Search in sources :

Example 1 with AbstractExternalOAuthIdentityProviderDefinition

use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method mockOidcProvider.

private static void mockOidcProvider(IdentityProviderProvisioning mockIdentityProviderProvisioning) throws MalformedURLException {
    IdentityProvider mockProvider = mock(IdentityProvider.class);
    when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1");
    when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10);
    AbstractExternalOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class);
    when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa"));
    when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id");
    when(mockOidcConfig.getResponseType()).thenReturn("token");
    when(mockProvider.getConfig()).thenReturn(mockOidcConfig);
    when(mockOidcConfig.isShowLinkText()).thenReturn(true);
    when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), any())).thenReturn(singletonList(mockProvider));
}
Also used : AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) URL(java.net.URL)

Example 2 with AbstractExternalOAuthIdentityProviderDefinition

use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method oauth_provider_links_shown.

@Test
void oauth_provider_links_shown() throws Exception {
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
    RawExternalOAuthIdentityProviderDefinition definition = new RawExternalOAuthIdentityProviderDefinition();
    definition.setAuthUrl(new URL("http://auth.url"));
    definition.setTokenUrl(new URL("http://token.url"));
    IdentityProvider<AbstractExternalOAuthIdentityProviderDefinition> identityProvider = MultitenancyFixture.identityProvider("oauth-idp-alias", "uaa");
    identityProvider.setConfig(definition);
    when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), anyString())).thenReturn(singletonList(identityProvider));
    endpoint.loginForHtml(extendedModelMap, null, new MockHttpServletRequest(), singletonList(MediaType.TEXT_HTML));
    assertThat(extendedModelMap.get("showLoginLinks"), equalTo(true));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RawExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.RawExternalOAuthIdentityProviderDefinition) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 3 with AbstractExternalOAuthIdentityProviderDefinition

use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.

the class LoginInfoEndpointTests method passcode_prompt_present_whenThereIsAtleastOneActiveOauthProvider.

@Test
void passcode_prompt_present_whenThereIsAtleastOneActiveOauthProvider() throws Exception {
    LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
    RawExternalOAuthIdentityProviderDefinition definition = new RawExternalOAuthIdentityProviderDefinition().setAuthUrl(new URL("http://auth.url")).setTokenUrl(new URL("http://token.url"));
    IdentityProvider<AbstractExternalOAuthIdentityProviderDefinition> identityProvider = MultitenancyFixture.identityProvider("oauth-idp-alias", "uaa");
    identityProvider.setConfig(definition);
    when(mockIdentityProviderProvisioning.retrieveAll(anyBoolean(), anyString())).thenReturn(singletonList(identityProvider));
    endpoint.infoForLoginJson(extendedModelMap, null, new MockHttpServletRequest("GET", "http://someurl"));
    Map mapPrompts = (Map) extendedModelMap.get("prompts");
    assertNotNull(mapPrompts.get("passcode"));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RawExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.RawExternalOAuthIdentityProviderDefinition) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) Map(java.util.Map) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) HashMap(java.util.HashMap) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 4 with AbstractExternalOAuthIdentityProviderDefinition

use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.

the class LoginInfoEndpoint method login.

private String login(Model model, Principal principal, List<String> excludedPrompts, boolean jsonResponse, HttpServletRequest request) {
    if (principal instanceof UaaAuthentication && ((UaaAuthentication) principal).isAuthenticated()) {
        return "redirect:/home";
    }
    HttpSession session = request != null ? request.getSession(false) : null;
    List<String> allowedIdentityProviderKeys = null;
    String clientName = null;
    Map<String, Object> clientInfo = getClientInfo(session);
    if (clientInfo != null) {
        allowedIdentityProviderKeys = (List<String>) clientInfo.get(ClientConstants.ALLOWED_PROVIDERS);
        clientName = (String) clientInfo.get(ClientConstants.CLIENT_NAME);
    }
    Map<String, SamlIdentityProviderDefinition> samlIdentityProviders = getSamlIdentityProviderDefinitions(allowedIdentityProviderKeys);
    Map<String, AbstractExternalOAuthIdentityProviderDefinition> oauthIdentityProviders = getOauthIdentityProviderDefinitions(allowedIdentityProviderKeys);
    Map<String, AbstractIdentityProviderDefinition> allIdentityProviders = new HashMap<>() {

        {
            putAll(samlIdentityProviders);
            putAll(oauthIdentityProviders);
        }
    };
    boolean fieldUsernameShow = true;
    boolean returnLoginPrompts = true;
    IdentityProvider ldapIdentityProvider = null;
    try {
        ldapIdentityProvider = providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId());
    } catch (EmptyResultDataAccessException ignored) {
    }
    IdentityProvider uaaIdentityProvider = providerProvisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZoneHolder.get().getId());
    // ldap and uaa disabled removes username/password input boxes
    if (!uaaIdentityProvider.isActive()) {
        if (ldapIdentityProvider == null || !ldapIdentityProvider.isActive()) {
            fieldUsernameShow = false;
            returnLoginPrompts = false;
        }
    }
    // ldap or uaa not part of allowedIdentityProviderKeys
    if (allowedIdentityProviderKeys != null && !allowedIdentityProviderKeys.contains(OriginKeys.LDAP) && !allowedIdentityProviderKeys.contains(OriginKeys.UAA) && !allowedIdentityProviderKeys.contains(OriginKeys.KEYSTONE)) {
        fieldUsernameShow = false;
    }
    Map.Entry<String, AbstractIdentityProviderDefinition> idpForRedirect;
    idpForRedirect = evaluateLoginHint(model, session, samlIdentityProviders, oauthIdentityProviders, allIdentityProviders, allowedIdentityProviderKeys, request);
    boolean discoveryEnabled = IdentityZoneHolder.get().getConfig().isIdpDiscoveryEnabled();
    boolean discoveryPerformed = Boolean.parseBoolean(request.getParameter("discoveryPerformed"));
    String defaultIdentityProviderName = IdentityZoneHolder.get().getConfig().getDefaultIdentityProvider();
    idpForRedirect = evaluateIdpDiscovery(model, samlIdentityProviders, oauthIdentityProviders, allIdentityProviders, allowedIdentityProviderKeys, idpForRedirect, discoveryEnabled, discoveryPerformed, defaultIdentityProviderName);
    if (idpForRedirect == null && !jsonResponse && !fieldUsernameShow && allIdentityProviders.size() == 1) {
        idpForRedirect = allIdentityProviders.entrySet().stream().findAny().get();
    }
    if (idpForRedirect != null) {
        String externalRedirect = redirectToExternalProvider(idpForRedirect.getValue(), idpForRedirect.getKey(), request);
        if (externalRedirect != null && !jsonResponse) {
            logger.debug("Following external redirect : " + externalRedirect);
            return externalRedirect;
        }
    }
    boolean linkCreateAccountShow = fieldUsernameShow;
    if (fieldUsernameShow && (allowedIdentityProviderKeys != null) && (!discoveryEnabled || discoveryPerformed)) {
        if (!allowedIdentityProviderKeys.contains(OriginKeys.UAA)) {
            linkCreateAccountShow = false;
            model.addAttribute("login_hint", new UaaLoginHint(OriginKeys.LDAP).toString());
        } else if (!allowedIdentityProviderKeys.contains(OriginKeys.LDAP)) {
            model.addAttribute("login_hint", new UaaLoginHint(OriginKeys.UAA).toString());
        }
    }
    String zonifiedEntityID = getZonifiedEntityId();
    Map links = getLinksInfo();
    if (jsonResponse) {
        setJsonInfo(model, samlIdentityProviders, zonifiedEntityID, links);
    } else {
        updateLoginPageModel(model, request, clientName, samlIdentityProviders, oauthIdentityProviders, fieldUsernameShow, linkCreateAccountShow);
    }
    model.addAttribute(LINKS, links);
    setCommitInfo(model);
    model.addAttribute(ZONE_NAME, IdentityZoneHolder.get().getName());
    // Entity ID to start the discovery
    model.addAttribute(ENTITY_ID, zonifiedEntityID);
    excludedPrompts = new LinkedList<>(excludedPrompts);
    String origin = request != null ? request.getParameter("origin") : null;
    populatePrompts(model, excludedPrompts, origin, samlIdentityProviders, oauthIdentityProviders, excludedPrompts, returnLoginPrompts);
    if (principal == null) {
        return getUnauthenticatedRedirect(model, request, discoveryEnabled, discoveryPerformed);
    }
    return "home";
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) HttpSession(javax.servlet.http.HttpSession) AbstractIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaLoginHint(org.cloudfoundry.identity.uaa.authentication.UaaLoginHint) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) Map(java.util.Map) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Collections.emptyMap(java.util.Collections.emptyMap)

Example 5 with AbstractExternalOAuthIdentityProviderDefinition

use of org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition in project uaa by cloudfoundry.

the class LoginInfoEndpoint method populatePrompts.

private void populatePrompts(Model model, List<String> exclude, String origin, Map<String, SamlIdentityProviderDefinition> samlIdentityProviders, Map<String, AbstractExternalOAuthIdentityProviderDefinition> oauthIdentityProviders, List<String> excludedPrompts, boolean returnLoginPrompts) {
    boolean noIdpsPresent = true;
    for (SamlIdentityProviderDefinition idp : samlIdentityProviders.values()) {
        if (idp.isShowSamlLink()) {
            model.addAttribute(SHOW_LOGIN_LINKS, true);
            noIdpsPresent = false;
            break;
        }
    }
    for (AbstractExternalOAuthIdentityProviderDefinition oauthIdp : oauthIdentityProviders.values()) {
        if (oauthIdp.isShowLinkText()) {
            model.addAttribute(SHOW_LOGIN_LINKS, true);
            noIdpsPresent = false;
            break;
        }
    }
    // make the list writeable
    if (noIdpsPresent) {
        excludedPrompts.add(PASSCODE);
    }
    if (!returnLoginPrompts) {
        excludedPrompts.add("username");
        excludedPrompts.add("password");
    }
    List<Prompt> prompts;
    IdentityZoneConfiguration zoneConfiguration = IdentityZoneHolder.get().getConfig();
    if (isNull(zoneConfiguration)) {
        zoneConfiguration = new IdentityZoneConfiguration();
    }
    prompts = zoneConfiguration.getPrompts();
    if (origin != null) {
        IdentityProvider providerForOrigin = null;
        try {
            providerForOrigin = providerProvisioning.retrieveByOrigin(origin, IdentityZoneHolder.get().getId());
        } catch (DataAccessException ignored) {
        }
        if (providerForOrigin != null) {
            if (providerForOrigin.getConfig() instanceof OIDCIdentityProviderDefinition) {
                OIDCIdentityProviderDefinition oidcConfig = (OIDCIdentityProviderDefinition) providerForOrigin.getConfig();
                List<Prompt> providerPrompts = oidcConfig.getPrompts();
                if (providerPrompts != null) {
                    prompts = providerPrompts;
                }
            }
        }
    }
    Map<String, String[]> map = new LinkedHashMap<>();
    for (Prompt prompt : prompts) {
        String[] details = prompt.getDetails();
        if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
            String urlInPasscode = extractUrlFromString(prompt.getDetails()[1]);
            if (hasText(urlInPasscode)) {
                String[] newDetails = new String[details.length];
                System.arraycopy(details, 0, newDetails, 0, details.length);
                newDetails[1] = newDetails[1].replace(urlInPasscode, addSubdomainToUrl(urlInPasscode, IdentityZoneHolder.get().getSubdomain()));
                details = newDetails;
            }
        }
        map.put(prompt.getName(), details);
    }
    if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get())) {
        Prompt p = new Prompt(MFA_CODE, "password", "MFA Code ( Register at " + addSubdomainToUrl(baseUrl + " )", IdentityZoneHolder.get().getSubdomain()));
        map.putIfAbsent(p.getName(), p.getDetails());
    }
    for (String excludeThisPrompt : exclude) {
        map.remove(excludeThisPrompt);
    }
    model.addAttribute("prompts", map);
}
Also used : IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) OIDCIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition) LinkedHashMap(java.util.LinkedHashMap) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) DataAccessException(org.springframework.dao.DataAccessException) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)

Aggregations

AbstractExternalOAuthIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition)22 IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)11 Test (org.junit.jupiter.api.Test)10 URL (java.net.URL)9 OIDCIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition)8 Matchers.containsString (org.hamcrest.Matchers.containsString)8 HashMap (java.util.HashMap)7 EmptyResultDataAccessException (org.springframework.dao.EmptyResultDataAccessException)6 Map (java.util.Map)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 RawExternalOAuthIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.RawExternalOAuthIdentityProviderDefinition)4 SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)4 Mockito.anyString (org.mockito.Mockito.anyString)4 LinkedHashMap (java.util.LinkedHashMap)3 LinkedList (java.util.LinkedList)3 CompositeToken (org.cloudfoundry.identity.uaa.oauth.token.CompositeToken)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 Timestamp (java.sql.Timestamp)2 Collections.emptyMap (java.util.Collections.emptyMap)2 HttpSession (javax.servlet.http.HttpSession)2