Search in sources :

Example 11 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class RejectUsersAuthenticationHandlerTests method verifySupportsProperUserCredentials.

@Test
public void verifySupportsProperUserCredentials() throws Exception {
    val c = new UsernamePasswordCredential();
    c.setUsername("fff");
    c.setPassword("rutgers");
    assertNotNull(this.authenticationHandler.authenticate(c));
}
Also used : lombok.val(lombok.val) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test)

Example 12 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class RejectUsersAuthenticationHandlerTests method verifyPassesUserNotInMap.

@Test
public void verifyPassesUserNotInMap() throws Exception {
    val c = new UsernamePasswordCredential();
    c.setUsername("fds");
    c.setPassword("rutgers");
    assertNotNull(this.authenticationHandler.authenticate(c));
}
Also used : lombok.val(lombok.val) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test)

Example 13 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class MongoDbAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException {
    val collection = mongoTemplate.getCollection(properties.getCollection());
    val it = collection.find(Filters.eq(properties.getUsernameAttribute(), transformedCredential.getUsername())).iterator();
    if (it.hasNext()) {
        val result = it.next();
        if (!result.containsKey(properties.getPasswordAttribute())) {
            throw new FailedLoginException("No password attribute found for " + transformedCredential.getId());
        }
        val entryPassword = result.get(properties.getPasswordAttribute());
        if (!getPasswordEncoder().matches(originalPassword, entryPassword.toString())) {
            LOGGER.warn("Account password on record for [{}] does not match the given/encoded password", transformedCredential.getId());
            throw new FailedLoginException();
        }
        val attributes = new HashMap<String, List<Object>>();
        result.entrySet().stream().filter(s -> !s.getKey().equals(properties.getPasswordAttribute()) && !s.getKey().equals(properties.getUsernameAttribute())).forEach(entry -> attributes.put(entry.getKey(), CollectionUtils.toCollection(entry.getValue(), ArrayList.class)));
        val principal = this.principalFactory.createPrincipal(transformedCredential.getId(), attributes);
        return createHandlerResult(transformedCredential, principal, new ArrayList<>(0));
    }
    throw new AccountNotFoundException("Unable to locate user account");
}
Also used : lombok.val(lombok.val) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) AbstractUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler) MongoDbAuthenticationProperties(org.apereo.cas.configuration.model.support.mongo.MongoDbAuthenticationProperties) lombok.val(lombok.val) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Filters(com.mongodb.client.model.Filters) Slf4j(lombok.extern.slf4j.Slf4j) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) List(java.util.List) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) GeneralSecurityException(java.security.GeneralSecurityException) MongoOperations(org.springframework.data.mongodb.core.MongoOperations) CollectionUtils(org.apereo.cas.util.CollectionUtils) FailedLoginException(javax.security.auth.login.FailedLoginException) ServicesManager(org.apereo.cas.services.ServicesManager) FailedLoginException(javax.security.auth.login.FailedLoginException) HashMap(java.util.HashMap) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)

Example 14 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class OAuth20UsernamePasswordAuthenticator method validate.

@Override
public void validate(final Credentials credentials, final WebContext webContext, final SessionStore sessionStore) throws CredentialsException {
    try {
        val upc = (UsernamePasswordCredentials) credentials;
        val casCredential = new UsernamePasswordCredential(upc.getUsername(), upc.getPassword());
        val clientIdAndSecret = OAuth20Utils.getClientIdAndClientSecret(webContext, this.sessionStore);
        if (StringUtils.isBlank(clientIdAndSecret.getKey())) {
            throw new CredentialsException("No client credentials could be identified in this request");
        }
        val clientId = clientIdAndSecret.getKey();
        val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, clientId);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
        val clientSecret = clientIdAndSecret.getRight();
        if (!OAuth20Utils.checkClientSecret(registeredService, clientSecret, registeredServiceCipherExecutor)) {
            throw new CredentialsException("Client Credentials provided is not valid for registered service: " + Objects.requireNonNull(registeredService).getName());
        }
        val redirectUri = webContext.getRequestParameter(OAuth20Constants.REDIRECT_URI).map(String::valueOf).orElse(StringUtils.EMPTY);
        val service = StringUtils.isNotBlank(redirectUri) ? this.webApplicationServiceFactory.createService(redirectUri) : null;
        val authenticationResult = authenticationSystemSupport.finalizeAuthenticationTransaction(service, casCredential);
        if (authenticationResult == null) {
            throw new CredentialsException("Could not authenticate the provided credentials");
        }
        val authentication = authenticationResult.getAuthentication();
        val principal = authentication.getPrincipal();
        val context = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(service).principal(principal).build();
        val attributes = Objects.requireNonNull(registeredService).getAttributeReleasePolicy().getAttributes(context);
        val profile = new CommonProfile();
        val id = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service, registeredService);
        LOGGER.debug("Created profile id [{}]", id);
        profile.setId(id);
        profile.addAttributes((Map) attributes);
        LOGGER.debug("Authenticated user profile [{}]", profile);
        credentials.setUserProfile(profile);
    } catch (final Exception e) {
        throw new CredentialsException("Cannot login user using CAS internal authentication", e);
    }
}
Also used : lombok.val(lombok.val) CommonProfile(org.pac4j.core.profile.CommonProfile) CredentialsException(org.pac4j.core.exception.CredentialsException) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) CredentialsException(org.pac4j.core.exception.CredentialsException) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)

Example 15 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class PasswordlessTokenAuthenticationHandlerTests method verifyAction.

@Test
public void verifyAction() throws Exception {
    val repository = new InMemoryPasswordlessTokenRepository(60);
    repository.saveToken("casuser", "123456");
    val h = new PasswordlessTokenAuthenticationHandler(null, mock(ServicesManager.class), PrincipalFactoryUtils.newPrincipalFactory(), 0, repository);
    val c = new OneTimePasswordCredential("casuser", "123456");
    assertNotNull(h.authenticate(c));
    assertThrows(FailedLoginException.class, () -> h.authenticate(new OneTimePasswordCredential("1", "2")));
    assertTrue(h.supports(c));
    assertTrue(h.supports(c.getCredentialClass()));
    assertFalse(h.supports(new UsernamePasswordCredential()));
}
Also used : lombok.val(lombok.val) ServicesManager(org.apereo.cas.services.ServicesManager) OneTimePasswordCredential(org.apereo.cas.authentication.credential.OneTimePasswordCredential) InMemoryPasswordlessTokenRepository(org.apereo.cas.impl.token.InMemoryPasswordlessTokenRepository) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)111 UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)111 Test (org.junit.jupiter.api.Test)74 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)30 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)14 SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)12 HashMap (java.util.HashMap)8 Map (java.util.Map)8 BasicCredentialMetaData (org.apereo.cas.authentication.metadata.BasicCredentialMetaData)8 LinkedHashMap (java.util.LinkedHashMap)7 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)7 Executable (org.junit.jupiter.api.function.Executable)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)6 MockRequestContext (org.springframework.webflow.test.MockRequestContext)6 ArrayList (java.util.ArrayList)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 MockServletContext (org.springframework.mock.web.MockServletContext)5 FailedLoginException (javax.security.auth.login.FailedLoginException)4 SurrogateUsernamePasswordCredential (org.apereo.cas.authentication.SurrogateUsernamePasswordCredential)4