use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class LoginInfoEndpoint method generatePasscode.
@RequestMapping(value = { "/passcode" }, method = GET)
public String generatePasscode(Map<String, Object> model, Principal principal) {
String username;
String origin;
String userId;
Map<String, Object> authorizationParameters = null;
if (principal instanceof UaaPrincipal) {
UaaPrincipal uaaPrincipal = (UaaPrincipal) principal;
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else if (principal instanceof UaaAuthentication) {
UaaPrincipal uaaPrincipal = ((UaaAuthentication) principal).getPrincipal();
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else if (principal instanceof LoginSamlAuthenticationToken) {
username = principal.getName();
origin = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getOrigin();
userId = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getId();
} else if (principal instanceof Authentication && ((Authentication) principal).getPrincipal() instanceof UaaPrincipal) {
UaaPrincipal uaaPrincipal = (UaaPrincipal) ((Authentication) principal).getPrincipal();
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else {
throw new UnknownPrincipalException();
}
PasscodeInformation pi = new PasscodeInformation(userId, username, null, origin, authorizationParameters);
String intent = ExpiringCodeType.PASSCODE + " " + pi.getUserId();
expiringCodeStore.expireByIntent(intent, IdentityZoneHolder.get().getId());
ExpiringCode code = expiringCodeStore.generateCode(JsonUtils.writeValueAsString(pi), new Timestamp(System.currentTimeMillis() + CODE_EXPIRATION.toMillis()), intent, IdentityZoneHolder.get().getId());
model.put(PASSCODE, code.getCode());
return PASSCODE;
}
use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class LoginInfoEndpointTests method generatePasscodeForKnownUaaPrincipal.
@Test
void generatePasscodeForKnownUaaPrincipal() {
LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
Map<String, Object> model = new HashMap<>();
assertEquals("passcode", endpoint.generatePasscode(model, marissa));
UaaAuthentication uaaAuthentication = new UaaAuthentication(marissa, new ArrayList<>(), new UaaAuthenticationDetails(new MockHttpServletRequest()));
assertEquals("passcode", endpoint.generatePasscode(model, uaaAuthentication));
ExpiringUsernameAuthenticationToken expiringUsernameAuthenticationToken = new ExpiringUsernameAuthenticationToken(marissa, "");
UaaAuthentication samlAuthenticationToken = new LoginSamlAuthenticationToken(marissa, expiringUsernameAuthenticationToken).getUaaAuthentication(emptyList(), emptySet(), new LinkedMultiValueMap<>());
assertEquals("passcode", endpoint.generatePasscode(model, samlAuthenticationToken));
// token with a UaaPrincipal should always work
assertEquals("passcode", endpoint.generatePasscode(model, expiringUsernameAuthenticationToken));
}
use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class PasscodeMockMvcTests method testLoginUsingPasscodeWithSamlToken.
@Test
void testLoginUsingPasscodeWithSamlToken() throws Exception {
ExpiringUsernameAuthenticationToken et = new ExpiringUsernameAuthenticationToken(USERNAME, null);
UaaAuthentication auth = new LoginSamlAuthenticationToken(marissa, et).getUaaAuthentication(Collections.emptyList(), Collections.emptySet(), new LinkedMultiValueMap<>());
final MockSecurityContext mockSecurityContext = new MockSecurityContext(auth);
SecurityContextHolder.setContext(mockSecurityContext);
MockHttpSession session = new MockHttpSession();
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
MockHttpServletRequestBuilder get = get("/passcode").accept(APPLICATION_JSON).session(session);
String passcode = JsonUtils.readValue(mockMvc.perform(get).andExpect(status().isOk()).andReturn().getResponse().getContentAsString(), String.class);
mockSecurityContext.setAuthentication(null);
session = new MockHttpSession();
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(("cf:").getBytes()));
MockHttpServletRequestBuilder post = post("/oauth/token").accept(APPLICATION_JSON).contentType(APPLICATION_FORM_URLENCODED).header("Authorization", basicDigestHeaderValue).param("grant_type", "password").param("passcode", passcode).param("response_type", "token");
Map accessToken = JsonUtils.readValue(mockMvc.perform(post).andExpect(status().isOk()).andReturn().getResponse().getContentAsString(), Map.class);
assertEquals("bearer", accessToken.get("token_type"));
assertNotNull(accessToken.get("access_token"));
assertNotNull(accessToken.get("refresh_token"));
String[] scopes = ((String) accessToken.get("scope")).split(" ");
assertThat(Arrays.asList(scopes), containsInAnyOrder("uaa.user", "scim.userids", "password.write", "cloud_controller.write", "openid", "cloud_controller.read"));
Authentication authentication = captureSecurityContextFilter.getAuthentication();
assertNotNull(authentication);
assertTrue(authentication instanceof OAuth2Authentication);
assertTrue(((OAuth2Authentication) authentication).getUserAuthentication() instanceof UsernamePasswordAuthenticationToken);
assertTrue(authentication.getPrincipal() instanceof UaaPrincipal);
assertEquals(marissa.getOrigin(), ((UaaPrincipal) authentication.getPrincipal()).getOrigin());
}
Aggregations