Search in sources :

Example 1 with PasswordPolicyContext

use of org.apereo.cas.authentication.support.password.PasswordPolicyContext in project cas by apereo.

the class JsonResourceAuthenticationEventExecutionPlanConfiguration method jsonResourceAuthenticationHandler.

@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@Bean
public AuthenticationHandler jsonResourceAuthenticationHandler(final CasConfigurationProperties casProperties, final ConfigurableApplicationContext applicationContext, @Qualifier("jsonPrincipalFactory") final PrincipalFactory jsonPrincipalFactory, @Qualifier(ServicesManager.BEAN_NAME) final ServicesManager servicesManager) {
    val jsonProps = casProperties.getAuthn().getJson();
    val h = new JsonResourceAuthenticationHandler(jsonProps.getName(), servicesManager, jsonPrincipalFactory, null, jsonProps.getLocation());
    h.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(jsonProps.getPasswordEncoder(), applicationContext));
    if (jsonProps.getPasswordPolicy().isEnabled()) {
        h.setPasswordPolicyConfiguration(new PasswordPolicyContext(jsonProps.getPasswordPolicy()));
    }
    h.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(jsonProps.getPrincipalTransformation()));
    h.setState(jsonProps.getState());
    return h;
}
Also used : lombok.val(lombok.val) JsonResourceAuthenticationHandler(org.apereo.cas.adaptors.generic.JsonResourceAuthenticationHandler) PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with PasswordPolicyContext

use of org.apereo.cas.authentication.support.password.PasswordPolicyContext in project cas by apereo.

the class DefaultLdapAccountStateHandlerTests method verifyNoWarning.

@Test
public void verifyNoWarning() {
    val handler = new DefaultLdapAccountStateHandler();
    val response = mock(AuthenticationResponse.class);
    handler.setAttributesToErrorMap(Map.of("attr1", AccountLockedException.class));
    val entry = new LdapEntry();
    val accountState = mock(AccountState.class);
    when(response.getAccountState()).thenReturn(accountState);
    when(response.getLdapEntry()).thenReturn(entry);
    when(response.isSuccess()).thenReturn(Boolean.TRUE);
    assertDoesNotThrow(new Executable() {

        @Override
        public void execute() throws Throwable {
            handler.handle(response, new PasswordPolicyContext());
        }
    });
    val warning = mock(AccountState.Warning.class);
    when(accountState.getWarning()).thenReturn(warning);
    when(response.getAccountState()).thenReturn(accountState);
    assertDoesNotThrow(new Executable() {

        @Override
        public void execute() throws Throwable {
            handler.handle(response, new PasswordPolicyContext());
        }
    });
}
Also used : lombok.val(lombok.val) AccountLockedException(javax.security.auth.login.AccountLockedException) PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext) LdapEntry(org.ldaptive.LdapEntry) AccountState(org.ldaptive.auth.AccountState) Executable(org.junit.jupiter.api.function.Executable) Test(org.junit.jupiter.api.Test)

Example 3 with PasswordPolicyContext

use of org.apereo.cas.authentication.support.password.PasswordPolicyContext in project cas by apereo.

the class DefaultLdapAccountStateHandlerTests method verifyActiveDirectoryErrors.

@Test
public void verifyActiveDirectoryErrors() {
    val handler = new DefaultLdapAccountStateHandler();
    val response = mock(AuthenticationResponse.class);
    when(response.isSuccess()).thenReturn(false);
    when(response.getDiagnosticMessage()).thenReturn("error data 533");
    assertThrows(AccountDisabledException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error data 532");
    assertThrows(CredentialExpiredException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error data 530");
    assertThrows(InvalidLoginTimeException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error data 701");
    assertThrows(AccountExpiredException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error data 773");
    assertThrows(AccountPasswordMustChangeException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error data 775");
    assertThrows(AccountLockedException.class, () -> handler.handle(response, new PasswordPolicyContext()));
    when(response.getDiagnosticMessage()).thenReturn("error unknown");
    assertDoesNotThrow(() -> {
        handler.handle(response, new PasswordPolicyContext());
    });
}
Also used : lombok.val(lombok.val) PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext) Test(org.junit.jupiter.api.Test)

Example 4 with PasswordPolicyContext

use of org.apereo.cas.authentication.support.password.PasswordPolicyContext in project cas by apereo.

the class OptionalWarningLdapAccountStateHandlerTests method verifyNoWarningOnMatch.

@Test
public void verifyNoWarningOnMatch() {
    val h = new OptionalWarningLdapAccountStateHandler();
    h.setWarnAttributeName("attribute");
    h.setWarningAttributeValue("value");
    h.setDisplayWarningOnMatch(false);
    val response = mock(AuthenticationResponse.class);
    val entry = mock(LdapEntry.class);
    when(response.getLdapEntry()).thenReturn(entry);
    when(entry.getAttribute(anyString())).thenReturn(new LdapAttribute("attribute", "value"));
    val messages = new ArrayList<MessageDescriptor>();
    val config = new PasswordPolicyContext();
    config.setPasswordWarningNumberOfDays(5);
    h.handleWarning(new AccountState.DefaultWarning(ZonedDateTime.now(ZoneId.systemDefault()), 1), response, config, messages);
    assertEquals(0, messages.size());
}
Also used : lombok.val(lombok.val) PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext) LdapAttribute(org.ldaptive.LdapAttribute) ArrayList(java.util.ArrayList) AccountState(org.ldaptive.auth.AccountState) Test(org.junit.jupiter.api.Test)

Example 5 with PasswordPolicyContext

use of org.apereo.cas.authentication.support.password.PasswordPolicyContext in project cas by apereo.

the class OktaAuthenticationStateHandlerAdapterTests method handlePasswordWarning.

@Test
public void handlePasswordWarning() {
    val adapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy<>(), new PasswordPolicyContext());
    val response = mock(AuthenticationResponse.class);
    when(response.getSessionToken()).thenReturn("token");
    adapter.handlePasswordWarning(response);
    assertThrows(AccountNotFoundException.class, adapter::throwExceptionIfNecessary);
    assertTrue(adapter.getWarnings().isEmpty());
}
Also used : lombok.val(lombok.val) PasswordPolicyContext(org.apereo.cas.authentication.support.password.PasswordPolicyContext) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)18 PasswordPolicyContext (org.apereo.cas.authentication.support.password.PasswordPolicyContext)18 Test (org.junit.jupiter.api.Test)16 AccountState (org.ldaptive.auth.AccountState)5 ArrayList (java.util.ArrayList)4 LdapAttribute (org.ldaptive.LdapAttribute)3 AccountLockedException (javax.security.auth.login.AccountLockedException)2 Executable (org.junit.jupiter.api.function.Executable)2 LdapEntry (org.ldaptive.LdapEntry)2 HashSet (java.util.HashSet)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 UtilityClass (lombok.experimental.UtilityClass)1 JsonResourceAuthenticationHandler (org.apereo.cas.adaptors.generic.JsonResourceAuthenticationHandler)1 DefaultLdapAccountStateHandler (org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler)1 OptionalWarningLdapAccountStateHandler (org.apereo.cas.authentication.support.OptionalWarningLdapAccountStateHandler)1 LdapException (org.ldaptive.LdapException)1 AuthenticationRequestHandler (org.ldaptive.auth.AuthenticationRequestHandler)1 AuthenticationResponseHandler (org.ldaptive.auth.AuthenticationResponseHandler)1 ActiveDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler)1 EDirectoryAuthenticationResponseHandler (org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler)1