use of software.amazon.awssdk.services.cognitoidentityprovider.model.NotAuthorizedException in project cas by apereo.
the class AmazonCognitoAuthenticationAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException {
try {
val authParams = new HashMap<String, String>();
authParams.put("USERNAME", credential.getUsername());
authParams.put("PASSWORD", credential.getPassword());
val authRequest = AdminInitiateAuthRequest.builder();
val request = authRequest.authFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).clientId(properties.getClientId()).userPoolId(properties.getUserPoolId()).authParameters(authParams).build();
val result = cognitoIdentityProvider.adminInitiateAuth(request);
if ("NEW_PASSWORD_REQUIRED".equalsIgnoreCase(result.challengeNameAsString())) {
throw new CredentialExpiredException();
}
val authenticationResult = result.authenticationResult();
val claims = jwtProcessor.process(authenticationResult.idToken(), new SimpleSecurityContext());
if (StringUtils.isBlank(claims.getSubject())) {
throw new FailedLoginException("Unable to accept the id token with an invalid [sub] claim");
}
val userResult = cognitoIdentityProvider.adminGetUser(AdminGetUserRequest.builder().userPoolId(properties.getUserPoolId()).username(credential.getUsername()).build());
val attributes = new LinkedHashMap<String, List<Object>>();
attributes.put("userStatus", CollectionUtils.wrap(userResult.userStatusAsString()));
attributes.put("userCreatedDate", CollectionUtils.wrap(userResult.userCreateDate().toEpochMilli()));
attributes.put("userModifiedDate", CollectionUtils.wrap(userResult.userLastModifiedDate().toEpochMilli()));
val userAttributes = userResult.userAttributes();
userAttributes.forEach(attr -> {
if (!properties.getMappedAttributes().isEmpty() && properties.getMappedAttributes().containsKey(attr.name())) {
val newName = properties.getMappedAttributes().get(attr.name());
attributes.put(newName, CollectionUtils.wrap(attr.value()));
} else {
attributes.put(attr.name(), CollectionUtils.wrap(attr.value()));
}
});
val principal = principalFactory.createPrincipal(userResult.username(), attributes);
return createHandlerResult(credential, principal, new ArrayList<>(0));
} catch (final NotAuthorizedException e) {
val message = e.getMessage();
if (message.contains("expired")) {
throw new AccountExpiredException(message);
}
if (message.contains("disabled")) {
throw new AccountDisabledException(message);
}
throw new FailedLoginException(e.getMessage());
} catch (final UserNotFoundException e) {
throw new AccountNotFoundException(e.getMessage());
} catch (final CredentialExpiredException e) {
throw new AccountPasswordMustChangeException(e.getMessage());
} catch (final InvalidPasswordException e) {
throw new AccountPasswordMustChangeException(e.getMessage());
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
}
Aggregations