Search in sources :

Example 11 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method checkWithBackUpCodes.

/**
 * If user forgets the mobile, then user can use the back up codes to authenticate the user.
 *
 * @param context           the AuthenticationContext
 * @param userToken         the userToken
 * @param authenticatedUser the name of authenticatedUser
 * @throws AuthenticationFailedException
 */
private void checkWithBackUpCodes(AuthenticationContext context, String userToken, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    String savedOTPString = null;
    String username = context.getProperty(SMSOTPConstants.USER_NAME).toString();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
    UserRealm userRealm = getUserRealm(username);
    try {
        if (userRealm != null) {
            savedOTPString = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, null);
        }
        if (StringUtils.isEmpty(savedOTPString)) {
            if (log.isDebugEnabled()) {
                log.debug("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
            }
            throw new AuthenticationFailedException("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
        } else if (savedOTPString.contains(userToken)) {
            if (log.isDebugEnabled()) {
                log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
            }
            context.setSubject(authenticatedUser);
            savedOTPString = savedOTPString.replaceAll(userToken, "").replaceAll(",,", ",");
            userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, savedOTPString, null);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + userToken + " does not match with any of the saved backup codes");
            }
            throw new AuthenticationFailedException("Verification Error due to Code " + userToken + " mismatch.");
        }
    } catch (UserStoreException e) {
        throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 12 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method updateUserAttribute.

/**
 * Update the mobile number (user attribute) in user's profile.
 *
 * @param username  the Username
 * @param attribute the Attribute
 * @throws SMSOTPException
 */
public static void updateUserAttribute(String username, Map<String, String> attribute, String tenantDomain) throws SMSOTPException {
    try {
        // updating user attributes is independent from tenant association.not tenant association check needed here.
        UserRealm userRealm;
        // user is always in the super tenant.
        userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        if (userRealm == null) {
            throw new SMSOTPException("The specified tenant domain " + tenantDomain + " does not exist.");
        }
        // check whether user already exists in the system.
        SMSOTPUtils.verifyUserExists(username, tenantDomain);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        userStoreManager.setUserClaimValues(username, attribute, null);
    } catch (UserStoreException | AuthenticationFailedException e) {
        throw new SMSOTPException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Example 13 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method getUserRealm.

/**
 * Get the user realm of the logged in user.
 *
 * @param tenantDomain the tenantDomain
 * @return th user realm
 * @throws AuthenticationFailedException
 */
public static UserRealm getUserRealm(String tenantDomain) throws AuthenticationFailedException {
    UserRealm userRealm;
    try {
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
    } catch (Exception e) {
        throw new AuthenticationFailedException("Cannot find the user realm for the tenant domain " + tenantDomain, e);
    }
    return userRealm;
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) RealmService(org.wso2.carbon.user.core.service.RealmService) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException)

Example 14 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method isSMSOTPDisableForLocalUser.

/**
 * Check whether SMSOTP is disable by user.
 *
 * @param username the Username
 * @param context  the AuthenticationContext
 * @return true or false
 * @throws SMSOTPException
 */
public static boolean isSMSOTPDisableForLocalUser(String username, AuthenticationContext context, String authenticatorName) throws SMSOTPException, AuthenticationFailedException {
    UserRealm userRealm;
    try {
        String tenantDomain = MultitenantUtils.getTenantDomain(username);
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
        username = MultitenantUtils.getTenantAwareUsername(String.valueOf(username));
        boolean isEnablingControlledByUser = isSMSOTPEnableOrDisableByUser(context, authenticatorName);
        if (userRealm != null) {
            if (isEnablingControlledByUser) {
                Map<String, String> claimValues = userRealm.getUserStoreManager().getUserClaimValues(username, new String[] { SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI }, null);
                return Boolean.parseBoolean(claimValues.get(SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI));
            }
        } else {
            throw new SMSOTPException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        }
    } catch (UserStoreException e) {
        throw new SMSOTPException("Failed while trying to access userRealm of the user : " + username, e);
    }
    return false;
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException)

Example 15 with UserRealm

use of org.wso2.carbon.user.api.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticatorTest method testCheckWithBackUpCodes.

@Test
public void testCheckWithBackUpCodes() throws Exception {
    mockStatic(IdentityTenantUtil.class);
    context.setProperty(SMSOTPConstants.USER_NAME, "admin");
    when(IdentityTenantUtil.getTenantId("carbon.super")).thenReturn(-1234);
    when(IdentityTenantUtil.getRealmService()).thenReturn(realmService);
    when(realmService.getTenantUserRealm(-1234)).thenReturn(userRealm);
    when(userRealm.getUserStoreManager()).thenReturn(userStoreManager);
    when((AuthenticatedUser) context.getProperty(SMSOTPConstants.AUTHENTICATED_USER)).thenReturn(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier("admin"));
    when(userRealm.getUserStoreManager().getUserClaimValue(MultitenantUtils.getTenantAwareUsername("admin"), SMSOTPConstants.SAVED_OTP_LIST, null)).thenReturn("12345,4568,1234,7896");
    AuthenticatedUser user = (AuthenticatedUser) context.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
    Whitebox.invokeMethod(smsotpAuthenticator, "checkWithBackUpCodes", context, "1234", user);
}
Also used : AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

UserRealm (org.wso2.carbon.user.api.UserRealm)11 UserStoreException (org.wso2.carbon.user.api.UserStoreException)9 AuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException)6 SMSOTPException (org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException)5 UserRealm (org.wso2.carbon.user.core.UserRealm)4 RealmService (org.wso2.carbon.user.core.service.RealmService)4 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)3 UserStoreException (org.wso2.carbon.user.core.UserStoreException)3 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2 Test (org.testng.annotations.Test)2 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)2 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2 IOException (java.io.IOException)1 ActivitiIllegalArgumentException (org.activiti.engine.ActivitiIllegalArgumentException)1 CarbonException (org.wso2.carbon.CarbonException)1 BPMNForbiddenException (org.wso2.carbon.bpmn.rest.common.exception.BPMNForbiddenException)1 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1 HumanTaskRuntimeException (org.wso2.carbon.humantask.core.engine.runtime.api.HumanTaskRuntimeException)1 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)1