use of org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AuthenticationSuccessListenerTests method mfa_authentication_success_triggers_user_authentication_success.
@Test
void mfa_authentication_success_triggers_user_authentication_success() {
MfaAuthenticationSuccessEvent event = new MfaAuthenticationSuccessEvent(user, mockUaaAuthentication, "mfa-type", IdentityZoneHolder.getCurrentZoneId());
listener.onApplicationEvent(event);
verify(mockApplicationEventPublisher, times(1)).publishEvent(isA(UserAuthenticationSuccessEvent.class));
}
use of org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class StatelessMfaAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
MfaProvider provider = null;
try {
if (isGrantTypeSupported(request.getParameter(GRANT_TYPE))) {
provider = checkMfaCode(request);
UaaUser user = getUaaUser();
if (provider != null) {
publishEvent(new MfaAuthenticationSuccessEvent(user, getAuthentication(), provider.getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
}
}
filterChain.doFilter(request, response);
} catch (InsufficientAuthenticationException x) {
handleException(new JsonError(400, "invalid_request", x.getMessage()), response);
} catch (MissingMfaCodeException | UserMfaConfigDoesNotExistException e) {
UaaUser user = getUaaUser();
publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
handleException(new JsonError(400, "invalid_request", e.getMessage()), response);
} catch (InvalidMfaCodeException e) {
UaaUser user = getUaaUser();
publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
handleException(new JsonError(401, "unauthorized", "Bad credentials"), response);
}
}
use of org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class TotpMfaEndpoint method validateCode.
@RequestMapping(value = { "/verify.do" }, method = RequestMethod.POST)
public ModelAndView validateCode(Model model, @RequestParam("code") String code, @ModelAttribute("uaaMfaCredentials") UserGoogleMfaCredentials credentials, HttpServletRequest request, SessionStatus sessionStatus) throws UaaPrincipalIsNotInSession {
UaaAuthentication uaaAuth = getUaaAuthentication();
UaaPrincipal uaaPrincipal = getSessionAuthPrincipal();
if (!this.mfaPolicy.isAllowed(uaaPrincipal.getId()).isAllowed()) {
throw new AuthenticationPolicyRejectionException("Your account has been locked because of too many failed attempts to login.");
}
try {
Integer codeValue = Integer.valueOf(code);
if (mfaCredentialsProvisioning.isValidCode(credentials, codeValue)) {
if (mfaCredentialsProvisioning.getUserGoogleMfaCredentials(uaaPrincipal.getId()) == null) {
mfaCredentialsProvisioning.saveUserCredentials(credentials);
}
Set<String> authMethods = new HashSet<>(uaaAuth.getAuthenticationMethods());
authMethods.addAll(Arrays.asList("otp", "mfa"));
uaaAuth.setAuthenticationMethods(authMethods);
publish(new MfaAuthenticationSuccessEvent(getUaaUser(uaaPrincipal), uaaAuth, getMfaProvider().getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
sessionStatus.setComplete();
SessionUtils.setSecurityContext(request.getSession(), SecurityContextHolder.getContext());
return new ModelAndView(new RedirectView(mfaCompleteUrl, true));
}
logger.debug("Code authorization failed for user: " + uaaPrincipal.getId());
publish(new MfaAuthenticationFailureEvent(getUaaUser(uaaPrincipal), uaaAuth, getMfaProvider().getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
model.addAttribute("error", "Incorrect code, please try again.");
} catch (NumberFormatException | GoogleAuthenticatorException e) {
logger.debug("Error validating the code for user: " + uaaPrincipal.getId() + ". Error: " + e.getMessage());
publish(new MfaAuthenticationFailureEvent(getUaaUser(uaaPrincipal), uaaAuth, getMfaProvider().getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
model.addAttribute("error", "Incorrect code, please try again.");
}
return renderEnterCodePage(model, uaaPrincipal);
}
use of org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class StatelessMfaAuthenticationFilterTests method when_valid_mfa_auth_code_given_with_previously_failed_mfa_auth_attempts_interleaved_with_successful_mfa_auth_event_but_not_locked_out_should_pass.
@Test
public void when_valid_mfa_auth_code_given_with_previously_failed_mfa_auth_attempts_interleaved_with_successful_mfa_auth_event_but_not_locked_out_should_pass() {
long fixedTime = 1L;
when(timeService.getCurrentTimeMillis()).thenReturn(fixedTime);
AuditEvent failedMfaEvent = new MfaAuthenticationFailureEvent(user, authentication, GOOGLE_AUTHENTICATOR.toValue(), IdentityZoneHolder.getCurrentZoneId()).getAuditEvent();
AuditEvent successfulMfaEvent = new MfaAuthenticationSuccessEvent(user, authentication, GOOGLE_AUTHENTICATOR.toValue(), IdentityZoneHolder.getCurrentZoneId()).getAuditEvent();
ArrayList<AuditEvent> events = Lists.newArrayList(failedMfaEvent, failedMfaEvent, successfulMfaEvent, failedMfaEvent);
when(jdbcAuditServiceMock.find(user.getId(), fixedTime, zone.getId())).thenReturn(events);
LockoutPolicy lockoutPolicy = new LockoutPolicy(1, 3, 5);
when(lockoutPolicyRetriever.getLockoutPolicy()).thenReturn(lockoutPolicy);
request.setParameter(MFA_CODE, "123456");
filter.checkMfaCode(request);
}
use of org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent in project uaa by cloudfoundry.
the class AuthenticationSuccessListener method onApplicationEvent.
@Override
public void onApplicationEvent(AbstractUaaAuthenticationEvent event) {
if (event instanceof UserAuthenticationSuccessEvent) {
onApplicationEvent((UserAuthenticationSuccessEvent) event, event.getIdentityZoneId());
} else if (event instanceof IdentityProviderAuthenticationSuccessEvent) {
IdentityProviderAuthenticationSuccessEvent passwordAuthEvent = (IdentityProviderAuthenticationSuccessEvent) event;
UserAuthenticationSuccessEvent userEvent = new UserAuthenticationSuccessEvent(passwordAuthEvent.getUser(), (Authentication) passwordAuthEvent.getSource(), IdentityZoneHolder.getCurrentZoneId());
if (!checker.isMfaEnabledForZoneId(userEvent.getIdentityZoneId())) {
publisher.publishEvent(userEvent);
}
} else if (event instanceof MfaAuthenticationSuccessEvent) {
MfaAuthenticationSuccessEvent mfaEvent = (MfaAuthenticationSuccessEvent) event;
UserAuthenticationSuccessEvent userEvent = new UserAuthenticationSuccessEvent(mfaEvent.getUser(), (Authentication) mfaEvent.getSource(), IdentityZoneHolder.getCurrentZoneId());
publisher.publishEvent(userEvent);
}
}
Aggregations