Examples with UserSecret org.molgenis.security.twofactor.model.UserSecret used on opensource projects

Example 1 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class RecoveryServiceImpl method useRecoveryCode.

@Override
@Transactional
public void useRecoveryCode(String recoveryCode) {
    String userId = getUser().getId();
    RecoveryCode existingCode = runAsSystem(() -> dataService.query(RECOVERY_CODE, RecoveryCode.class).eq(USER_ID, userId).and().eq(CODE, recoveryCode).findOne());
    if (existingCode != null) {
        runAsSystem(() -> dataService.delete(RECOVERY_CODE, existingCode));
        UserSecret secret = runAsSystem(() -> dataService.query(USER_SECRET, UserSecret.class).eq(UserSecretMetaData.USER_ID, userId).findOne());
        secret.setFailedLoginAttempts(0);
        runAsSystem(() -> dataService.update(USER_SECRET, secret));
    } else {
        throw new BadCredentialsException("Invalid recovery code or code already used");
    }
}

Example 2 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method resetSecretForUser.

@Override
public void resetSecretForUser() {
    User user = getUser();
    Stream<UserSecret> userSecrets = runAsSystem(() -> dataService.query(USER_SECRET, UserSecret.class).eq(USER_ID, user.getId()).findAll());
    // noinspection RedundantCast
    runAsSystem((Runnable) () -> dataService.delete(USER_SECRET, userSecrets));
}

Example 3 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method isVerificationCodeValidForUser.

@Override
public boolean isVerificationCodeValidForUser(String verificationCode) {
    boolean isValid = false;
    UserSecret userSecret = getSecret();
    if (!userIsBlocked()) {
        try {
            if (otpService.tryVerificationCode(verificationCode, userSecret.getSecret())) {
                isValid = true;
                updateFailedLoginAttempts(0);
            }
        } catch (InvalidVerificationCodeException err) {
            updateFailedLoginAttempts(userSecret.getFailedLoginAttempts() + FAILED_LOGIN_ATTEMPT_ITERATION);
            if (!userIsBlocked()) {
                throw err;
            }
        }
    }
    return isValid;
}

Example 4 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method saveSecretForUser.

@Override
public void saveSecretForUser(String secret) {
    if (secret == null) {
        throw new InternalAuthenticationServiceException("No secretKey found");
    } else {
        User user = getUser();
        UserSecret userSecret = userSecretFactory.create();
        userSecret.setUserId(user.getId());
        userSecret.setSecret(secret);
        runAsSystem(() -> dataService.add(USER_SECRET, userSecret));
    }
}

Example 5 with UserSecret

use of org.molgenis.security.twofactor.model.UserSecret in project molgenis by molgenis.

the class TwoFactorAuthenticationServiceImpl method getSecret.

private UserSecret getSecret() {
    User user = getUser();
    UserSecret secret = runAsSystem(() -> dataService.query(USER_SECRET, UserSecret.class).eq(UserSecretMetaData.USER_ID, user.getId()).findOne());
    if (secret != null) {
        return secret;
    } else {
        throw new InternalAuthenticationServiceException(format("Secret not found, user: [{0}] is not configured for two factor authentication", user.getUsername()));
    }
}