use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class ExternalLoginAuthenticationManagerTest method testAuthenticateUserExists.
@Test
public void testAuthenticateUserExists() {
Authentication result = manager.authenticate(inputAuth);
userArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
verify(applicationEventPublisher, times(1)).publishEvent(userArgumentCaptor.capture());
assertEquals(1, userArgumentCaptor.getAllValues().size());
IdentityProviderAuthenticationSuccessEvent userevent = (IdentityProviderAuthenticationSuccessEvent) userArgumentCaptor.getAllValues().get(0);
assertEquals(origin, userevent.getUser().getOrigin());
assertEquals(userName, userevent.getUser().getUsername());
}
use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AuthenticationSuccessListenerTests method provider_authentication_success_does_not_trigger_user_authentication_success.
@Test
void provider_authentication_success_does_not_trigger_user_authentication_success() {
when(mockMfaChecker.isMfaEnabledForZoneId(anyString())).thenReturn(true);
IdentityProviderAuthenticationSuccessEvent event = new IdentityProviderAuthenticationSuccessEvent(user, mockUaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId());
listener.onApplicationEvent(event);
verifyZeroInteractions(mockApplicationEventPublisher);
}
use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AuthenticationSuccessListenerTests method provider_authentication_success_triggers_user_authentication_success.
@Test
void provider_authentication_success_triggers_user_authentication_success() {
when(mockMfaChecker.isMfaEnabledForZoneId(anyString())).thenReturn(false);
IdentityProviderAuthenticationSuccessEvent event = new IdentityProviderAuthenticationSuccessEvent(user, mockUaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId());
listener.onApplicationEvent(event);
verify(mockApplicationEventPublisher, times(1)).publishEvent(isA(UserAuthenticationSuccessEvent.class));
}
use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AbstractLdapMockMvcTest method testLogin.
@Test
void testLogin() throws Exception {
getMockMvc().perform(get("/login").header(HOST, host)).andExpect(status().isOk()).andExpect(view().name("login")).andExpect(model().attributeDoesNotExist("saml"));
getMockMvc().perform(post("/login.do").accept(TEXT_HTML_VALUE).header(HOST, host).with(cookieCsrf()).param("username", "marissa").param("password", "koaladsada")).andExpect(status().isFound()).andExpect(unauthenticated()).andExpect(redirectedUrl("/login?error=login_failure"));
ArgumentCaptor<AbstractUaaEvent> captor = ArgumentCaptor.forClass(AbstractUaaEvent.class);
verify(listener, atLeast(5)).onApplicationEvent(captor.capture());
List<AbstractUaaEvent> allValues = captor.getAllValues();
assertThat(allValues.get(5), instanceOf(IdentityProviderAuthenticationFailureEvent.class));
IdentityProviderAuthenticationFailureEvent event = (IdentityProviderAuthenticationFailureEvent) allValues.get(5);
assertEquals("marissa", event.getUsername());
assertEquals(OriginKeys.LDAP, event.getAuthenticationType());
testLogger.reset();
testSuccessfulLogin();
assertThat(testLogger.getMessageCount(), is(5));
String zoneId = zone.getZone().getIdentityZone().getId();
ScimUser createdUser = jdbcScimUserProvisioning.retrieveAll(zoneId).stream().filter(dbUser -> dbUser.getUserName().equals("marissa2")).findFirst().get();
String userCreatedLogMessage = testLogger.getFirstLogMessageOfType(AuditEventType.UserCreatedEvent);
String expectedMessage = String.format("UserCreatedEvent ('[\"user_id=%s\",\"username=marissa2\"]'): principal=%s, origin=[caller=null], identityZoneId=[%s]", createdUser.getId(), createdUser.getId(), zoneId);
assertThat(userCreatedLogMessage, is(expectedMessage));
captor = ArgumentCaptor.forClass(AbstractUaaEvent.class);
verify(listener, atLeast(5)).onApplicationEvent(captor.capture());
allValues = captor.getAllValues();
assertThat(allValues.get(13), instanceOf(IdentityProviderAuthenticationSuccessEvent.class));
IdentityProviderAuthenticationSuccessEvent successEvent = (IdentityProviderAuthenticationSuccessEvent) allValues.get(13);
assertEquals(OriginKeys.LDAP, successEvent.getAuthenticationType());
}
use of org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AuthzAuthenticationManager method authenticate.
@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
logger.debug("Processing authentication request for " + req.getName());
if (req.getCredentials() == null) {
BadCredentialsException e = new BadCredentialsException("No password supplied");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
UaaUser user = getUaaUser(req);
if (user == null) {
logger.debug("No user named '" + req.getName() + "' was found for origin:" + origin);
publish(new UserNotFoundEvent(req, IdentityZoneHolder.getCurrentZoneId()));
} else {
if (!accountLoginPolicy.isAllowed(user, req)) {
logger.warn("Login policy rejected authentication for " + user.getUsername() + ", " + user.getId() + ". Ignoring login request.");
AuthenticationPolicyRejectionException e = new AuthenticationPolicyRejectionException("Your account has been locked because of too many failed attempts to login.");
publish(new AuthenticationFailureLockedEvent(req, e));
throw e;
}
boolean passwordMatches = ((CharSequence) req.getCredentials()).length() != 0 && encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
if (!passwordMatches) {
logger.debug("Password did not match for user " + req.getName());
publish(new IdentityProviderAuthenticationFailureEvent(req, req.getName(), OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
publish(new UserAuthenticationFailureEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
} else {
logger.debug("Password successfully matched for userId[" + user.getUsername() + "]:" + user.getId());
boolean userMustBeVerified = !allowUnverifiedUsers || !user.isLegacyVerificationBehavior();
if (userMustBeVerified && !user.isVerified()) {
publish(new UnverifiedUserAuthenticationEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
logger.debug("Account not verified: " + user.getId());
throw new AccountNotVerifiedException("Account not verified");
}
UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(user), user.getAuthorities(), (UaaAuthenticationDetails) req.getDetails());
uaaAuthentication.setAuthenticationMethods(Collections.singleton("pwd"));
if (userMustUpdatePassword(user)) {
logger.info("Password change required for user: " + user.getEmail());
user.setPasswordChangeRequired(true);
SessionUtils.setPasswordChangeRequired(httpSession, true);
}
publish(new IdentityProviderAuthenticationSuccessEvent(user, uaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
return uaaAuthentication;
}
}
BadCredentialsException e = new BadCredentialsException("Bad credentials");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
Aggregations