Search in sources :

Example 1 with IdentityProviderAuthenticationSuccessEvent

use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.

the class ExternalLoginAuthenticationManagerTest method testAuthenticateUserExists.

@Test
public void testAuthenticateUserExists() {
    Authentication result = manager.authenticate(inputAuth);
    userArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
    verify(applicationEventPublisher, times(1)).publishEvent(userArgumentCaptor.capture());
    assertEquals(1, userArgumentCaptor.getAllValues().size());
    IdentityProviderAuthenticationSuccessEvent userevent = (IdentityProviderAuthenticationSuccessEvent) userArgumentCaptor.getAllValues().get(0);
    assertEquals(origin, userevent.getUser().getOrigin());
    assertEquals(userName, userevent.getUser().getUsername());
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) IdentityProviderAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent) ApplicationEvent(org.springframework.context.ApplicationEvent) Test(org.junit.Test)

Example 2 with IdentityProviderAuthenticationSuccessEvent

use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.

the class AuthenticationSuccessListenerTests method provider_authentication_success_does_not_trigger_user_authentication_success.

@Test
void provider_authentication_success_does_not_trigger_user_authentication_success() {
    when(mockMfaChecker.isMfaEnabledForZoneId(anyString())).thenReturn(true);
    IdentityProviderAuthenticationSuccessEvent event = new IdentityProviderAuthenticationSuccessEvent(user, mockUaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId());
    listener.onApplicationEvent(event);
    verifyZeroInteractions(mockApplicationEventPublisher);
}
Also used : IdentityProviderAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent) Test(org.junit.jupiter.api.Test)

Example 3 with IdentityProviderAuthenticationSuccessEvent

use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.

the class AuthenticationSuccessListenerTests method provider_authentication_success_triggers_user_authentication_success.

@Test
void provider_authentication_success_triggers_user_authentication_success() {
    when(mockMfaChecker.isMfaEnabledForZoneId(anyString())).thenReturn(false);
    IdentityProviderAuthenticationSuccessEvent event = new IdentityProviderAuthenticationSuccessEvent(user, mockUaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId());
    listener.onApplicationEvent(event);
    verify(mockApplicationEventPublisher, times(1)).publishEvent(isA(UserAuthenticationSuccessEvent.class));
}
Also used : UserAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent) IdentityProviderAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent) Test(org.junit.jupiter.api.Test)

Example 4 with IdentityProviderAuthenticationSuccessEvent

use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.

the class AbstractLdapMockMvcTest method testLogin.

@Test
void testLogin() throws Exception {
    getMockMvc().perform(get("/login").header(HOST, host)).andExpect(status().isOk()).andExpect(view().name("login")).andExpect(model().attributeDoesNotExist("saml"));
    getMockMvc().perform(post("/login.do").accept(TEXT_HTML_VALUE).header(HOST, host).with(cookieCsrf()).param("username", "marissa").param("password", "koaladsada")).andExpect(status().isFound()).andExpect(unauthenticated()).andExpect(redirectedUrl("/login?error=login_failure"));
    ArgumentCaptor<AbstractUaaEvent> captor = ArgumentCaptor.forClass(AbstractUaaEvent.class);
    verify(listener, atLeast(5)).onApplicationEvent(captor.capture());
    List<AbstractUaaEvent> allValues = captor.getAllValues();
    assertThat(allValues.get(5), instanceOf(IdentityProviderAuthenticationFailureEvent.class));
    IdentityProviderAuthenticationFailureEvent event = (IdentityProviderAuthenticationFailureEvent) allValues.get(5);
    assertEquals("marissa", event.getUsername());
    assertEquals(OriginKeys.LDAP, event.getAuthenticationType());
    testLogger.reset();
    testSuccessfulLogin();
    assertThat(testLogger.getMessageCount(), is(5));
    String zoneId = zone.getZone().getIdentityZone().getId();
    ScimUser createdUser = jdbcScimUserProvisioning.retrieveAll(zoneId).stream().filter(dbUser -> dbUser.getUserName().equals("marissa2")).findFirst().get();
    String userCreatedLogMessage = testLogger.getFirstLogMessageOfType(AuditEventType.UserCreatedEvent);
    String expectedMessage = String.format("UserCreatedEvent ('[\"user_id=%s\",\"username=marissa2\"]'): principal=%s, origin=[caller=null], identityZoneId=[%s]", createdUser.getId(), createdUser.getId(), zoneId);
    assertThat(userCreatedLogMessage, is(expectedMessage));
    captor = ArgumentCaptor.forClass(AbstractUaaEvent.class);
    verify(listener, atLeast(5)).onApplicationEvent(captor.capture());
    allValues = captor.getAllValues();
    assertThat(allValues.get(13), instanceOf(IdentityProviderAuthenticationSuccessEvent.class));
    IdentityProviderAuthenticationSuccessEvent successEvent = (IdentityProviderAuthenticationSuccessEvent) allValues.get(13);
    assertEquals(OriginKeys.LDAP, successEvent.getAuthenticationType());
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) IdentityProviderAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent) IdentityProviderAuthenticationFailureEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationFailureEvent) AbstractUaaEvent(org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent) Test(org.junit.jupiter.api.Test)

Example 5 with IdentityProviderAuthenticationSuccessEvent

use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.

the class AuthzAuthenticationManager method authenticate.

@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
    logger.debug("Processing authentication request for " + req.getName());
    if (req.getCredentials() == null) {
        BadCredentialsException e = new BadCredentialsException("No password supplied");
        publish(new AuthenticationFailureBadCredentialsEvent(req, e));
        throw e;
    }
    UaaUser user = getUaaUser(req);
    if (user == null) {
        logger.debug("No user named '" + req.getName() + "' was found for origin:" + origin);
        publish(new UserNotFoundEvent(req, IdentityZoneHolder.getCurrentZoneId()));
    } else {
        if (!accountLoginPolicy.isAllowed(user, req)) {
            logger.warn("Login policy rejected authentication for " + user.getUsername() + ", " + user.getId() + ". Ignoring login request.");
            AuthenticationPolicyRejectionException e = new AuthenticationPolicyRejectionException("Your account has been locked because of too many failed attempts to login.");
            publish(new AuthenticationFailureLockedEvent(req, e));
            throw e;
        }
        boolean passwordMatches = ((CharSequence) req.getCredentials()).length() != 0 && encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
        if (!passwordMatches) {
            logger.debug("Password did not match for user " + req.getName());
            publish(new IdentityProviderAuthenticationFailureEvent(req, req.getName(), OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
            publish(new UserAuthenticationFailureEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
        } else {
            logger.debug("Password successfully matched for userId[" + user.getUsername() + "]:" + user.getId());
            boolean userMustBeVerified = !allowUnverifiedUsers || !user.isLegacyVerificationBehavior();
            if (userMustBeVerified && !user.isVerified()) {
                publish(new UnverifiedUserAuthenticationEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
                logger.debug("Account not verified: " + user.getId());
                throw new AccountNotVerifiedException("Account not verified");
            }
            UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(user), user.getAuthorities(), (UaaAuthenticationDetails) req.getDetails());
            uaaAuthentication.setAuthenticationMethods(Collections.singleton("pwd"));
            if (userMustUpdatePassword(user)) {
                logger.info("Password change required for user: " + user.getEmail());
                user.setPasswordChangeRequired(true);
                SessionUtils.setPasswordChangeRequired(httpSession, true);
            }
            publish(new IdentityProviderAuthenticationSuccessEvent(user, uaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
            return uaaAuthentication;
        }
    }
    BadCredentialsException e = new BadCredentialsException("Bad credentials");
    publish(new AuthenticationFailureBadCredentialsEvent(req, e));
    throw e;
}
Also used : UserAuthenticationFailureEvent(org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationFailureEvent) IdentityProviderAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent) IdentityProviderAuthenticationFailureEvent(org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationFailureEvent) AuthenticationFailureBadCredentialsEvent(org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UnverifiedUserAuthenticationEvent(org.cloudfoundry.identity.uaa.authentication.event.UnverifiedUserAuthenticationEvent) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal) AuthenticationFailureLockedEvent(org.springframework.security.authentication.event.AuthenticationFailureLockedEvent) UserNotFoundEvent(org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent) AuthenticationPolicyRejectionException(org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) AccountNotVerifiedException(org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException)

Aggregations

IdentityProviderAuthenticationSuccessEvent (org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent)10 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)7 UaaPrincipal (org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)4 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)4 Test (org.junit.jupiter.api.Test)4 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)4 Authentication (org.springframework.security.core.Authentication)4 UaaAuthenticationDetails (org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)2 IdentityProviderAuthenticationFailureEvent (org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationFailureEvent)2 UserAuthenticationSuccessEvent (org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent)2 ApplicationEvent (org.springframework.context.ApplicationEvent)2 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2 LinkedList (java.util.LinkedList)1 AbstractUaaEvent (org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent)1 AccountNotPreCreatedException (org.cloudfoundry.identity.uaa.authentication.AccountNotPreCreatedException)1 AccountNotVerifiedException (org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException)1 AuthenticationPolicyRejectionException (org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException)1 AuthzAuthenticationRequest (org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest)1 MfaAuthenticationSuccessEvent (org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent)1 UnverifiedUserAuthenticationEvent (org.cloudfoundry.identity.uaa.authentication.event.UnverifiedUserAuthenticationEvent)1