4851 |
14 Jun 18 |
nicklas |
1 |
package net.sf.basedb.otp; |
4851 |
14 Jun 18 |
nicklas |
2 |
|
4851 |
14 Jun 18 |
nicklas |
3 |
|
4853 |
15 Jun 18 |
nicklas |
4 |
import java.security.GeneralSecurityException; |
4853 |
15 Jun 18 |
nicklas |
5 |
|
4851 |
14 Jun 18 |
nicklas |
6 |
import net.sf.basedb.core.AuthenticationContext; |
4851 |
14 Jun 18 |
nicklas |
7 |
import net.sf.basedb.core.authentication.AuthenticatedUser; |
4851 |
14 Jun 18 |
nicklas |
8 |
import net.sf.basedb.core.authentication.AuthenticationManager; |
5153 |
28 Nov 18 |
nicklas |
9 |
import net.sf.basedb.core.authentication.AuthenticationMethod; |
4853 |
15 Jun 18 |
nicklas |
10 |
import net.sf.basedb.core.authentication.LoginException; |
4851 |
14 Jun 18 |
nicklas |
11 |
import net.sf.basedb.core.authentication.LoginRequest; |
4851 |
14 Jun 18 |
nicklas |
12 |
import net.sf.basedb.core.data.UserData; |
4851 |
14 Jun 18 |
nicklas |
13 |
|
4851 |
14 Jun 18 |
nicklas |
14 |
/** |
4851 |
14 Jun 18 |
nicklas |
Authentication manager for setting up one-time-passwords |
4851 |
14 Jun 18 |
nicklas |
for user accounts. Triggered if the LoginRequest contains |
4851 |
14 Jun 18 |
nicklas |
an attribute 'mode' with value 'otp-setup'. |
4851 |
14 Jun 18 |
nicklas |
18 |
|
4851 |
14 Jun 18 |
nicklas |
@author nicklas |
4851 |
14 Jun 18 |
nicklas |
@since 1.0 |
4851 |
14 Jun 18 |
nicklas |
21 |
*/ |
4851 |
14 Jun 18 |
nicklas |
22 |
public class SetupOtpAuthenticationManager |
4851 |
14 Jun 18 |
nicklas |
23 |
implements AuthenticationManager |
4851 |
14 Jun 18 |
nicklas |
24 |
{ |
4851 |
14 Jun 18 |
nicklas |
25 |
|
4851 |
14 Jun 18 |
nicklas |
26 |
private final AuthenticationContext context; |
4851 |
14 Jun 18 |
nicklas |
27 |
|
4851 |
14 Jun 18 |
nicklas |
28 |
public SetupOtpAuthenticationManager(AuthenticationContext context) |
4851 |
14 Jun 18 |
nicklas |
29 |
{ |
4851 |
14 Jun 18 |
nicklas |
30 |
this.context = context; |
4851 |
14 Jun 18 |
nicklas |
31 |
} |
4851 |
14 Jun 18 |
nicklas |
32 |
|
4851 |
14 Jun 18 |
nicklas |
33 |
@Override |
4851 |
14 Jun 18 |
nicklas |
34 |
public AuthenticatedUser authenticate() |
4851 |
14 Jun 18 |
nicklas |
35 |
{ |
4851 |
14 Jun 18 |
nicklas |
36 |
LoginRequest request = context.getLoginRequest(); |
4851 |
14 Jun 18 |
nicklas |
37 |
String login = request.getLogin(); |
4851 |
14 Jun 18 |
nicklas |
38 |
|
4851 |
14 Jun 18 |
nicklas |
// Check if the user exists |
4851 |
14 Jun 18 |
nicklas |
40 |
UserData user = context.getUserByLogin(login); |
4851 |
14 Jun 18 |
nicklas |
41 |
if (user == null) |
4851 |
14 Jun 18 |
nicklas |
42 |
{ |
4851 |
14 Jun 18 |
nicklas |
43 |
throw new LoginException("Unknown username '" + login + "'."); |
4851 |
14 Jun 18 |
nicklas |
44 |
} |
4851 |
14 Jun 18 |
nicklas |
45 |
|
4946 |
27 Aug 18 |
nicklas |
// Do not allow OTP on multi-user accounts since it would be |
4946 |
27 Aug 18 |
nicklas |
// difficult to setup |
4946 |
27 Aug 18 |
nicklas |
48 |
if (user.isMultiuserAccount()) |
4946 |
27 Aug 18 |
nicklas |
49 |
{ |
4946 |
27 Aug 18 |
nicklas |
50 |
throw new LoginException("OTP is not allowed for multi-user accounts."); |
4946 |
27 Aug 18 |
nicklas |
51 |
} |
4946 |
27 Aug 18 |
nicklas |
52 |
|
4851 |
14 Jun 18 |
nicklas |
53 |
String otpKey = (String)user.getExtended("otpSecretKey"); |
4851 |
14 Jun 18 |
nicklas |
54 |
if (otpKey != null) |
4851 |
14 Jun 18 |
nicklas |
55 |
{ |
4851 |
14 Jun 18 |
nicklas |
// This user already has OTP. It is not allowed to change it. |
4851 |
14 Jun 18 |
nicklas |
57 |
throw new LoginException("OTP is already configured for user '" + login + "'."); |
4851 |
14 Jun 18 |
nicklas |
58 |
} |
4851 |
14 Jun 18 |
nicklas |
59 |
|
4851 |
14 Jun 18 |
nicklas |
// Use internal verification to check the password |
4851 |
14 Jun 18 |
nicklas |
61 |
context.verifyUserInternal(request); |
4851 |
14 Jun 18 |
nicklas |
62 |
|
4851 |
14 Jun 18 |
nicklas |
// Save the OTP secret key |
4851 |
14 Jun 18 |
nicklas |
64 |
otpKey = request.getAttribute("otpSecretKey"); |
4853 |
15 Jun 18 |
nicklas |
65 |
try |
4853 |
15 Jun 18 |
nicklas |
66 |
{ |
4853 |
15 Jun 18 |
nicklas |
67 |
String otpKeyEncrypted = CryptUtil.encrypt(otpKey, user.getId()); |
4853 |
15 Jun 18 |
nicklas |
68 |
user.setExtended("otpSecretKey", otpKeyEncrypted); |
4921 |
09 Aug 18 |
nicklas |
69 |
user.setExtended("otpIsRequired", true); |
4853 |
15 Jun 18 |
nicklas |
70 |
} |
4853 |
15 Jun 18 |
nicklas |
71 |
catch (GeneralSecurityException ex) |
4853 |
15 Jun 18 |
nicklas |
72 |
{ |
4853 |
15 Jun 18 |
nicklas |
73 |
throw new LoginException(ex.getMessage(), ex); |
4853 |
15 Jun 18 |
nicklas |
74 |
} |
4851 |
14 Jun 18 |
nicklas |
75 |
|
4851 |
14 Jun 18 |
nicklas |
// We must complete the login in order to commit the transaction |
5153 |
28 Nov 18 |
nicklas |
77 |
AuthenticatedUser auth = new AuthenticatedUser(AuthenticationMethod.PASSWORD, user); |
4851 |
14 Jun 18 |
nicklas |
78 |
return auth; |
4851 |
14 Jun 18 |
nicklas |
79 |
} |
4851 |
14 Jun 18 |
nicklas |
80 |
|
4851 |
14 Jun 18 |
nicklas |
81 |
|
4851 |
14 Jun 18 |
nicklas |
82 |
} |