Search in sources :

Example 1 with AuthenticateStatus

use of org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateStatus in project oxAuth by GluuFederation.

the class U2fAuthenticationWS method finishAuthentication.

@POST
@Produces({ "application/json" })
public Response finishAuthentication(@FormParam("username") String userName, @FormParam("tokenResponse") String authenticateResponseString) {
    String sessionState = null;
    try {
        log.debug("Finishing authentication for username '{}' with response '{}'", userName, authenticateResponseString);
        AuthenticateResponse authenticateResponse = ServerUtil.jsonMapperWithWrapRoot().readValue(authenticateResponseString, AuthenticateResponse.class);
        String requestId = authenticateResponse.getRequestId();
        AuthenticateRequestMessageLdap authenticateRequestMessageLdap = u2fAuthenticationService.getAuthenticationRequestMessageByRequestId(requestId);
        if (authenticateRequestMessageLdap == null) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SESSION_EXPIRED)).build());
        }
        sessionState = authenticateRequestMessageLdap.getSessionState();
        u2fAuthenticationService.removeAuthenticationRequestMessage(authenticateRequestMessageLdap);
        AuthenticateRequestMessage authenticateRequestMessage = authenticateRequestMessageLdap.getAuthenticateRequestMessage();
        String foundUserInum = authenticateRequestMessageLdap.getUserInum();
        DeviceRegistrationResult deviceRegistrationResult = u2fAuthenticationService.finishAuthentication(authenticateRequestMessage, authenticateResponse, foundUserInum);
        // If sessionState is not empty update session
        if (StringHelper.isNotEmpty(sessionState)) {
            log.debug("There is session state. Setting session state attributes");
            boolean oneStep = StringHelper.isEmpty(userName);
            userSessionStateService.updateUserSessionStateOnFinishRequest(sessionState, foundUserInum, deviceRegistrationResult, false, oneStep);
        }
        AuthenticateStatus authenticationStatus = new AuthenticateStatus(Constants.RESULT_SUCCESS, requestId);
        // convert manually to avoid possible conflict between resteasy
        // providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(authenticationStatus);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        try {
            // If sessionState is not empty update session
            if (StringHelper.isNotEmpty(sessionState)) {
                log.debug("There is session state. Setting session state status to 'declined'");
                userSessionStateService.updateUserSessionStateOnError(sessionState);
            }
        } catch (Exception ex2) {
            log.error("Failed to update session state status", ex2);
        }
        if (ex instanceof BadInputException) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.INVALID_REQUEST)).build());
        }
        if (ex instanceof DeviceCompromisedException) {
            DeviceRegistration deviceRegistration = ((DeviceCompromisedException) ex).getDeviceRegistration();
            try {
                deviceRegistrationService.disableUserDeviceRegistration(deviceRegistration);
            } catch (Exception ex2) {
                log.error("Failed to mark device '{}' as compomised", ex2, deviceRegistration.getId());
            }
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.DEVICE_COMPROMISED)).build());
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
    }
}
Also used : AuthenticateStatus(org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateStatus) AuthenticateResponse(org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateResponse) AuthenticateRequestMessageLdap(org.xdi.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap) AuthenticateRequestMessage(org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage) BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException) WebApplicationException(javax.ws.rs.WebApplicationException) DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration) DeviceRegistrationResult(org.xdi.oxauth.model.fido.u2f.DeviceRegistrationResult) DeviceCompromisedException(org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException) DeviceCompromisedException(org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException) NoEligableDevicesException(org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException) InvalidKeyHandleDeviceException(org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException) BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException) WebApplicationException(javax.ws.rs.WebApplicationException) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Aggregations

POST (javax.ws.rs.POST)1 Produces (javax.ws.rs.Produces)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 DeviceCompromisedException (org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException)1 InvalidKeyHandleDeviceException (org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)1 NoEligableDevicesException (org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException)1 AuthenticateRequestMessageLdap (org.xdi.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)1 DeviceRegistration (org.xdi.oxauth.model.fido.u2f.DeviceRegistration)1 DeviceRegistrationResult (org.xdi.oxauth.model.fido.u2f.DeviceRegistrationResult)1 BadInputException (org.xdi.oxauth.model.fido.u2f.exception.BadInputException)1 AuthenticateRequestMessage (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1 AuthenticateResponse (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateResponse)1 AuthenticateStatus (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateStatus)1