use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionClientIpRejected.
@Test
public void verifyActionClientIpRejected() {
val request = new MockHttpServletRequest();
request.setRemoteAddr("185.86.151.11");
request.setLocalAddr("185.88.151.11");
request.addHeader(HttpRequestUtils.USER_AGENT_HEADER, USER_AGENT);
ClientInfoHolder.setClientInfo(new ClientInfo(request));
val props = new AdaptiveAuthenticationProperties();
props.getPolicy().setRejectIpAddresses("185\\.86.+");
val service = mock(GeoLocationService.class);
var policy = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.banned(), props);
val location = new GeoLocationRequest(51.5, -0.118);
assertFalse(policy.apply(new MockRequestContext(), USER_AGENT, location));
policy = new DefaultAdaptiveAuthenticationPolicy(service, (context, clientIpAddress) -> IPAddressIntelligenceResponse.builder().status(IPAddressIntelligenceResponse.IPAddressIntelligenceStatus.RANKED).score(12.15).build(), props);
assertFalse(policy.apply(new MockRequestContext(), USER_AGENT, location));
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionGeoLocationPass.
@Test
public void verifyActionGeoLocationPass() {
val request = new MockHttpServletRequest();
ClientInfoHolder.setClientInfo(new ClientInfo(request));
val geoRequest = new GeoLocationRequest(51.5, -0.118);
val props = new AdaptiveAuthenticationProperties();
val service = mock(GeoLocationService.class);
val response = new GeoLocationResponse();
response.setLatitude(Double.parseDouble(geoRequest.getLatitude()));
response.setLongitude(Double.parseDouble(geoRequest.getLongitude()));
when(service.locate(anyString(), any())).thenReturn(response);
val p = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.allowed(), props);
assertTrue(p.apply(new MockRequestContext(), USER_AGENT, geoRequest));
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionUserAgentRejected.
@Test
public void verifyActionUserAgentRejected() {
val request = new MockHttpServletRequest();
request.setRemoteAddr("185.86.151.11");
request.setLocalAddr("185.88.151.11");
request.addHeader(HttpRequestUtils.USER_AGENT_HEADER, USER_AGENT);
ClientInfoHolder.setClientInfo(new ClientInfo(request));
val props = new AdaptiveAuthenticationProperties();
props.getPolicy().setRejectBrowsers("Mozilla/5.0.+");
val service = mock(GeoLocationService.class);
val p = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.allowed(), props);
assertFalse(p.apply(new MockRequestContext(), USER_AGENT, new GeoLocationRequest(51.5, -0.118)));
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class AccepttoMultifactorFetchChannelActionTests method verifyGetChannelFails.
@Test
public void verifyGetChannelFails() throws Exception {
val httpRequest = new MockHttpServletRequest();
httpRequest.setRemoteAddr("185.86.151.11");
httpRequest.setLocalAddr("185.88.151.11");
ClientInfoHolder.setClientInfo(new ClientInfo(httpRequest));
val keyGen = KeyPairGenerator.getInstance("RSA");
val pair = keyGen.generateKeyPair();
val priv = pair.getPrivate();
val pub = pair.getPublic();
val payload = MAPPER.writeValueAsString(Map.of("success", "true", "status", "OK", "response_code", "approved"));
val jwt = EncodingUtils.signJwsRSASha512(priv, payload.getBytes(StandardCharsets.UTF_8), Map.of());
val data = MAPPER.writeValueAsString(Map.of("content", new String(jwt, StandardCharsets.UTF_8)));
try (val webServer = new MockWebServer(5012, new ByteArrayResource(data.getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK)) {
webServer.start();
val action = new AccepttoMultifactorFetchChannelAction(casProperties, mfaAccepttoDistributedSessionStore, pub);
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), context);
RequestContextHolder.setRequestContext(context);
assertThrows(AuthenticationException.class, () -> action.doExecute(context));
}
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class AccepttoMultifactorFetchChannelActionTests method verifyBadChannelStatus.
@Test
public void verifyBadChannelStatus() throws Exception {
val httpRequest = new MockHttpServletRequest();
httpRequest.setRemoteAddr("185.86.151.11");
httpRequest.setLocalAddr("185.88.151.11");
ClientInfoHolder.setClientInfo(new ClientInfo(httpRequest));
val keyGen = KeyPairGenerator.getInstance("RSA");
val pair = keyGen.generateKeyPair();
val priv = pair.getPrivate();
val pub = pair.getPublic();
val payload = MAPPER.writeValueAsString(Map.of("success", "true", "status", "rejected", "channel", UUID.randomUUID().toString(), "response_code", "approved"));
val jwt = EncodingUtils.signJwsRSASha512(priv, payload.getBytes(StandardCharsets.UTF_8), Map.of());
val data = MAPPER.writeValueAsString(Map.of("content", new String(jwt, StandardCharsets.UTF_8)));
try (val webServer = new MockWebServer(5012, new ByteArrayResource(data.getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK)) {
webServer.start();
val action = new AccepttoMultifactorFetchChannelAction(casProperties, mfaAccepttoDistributedSessionStore, pub);
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), context);
RequestContextHolder.setRequestContext(context);
assertThrows(AuthenticationException.class, () -> action.doExecute(context));
}
}
Aggregations