Search in sources :

Example 1 with UserMfaConfigDoesNotExistException

use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.

the class StatelessMfaAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    MfaProvider provider = null;
    try {
        if (isGrantTypeSupported(request.getParameter(GRANT_TYPE))) {
            provider = checkMfaCode(request);
            UaaUser user = getUaaUser();
            if (provider != null) {
                publishEvent(new MfaAuthenticationSuccessEvent(user, getAuthentication(), provider.getType().toValue(), IdentityZoneHolder.getCurrentZoneId()));
            }
        }
        filterChain.doFilter(request, response);
    } catch (InsufficientAuthenticationException x) {
        handleException(new JsonError(400, "invalid_request", x.getMessage()), response);
    } catch (MissingMfaCodeException | UserMfaConfigDoesNotExistException e) {
        UaaUser user = getUaaUser();
        publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
        handleException(new JsonError(400, "invalid_request", e.getMessage()), response);
    } catch (InvalidMfaCodeException e) {
        UaaUser user = getUaaUser();
        publishEvent(new MfaAuthenticationFailureEvent(user, getAuthentication(), provider != null ? provider.getType().toValue() : "null", IdentityZoneHolder.getCurrentZoneId()));
        handleException(new JsonError(401, "unauthorized", "Bad credentials"), response);
    }
}
Also used : MissingMfaCodeException(org.cloudfoundry.identity.uaa.mfa.exception.MissingMfaCodeException) MfaAuthenticationFailureEvent(org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationFailureEvent) UaaUser(org.cloudfoundry.identity.uaa.user.UaaUser) InvalidMfaCodeException(org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaCodeException) MfaAuthenticationSuccessEvent(org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent) UserMfaConfigDoesNotExistException(org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)

Example 2 with UserMfaConfigDoesNotExistException

use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.

the class StatelessMfaAuthenticationFilter method checkMfaCode.

protected MfaProvider checkMfaCode(HttpServletRequest request) {
    IdentityZone zone = IdentityZoneHolder.get();
    MfaProvider provider = null;
    UaaAuthentication authentication = getAuthentication();
    if (isMfaEnabled(zone)) {
        if (!commonLoginPolicy.isAllowed(authentication.getPrincipal().getId()).isAllowed()) {
            throw new RuntimeException();
        }
        try {
            provider = mfaProvider.retrieveByName(zone.getConfig().getMfaConfig().getProviderName(), zone.getId());
        } catch (EmptyResultDataAccessException x) {
            throw new ProviderNotFoundException("Unable to find MFA provider for zone:" + zone.getSubdomain());
        }
        Integer code = getMfaCode(request);
        UserGoogleMfaCredentials credentials = provisioning.getUserGoogleMfaCredentials(authentication.getPrincipal().getId(), provider.getId());
        if (credentials == null) {
            throw new UserMfaConfigDoesNotExistException("User must register a multi-factor authentication token");
        }
        if (!provisioning.isValidCode(credentials, code)) {
            throw new InvalidMfaCodeException("Invalid multi-factor authentication code");
        }
        HashSet<String> authMethods = new HashSet<>(authentication.getAuthenticationMethods());
        authMethods.add("otp");
        authMethods.add("mfa");
        authentication.setAuthenticationMethods(authMethods);
    }
    return provider;
}
Also used : InvalidMfaCodeException(org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaCodeException) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) ProviderNotFoundException(org.springframework.security.authentication.ProviderNotFoundException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) UserMfaConfigDoesNotExistException(org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException) HashSet(java.util.HashSet)

Example 3 with UserMfaConfigDoesNotExistException

use of org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException in project uaa by cloudfoundry.

the class ScimUserEndpointsMockMvcTests method testDeleteMfaUserCredentialsUserDoesNotExist.

@Test
void testDeleteMfaUserCredentialsUserDoesNotExist() throws Exception {
    MfaProvider provider = createMfaProvider(IdentityZoneHolder.get().getId());
    IdentityZoneHolder.get().getConfig().setMfaConfig(new MfaConfig().setEnabled(true).setProviderName("mfaProvider"));
    String userId = "invalidUserId";
    MockHttpServletRequestBuilder delete = delete("/Users/" + userId + "/mfa").header("Authorization", "Bearer " + uaaAdminToken).contentType(APPLICATION_JSON);
    mockMvc.perform(delete).andExpect(status().isNotFound());
    try {
        mfaCredentialsProvisioning.retrieve(userId, provider.getId());
        fail();
    } catch (UserMfaConfigDoesNotExistException e) {
    // no op
    }
}
Also used : MfaProvider(org.cloudfoundry.identity.uaa.mfa.MfaProvider) MfaConfig(org.cloudfoundry.identity.uaa.zone.MfaConfig) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) UserMfaConfigDoesNotExistException(org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException) Test(org.junit.jupiter.api.Test)

Aggregations

UserMfaConfigDoesNotExistException (org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException)3 InvalidMfaCodeException (org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaCodeException)2 HashSet (java.util.HashSet)1 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)1 MfaAuthenticationFailureEvent (org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationFailureEvent)1 MfaAuthenticationSuccessEvent (org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent)1 MfaProvider (org.cloudfoundry.identity.uaa.mfa.MfaProvider)1 MissingMfaCodeException (org.cloudfoundry.identity.uaa.mfa.exception.MissingMfaCodeException)1 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)1 IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)1 MfaConfig (org.cloudfoundry.identity.uaa.zone.MfaConfig)1 Test (org.junit.jupiter.api.Test)1 EmptyResultDataAccessException (org.springframework.dao.EmptyResultDataAccessException)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 ProviderNotFoundException (org.springframework.security.authentication.ProviderNotFoundException)1 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)1