Example 1 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class PasswordManagementConfiguration method passwordManagementCipherExecutor.
@ConditionalOnMissingBean(name = "passwordManagementCipherExecutor")
@RefreshScope
@Bean
public CipherExecutor passwordManagementCipherExecutor() {
final PasswordManagementProperties pm = casProperties.getAuthn().getPm();
final EncryptionJwtSigningJwtCryptographyProperties crypto = pm.getReset().getCrypto();
if (pm.isEnabled() && crypto.isEnabled()) {
return new PasswordResetTokenCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg());
}
return CipherExecutor.noOp();
}
Also used :
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
PasswordResetTokenCipherExecutor(org.apereo.cas.pm.PasswordResetTokenCipherExecutor)
EncryptionJwtSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 2 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class NoOpPasswordManagementServiceTests method verifyChange.
@Test
public void verifyChange() {
val properties = new PasswordManagementProperties();
val service = new NoOpPasswordManagementService(CipherExecutor.noOpOfSerializableToString(), "CAS", properties);
assertFalse(service.changeInternal(RegisteredServiceTestUtils.getCredentialsWithSameUsernameAndPassword("casuser"), new PasswordChangeRequest()));
}
Also used :
lombok.val(lombok.val)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
PasswordChangeRequest(org.apereo.cas.pm.PasswordChangeRequest)
Test(org.junit.jupiter.api.Test)
Example 3 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class NoOpPasswordManagementServiceTests method verifyTokenParsing.
@Test
public void verifyTokenParsing() {
val request = new MockHttpServletRequest();
request.setRemoteAddr("185.86.151.11");
request.setLocalAddr("185.88.151.11");
val clientInfo = new ClientInfo(request);
ClientInfoHolder.setClientInfo(clientInfo);
val properties = new PasswordManagementProperties();
val service = new NoOpPasswordManagementService(CipherExecutor.noOpOfSerializableToString(), "CAS", properties);
val token = UUID.randomUUID().toString();
val claims = new JwtClaims();
claims.setJwtId(token);
claims.setIssuer("bad-issuer");
assertNull(service.parseToken(claims.toJson()));
claims.setIssuer("CAS");
claims.setAudience("other-audience");
assertNull(service.parseToken(claims.toJson()));
claims.setAudience("CAS");
claims.setSubject(StringUtils.EMPTY);
assertNull(service.parseToken(claims.toJson()));
claims.setClaim("origin", "whatever");
claims.setSubject("casuser");
assertNull(service.parseToken(claims.toJson()));
claims.setClaim("origin", clientInfo.getServerIpAddress());
claims.setClaim("client", "whatever");
assertNull(service.parseToken(claims.toJson()));
claims.setClaim("client", clientInfo.getClientIpAddress());
val milli = Instant.now(Clock.systemUTC()).minusSeconds(500).toEpochMilli();
claims.setExpirationTime(NumericDate.fromMilliseconds(milli));
assertNull(service.parseToken(claims.toJson()));
claims.setExpirationTime(NumericDate.now());
assertNotNull(service.parseToken(claims.toJson()));
}
Also used :
lombok.val(lombok.val)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
JwtClaims(org.jose4j.jwt.JwtClaims)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
Test(org.junit.jupiter.api.Test)
Example 4 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class SendPasswordResetInstructionsAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
if (!communicationsManager.isMailSenderDefined()) {
LOGGER.warn("CAS is unable to send password-reset emails given no settings are defined to account for email servers");
return error();
}
final PasswordManagementProperties pm = casProperties.getAuthn().getPm();
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final String username = request.getParameter("username");
if (StringUtils.isBlank(username)) {
LOGGER.warn("No username is provided");
return error();
}
final String to = passwordManagementService.findEmail(username);
if (StringUtils.isBlank(to)) {
LOGGER.warn("No recipient is provided");
return error();
}
final String token = passwordManagementService.createToken(username);
final String url = casProperties.getServer().getPrefix().concat('/' + FLOW_ID_PASSWORD_RESET + '?' + PARAMETER_NAME_TOKEN + '=').concat(token);
LOGGER.debug("Generated password reset URL [{}]; Link is only active for the next [{}] minute(s)", url, pm.getReset().getExpirationMinutes());
if (sendPasswordResetEmailToAccount(to, url)) {
return success();
}
LOGGER.error("Failed to notify account [{}]", to);
return error();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
Example 5 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class VerifyPasswordResetRequestAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final PasswordManagementProperties pm = casProperties.getAuthn().getPm();
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final String token = request.getParameter(PARAMETER_NAME_TOKEN);
if (StringUtils.isBlank(token)) {
LOGGER.error("Password reset token is missing");
return error();
}
final String username = passwordManagementService.parseToken(token);
if (StringUtils.isBlank(username)) {
LOGGER.error("Password reset token could not be verified");
return error();
}
if (pm.getReset().isSecurityQuestionsEnabled()) {
final Map<String, String> questions = passwordManagementService.getSecurityQuestions(username);
if (questions.isEmpty()) {
LOGGER.warn("No security questions could be found for [{}]", username);
return error();
}
requestContext.getFlowScope().put("questions", new HashSet<>(questions.keySet()));
} else {
LOGGER.debug("Security questions are not enabled");
}
requestContext.getFlowScope().put("token", token);
requestContext.getFlowScope().put("username", username);
requestContext.getFlowScope().put("questionsEnabled", pm.getReset().isSecurityQuestionsEnabled());
if (pm.getReset().isSecurityQuestionsEnabled()) {
return success();
}
return new EventFactorySupport().event(this, "questionsDisabled");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)
Aggregations
PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
lombok.val (lombok.val)2
Test (org.junit.jupiter.api.Test)2
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)2
Bean (org.springframework.context.annotation.Bean)2
Map (java.util.Map)1
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1
EncryptionJwtSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)1
PasswordChangeRequest (org.apereo.cas.pm.PasswordChangeRequest)1
PasswordManagementService (org.apereo.cas.pm.PasswordManagementService)1
PasswordResetTokenCipherExecutor (org.apereo.cas.pm.PasswordResetTokenCipherExecutor)1
JsonResourcePasswordManagementService (org.apereo.cas.pm.impl.JsonResourcePasswordManagementService)1
NoOpPasswordManagementService (org.apereo.cas.pm.impl.NoOpPasswordManagementService)1
WebUtils (org.apereo.cas.web.support.WebUtils)1
ClientInfo (org.apereo.inspektr.common.web.ClientInfo)1
JwtClaims (org.jose4j.jwt.JwtClaims)1
Logger (org.slf4j.Logger)1
