Example 11 with TransientSessionTicketFactory
use of org.apereo.cas.ticket.TransientSessionTicketFactory in project cas by apereo.
the class SendPasswordResetInstructionsAction method buildPasswordResetUrl.
/**
* Utility method to generate a password reset URL.
*
* @param username username
* @param passwordManagementService passwordManagementService
* @param casProperties casProperties
* @param service service from the flow scope
* @return URL a user can use to start the password reset process
* @throws Exception the exception
*/
protected String buildPasswordResetUrl(final String username, final PasswordManagementService passwordManagementService, final CasConfigurationProperties casProperties, final WebApplicationService service) throws Exception {
val query = PasswordManagementQuery.builder().username(username).build();
val token = passwordManagementService.createToken(query);
if (StringUtils.isNotBlank(token)) {
val transientFactory = (TransientSessionTicketFactory) this.ticketFactory.get(TransientSessionTicket.class);
val pm = casProperties.getAuthn().getPm();
val seconds = Beans.newDuration(pm.getReset().getExpiration()).toSeconds();
val properties = CollectionUtils.<String, Serializable>wrap(PasswordManagementWebflowUtils.FLOWSCOPE_PARAMETER_NAME_TOKEN, token, ExpirationPolicy.class.getName(), HardTimeoutExpirationPolicy.builder().timeToKillInSeconds(seconds).build());
val ticket = transientFactory.create(service, properties);
ticketRegistry.addTicket(ticket);
val resetUrl = new StringBuilder(casProperties.getServer().getPrefix()).append('/').append(CasWebflowConfigurer.FLOW_ID_LOGIN).append('?').append(PasswordManagementWebflowUtils.REQUEST_PARAMETER_NAME_PASSWORD_RESET_TOKEN).append('=').append(ticket.getId());
if (service != null) {
val encodeServiceUrl = UriUtils.encode(service.getOriginalUrl(), StandardCharsets.UTF_8);
resetUrl.append('&').append(CasProtocolConstants.PARAMETER_SERVICE).append('=').append(encodeServiceUrl);
}
val url = resetUrl.toString();
LOGGER.debug("Final password reset URL designed for [{}] is [{}]", username, url);
return url;
}
LOGGER.error("Could not create password reset url since no reset token could be generated");
return null;
}
Also used :
lombok.val(lombok.val)
TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket)
Serializable(java.io.Serializable)
TransientSessionTicketFactory(org.apereo.cas.ticket.TransientSessionTicketFactory)
HardTimeoutExpirationPolicy(org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy)
ExpirationPolicy(org.apereo.cas.ticket.ExpirationPolicy)
Example 12 with TransientSessionTicketFactory
use of org.apereo.cas.ticket.TransientSessionTicketFactory in project cas by apereo.
the class DuoSecurityUniversalPromptPrepareLoginAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
val authentication = WebUtils.getInProgressAuthentication();
val duoSecurityIdentifier = WebUtils.getMultifactorAuthenticationProviderById(requestContext);
val provider = duoProviderBean.getProvider(duoSecurityIdentifier);
val client = provider.getDuoAuthenticationService().getDuoClient().map(c -> (Client) c).orElseThrow(() -> new RuntimeException("Unable to locate Duo Security client"));
val state = client.generateState();
val factory = (TransientSessionTicketFactory) ticketFactory.get(TransientSessionTicket.class);
val properties = new LinkedHashMap<String, Object>();
properties.put("duoProviderId", duoSecurityIdentifier);
properties.put(Authentication.class.getSimpleName(), authentication);
properties.put(AuthenticationResultBuilder.class.getSimpleName(), WebUtils.getAuthenticationResultBuilder(requestContext));
properties.put(AuthenticationResult.class.getSimpleName(), WebUtils.getAuthenticationResult(requestContext));
properties.put(Credential.class.getSimpleName(), WebUtils.getMultifactorAuthenticationParentCredential(requestContext));
val flowScope = requestContext.getFlowScope().asMap();
properties.put(MutableAttributeMap.class.getSimpleName(), flowScope);
Optional.ofNullable(WebUtils.getRegisteredService(requestContext)).ifPresent(registeredService -> properties.put(RegisteredService.class.getSimpleName(), registeredService));
val service = WebUtils.getService(requestContext);
val ticket = factory.create(state, service, properties);
ticketRegistry.addTicket(ticket);
LOGGER.debug("Stored Duo Security session via [{}]", ticket);
val principal = resolvePrincipal(authentication.getPrincipal());
val authUrl = client.createAuthUrl(principal.getId(), ticket.getId());
requestContext.getFlowScope().put("duoUniversalPromptLoginUrl", authUrl);
LOGGER.debug("Redirecting to Duo Security url at [{}]", authUrl);
return success(ticket);
}
Also used :
lombok.val(lombok.val)
TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket)
DuoSecurityMultifactorAuthenticationProperties(org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
lombok.val(lombok.val)
MultifactorAuthenticationProviderBean(org.apereo.cas.authentication.MultifactorAuthenticationProviderBean)
MutableAttributeMap(org.springframework.webflow.core.collection.MutableAttributeMap)
RequestContext(org.springframework.webflow.execution.RequestContext)
DuoSecurityMultifactorAuthenticationProvider(org.apereo.cas.adaptors.duo.authn.DuoSecurityMultifactorAuthenticationProvider)
RegisteredService(org.apereo.cas.services.RegisteredService)
Client(com.duosecurity.Client)
LinkedHashMap(java.util.LinkedHashMap)
Slf4j(lombok.extern.slf4j.Slf4j)
TicketRegistry(org.apereo.cas.ticket.registry.TicketRegistry)
AbstractMultifactorAuthenticationAction(org.apereo.cas.web.flow.actions.AbstractMultifactorAuthenticationAction)
TransientSessionTicketFactory(org.apereo.cas.ticket.TransientSessionTicketFactory)
Authentication(org.apereo.cas.authentication.Authentication)
AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder)
Optional(java.util.Optional)
TicketFactory(org.apereo.cas.ticket.TicketFactory)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Credential(org.apereo.cas.authentication.Credential)
WebUtils(org.apereo.cas.web.support.WebUtils)
Event(org.springframework.webflow.execution.Event)
TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket)
Credential(org.apereo.cas.authentication.Credential)
Authentication(org.apereo.cas.authentication.Authentication)
MutableAttributeMap(org.springframework.webflow.core.collection.MutableAttributeMap)
TransientSessionTicketFactory(org.apereo.cas.ticket.TransientSessionTicketFactory)
Client(com.duosecurity.Client)
AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder)
LinkedHashMap(java.util.LinkedHashMap)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Aggregations
TransientSessionTicket (org.apereo.cas.ticket.TransientSessionTicket)12
TransientSessionTicketFactory (org.apereo.cas.ticket.TransientSessionTicketFactory)12
lombok.val (lombok.val)11
Serializable (java.io.Serializable)6
Test (org.junit.jupiter.api.Test)6
Optional (java.util.Optional)3
RequiredArgsConstructor (lombok.RequiredArgsConstructor)3
Slf4j (lombok.extern.slf4j.Slf4j)3
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
StringUtils (org.apache.commons.lang3.StringUtils)2
Service (org.apereo.cas.authentication.principal.Service)2
TicketFactory (org.apereo.cas.ticket.TicketFactory)2
WebUtils (org.apereo.cas.web.support.WebUtils)2
CasClient (org.pac4j.cas.client.CasClient)2
JEEContext (org.pac4j.core.context.JEEContext)2
WebContext (org.pac4j.core.context.WebContext)2
OAuth20Client (org.pac4j.oauth.client.OAuth20Client)2
OidcClient (org.pac4j.oidc.client.OidcClient)2
SAML2Client (org.pac4j.saml.client.SAML2Client)2
