Examples with AuthenticatorOathService org.forgerock.openam.core.rest.devices.services.AuthenticatorOathService used on opensource projects

Example 1 with AuthenticatorOathService

use of org.forgerock.openam.core.rest.devices.services.AuthenticatorOathService in project OpenAM by OpenRock.

the class OathDevicesResource method actionCollection.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest request) {
    try {
        //could be admin
        final AMIdentity identity = getUserIdFromUri(context);
        final AuthenticatorOathService realmOathService = oathServiceFactory.create(getRealm(context));
        switch(request.getAction()) {
            case SKIP:
                try {
                    final boolean setValue = request.getContent().get(VALUE).asBoolean();
                    realmOathService.setUserSkipOath(identity, setValue ? AuthenticatorOathService.SKIPPABLE : AuthenticatorOathService.NOT_SKIPPABLE);
                    return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().build()));
                } catch (SSOException | IdRepoException e) {
                    debug.error("OathDevicesResource :: SKIP action - Unable to set value in user store.", e);
                    return new InternalServerErrorException().asPromise();
                }
            case CHECK:
                try {
                    final Set resultSet = identity.getAttribute(realmOathService.getSkippableAttributeName());
                    boolean result = false;
                    if (CollectionUtils.isNotEmpty(resultSet)) {
                        String tmp = (String) resultSet.iterator().next();
                        int resultInt = Integer.valueOf(tmp);
                        if (resultInt == AuthenticatorOathService.SKIPPABLE) {
                            result = true;
                        }
                    }
                    return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().put(RESULT, result).build()));
                } catch (SSOException | IdRepoException e) {
                    debug.error("OathDevicesResource :: CHECK action - Unable to read value from user store.", e);
                    return new InternalServerErrorException().asPromise();
                }
            case //sets their 'skippable' selection to default (NOT_SET) and deletes their profiles attribute
            RESET:
                try {
                    realmOathService.setUserSkipOath(identity, AuthenticatorOathService.NOT_SET);
                    realmOathService.removeAllUserDevices(identity);
                    return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().put(RESULT, true).build()));
                } catch (SSOException | IdRepoException e) {
                    debug.error("OathDevicesResource :: Action - Unable to reset identity attributes", e);
                    return new InternalServerErrorException().asPromise();
                }
            default:
                return new NotSupportedException().asPromise();
        }
    } catch (SMSException e) {
        debug.error("OathDevicesResource :: Action - Unable to communicate with the SMS.", e);
        return new InternalServerErrorException().asPromise();
    } catch (SSOException | InternalServerErrorException e) {
        debug.error("OathDevicesResource :: Action - Unable to retrieve identity data from request context", e);
        return new InternalServerErrorException().asPromise();
    }
}

Example 2 with AuthenticatorOathService

use of org.forgerock.openam.core.rest.devices.services.AuthenticatorOathService in project OpenAM by OpenRock.

the class OathDevicesResource method deleteInstance.

@Override
public Promise<ResourceResponse, ResourceException> deleteInstance(Context context, String resourceId, DeleteRequest request) {
    try {
        final AuthenticatorOathService realmOathService = oathServiceFactory.create(getRealm(context));
        //could be admin
        final AMIdentity identity = getUserIdFromUri(context);
        //make sure we successfully delete
        Promise<ResourceResponse, ResourceException> promise = super.deleteInstance(context, resourceId, request);
        //then reset the skippable attr
        realmOathService.setUserSkipOath(identity, AuthenticatorOathService.NOT_SET);
        return promise;
    } catch (InternalServerErrorException | SMSException e) {
        debug.error("OathDevicesResource :: Delete - Unable to communicate with the SMS.", e);
        return new InternalServerErrorException().asPromise();
    } catch (SSOException | IdRepoException e) {
        debug.error("OathDevicesResource :: Delete - Unable to reset identity attributes", e);
        return new InternalServerErrorException().asPromise();
    }
}

Example 3 with AuthenticatorOathService

use of org.forgerock.openam.core.rest.devices.services.AuthenticatorOathService in project OpenAM by OpenRock.

the class AuthenticatorOATH method init.

/**
     * Initializes the authentication module. This function gets the modules
     * settings, and the username from the previous authentication module in
     * the chain.
     *
     * @param subject For whom this module is initializing.
     * @param sharedState Previously chained module data.
     * @param options Configuration for this module.
     */
@Override
public void init(Subject subject, Map sharedState, Map options) {
    if (debug.messageEnabled()) {
        debug.message("OATH::init");
    }
    //get username from previous authentication
    try {
        userName = (String) sharedState.get(getUserKey());
        //gets skippable name from the realm's service and stores it
        id = getIdentity();
        realmOathService = new AuthenticatorOathService(id.getRealm());
        this.authLevel = CollectionHelper.getMapAttr(options, AUTHLEVEL);
        try {
            this.passLen = CollectionHelper.getIntMapAttr(options, PASSWORD_LENGTH, 0, debug);
        } catch (NumberFormatException e) {
            passLen = 0;
        }
        try {
            this.minSecretKeyLength = CollectionHelper.getIntMapAttr(options, MIN_SECRET_KEY_LENGTH, 0, debug);
        } catch (NumberFormatException e) {
            //Default value has been deleted, set to 0
            minSecretKeyLength = 0;
        }
        this.windowSize = CollectionHelper.getIntMapAttr(options, WINDOW_SIZE, 0, debug);
        this.truncationOffset = CollectionHelper.getIntMapAttr(options, TRUNCATION_OFFSET, -1, debug);
        this.isOptional = !getLoginState("authenticatorOATH").is2faMandatory();
        this.totpTimeStep = CollectionHelper.getIntMapAttr(options, TOTP_TIME_STEP, 1, debug);
        this.totpStepsInWindow = CollectionHelper.getIntMapAttr(options, TOTP_STEPS_IN_WINDOW, 1, debug);
        this.checksum = CollectionHelper.getBooleanMapAttr(options, CHECKSUM, false);
        this.totpMaxClockDrift = CollectionHelper.getIntMapAttr(options, MAXIMUM_CLOCK_DRIFT, 0, debug);
        this.issuerName = CollectionHelper.getMapAttr(options, ISSUER_NAME);
        final String algorithm = CollectionHelper.getMapAttr(options, ALGORITHM);
        if (algorithm.equalsIgnoreCase("HOTP")) {
            this.algorithm = HOTP;
        } else if (algorithm.equalsIgnoreCase("TOTP")) {
            this.algorithm = TOTP;
        } else {
            this.algorithm = ERROR;
        }
        //set authentication level
        if (authLevel != null) {
            try {
                setAuthLevel(Integer.parseInt(authLevel));
            } catch (Exception e) {
                if (debug.errorEnabled()) {
                    debug.error("OATH :: init() : Unable to set auth level " + authLevel, e);
                }
            }
        }
    } catch (SMSException | SSOException | AuthLoginException e) {
        if (debug.errorEnabled()) {
            debug.error("OATH :: init() : Unable to configure basic module properties " + authLevel, e);
        }
    }
}