use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.
the class StatelessMfaAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
MfaProvider provider = null;
try {
if (isGrantTypeSupported(request.getParameter(GRANT_TYPE))) {
provider = checkMfaCode(request);
UaaUser user = getUaaUser();
if (provider != null) {
publishEvent(new MfaAuthenticationSuccessEvent(user, getAuthentication(), provider.getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
}
}
filterChain.doFilter(request, response);
} catch (InsufficientAuthenticationException x) {
handleException(new JsonError(400, "invalid_request", x.getMessage()), response);
} catch (MissingMfaCodeException | UserMfaConfigDoesNotExistException e) {
UaaUser user = getUaaUser();
publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
handleException(new JsonError(400, "invalid_request", e.getMessage()), response);
} catch (InvalidMfaCodeException e) {
UaaUser user = getUaaUser();
publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
handleException(new JsonError(401, "unauthorized", "Bad credentials"), response);
}
}
use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.
the class StatelessMfaAuthenticationFilter method checkMfaCode.
protected MfaProvider checkMfaCode(HttpServletRequest request) {
IdentityZone zone = IdentityZoneHolder.get();
MfaProvider provider = null;
UaaAuthentication authentication = getAuthentication();
if (isMfaEnabled(zone)) {
if (!commonLoginPolicy.isAllowed(authentication.getPrincipal().getId()).isAllowed()) {
throw new RuntimeException();
}
try {
provider = mfaProvider.retrieveByName(zone.getConfig().getMfaConfig().getProviderName(), zone.getId());
} catch (EmptyResultDataAccessException x) {
throw new ProviderNotFoundException("Unable to find MFA provider for zone:" + zone.getSubdomain());
}
Integer code = getMfaCode(request);
UserGoogleMfaCredentials credentials = provisioning.getUserGoogleMfaCredentials(authentication.getPrincipal().getId(), provider.getId());
if (credentials == null) {
throw new UserMfaConfigDoesNotExistException("User must register a multi-factor authentication token");
}
if (!provisioning.isValidCode(credentials, code)) {
throw new InvalidMfaCodeException("Invalid multi-factor authentication code");
}
HashSet<String> authMethods = new HashSet<>(authentication.getAuthenticationMethods());
authMethods.add("otp");
authMethods.add("mfa");
authentication.setAuthenticationMethods(authMethods);
}
return provider;
}
use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.
the class ScimUserEndpointsMockMvcTests method testDeleteMfaUserCredentialsUserDoesNotExist.
@Test
void testDeleteMfaUserCredentialsUserDoesNotExist() throws Exception {
MfaProvider provider = createMfaProvider(IdentityZoneHolder.get().getId());
IdentityZoneHolder.get().getConfig().setMfaConfig(new MfaConfig().setEnabled(true).setProviderName("mfaProvider"));
String userId = "invalidUserId";
MockHttpServletRequestBuilder delete = delete("/Users/" + userId + "/mfa").header("Authorization", "Bearer " + uaaAdminToken).contentType(APPLICATION_JSON);
mockMvc.perform(delete).andExpect(status().isNotFound());
try {
mfaCredentialsProvisioning.retrieve(userId, provider.getId());
fail();
} catch (UserMfaConfigDoesNotExistException e) {
// no op
}
}
Aggregations