Search in sources :

Example 61 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionClientIpRejected.

@Test
public void verifyActionClientIpRejected() {
    val request = new MockHttpServletRequest();
    request.setRemoteAddr("185.86.151.11");
    request.setLocalAddr("185.88.151.11");
    request.addHeader(HttpRequestUtils.USER_AGENT_HEADER, USER_AGENT);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    val props = new AdaptiveAuthenticationProperties();
    props.getPolicy().setRejectIpAddresses("185\\.86.+");
    val service = mock(GeoLocationService.class);
    var policy = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.banned(), props);
    val location = new GeoLocationRequest(51.5, -0.118);
    assertFalse(policy.apply(new MockRequestContext(), USER_AGENT, location));
    policy = new DefaultAdaptiveAuthenticationPolicy(service, (context, clientIpAddress) -> IPAddressIntelligenceResponse.builder().status(IPAddressIntelligenceResponse.IPAddressIntelligenceStatus.RANKED).score(12.15).build(), props);
    assertFalse(policy.apply(new MockRequestContext(), USER_AGENT, location));
}
Also used : lombok.val(lombok.val) GeoLocationRequest(org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest) lombok.val(lombok.val) GeoLocationService(org.apereo.cas.authentication.adaptive.geo.GeoLocationService) MockRequestContext(org.springframework.webflow.test.MockRequestContext) IPAddressIntelligenceResponse(org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceResponse) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) HttpRequestUtils(org.apereo.cas.util.HttpRequestUtils) Test(org.junit.jupiter.api.Test) Mockito(org.mockito.Mockito) GeoLocationResponse(org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse) IPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService) ClientInfoHolder(org.apereo.inspektr.common.web.ClientInfoHolder) Assertions(org.junit.jupiter.api.Assertions) Tag(org.junit.jupiter.api.Tag) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockRequestContext(org.springframework.webflow.test.MockRequestContext) GeoLocationRequest(org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest) Test(org.junit.jupiter.api.Test)

Example 62 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionGeoLocationPass.

@Test
public void verifyActionGeoLocationPass() {
    val request = new MockHttpServletRequest();
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    val geoRequest = new GeoLocationRequest(51.5, -0.118);
    val props = new AdaptiveAuthenticationProperties();
    val service = mock(GeoLocationService.class);
    val response = new GeoLocationResponse();
    response.setLatitude(Double.parseDouble(geoRequest.getLatitude()));
    response.setLongitude(Double.parseDouble(geoRequest.getLongitude()));
    when(service.locate(anyString(), any())).thenReturn(response);
    val p = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.allowed(), props);
    assertTrue(p.apply(new MockRequestContext(), USER_AGENT, geoRequest));
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) GeoLocationResponse(org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockRequestContext(org.springframework.webflow.test.MockRequestContext) GeoLocationRequest(org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest) Test(org.junit.jupiter.api.Test)

Example 63 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultAdaptiveAuthenticationPolicyTests method verifyActionUserAgentRejected.

@Test
public void verifyActionUserAgentRejected() {
    val request = new MockHttpServletRequest();
    request.setRemoteAddr("185.86.151.11");
    request.setLocalAddr("185.88.151.11");
    request.addHeader(HttpRequestUtils.USER_AGENT_HEADER, USER_AGENT);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    val props = new AdaptiveAuthenticationProperties();
    props.getPolicy().setRejectBrowsers("Mozilla/5.0.+");
    val service = mock(GeoLocationService.class);
    val p = new DefaultAdaptiveAuthenticationPolicy(service, IPAddressIntelligenceService.allowed(), props);
    assertFalse(p.apply(new MockRequestContext(), USER_AGENT, new GeoLocationRequest(51.5, -0.118)));
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockRequestContext(org.springframework.webflow.test.MockRequestContext) GeoLocationRequest(org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest) Test(org.junit.jupiter.api.Test)

Example 64 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class AccepttoMultifactorFetchChannelActionTests method verifyGetChannelFails.

@Test
public void verifyGetChannelFails() throws Exception {
    val httpRequest = new MockHttpServletRequest();
    httpRequest.setRemoteAddr("185.86.151.11");
    httpRequest.setLocalAddr("185.88.151.11");
    ClientInfoHolder.setClientInfo(new ClientInfo(httpRequest));
    val keyGen = KeyPairGenerator.getInstance("RSA");
    val pair = keyGen.generateKeyPair();
    val priv = pair.getPrivate();
    val pub = pair.getPublic();
    val payload = MAPPER.writeValueAsString(Map.of("success", "true", "status", "OK", "response_code", "approved"));
    val jwt = EncodingUtils.signJwsRSASha512(priv, payload.getBytes(StandardCharsets.UTF_8), Map.of());
    val data = MAPPER.writeValueAsString(Map.of("content", new String(jwt, StandardCharsets.UTF_8)));
    try (val webServer = new MockWebServer(5012, new ByteArrayResource(data.getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK)) {
        webServer.start();
        val action = new AccepttoMultifactorFetchChannelAction(casProperties, mfaAccepttoDistributedSessionStore, pub);
        val context = new MockRequestContext();
        val request = new MockHttpServletRequest();
        val response = new MockHttpServletResponse();
        context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), context);
        RequestContextHolder.setRequestContext(context);
        assertThrows(AuthenticationException.class, () -> action.doExecute(context));
    }
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) MockWebServer(org.apereo.cas.util.MockWebServer) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) ByteArrayResource(org.springframework.core.io.ByteArrayResource) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 65 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class AccepttoMultifactorFetchChannelActionTests method verifyBadChannelStatus.

@Test
public void verifyBadChannelStatus() throws Exception {
    val httpRequest = new MockHttpServletRequest();
    httpRequest.setRemoteAddr("185.86.151.11");
    httpRequest.setLocalAddr("185.88.151.11");
    ClientInfoHolder.setClientInfo(new ClientInfo(httpRequest));
    val keyGen = KeyPairGenerator.getInstance("RSA");
    val pair = keyGen.generateKeyPair();
    val priv = pair.getPrivate();
    val pub = pair.getPublic();
    val payload = MAPPER.writeValueAsString(Map.of("success", "true", "status", "rejected", "channel", UUID.randomUUID().toString(), "response_code", "approved"));
    val jwt = EncodingUtils.signJwsRSASha512(priv, payload.getBytes(StandardCharsets.UTF_8), Map.of());
    val data = MAPPER.writeValueAsString(Map.of("content", new String(jwt, StandardCharsets.UTF_8)));
    try (val webServer = new MockWebServer(5012, new ByteArrayResource(data.getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK)) {
        webServer.start();
        val action = new AccepttoMultifactorFetchChannelAction(casProperties, mfaAccepttoDistributedSessionStore, pub);
        val context = new MockRequestContext();
        val request = new MockHttpServletRequest();
        val response = new MockHttpServletResponse();
        context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), context);
        RequestContextHolder.setRequestContext(context);
        assertThrows(AuthenticationException.class, () -> action.doExecute(context));
    }
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) MockWebServer(org.apereo.cas.util.MockWebServer) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) ByteArrayResource(org.springframework.core.io.ByteArrayResource) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

ClientInfo (org.apereo.inspektr.common.web.ClientInfo)82 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)69 lombok.val (lombok.val)65 Test (org.junit.jupiter.api.Test)42 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)36 MockRequestContext (org.springframework.webflow.test.MockRequestContext)35 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)31 MockServletContext (org.springframework.mock.web.MockServletContext)29 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)14 MockWebServer (org.apereo.cas.util.MockWebServer)13 ByteArrayResource (org.springframework.core.io.ByteArrayResource)13 BeforeEach (org.junit.jupiter.api.BeforeEach)12 BeforeAll (org.junit.jupiter.api.BeforeAll)6 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)5 GeoLocationRequest (org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)4 Cookie (javax.servlet.http.Cookie)4 GeoLocationResponse (org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse)4 AdaptiveAuthenticationProperties (org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties)4