use of org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent in project uaa by cloudfoundry.
the class AuthzAuthenticationManager method authenticate.
@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
logger.debug("Processing authentication request for " + req.getName());
if (req.getCredentials() == null) {
BadCredentialsException e = new BadCredentialsException("No password supplied");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
UaaUser user = getUaaUser(req);
if (user == null) {
logger.debug("No user named '" + req.getName() + "' was found for origin:" + origin);
publish(new UserNotFoundEvent(req, IdentityZoneHolder.getCurrentZoneId()));
} else {
if (!accountLoginPolicy.isAllowed(user, req)) {
logger.warn("Login policy rejected authentication for " + user.getUsername() + ", " + user.getId() + ". Ignoring login request.");
AuthenticationPolicyRejectionException e = new AuthenticationPolicyRejectionException("Your account has been locked because of too many failed attempts to login.");
publish(new AuthenticationFailureLockedEvent(req, e));
throw e;
}
boolean passwordMatches = ((CharSequence) req.getCredentials()).length() != 0 && encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
if (!passwordMatches) {
logger.debug("Password did not match for user " + req.getName());
publish(new IdentityProviderAuthenticationFailureEvent(req, req.getName(), OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
publish(new UserAuthenticationFailureEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
} else {
logger.debug("Password successfully matched for userId[" + user.getUsername() + "]:" + user.getId());
boolean userMustBeVerified = !allowUnverifiedUsers || !user.isLegacyVerificationBehavior();
if (userMustBeVerified && !user.isVerified()) {
publish(new UnverifiedUserAuthenticationEvent(user, req, IdentityZoneHolder.getCurrentZoneId()));
logger.debug("Account not verified: " + user.getId());
throw new AccountNotVerifiedException("Account not verified");
}
UaaAuthentication uaaAuthentication = new UaaAuthentication(new UaaPrincipal(user), user.getAuthorities(), (UaaAuthenticationDetails) req.getDetails());
uaaAuthentication.setAuthenticationMethods(Collections.singleton("pwd"));
if (userMustUpdatePassword(user)) {
logger.info("Password change required for user: " + user.getEmail());
user.setPasswordChangeRequired(true);
SessionUtils.setPasswordChangeRequired(httpSession, true);
}
publish(new IdentityProviderAuthenticationSuccessEvent(user, uaaAuthentication, OriginKeys.UAA, IdentityZoneHolder.getCurrentZoneId()));
return uaaAuthentication;
}
}
BadCredentialsException e = new BadCredentialsException("Bad credentials");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
use of org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent in project uaa by cloudfoundry.
the class AuditListenerTests method userNotFoundIsAudited.
@Test
void userNotFoundIsAudited(final RandomStringGetter zoneId) {
when(mockAuthentication.getName()).thenReturn("name");
auditListener.onApplicationEvent(new UserNotFoundEvent(mockAuthentication, zoneId.get()));
verify(mockUaaAuditService).log(isA(AuditEvent.class), eq(zoneId.get()));
}
Aggregations