Search in sources :

Example 6 with MultifactorAuthenticationProviderBypassProperties

use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.

the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByHttpRequestRemoteHost.

@Test
public void verifyMultifactorAuthenticationBypassByHttpRequestRemoteHost() {
    val applicationContext = new StaticApplicationContext();
    applicationContext.refresh();
    ApplicationContextProvider.holdApplicationContext(applicationContext);
    ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
    val request = new MockHttpServletRequest();
    request.setRemoteHost("somewhere.example.org");
    val props = new MultifactorAuthenticationProviderBypassProperties();
    props.setHttpRequestRemoteAddress(".+example\\.org");
    val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser");
    val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal);
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
    val bypass = new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
    val service = MultifactorAuthenticationTestUtils.getRegisteredService();
    assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
Also used : lombok.val(lombok.val) MultifactorAuthenticationProviderBypassProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties) StaticApplicationContext(org.springframework.context.support.StaticApplicationContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpRequestMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator) Test(org.junit.jupiter.api.Test)

Example 7 with MultifactorAuthenticationProviderBypassProperties

use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.

the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByPrincipalAttributes.

@Test
public void verifyMultifactorAuthenticationBypassByPrincipalAttributes() {
    val applicationContext = new StaticApplicationContext();
    applicationContext.refresh();
    ApplicationContextProvider.holdApplicationContext(applicationContext);
    ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
    val request = new MockHttpServletRequest();
    val props = new MultifactorAuthenticationProviderBypassProperties();
    props.setPrincipalAttributeName("givenName");
    props.setPrincipalAttributeValue("CAS");
    val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS"));
    val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal, CollectionUtils.wrap("authnFlag", "bypass"));
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
    val bypass = new PrincipalMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
    val service = MultifactorAuthenticationTestUtils.getRegisteredService();
    assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
Also used : lombok.val(lombok.val) MultifactorAuthenticationProviderBypassProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties) StaticApplicationContext(org.springframework.context.support.StaticApplicationContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) PrincipalMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator) Test(org.junit.jupiter.api.Test)

Example 8 with MultifactorAuthenticationProviderBypassProperties

use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.

the class MultifactorAuthenticationProviderBypassTests method verifyMultifactorAuthenticationBypassByAuthenticationCredentialClass.

@Test
public void verifyMultifactorAuthenticationBypassByAuthenticationCredentialClass() {
    val applicationContext = new StaticApplicationContext();
    applicationContext.refresh();
    ApplicationContextProvider.holdApplicationContext(applicationContext);
    ApplicationContextProvider.registerBeanIntoApplicationContext(applicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
    val request = new MockHttpServletRequest();
    val props = new MultifactorAuthenticationProviderBypassProperties();
    props.setCredentialClassType(Credential.class.getName());
    val principal = MultifactorAuthenticationTestUtils.getPrincipal("casuser");
    val authentication = MultifactorAuthenticationTestUtils.getAuthentication(principal);
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
    val bypass = new CredentialMultifactorAuthenticationProviderBypassEvaluator(props, provider.getId());
    val service = MultifactorAuthenticationTestUtils.getRegisteredService();
    assertFalse(bypass.shouldMultifactorAuthenticationProviderExecute(authentication, service, provider, request));
}
Also used : lombok.val(lombok.val) MultifactorAuthenticationProviderBypassProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties) Credential(org.apereo.cas.authentication.Credential) StaticApplicationContext(org.springframework.context.support.StaticApplicationContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) CredentialMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator) Test(org.junit.jupiter.api.Test)

Example 9 with MultifactorAuthenticationProviderBypassProperties

use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.

the class CredentialMultifactorAuthenticationProviderBypassEvaluatorTests method verifyOperation.

@Test
public void verifyOperation() {
    val applicationContext = new StaticApplicationContext();
    applicationContext.refresh();
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
    val eval = new DefaultChainingMultifactorAuthenticationBypassProvider();
    val bypassProps = new MultifactorAuthenticationProviderBypassProperties();
    bypassProps.setCredentialClassType(UsernamePasswordCredential.class.getName());
    eval.addMultifactorAuthenticationProviderBypassEvaluator(new CredentialMultifactorAuthenticationProviderBypassEvaluator(bypassProps, TestMultifactorAuthenticationProvider.ID));
    val principal = CoreAuthenticationTestUtils.getPrincipal(Map.of("cn", List.of("example")));
    val authentication = CoreAuthenticationTestUtils.getAuthentication(principal);
    val registeredService = CoreAuthenticationTestUtils.getRegisteredService();
    val policy = new DefaultRegisteredServiceMultifactorPolicy();
    when(registeredService.getMultifactorPolicy()).thenReturn(policy);
    assertFalse(eval.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, provider, new MockHttpServletRequest()));
    bypassProps.setCredentialClassType(BasicIdentifiableCredential.class.getName());
    assertTrue(eval.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, provider, new MockHttpServletRequest()));
}
Also used : lombok.val(lombok.val) MultifactorAuthenticationProviderBypassProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties) DefaultRegisteredServiceMultifactorPolicy(org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy) StaticApplicationContext(org.springframework.context.support.StaticApplicationContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) BasicIdentifiableCredential(org.apereo.cas.authentication.credential.BasicIdentifiableCredential) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test)

Example 10 with MultifactorAuthenticationProviderBypassProperties

use of org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties in project cas by apereo.

the class DefaultRequestedAuthenticationContextValidatorTests method verifyRequestedAuthenticationIsAlreadyBypass.

@Test
public void verifyRequestedAuthenticationIsAlreadyBypass() {
    val applicationContext = buildApplicationContext();
    val provider = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(applicationContext);
    val props = new MultifactorAuthenticationProviderBypassProperties();
    props.setAuthenticationAttributeName("givenName");
    props.setAuthenticationAttributeValue("Not Bypassed");
    val bypass = new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(props, TestMultifactorAuthenticationProvider.ID);
    provider.setBypassEvaluator(bypass);
    val servicesManager = mock(ServicesManager.class);
    val validator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator(servicesManager, Optional.of(provider), applicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
    val assertion = mock(Assertion.class);
    val principal = MultifactorAuthenticationTestUtils.getPrincipal(CASUSER);
    val attrs = new HashMap<String, List<Object>>();
    attrs.put(MultifactorAuthenticationProviderBypassEvaluator.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA, List.of(true));
    attrs.put(MultifactorAuthenticationProviderBypassEvaluator.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA_PROVIDER, List.of(TestMultifactorAuthenticationProvider.ID));
    val auth = MultifactorAuthenticationTestUtils.getAuthentication(principal, attrs);
    when(assertion.getPrimaryAuthentication()).thenReturn(auth);
    val result = validator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse());
    assertTrue(result.isSuccess());
}
Also used : lombok.val(lombok.val) MultifactorAuthenticationProviderBypassProperties(org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)20 MultifactorAuthenticationProviderBypassProperties (org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties)20 Test (org.junit.jupiter.api.Test)18 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)18 StaticApplicationContext (org.springframework.context.support.StaticApplicationContext)15 AuthenticationMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator)5 HttpRequestMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator)5 TestMultifactorAuthenticationProvider (org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider)3 DefaultRegisteredServiceMultifactorPolicy (org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy)3 RestMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator)2 MockWebServer (org.apereo.cas.util.MockWebServer)2 ByteArrayResource (org.springframework.core.io.ByteArrayResource)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 HashMap (java.util.HashMap)1 Credential (org.apereo.cas.authentication.Credential)1 DefaultChainingMultifactorAuthenticationProvider (org.apereo.cas.authentication.DefaultChainingMultifactorAuthenticationProvider)1 DefaultMultifactorAuthenticationFailureModeEvaluator (org.apereo.cas.authentication.DefaultMultifactorAuthenticationFailureModeEvaluator)1 CredentialMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator)1 DefaultChainingMultifactorAuthenticationBypassProvider (org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider)1 GroovyMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator)1