Examples with AccepttoEmailCredential org.apereo.cas.mfa.accepto.AccepttoEmailCredential used on opensource projects

Example 1 with AccepttoEmailCredential

use of org.apereo.cas.mfa.accepto.AccepttoEmailCredential in project cas by apereo.

the class AccepttoMultifactorDetermineUserAccountStatusActionTests method prepareRequestContext.

private static MockRequestContext prepareRequestContext() {
    val context = new MockRequestContext();
    val request = new MockHttpServletRequest();
    request.setRemoteAddr("185.86.151.11");
    request.setLocalAddr("185.88.151.11");
    request.setCookies(new Cookie("jwt", UUID.randomUUID().toString()));
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    val response = new MockHttpServletResponse();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    AccepttoWebflowUtils.setEGuardianUserId(context, "eguardian-userid");
    WebUtils.putCredential(context, new AccepttoEmailCredential("cas@example.org"));
    return context;
}

Example 2 with AccepttoEmailCredential

use of org.apereo.cas.mfa.accepto.AccepttoEmailCredential in project cas by apereo.

the class AccepttoQRCodeValidateWebSocketChannelActionTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val httpRequest = new MockHttpServletRequest();
    httpRequest.setRemoteAddr("185.86.151.11");
    httpRequest.setLocalAddr("185.88.151.11");
    httpRequest.addParameter("channel", "test-channel");
    ClientInfoHolder.setClientInfo(new ClientInfo(httpRequest));
    val data = MAPPER.writeValueAsString(CollectionUtils.wrap("success", "true", "user_email", "cas@example.org"));
    try (val webServer = new MockWebServer(5012, new ByteArrayResource(data.getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK)) {
        webServer.start();
        val action = new AccepttoQRCodeValidateWebSocketChannelAction(casProperties, mfaAccepttoDistributedSessionStore);
        val context = new MockRequestContext();
        val response = new MockHttpServletResponse();
        context.setExternalContext(new ServletExternalContext(new MockServletContext(), httpRequest, response));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), context);
        RequestContextHolder.setRequestContext(context);
        AccepttoWebflowUtils.setChannel(context, "test-channel");
        val result = action.doExecute(context);
        assertEquals(CasWebflowConstants.TRANSITION_ID_FINALIZE, result.getId());
        assertTrue(WebUtils.getCredential(context) instanceof AccepttoEmailCredential);
    }
}

Example 3 with AccepttoEmailCredential

use of org.apereo.cas.mfa.accepto.AccepttoEmailCredential in project cas by apereo.

the class AccepttoQRCodeAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) {
    val tokenCredential = (AccepttoEmailCredential) credential;
    LOGGER.debug("Received token [{}]", tokenCredential.getId());
    val principal = this.principalFactory.createPrincipal(tokenCredential.getId());
    return createHandlerResult(tokenCredential, principal);
}

Example 4 with AccepttoEmailCredential

use of org.apereo.cas.mfa.accepto.AccepttoEmailCredential in project cas by apereo.

the class AccepttoMultifactorDetermineUserAccountStatusAction method doExecute.

@Override
public Event doExecute(final RequestContext requestContext) {
    val eventFactorySupport = new EventFactorySupport();
    val acceptto = casProperties.getAuthn().getMfa().getAcceptto();
    val authentication = WebUtils.getInProgressAuthentication();
    val email = AccepttoApiUtils.getUserEmail(authentication, acceptto);
    try {
        LOGGER.trace("Contacting authentication API to inquire for account status of [{}]", email);
        val results = AccepttoApiUtils.authenticate(authentication, acceptto, requestContext, this.apiPublicKey);
        val responseCode = ObjectUtils.defaultIfNull(results.get("response_code"), StringUtils.EMPTY).toString();
        val isApproved = results.containsKey("status") && responseCode.equalsIgnoreCase("approved");
        if (isApproved) {
            LOGGER.trace("Account status is approved for [{}]. Moving on...", email);
            val credential = new AccepttoEmailCredential(email);
            WebUtils.putCredential(requestContext, credential);
            return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_APPROVE);
        }
        if (results.isEmpty()) {
            LOGGER.warn("No API response could be found for [{}]. Denying access...", email);
            return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_DENY);
        }
        val success = BooleanUtils.toBoolean(results.get("success").toString());
        if (!success) {
            LOGGER.warn("API response did not return successfully for [{}]. Denying access...", email);
            return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_DENY);
        }
        val shouldPairDevice = responseCode.equalsIgnoreCase("pair_device");
        if (shouldPairDevice && results.containsKey("invite_token")) {
            val originalToken = results.get("invite_token").toString();
            LOGGER.trace("Located invitation token as [{}] for [{}].", originalToken, email);
            val invitationToken = AccepttoApiUtils.decodeInvitationToken(originalToken);
            LOGGER.trace("Decoded invitation token as [{}] for [{}].", invitationToken, email);
            AccepttoWebflowUtils.setApplicationId(requestContext, acceptto.getApplicationId());
            AccepttoWebflowUtils.setInvitationToken(requestContext, invitationToken);
            if (results.containsKey("eguardian_user_id")) {
                val eguardianUserId = CollectionUtils.firstElement(results.get("eguardian_user_id")).get();
                AccepttoWebflowUtils.setEGuardianUserId(requestContext, eguardianUserId.toString());
            }
            val qrHash = AccepttoApiUtils.generateQRCodeHash(authentication, acceptto, invitationToken);
            LOGGER.trace("Generated QR hash [{}] for [{}] to register/pair device.", qrHash, email);
            AccepttoWebflowUtils.setInvitationTokenQRCode(requestContext, qrHash);
            return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_REGISTER);
        }
        val isSuccessResponseCode = responseCode.equalsIgnoreCase("success");
        if (isSuccessResponseCode && results.containsKey("channel")) {
            val channel = results.get("channel").toString();
            AccepttoWebflowUtils.setChannel(requestContext, channel);
            if (results.containsKey("eguardian_user_id")) {
                val eguardianUserId = CollectionUtils.firstElement(results.get("eguardian_user_id")).get();
                AccepttoWebflowUtils.setEGuardianUserId(requestContext, eguardianUserId.toString());
            }
        }
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_DENY);
    }
    LOGGER.trace("Account status is verified for [{}]. Proceeding to MFA flow...", email);
    return eventFactorySupport.event(this, CasWebflowConstants.TRANSITION_ID_SUCCESS);
}

Example 5 with AccepttoEmailCredential

use of org.apereo.cas.mfa.accepto.AccepttoEmailCredential in project cas by apereo.

the class AccepttoQRCodeAuthenticationHandlerTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val handler = new AccepttoQRCodeAuthenticationHandler(mock(ServicesManager.class), PrincipalFactoryUtils.newPrincipalFactory());
    assertTrue(handler.supports(AccepttoEmailCredential.class));
    val credential = new AccepttoEmailCredential("cas@example.org");
    assertTrue(handler.supports(credential));
    assertNotNull(handler.authenticate(credential));
}