Search in sources :

Example 1 with UaaAuthentication

use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.

the class AuthenticationSuccessListener method onApplicationEvent.

protected void onApplicationEvent(UserAuthenticationSuccessEvent event, String zoneId) {
    UaaUser user = event.getUser();
    if (user.isLegacyVerificationBehavior() && !user.isVerified()) {
        scimUserProvisioning.verifyUser(user.getId(), -1, zoneId);
    }
    UaaAuthentication authentication = (UaaAuthentication) event.getAuthentication();
    authentication.setLastLoginSuccessTime(user.getLastLogonTime());
    scimUserProvisioning.updateLastLogonTime(user.getId(), zoneId);
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser)

Example 2 with UaaAuthentication

use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.

the class TotpMfaEndpointTest method setup.

@Before
public void setup() {
    userId = new RandomValueStringGenerator(5).generate();
    userGoogleMfaCredentialsProvisioning = mock(UserGoogleMfaCredentialsProvisioning.class);
    mfaProviderProvisioning = mock(MfaProviderProvisioning.class);
    uaaAuthentication = mock(UaaAuthentication.class);
    mfaProvider = new MfaProvider();
    mfaProvider.setName("provider-name");
    mfaProvider.setId("provider_id1");
    mfaProvider.setConfig(new GoogleMfaProviderConfig());
    mfaProvider.setType(MfaProvider.MfaProviderType.GOOGLE_AUTHENTICATOR);
    otherMfaProvider = new MfaProvider();
    otherMfaProvider.setName("other-provider-name");
    otherMfaProvider.setId("provider_id2");
    otherMfaProvider.setConfig(new GoogleMfaProviderConfig());
    otherMfaProvider.setType(MfaProvider.MfaProviderType.GOOGLE_AUTHENTICATOR);
    mockSuccessHandler = mock(SavedRequestAwareAuthenticationSuccessHandler.class);
    SecurityContextHolder.getContext().setAuthentication(uaaAuthentication);
    publisher = mock(ApplicationEventPublisher.class);
    eventCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
    doNothing().when(publisher).publishEvent(eventCaptor.capture());
    userDb = mock(UaaUserDatabase.class);
    mockMfaPolicy = mock(CommonLoginPolicy.class);
    when(mockMfaPolicy.isAllowed(anyString())).thenReturn(new LoginPolicy.Result(true, 0));
    endpoint = new TotpMfaEndpoint(userGoogleMfaCredentialsProvisioning, mfaProviderProvisioning, "/login/mfa/completed", userDb, mockMfaPolicy);
    endpoint.setApplicationEventPublisher(publisher);
}
Also used : MfaProvider(org.cloudfoundry.identity.uaa.mfa.MfaProvider) CommonLoginPolicy(org.cloudfoundry.identity.uaa.authentication.manager.CommonLoginPolicy) MfaProviderProvisioning(org.cloudfoundry.identity.uaa.mfa.MfaProviderProvisioning) ApplicationEvent(org.springframework.context.ApplicationEvent) GoogleMfaProviderConfig(org.cloudfoundry.identity.uaa.mfa.GoogleMfaProviderConfig) UaaUserDatabase(org.cloudfoundry.identity.uaa.user.UaaUserDatabase) UserGoogleMfaCredentialsProvisioning(org.cloudfoundry.identity.uaa.mfa.UserGoogleMfaCredentialsProvisioning) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) SavedRequestAwareAuthenticationSuccessHandler(org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) CommonLoginPolicy(org.cloudfoundry.identity.uaa.authentication.manager.CommonLoginPolicy) LoginPolicy(org.cloudfoundry.identity.uaa.authentication.manager.LoginPolicy) RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator) Before(org.junit.Before)

Example 3 with UaaAuthentication

use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.

the class MfaUiRequiredFilterTests method setup.

@BeforeEach
void setup() {
    requestCache = mock(RequestCache.class);
    logoutMatcher = new AntPathRequestMatcher("/logout.do");
    filter = new MfaUiRequiredFilter("/login/mfa/**", "/login/mfa/register", requestCache, "/login/mfa/completed", logoutMatcher, new MfaChecker(mock(IdentityZoneProvisioning.class)));
    spyFilter = spy(filter);
    request = new MockHttpServletRequest();
    usernameAuthentication = new UsernamePasswordAuthenticationToken("fake-principal", "fake-credentials");
    anonymous = new AnonymousAuthenticationToken("fake-key", "fake-principal", singletonList(new SimpleGrantedAuthority("test")));
    authentication = new UaaAuthentication(new UaaPrincipal("fake-id", "fake-username", "email@email.com", "origin", "", "uaa"), emptyList(), null);
    authentication.setAuthenticationMethods(new HashSet<>());
    response = mock(HttpServletResponse.class);
    chain = mock(FilterChain.class);
    mfaEnabledZone = new IdentityZone();
    mfaEnabledZone.getConfig().getMfaConfig().setEnabled(true);
    mfaEnabledZone.getConfig().getMfaConfig().setIdentityProviders(Lists.newArrayList("origin"));
}
Also used : IdentityZoneProvisioning(org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) RequestCache(org.springframework.security.web.savedrequest.RequestCache) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with UaaAuthentication

use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.

the class MfaUiRequiredFilterTests method next_step_mfa_needed_when_origin_key_matches_valid_identity_provider.

@Test
void next_step_mfa_needed_when_origin_key_matches_valid_identity_provider() {
    UaaAuthentication auth = new UaaAuthentication(new UaaPrincipal("fake-id", "fake-username", "email@email.com", "ldap", "", "uaa"), emptyList(), null);
    auth.setAuthenticationMethods(new HashSet<>());
    SecurityContextHolder.getContext().setAuthentication(auth);
    IdentityZone zone = new IdentityZone();
    zone.getConfig().getMfaConfig().setIdentityProviders(Lists.newArrayList("uaa", "ldap"));
    zone.getConfig().getMfaConfig().setEnabled(true);
    IdentityZoneHolder.set(zone);
    assertThat(spyFilter.getNextStep(request), is(MFA_REQUIRED));
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) Test(org.junit.jupiter.api.Test)

Example 5 with UaaAuthentication

use of org.cloudfoundry.identity.uaa.authentication.UaaAuthentication in project uaa by cloudfoundry.

the class ChangePasswordController method changePassword.

@RequestMapping(value = "/change_password.do", method = POST)
public String changePassword(Model model, @RequestParam("current_password") String currentPassword, @RequestParam("new_password") String newPassword, @RequestParam("confirm_password") String confirmPassword, HttpServletResponse response, HttpServletRequest request) {
    PasswordConfirmationValidation validation = new PasswordConfirmationValidation(newPassword, confirmPassword);
    if (!validation.valid()) {
        model.addAttribute("message_code", validation.getMessageCode());
        response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
        return "change_password";
    }
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    String username = authentication.getName();
    try {
        changePasswordService.changePassword(username, currentPassword, newPassword);
        request.getSession().invalidate();
        request.getSession(true);
        if (authentication instanceof UaaAuthentication) {
            UaaAuthentication uaaAuthentication = (UaaAuthentication) authentication;
            uaaAuthentication.setAuthenticatedTime(System.currentTimeMillis());
            uaaAuthentication.setAuthenticationDetails(new UaaAuthenticationDetails(request));
        }
        securityContext.setAuthentication(authentication);
        return "redirect:profile";
    } catch (BadCredentialsException e) {
        model.addAttribute("message_code", "unauthorized");
    } catch (InvalidPasswordException e) {
        model.addAttribute("message", e.getMessagesAsOneString());
    }
    response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
    return "change_password";
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) SecurityContext(org.springframework.security.core.context.SecurityContext) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)117 Test (org.junit.jupiter.api.Test)51 UaaPrincipal (org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)45 Authentication (org.springframework.security.core.Authentication)35 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)29 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)25 UaaAuthenticationDetails (org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)23 Test (org.junit.Test)18 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)14 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)13 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)12 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)11 HashMap (java.util.HashMap)10 MockHttpSession (org.springframework.mock.web.MockHttpSession)10 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)9 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)9 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)9 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)9 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)8 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)7