Example 1 with LoginSamlAuthenticationToken
use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class LoginInfoEndpoint method generatePasscode.
@RequestMapping(value = { "/passcode" }, method = GET)
public String generatePasscode(Map<String, Object> model, Principal principal) {
String username;
String origin;
String userId;
Map<String, Object> authorizationParameters = null;
if (principal instanceof UaaPrincipal) {
UaaPrincipal uaaPrincipal = (UaaPrincipal) principal;
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else if (principal instanceof UaaAuthentication) {
UaaPrincipal uaaPrincipal = ((UaaAuthentication) principal).getPrincipal();
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else if (principal instanceof LoginSamlAuthenticationToken) {
username = principal.getName();
origin = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getOrigin();
userId = ((LoginSamlAuthenticationToken) principal).getUaaPrincipal().getId();
} else if (principal instanceof Authentication && ((Authentication) principal).getPrincipal() instanceof UaaPrincipal) {
UaaPrincipal uaaPrincipal = (UaaPrincipal) ((Authentication) principal).getPrincipal();
username = uaaPrincipal.getName();
origin = uaaPrincipal.getOrigin();
userId = uaaPrincipal.getId();
} else {
throw new UnknownPrincipalException();
}
PasscodeInformation pi = new PasscodeInformation(userId, username, null, origin, authorizationParameters);
String intent = ExpiringCodeType.PASSCODE + " " + pi.getUserId();
expiringCodeStore.expireByIntent(intent, IdentityZoneHolder.get().getId());
ExpiringCode code = expiringCodeStore.generateCode(JsonUtils.writeValueAsString(pi), new Timestamp(System.currentTimeMillis() + CODE_EXPIRATION.toMillis()), intent, IdentityZoneHolder.get().getId());
model.put(PASSCODE, code.getCode());
return PASSCODE;
}
Also used :
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)
LoginSamlAuthenticationToken(org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken)
ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
Timestamp(java.sql.Timestamp)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with LoginSamlAuthenticationToken
use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class LoginInfoEndpointTests method generatePasscodeForKnownUaaPrincipal.
@Test
void generatePasscodeForKnownUaaPrincipal() {
LoginInfoEndpoint endpoint = getEndpoint(IdentityZoneHolder.get());
Map<String, Object> model = new HashMap<>();
assertEquals("passcode", endpoint.generatePasscode(model, marissa));
UaaAuthentication uaaAuthentication = new UaaAuthentication(marissa, new ArrayList<>(), new UaaAuthenticationDetails(new MockHttpServletRequest()));
assertEquals("passcode", endpoint.generatePasscode(model, uaaAuthentication));
ExpiringUsernameAuthenticationToken expiringUsernameAuthenticationToken = new ExpiringUsernameAuthenticationToken(marissa, "");
UaaAuthentication samlAuthenticationToken = new LoginSamlAuthenticationToken(marissa, expiringUsernameAuthenticationToken).getUaaAuthentication(emptyList(), emptySet(), new LinkedMultiValueMap<>());
assertEquals("passcode", endpoint.generatePasscode(model, samlAuthenticationToken));
// token with a UaaPrincipal should always work
assertEquals("passcode", endpoint.generatePasscode(model, expiringUsernameAuthenticationToken));
}
Also used :
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
LoginSamlAuthenticationToken(org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken)
HashMap(java.util.HashMap)
UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken)
Matchers.containsString(org.hamcrest.Matchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.junit.jupiter.api.Test)
Example 3 with LoginSamlAuthenticationToken
use of org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken in project uaa by cloudfoundry.
the class PasscodeMockMvcTests method testLoginUsingPasscodeWithSamlToken.
@Test
void testLoginUsingPasscodeWithSamlToken() throws Exception {
ExpiringUsernameAuthenticationToken et = new ExpiringUsernameAuthenticationToken(USERNAME, null);
UaaAuthentication auth = new LoginSamlAuthenticationToken(marissa, et).getUaaAuthentication(Collections.emptyList(), Collections.emptySet(), new LinkedMultiValueMap<>());
final MockSecurityContext mockSecurityContext = new MockSecurityContext(auth);
SecurityContextHolder.setContext(mockSecurityContext);
MockHttpSession session = new MockHttpSession();
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
MockHttpServletRequestBuilder get = get("/passcode").accept(APPLICATION_JSON).session(session);
String passcode = JsonUtils.readValue(mockMvc.perform(get).andExpect(status().isOk()).andReturn().getResponse().getContentAsString(), String.class);
mockSecurityContext.setAuthentication(null);
session = new MockHttpSession();
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(("cf:").getBytes()));
MockHttpServletRequestBuilder post = post("/oauth/token").accept(APPLICATION_JSON).contentType(APPLICATION_FORM_URLENCODED).header("Authorization", basicDigestHeaderValue).param("grant_type", "password").param("passcode", passcode).param("response_type", "token");
Map accessToken = JsonUtils.readValue(mockMvc.perform(post).andExpect(status().isOk()).andReturn().getResponse().getContentAsString(), Map.class);
assertEquals("bearer", accessToken.get("token_type"));
assertNotNull(accessToken.get("access_token"));
assertNotNull(accessToken.get("refresh_token"));
String[] scopes = ((String) accessToken.get("scope")).split(" ");
assertThat(Arrays.asList(scopes), containsInAnyOrder("uaa.user", "scim.userids", "password.write", "cloud_controller.write", "openid", "cloud_controller.read"));
Authentication authentication = captureSecurityContextFilter.getAuthentication();
assertNotNull(authentication);
assertTrue(authentication instanceof OAuth2Authentication);
assertTrue(((OAuth2Authentication) authentication).getUserAuthentication() instanceof UsernamePasswordAuthenticationToken);
assertTrue(authentication.getPrincipal() instanceof UaaPrincipal);
assertEquals(marissa.getOrigin(), ((UaaPrincipal) authentication.getPrincipal()).getOrigin());
}
Also used :
LoginSamlAuthenticationToken(org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken)
ExpiringUsernameAuthenticationToken(org.springframework.security.providers.ExpiringUsernameAuthenticationToken)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
UaaPrincipal(org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
Authentication(org.springframework.security.core.Authentication)
RemoteUserAuthentication(org.cloudfoundry.identity.uaa.oauth.RemoteUserAuthentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
Map(java.util.Map)
LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)
Test(org.junit.jupiter.api.Test)
Aggregations
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)3
LoginSamlAuthenticationToken (org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken)3
UaaPrincipal (org.cloudfoundry.identity.uaa.authentication.UaaPrincipal)2
Test (org.junit.jupiter.api.Test)2
Authentication (org.springframework.security.core.Authentication)2
ExpiringUsernameAuthenticationToken (org.springframework.security.providers.ExpiringUsernameAuthenticationToken)2
Timestamp (java.sql.Timestamp)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
UaaAuthenticationDetails (org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails)1
ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)1
RemoteUserAuthentication (org.cloudfoundry.identity.uaa.oauth.RemoteUserAuthentication)1
Matchers.containsString (org.hamcrest.Matchers.containsString)1
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpSession (org.springframework.mock.web.MockHttpSession)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)1
LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)1
