use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.
the class AuthenticationSuccessListener method onApplicationEvent.
protected void onApplicationEvent(UserAuthenticationSuccessEvent event, String zoneId) {
UaaUser user = event.getUser();
if (user.isLegacyVerificationBehavior() && !user.isVerified()) {
scimUserProvisioning.verifyUser(user.getId(), -1, zoneId);
}
UaaAuthentication authentication = (UaaAuthentication) event.getAuthentication();
authentication.setLastLoginSuccessTime(user.getLastLogonTime());
scimUserProvisioning.updateLastLogonTime(user.getId(), zoneId);
}
use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.
the class TotpMfaEndpointTest method setup.
@Before
public void setup() {
userId = new RandomValueStringGenerator(5).generate();
userGoogleMfaCredentialsProvisioning = mock(UserGoogleMfaCredentialsProvisioning.class);
mfaProviderProvisioning = mock(MfaProviderProvisioning.class);
uaaAuthentication = mock(UaaAuthentication.class);
mfaProvider = new MfaProvider();
mfaProvider.setName("provider-name");
mfaProvider.setId("provider_id1");
mfaProvider.setConfig(new GoogleMfaProviderConfig());
mfaProvider.setType(MfaProvider.MfaProviderType.GOOGLE_AUTHENTICATOR);
otherMfaProvider = new MfaProvider();
otherMfaProvider.setName("other-provider-name");
otherMfaProvider.setId("provider_id2");
otherMfaProvider.setConfig(new GoogleMfaProviderConfig());
otherMfaProvider.setType(MfaProvider.MfaProviderType.GOOGLE_AUTHENTICATOR);
mockSuccessHandler = mock(SavedRequestAwareAuthenticationSuccessHandler.class);
SecurityContextHolder.getContext().setAuthentication(uaaAuthentication);
publisher = mock(ApplicationEventPublisher.class);
eventCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
doNothing().when(publisher).publishEvent(eventCaptor.capture());
userDb = mock(UaaUserDatabase.class);
mockMfaPolicy = mock(CommonLoginPolicy.class);
when(mockMfaPolicy.isAllowed(anyString())).thenReturn(new LoginPolicy.Result(true, 0));
endpoint = new TotpMfaEndpoint(userGoogleMfaCredentialsProvisioning, mfaProviderProvisioning, "/login/mfa/completed", userDb, mockMfaPolicy);
endpoint.setApplicationEventPublisher(publisher);
}
use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.
the class MfaUiRequiredFilterTests method setup.
@BeforeEach
void setup() {
requestCache = mock(RequestCache.class);
logoutMatcher = new AntPathRequestMatcher("/logout.do");
filter = new MfaUiRequiredFilter("/login/mfa/**", "/login/mfa/register", requestCache, "/login/mfa/completed", logoutMatcher, new MfaChecker(mock(IdentityZoneProvisioning.class)));
spyFilter = spy(filter);
request = new MockHttpServletRequest();
usernameAuthentication = new UsernamePasswordAuthenticationToken("fake-principal", "fake-credentials");
anonymous = new AnonymousAuthenticationToken("fake-key", "fake-principal", singletonList(new SimpleGrantedAuthority("test")));
authentication = new UaaAuthentication(new UaaPrincipal("fake-id", "fake-username", "email@email.com", "origin", "", "uaa"), emptyList(), null);
authentication.setAuthenticationMethods(new HashSet<>());
response = mock(HttpServletResponse.class);
chain = mock(FilterChain.class);
mfaEnabledZone = new IdentityZone();
mfaEnabledZone.getConfig().getMfaConfig().setEnabled(true);
mfaEnabledZone.getConfig().getMfaConfig().setIdentityProviders(Lists.newArrayList("origin"));
}
use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.
the class MfaUiRequiredFilterTests method next_step_mfa_needed_when_origin_key_matches_valid_identity_provider.
@Test
void next_step_mfa_needed_when_origin_key_matches_valid_identity_provider() {
UaaAuthentication auth = new UaaAuthentication(new UaaPrincipal("fake-id", "fake-username", "email@email.com", "ldap", "", "uaa"), emptyList(), null);
auth.setAuthenticationMethods(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(auth);
IdentityZone zone = new IdentityZone();
zone.getConfig().getMfaConfig().setIdentityProviders(Lists.newArrayList("uaa", "ldap"));
zone.getConfig().getMfaConfig().setEnabled(true);
IdentityZoneHolder.set(zone);
assertThat(spyFilter.getNextStep(request), is(MFA_REQUIRED));
}
use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.
the class ChangePasswordController method changePassword.
@RequestMapping(value = "/change_password.do", method = POST)
public String changePassword(Model model, @RequestParam("current_password") String currentPassword, @RequestParam("new_password") String newPassword, @RequestParam("confirm_password") String confirmPassword, HttpServletResponse response, HttpServletRequest request) {
PasswordConfirmationValidation validation = new PasswordConfirmationValidation(newPassword, confirmPassword);
if (!validation.valid()) {
model.addAttribute("message_code", validation.getMessageCode());
response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
return "change_password";
}
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
String username = authentication.getName();
try {
changePasswordService.changePassword(username, currentPassword, newPassword);
request.getSession().invalidate();
request.getSession(true);
if (authentication instanceof UaaAuthentication) {
UaaAuthentication uaaAuthentication = (UaaAuthentication) authentication;
uaaAuthentication.setAuthenticatedTime(System.currentTimeMillis());
uaaAuthentication.setAuthenticationDetails(new UaaAuthenticationDetails(request));
}
securityContext.setAuthentication(authentication);
return "redirect:profile";
} catch (BadCredentialsException e) {
model.addAttribute("message_code", "unauthorized");
} catch (InvalidPasswordException e) {
model.addAttribute("message", e.getMessagesAsOneString());
}
response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
return "change_password";
}
Aggregations