Examples with UserRealm org.wso2.carbon.user.api.UserRealm used on opensource projects

Example 11 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method checkWithBackUpCodes.

/**
 * If user forgets the mobile, then user can use the back up codes to authenticate the user.
 *
 * @param context           the AuthenticationContext
 * @param userToken         the userToken
 * @param authenticatedUser the name of authenticatedUser
 * @throws AuthenticationFailedException
 */
private void checkWithBackUpCodes(AuthenticationContext context, String userToken, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    String savedOTPString = null;
    String username = context.getProperty(SMSOTPConstants.USER_NAME).toString();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
    UserRealm userRealm = getUserRealm(username);
    try {
        if (userRealm != null) {
            savedOTPString = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, null);
        }
        if (StringUtils.isEmpty(savedOTPString)) {
            if (log.isDebugEnabled()) {
                log.debug("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
            }
            throw new AuthenticationFailedException("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
        } else if (savedOTPString.contains(userToken)) {
            if (log.isDebugEnabled()) {
                log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
            }
            context.setSubject(authenticatedUser);
            savedOTPString = savedOTPString.replaceAll(userToken, "").replaceAll(",,", ",");
            userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, savedOTPString, null);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + userToken + " does not match with any of the saved backup codes");
            }
            throw new AuthenticationFailedException("Verification Error due to Code " + userToken + " mismatch.");
        }
    } catch (UserStoreException e) {
        throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
    }
}

Example 12 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method updateUserAttribute.

/**
 * Update the mobile number (user attribute) in user's profile.
 *
 * @param username  the Username
 * @param attribute the Attribute
 * @throws SMSOTPException
 */
public static void updateUserAttribute(String username, Map<String, String> attribute, String tenantDomain) throws SMSOTPException {
    try {
        // updating user attributes is independent from tenant association.not tenant association check needed here.
        UserRealm userRealm;
        // user is always in the super tenant.
        userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        if (userRealm == null) {
            throw new SMSOTPException("The specified tenant domain " + tenantDomain + " does not exist.");
        }
        // check whether user already exists in the system.
        SMSOTPUtils.verifyUserExists(username, tenantDomain);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        userStoreManager.setUserClaimValues(username, attribute, null);
    } catch (UserStoreException | AuthenticationFailedException e) {
        throw new SMSOTPException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
    }
}

Example 13 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method getUserRealm.

/**
 * Get the user realm of the logged in user.
 *
 * @param tenantDomain the tenantDomain
 * @return th user realm
 * @throws AuthenticationFailedException
 */
public static UserRealm getUserRealm(String tenantDomain) throws AuthenticationFailedException {
    UserRealm userRealm;
    try {
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
    } catch (Exception e) {
        throw new AuthenticationFailedException("Cannot find the user realm for the tenant domain " + tenantDomain, e);
    }
    return userRealm;
}

Example 14 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method isSMSOTPDisableForLocalUser.

/**
 * Check whether SMSOTP is disable by user.
 *
 * @param username the Username
 * @param context  the AuthenticationContext
 * @return true or false
 * @throws SMSOTPException
 */
public static boolean isSMSOTPDisableForLocalUser(String username, AuthenticationContext context, String authenticatorName) throws SMSOTPException, AuthenticationFailedException {
    UserRealm userRealm;
    try {
        String tenantDomain = MultitenantUtils.getTenantDomain(username);
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
        username = MultitenantUtils.getTenantAwareUsername(String.valueOf(username));
        boolean isEnablingControlledByUser = isSMSOTPEnableOrDisableByUser(context, authenticatorName);
        if (userRealm != null) {
            if (isEnablingControlledByUser) {
                Map<String, String> claimValues = userRealm.getUserStoreManager().getUserClaimValues(username, new String[] { SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI }, null);
                return Boolean.parseBoolean(claimValues.get(SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI));
            }
        } else {
            throw new SMSOTPException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        }
    } catch (UserStoreException e) {
        throw new SMSOTPException("Failed while trying to access userRealm of the user : " + username, e);
    }
    return false;
}

Example 15 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticatorTest method testCheckWithBackUpCodes.

@Test
public void testCheckWithBackUpCodes() throws Exception {
    mockStatic(IdentityTenantUtil.class);
    context.setProperty(SMSOTPConstants.USER_NAME, "admin");
    when(IdentityTenantUtil.getTenantId("carbon.super")).thenReturn(-1234);
    when(IdentityTenantUtil.getRealmService()).thenReturn(realmService);
    when(realmService.getTenantUserRealm(-1234)).thenReturn(userRealm);
    when(userRealm.getUserStoreManager()).thenReturn(userStoreManager);
    when((AuthenticatedUser) context.getProperty(SMSOTPConstants.AUTHENTICATED_USER)).thenReturn(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier("admin"));
    when(userRealm.getUserStoreManager().getUserClaimValue(MultitenantUtils.getTenantAwareUsername("admin"), SMSOTPConstants.SAVED_OTP_LIST, null)).thenReturn("12345,4568,1234,7896");
    AuthenticatedUser user = (AuthenticatedUser) context.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
    Whitebox.invokeMethod(smsotpAuthenticator, "checkWithBackUpCodes", context, "1234", user);
}