuthenticationProviderBypass);
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator);
if (StringUtils.isNotBlank(props.getAuthenticationAttributeName()) || StringUtils.isNotBlank(props.getAuthenticationHandlerName()) || StringUtils.isNotBlank(props.getAuthenticationMethodName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyAuthenticationMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getCredentialClassType())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyCredentialMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getHttpRequestHeaders()) || StringUtils.isNotBlank(props.getHttpRequestRemoteAddress())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyHttpRequestMultifactorAuthenticationProviderBypass);
}
if (props.getGroovy().getLocation() != null) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyGroovyMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getRest().getUrl())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(authyRestMultifactorAuthenticationProviderBypass);
}
return bypass;
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class WebAuthnMultifactorProviderBypassConfiguration method webAuthnBypassEvaluator.
@ConditionalOnMissingBean(name = "webAuthnBypassEvaluator")
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator webAuthnBypassEvaluator(final CasConfigurationProperties casProperties, @Qualifier("webAuthnPrincipalMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnPrincipalMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnRegisteredServiceMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnRegisteredServiceMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator") final MultifactorAuthenticationProviderBypassEvaluator webAuthnRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator, @Qualifier("webAuthnAuthenticationMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnAuthenticationMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnCredentialMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnCredentialMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnHttpRequestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnHttpRequestMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnGroovyMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnGroovyMultifactorAuthenticationProviderBypass, @Qualifier("webAuthnRestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator webAuthnRestMultifactorAuthenticationProviderBypass) {
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
val props = casProperties.getAuthn().getMfa().getWebAuthn().getBypass();
if (StringUtils.isNotBlank(props.getPrincipalAttributeName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnPrincipalMultifactorAuthenticationProviderBypass);
}
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnRegisteredServiceMultifactorAuthenticationProviderBypass);
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator);
if (StringUtils.isNotBlank(props.getAuthenticationAttributeName()) || StringUtils.isNotBlank(props.getAuthenticationHandlerName()) || StringUtils.isNotBlank(props.getAuthenticationMethodName())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnAuthenticationMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getCredentialClassType())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnCredentialMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getHttpRequestHeaders()) || StringUtils.isNotBlank(props.getHttpRequestRemoteAddress())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnHttpRequestMultifactorAuthenticationProviderBypass);
}
if (props.getGroovy().getLocation() != null) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnGroovyMultifactorAuthenticationProviderBypass);
}
if (StringUtils.isNotBlank(props.getRest().getUrl())) {
bypass.addMultifactorAuthenticationProviderBypassEvaluator(webAuthnRestMultifactorAuthenticationProviderBypass);
}
return bypass;
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class PrepareMultifactorProviderSelectionActionTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val flowSession = new MockFlowSession(new Flow(CasWebflowConfigurer.FLOW_ID_LOGIN));
flowSession.setState(new ViewState(flowSession.getDefinitionInternal(), "viewState", mock(ViewFactory.class)));
val exec = new MockFlowExecutionContext(flowSession);
val context = new MockRequestContext(exec);
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
RequestContextHolder.setRequestContext(context);
ExternalContextHolder.setExternalContext(context.getExternalContext());
val chain = new DefaultChainingMultifactorAuthenticationProvider(new DefaultMultifactorAuthenticationFailureModeEvaluator(casProperties));
val provider = new TestMultifactorAuthenticationProvider();
provider.setBypassEvaluator(new DefaultChainingMultifactorAuthenticationBypassProvider());
chain.addMultifactorAuthenticationProvider(provider);
val attributes = new LocalAttributeMap(RegisteredService.class.getName(), RegisteredServiceTestUtils.getRegisteredService());
attributes.put(MultifactorAuthenticationProvider.class.getName(), chain);
val event = new EventFactorySupport().event(this, ChainingMultifactorAuthenticationProvider.DEFAULT_IDENTIFIER, attributes);
context.setCurrentEvent(event);
assertNull(action.execute(context));
assertNotNull(WebUtils.getSelectableMultifactorAuthenticationProviders(context));
}
use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.
the class DuoSecurityMultifactorProviderBypassConfiguration method duoSecurityAuthenticationMultifactorAuthenticationProviderBypass.
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = "duoSecurityAuthenticationMultifactorAuthenticationProviderBypass")
public MultifactorAuthenticationProviderBypassEvaluator duoSecurityAuthenticationMultifactorAuthenticationProviderBypass(final ConfigurableApplicationContext applicationContext, final CasConfigurationProperties casProperties) {
return BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(applicationContext.getEnvironment())).supply(() -> {
val duoProps = casProperties.getAuthn().getMfa().getDuo();
val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
duoProps.stream().filter(duo -> {
val props = duo.getBypass();
return StringUtils.isNotBlank(props.getAuthenticationAttributeName()) || StringUtils.isNotBlank(props.getAuthenticationHandlerName()) || StringUtils.isNotBlank(props.getAuthenticationMethodName());
}).forEach(duo -> bypass.addMultifactorAuthenticationProviderBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(duo.getBypass(), duo.getId())));
if (bypass.isEmpty()) {
return NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance();
}
return bypass;
}).otherwiseProxy().get();
}
Aggregations