def parseProviderConfigs(self): self.registeredProviders = {} try: if self.behaveAs == None or self.behaveAs == "social": print "Passport. parseProviderConfigs. Adding social providers" passportDN = CdiUtil.bean(ConfigurationFactory).getLdapConfiguration().getString("oxpassport_ConfigurationEntryDN") entryManager = CdiUtil.bean(AppInitializer).getLdapEntryManager() config = LdapOxPassportConfiguration() config = entryManager.find(config.getClass(), passportDN).getPassportConfigurations() if config != None: for strategy in config: provider = strategy.getStrategy() self.registeredProviders[provider] = { "emailLinkingSafe" : False } for field in strategy.getFieldset(): if StringHelper.equalsIgnoreCase(field.getValue1(), "emailLinkingSafe") and StringHelper.equalsIgnoreCase(field.getValue2(), "true"): self.registeredProviders[provider]["emailLinkingSafe"] = True if self.behaveAs == None or self.behaveAs == "saml": print "Passport. parseProviderConfigs. Adding SAML IDPs" f = open("/etc/gluu/conf/passport-saml-config.json", 'r') config = json.loads(f.read()) for provider in config: if "enable" in provider and StringHelper.equalsIgnoreCase(provider["enable"], "true"): self.registeredProviders[provider] = { "emailLinkingSafe" : "emailLinkingSafe" in provider and StringHelper.equalsIgnoreCase(provider["emailLinkingSafe"], "true"), "saml" : True } except: print "Passport. parseProviderConfigs. An error occurred while building the list of supported authentication providers", sys.exc_info()[1]
def lockUser(self, user_name, maxCount): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService = CdiUtil.bean(CacheService) facesMessages = CdiUtil.bean(FacesMessages) facesMessages.setKeepMessages() find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None status_attribute_value = userService.getCustomAttribute( find_user_by_uid, "gluuStatus") if status_attribute_value != None: user_status = status_attribute_value.getValue() if StringHelper.equals(user_status, "inactive"): print "Basic (lock account). Lock user. User '%s' locked already" % user_name return userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "inactive") updated_user = userService.updateUser(find_user_by_uid) object_to_store = "{'locked': true}" cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_" + user_name, object_to_store) facesMessages.add( FacesMessage.SEVERITY_ERROR, "Your account is locked. Please try again after " + StringHelper.toString(self.lockExpirationTime) + " secs") print "Basic (lock account). Lock user. User '%s' locked" % user_name
def unLockUser(self, user_name): if StringHelper.isEmpty(user_name): return None userService = CdiUtil.bean(UserService) cacheService = CdiUtil.bean(CacheService) find_user_by_uid = userService.getUser(user_name) if (find_user_by_uid == None): return None object_to_store = json.dumps( { 'locked': False, 'created': LocalDateTime.now().toString() }, separators=(',', ':')) cacheService.put(StringHelper.toString(self.lockExpirationTime), "lock_user_" + user_name, object_to_store) userService.setCustomAttribute(find_user_by_uid, "gluuStatus", "active") userService.setCustomAttribute(find_user_by_uid, self.invalidLoginCountAttribute, None) updated_user = userService.updateUser(find_user_by_uid) print "Basic (lock account). Lock user. User '%s' unlocked" % user_name
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic (multi login). Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() key_value = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(key_value) and StringHelper.isNotEmptyString(user_password)): i = 0 count = len(self.login_attributes_list_array) while (i < count): primary_key = self.login_attributes_list_array[i] local_primary_key = self.local_login_attributes_list_array[ i] logged_in = authenticationService.authenticate( key_value, user_password, primary_key, local_primary_key) if (logged_in): return True i += 1 return False else: return False
def prepareForStep(self, configurationAttributes, requestParameters, step): if step == 1: print "CAS2. Prepare for step 1" requestParameterService = CdiUtil.bean(RequestParameterService) httpService = CdiUtil.bean(HttpService) facesContext = CdiUtil.bean(FacesContext) request = facesContext.getExternalContext().getRequest() parametersMap = HashMap() parametersMap.put( "service", httpService.constructServerUrl(request) + "/postlogin") if self.cas_renew_opt: parametersMap.put("renew", "true") cas_service_request_uri = requestParameterService.parametersAsString( parametersMap) cas_service_request_uri = self.cas_host + "/login?" + cas_service_request_uri if self.cas_extra_opts != None: cas_service_request_uri = cas_service_request_uri + "&" + self.cas_extra_opts print "CAS2. Prepare for step 1. cas_service_request_uri: " + cas_service_request_uri facesService = CdiUtil.bean(FacesService) facesService.redirectToExternalURL(cas_service_request_uri) return True elif step == 2: print "CAS2. Prepare for step 2" return True else: return False
def prepareForStep(self, configurationAttributes, requestParameters, step): print "Casa. prepareForStep %s" % str(step) identity = CdiUtil.bean(Identity) if step == 1: # (re)load the list of external authentication providers currently supported. # this avoids touching this custom script if new providers are added or their config simply changes self.registeredProviders = self.parseProviderConfigs() identity.setWorkingParameter("externalProviders", json.dumps(self.registeredProviders)) return True else: session_attributes = identity.getSessionId().getSessionAttributes() authenticationService = CdiUtil.bean(AuthenticationService) user = authenticationService.getAuthenticatedUser() if user == None: print "Casa. prepareForStep. Cannot retrieve logged user" return False acr = session_attributes.get("ACR") print "Casa. prepareForStep. ACR = %s" % acr identity.setWorkingParameter("methods", self.getAvailMethodsUser(user, acr)) if acr in self.authenticators: module = self.authenticators[acr] return module.prepareForStep(module.configAttrs, requestParameters, step) else: return False
def validateSessionDeviceStatus(self, client_redirect_uri, session_device_status, user_name = None): userService = CdiUtil.bean(UserService) deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService) u2f_device_id = session_device_status['device_id'] u2f_device = None if session_device_status['enroll'] and session_device_status['one_step']: u2f_device = deviceRegistrationService.findOneStepUserDeviceRegistration(u2f_device_id) if u2f_device == None: print "Super-Gluu. Validate session device status. There is no one step u2f_device '%s'" % u2f_device_id return False else: # Validate if user has specified device_id enrollment user_inum = userService.getUserInum(user_name) if session_device_status['one_step']: user_inum = session_device_status['user_inum'] u2f_device = deviceRegistrationService.findUserDeviceRegistration(user_inum, u2f_device_id) if u2f_device == None: print "Super-Gluu. Validate session device status. There is no u2f_device '%s' associated with user '%s'" % (u2f_device_id, user_inum) return False if not StringHelper.equalsIgnoreCase(client_redirect_uri, u2f_device.application): print "Super-Gluu. Validate session device status. u2f_device '%s' associated with other application '%s'" % (u2f_device_id, u2f_device.application) return False return True
def prepareForStep(self, configuration_attributes, request_parameters, step): print "ThumbSignIn. Inside prepareForStep. Step %d" % step identity = CdiUtil.bean(Identity) authentication_service = CdiUtil.bean(AuthenticationService) identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) self.set_relying_party_login_url(identity) if step == 1 or step == 3: print "ThumbSignIn. Prepare for step 1" self.initialize_thumbsignin(identity, AUTHENTICATE) return True elif step == 2: print "ThumbSignIn. Prepare for step 2" if identity.isSetWorkingParameter(USER_LOGIN_FLOW): user_login_flow = identity.getWorkingParameter(USER_LOGIN_FLOW) print "ThumbSignIn. Value of user_login_flow is %s" % user_login_flow user = authentication_service.getAuthenticatedUser() if user is None: print "ThumbSignIn. Prepare for step 2. Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Prepare for step 2. user_name: " + user_name if user_name is None: return False identity.setWorkingParameter(USER_ID, user_name) self.initialize_thumbsignin(identity, REGISTER + "/" + user_name) return True else: return False
def validateRecaptcha(self, recaptcha_response): print "Cert. Validate recaptcha response" facesContext = CdiUtil.bean(FacesContext) request = facesContext.getExternalContext().getRequest() remoteip = ServerUtil.getIpAddress(request) print "Cert. Validate recaptcha response. remoteip: '%s'" % remoteip httpService = CdiUtil.bean(HttpService) http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() http_client_params.setIntParameter( CoreConnectionPNames.CONNECTION_TIMEOUT, 15 * 1000) recaptcha_validation_url = "https://www.google.com/recaptcha/api/siteverify" recaptcha_validation_request = urllib.urlencode({ "secret": self.recaptcha_creds['secret_key'], "response": recaptcha_response, "remoteip": remoteip }) recaptcha_validation_headers = { "Content-type": "application/x-www-form-urlencoded", "Accept": "application/json" } try: http_service_response = httpService.executePost( http_client, recaptcha_validation_url, None, recaptcha_validation_headers, recaptcha_validation_request) http_response = http_service_response.getHttpResponse() except: print "Cert. Validate recaptcha response. Exception: ", sys.exc_info( )[1] return False try: if not httpService.isResponseStastusCodeOk(http_response): print "Cert. Validate recaptcha response. Get invalid response from validation server: ", str( http_response.getStatusLine().getStatusCode()) httpService.consume(http_response) return False response_bytes = httpService.getResponseContent(http_response) response_string = httpService.convertEntityToString(response_bytes) httpService.consume(http_response) finally: http_service_response.closeConnection() if response_string == None: print "Cert. Validate recaptcha response. Get empty response from validation server" return False response = json.loads(response_string) return response["success"]
def prepareForStep(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) authenticationService = CdiUtil.bean(AuthenticationService) duo_host = configurationAttributes.get("duo_host").getValue2() if (step == 1): print "Duo. Prepare for step 1" return True elif (step == 2): print "Duo. Prepare for step 2" user = authenticationService.getAuthenticatedUser() if (user == None): print "Duo. Prepare for step 2. Failed to determine user name" return False user_name = user.getUserId() duo_sig_request = duo_web.sign_request(self.ikey, self.skey, self.akey, user_name) print "Duo. Prepare for step 2. duo_sig_request: " + duo_sig_request identity.setWorkingParameter("duo_host", duo_host) identity.setWorkingParameter("duo_sig_request", duo_sig_request) return True else: return False
def checkUserUniqueness(self, user): if self.userEnforceAttributesUniqueness == None: return True userService = CdiUtil.bean(UserService) # Prepare user object to search by pattern userBaseDn = userService.getDnForUser(None) userToSearch = User() userToSearch.setDn(userBaseDn) for userAttributeName in self.userEnforceAttributesUniqueness: attribute_values_list = user.getAttributeValues(userAttributeName) if (attribute_values_list != None) and (attribute_values_list.size() > 0): userToSearch.setAttribute(userAttributeName, attribute_values_list) ldapEntryManager = CdiUtil.bean("ldapEntryManager") users = userService.getUserBySample(userToSearch, 1) if users.size() > 0: return False return True
def init(self, configurationAttributes): print "InWebo. Initialization" iw_cert_store_type = configurationAttributes.get( "iw_cert_store_type").getValue2() iw_cert_path = configurationAttributes.get("iw_cert_path").getValue2() iw_creds_file = configurationAttributes.get( "iw_creds_file").getValue2() # Load credentials from file f = open(iw_creds_file, 'r') try: creds = json.loads(f.read()) except: return False finally: f.close() iw_cert_password = creds["CERT_PASSWORD"] try: encryptionService = CdiUtil.bean(EncryptionService) iw_cert_password = encryptionService.decrypt(iw_cert_password) except: return False httpService = CdiUtil.bean(HttpService) self.client = httpService.getHttpsClient(None, None, None, iw_cert_store_type, iw_cert_path, iw_cert_password) print "InWebo. Initialized successfully" return True
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() session_attributes = identity.getSessionId().getSessionAttributes() client_id = session_attributes.get("client_id") print "Basic (client group). Get client_id: '%s' authorization request" % client_id user_groups = self.client_configurations.get(client_id) if user_groups == None: print "Basic (client group). There is no user groups configuration for client_id '%s'. allow_default_login: %s" % ( client_id, self.allow_default_login) if not self.allow_default_login: return False result = self.authenticateImpl(credentials, authenticationService) return result is_member_client_groups = self.isUserMemberOfGroups( credentials, user_groups) if not is_member_client_groups: print "Basic (client group). User '%s' hasn't permissions to log into client_id '%s' application. " % ( credentials.getUsername(), client_id) return False result = self.authenticateImpl(credentials, authenticationService) return result
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if 1 <= step <= 3: print "Basic (demo reset step). Authenticate for step '%s'" % step identity = CdiUtil.bean(Identity) identity.setWorkingParameter("pass_authentication", False) credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): userService = CdiUtil.bean(UserService) logged_in = authenticationService.authenticate( user_name, user_password) if (not logged_in): return False identity.setWorkingParameter("pass_authentication", True) return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) logged_in = False if (step == 1): print "Basic. Authenticate for step 1" credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): try: authNr = HESAuthenticator(self.hideezUrl) hUser = authNr.authN(user_name, user_password) print "Hideez user: Email %s, Name %s, Surname %s" % (hUser.email, hUser.firstName, hUser.lastName) authenticationService.authenticate(user_name) self.hideez_count_login_steps = 1 logged_in = True except HESAuthenticator.NeedOTPException, ex: identity.setWorkingParameter("hideez_user_name", user_name) identity.setWorkingParameter("hideez_user_password", user_password) self.hideez_count_login_steps = 2 logged_in = True # except (HESAuthenticator.UserNotFoundException, HESAuthenticator.InvalidCredentialsException, HESAuthenticator.UserIsLockedout), ex: # logged_in = False # print ex.class.name + ex.message except Exception, ex: logged_in = False print ex.class.name + ex.message
def parseSocialProviders(self): registeredProviders = {} try: passportDN = CdiUtil.bean( ConfigurationFactory).getLdapConfiguration().getString( "oxpassport_ConfigurationEntryDN") entryManager = CdiUtil.bean( AppInitializer).createLdapEntryManager() config = LdapOxPassportConfiguration() config = entryManager.find(config.getClass(), passportDN).getPassportConfigurations() if config != None: for strategy in config: provider = strategy.getStrategy() registeredProviders[provider] = {"saml": False} property = "logo_img" for field in strategy.getFieldset(): if StringHelper.equalsIgnoreCase( field.getValue1(), property): registeredProviders[provider][ property] = field.getValue2() break if not property in registeredProviders[provider]: registeredProviders[provider][ property] = "img/%s.png" % provider except: print "Casa. parseProviderConfigs. An error occurred while building the list of supported social authentication providers", sys.exc_info( )[1] return registeredProviders
def prepareForStep(self, configurationAttributes, requestParameters, step): print "Casa. prepareForStep %s" % str(step) if step == 1: return True else: identity = CdiUtil.bean(Identity) session_attributes = identity.getSessionId().getSessionAttributes() authenticationService = CdiUtil.bean(AuthenticationService) user = authenticationService.getAuthenticatedUser() if user == None: print "Casa. prepareForStep. Cannot retrieve logged user" return False acr = session_attributes.get("ACR") print "Casa. prepareForStep. ACR = %s" % acr identity.setWorkingParameter("methods", self.getAvailMethodsUser(user, acr)) if acr in self.authenticators: module = self.authenticators[acr] return module.prepareForStep(module.configAttrs, requestParameters, step) else: return False
def getSmtpConfig(self): ''' get SMTP config from Gluu Server return dict ''' smtpconfig = CdiUtil.bean(ConfigurationService).getConfiguration().getSmtpConfiguration() if smtpconfig is None: print "Forgot Password - SMTP CONFIG DOESN'T EXIST - Please configure" else: print "Forgot Password - SMTP CONFIG FOUND" encryptionService = CdiUtil.bean(EncryptionService) smtp_config = { 'host' : smtpconfig.getHost(), 'port' : smtpconfig.getPort(), 'user' : smtpconfig.getUserName(), 'from' : smtpconfig.getFromEmailAddress(), 'pwd_decrypted' : encryptionService.decrypt(smtpconfig.getPassword()), 'req_ssl' : smtpconfig.isRequiresSsl(), 'requires_authentication' : smtpconfig.isRequiresAuthentication(), 'server_trust' : smtpconfig.isServerTrust() } return smtp_config
def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): print "Identifier First. getAlternativeAuthenticationMethod" identity = CdiUtil.bean(Identity) user_name = identity.getCredentials().getUsername() print "Identifier First. Inspecting user %s" % user_name attributes=identity.getSessionId().getSessionAttributes() attributes.put("roUserName", user_name) acr = None try: userService = CdiUtil.bean(UserService) foundUser = userService.getUserByAttribute("uid", user_name) if foundUser == None: print "Identifier First. User does not exist" return "" attr = configurationAttributes.get("acr_attribute").getValue2() acr=foundUser.getAttribute(attr) #acr="u2f" or "otp" or "twilio_sms", etc... if acr == None: acr = "basic" except: print "Identifier First. Error looking up user or his preferred method" print "Identifier First. new acr value %s" % acr return acr
def getPassportRedirectUrl(self, provider): # provider is assumed to exist in self.registeredProviders url = None try: facesContext = CdiUtil.bean(FacesContext) tokenEndpoint = "https://%s/passport/token" % facesContext.getExternalContext().getRequest().getServerName() httpService = CdiUtil.bean(HttpService) httpclient = httpService.getHttpsClient() print "Passport. getPassportRedirectUrl. Obtaining token from passport at %s" % tokenEndpoint resultResponse = httpService.executeGet(httpclient, tokenEndpoint, Collections.singletonMap("Accept", "text/json")) httpResponse = resultResponse.getHttpResponse() bytes = httpService.getResponseContent(httpResponse) response = httpService.convertEntityToString(bytes) print "Passport. getPassportRedirectUrl. Response was %s" % httpResponse.getStatusLine().getStatusCode() tokenObj = json.loads(response) if self.registeredProviders[provider]["saml"]: provider = "saml/" + provider url = "/passport/auth/%s/%s" % (provider, tokenObj["token_"]) except: print "Passport. getPassportRedirectUrl. Error building redirect URL: ", sys.exc_info()[1] return url
def authenticate(self, configuration_attributes, request_parameters, step): print "ThumbSignIn. Inside authenticate. Step %d" % step authentication_service = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) if step == 1 or step == 3: print "ThumbSignIn. Authenticate for Step %d" % step login_flow = ServerUtil.getFirstValue(request_parameters, "login_flow") print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow # Logic for ThumbSignIn Authentication Flow (Either step 1 or step 3) if login_flow == THUMBSIGNIN_AUTHENTICATION or login_flow == THUMBSIGNIN_LOGIN_POST_REGISTRATION: identity.setWorkingParameter(USER_LOGIN_FLOW, login_flow) print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter( USER_LOGIN_FLOW) logged_in_status = authentication_service.authenticate( self.get_user_id_from_thumbsignin(request_parameters)) print "ThumbSignIn. logged_in status : %r" % logged_in_status return logged_in_status # Logic for traditional login flow (step 1) print "ThumbSignIn. User credentials login flow" identity.setWorkingParameter(USER_LOGIN_FLOW, THUMBSIGNIN_REGISTRATION) print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter( USER_LOGIN_FLOW) logged_in = self.authenticate_user_credentials( identity, authentication_service) print "ThumbSignIn. Status of User Credentials based Authentication : %r" % logged_in # When the traditional login fails, reinitialize the ThumbSignIn data before sending error response to UI if not logged_in: self.initialize_thumbsignin(identity, AUTHENTICATE) return False print "ThumbSignIn. Authenticate successful for step %d" % step return True elif step == 2: print "ThumbSignIn. Registration flow (step 2)" self.verify_user_login_flow(identity) user = self.get_authenticated_user_from_gluu( authentication_service) if user is None: print "ThumbSignIn. Registration flow (step 2). Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Registration flow (step 2) successful. user_name: %s" % user_name return True else: return False
def prepareForStep(self, configurationAttributes, requestParameters, step): identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() session_attributes = identity.getSessionId().getSessionAttributes() self.setRequestScopedParameters(identity) if step == 1: print "OTP. Prepare for step 1" return True elif step == 2: print "OTP. Prepare for step 2" session_id_validation = self.validateSessionId(session_attributes) if not session_id_validation: return False otp_auth_method = session_attributes.get("otp_auth_method") print "OTP. Prepare for step 2. otp_auth_method: '%s'" % otp_auth_method if otp_auth_method == 'enroll': authenticationService = CdiUtil.bean(AuthenticationService) user = authenticationService.getAuthenticatedUser() if user == None: print "OTP. Prepare for step 2. Failed to load user enty" return False if self.otpType == "hotp": otp_secret_key = self.generateSecretHotpKey() otp_enrollment_request = self.generateHotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute("displayName")) elif self.otpType == "totp": otp_secret_key = self.generateSecretTotpKey() otp_enrollment_request = self.generateTotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute("displayName")) else: print "OTP. Prepare for step 2. Unknown OTP type: '%s'" % self.otpType return False print "OTP. Prepare for step 2. Prepared enrollment request for user: '******'" % user.getUserId() identity.setWorkingParameter("otp_secret_key", self.toBase64Url(otp_secret_key)) identity.setWorkingParameter("otp_enrollment_request", otp_enrollment_request) return True elif step == 3: print "OTP. Prepare for step 3" session_id_validation = self.validateSessionId(session_attributes) if not session_id_validation: return False otp_auth_method = session_attributes.get("otp_auth_method") print "OTP. Prepare for step 3. otp_auth_method: '%s'" % otp_auth_method if otp_auth_method == 'enroll': return True return False
def initSnsPushNotificationService(self, configurationAttributes): print "Super-Gluu. Initialize SNS notification services" self.pushSnsMode = True creds = self.loadPushNotificationCreds(configurationAttributes) if creds == None: return False try: sns_creds = creds["sns"] android_creds = creds["android"]["sns"] ios_creads = creds["ios"]["sns"] except: print "Super-Gluu. Initialize SNS notification services. Invalid credentials file format" return False self.pushAndroidService = None self.pushAppleService = None if not (android_creds["enabled"] or ios_creads["enabled"]): print "Super-Gluu. Initialize SNS notification services. SNS disabled for all platforms" return False sns_access_key = sns_creds["access_key"] sns_secret_key = sns_creds["secret_key"] sns_region = sns_creds["region"] encryptionService = CdiUtil.bean(EncryptionService) try: sns_access_key = encryptionService.decrypt(sns_access_key) except: # Ignore exception. Password is not encrypted print "Super-Gluu. Initialize SNS notification services. Assuming that 'sns_access_key' in not encrypted" try: sns_secret_key = encryptionService.decrypt(sns_secret_key) except: # Ignore exception. Password is not encrypted print "Super-Gluu. Initialize SNS notification services. Assuming that 'sns_secret_key' in not encrypted" pushSnsService = CdiUtil.bean(PushSnsService) snsClient = pushSnsService.createSnsClient(sns_access_key, sns_secret_key, sns_region) if android_creds["enabled"]: self.pushAndroidService = snsClient self.pushAndroidPlatformArn = android_creds["platform_arn"] print "Super-Gluu. Initialize SNS notification services. Created Android notification service" if ios_creads["enabled"]: self.pushAppleService = snsClient self.pushApplePlatformArn = ios_creads["platform_arn"] print "Super-Gluu. Initialize SNS notification services. Created iOS notification service" enabled = self.pushAndroidService != None or self.pushAppleService != None return enabled
def prepareForStep(self, configurationAttributes, requestParameters, step): extensionResult = self.extensionPrepareForStep(configurationAttributes, requestParameters, step) if extensionResult != None: return extensionResult if (step == 1): print "Passport-saml: Prepare for Step 1 method call" identity = CdiUtil.bean(Identity) sessionId = identity.getSessionId() sessionAttribute = sessionId.getSessionAttributes() print "Passport-saml: session %s" % sessionAttribute oldState = sessionAttribute.get("state") if (oldState == None): print "Passport-saml: old state is none" return True else: print "Passport-saml: state is obtained" try: stateBytes = Base64Util.base64urldecode(oldState) state = StringUtil.fromBytes(stateBytes) stateObj = json.loads(state) print stateObj["provider"] for y in stateObj: print(y, ':', stateObj[y]) httpService = CdiUtil.bean(HttpService) facesService = CdiUtil.bean(FacesService) facesContext = CdiUtil.bean(FacesContext) httpclient = httpService.getHttpsClient() headersMap = HashMap() headersMap.put("Accept", "text/json") host = facesContext.getExternalContext().getRequest( ).getServerName() url = "https://" + host + "/passport/token" print "Passport-saml: url %s" % url resultResponse = httpService.executeGet( httpclient, url, headersMap) http_response = resultResponse.getHttpResponse() response_bytes = httpService.getResponseContent( http_response) szResponse = httpService.convertEntityToString( response_bytes) print "Passport-saml: szResponse %s" % szResponse tokenObj = json.loads(szResponse) print "Passport-saml: /passport/auth/saml/" + stateObj[ "provider"] + "/" + tokenObj["token_"] facesService.redirectToExternalURL("/passport/auth/saml/" + stateObj["provider"] + "/" + tokenObj["token_"]) except Exception, err: print str(err) return True return True
def authenticate(self, configurationAttributes, requestParameters, step): authenticationService = CdiUtil.bean(AuthenticationService) if (step == 1): print "Basic (multi auth conf). Authenticate for step 1" identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() metricService = CdiUtil.bean(MetricService) timerContext = metricService.getTimer( MetricType.OXAUTH_USER_AUTHENTICATION_RATE).time() try: keyValue = credentials.getUsername() userPassword = credentials.getPassword() if (StringHelper.isNotEmptyString(keyValue) and StringHelper.isNotEmptyString(userPassword)): for ldapExtendedEntryManager in self.ldapExtendedEntryManagers: ldapConfiguration = ldapExtendedEntryManager[ "ldapConfiguration"] ldapEntryManager = ldapExtendedEntryManager[ "ldapEntryManager"] loginAttributes = ldapExtendedEntryManager[ "loginAttributes"] localLoginAttributes = ldapExtendedEntryManager[ "localLoginAttributes"] print "Basic (multi auth conf). Authenticate for step 1. Using configuration: " + ldapConfiguration.getConfigId( ) idx = 0 count = len(loginAttributes) while (idx < count): primaryKey = loginAttributes[idx] localPrimaryKey = localLoginAttributes[idx] loggedIn = authenticationService.authenticate( ldapConfiguration, ldapEntryManager, keyValue, userPassword, primaryKey, localPrimaryKey) if (loggedIn): metricService.incCounter( MetricType. OXAUTH_USER_AUTHENTICATION_SUCCESS) return True idx += 1 finally: timerContext.stop() metricService.incCounter( MetricType.OXAUTH_USER_AUTHENTICATION_FAILURES) return False else: return False
def authenticate(self, configurationAttributes, requestParameters, step): userService = CdiUtil.bean(UserService) authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) credentials = identity.getCredentials() user_name = credentials.getUsername() if (step == 1): print "Basic (with password update). Authenticate for step 1" user_password = credentials.getPassword() logged_in = False if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)): logged_in = authenticationService.authenticate( user_name, user_password) if (not logged_in): return False return True elif (step == 2): print "Basic (with password update). Authenticate for step 2" user = authenticationService.getAuthenticatedUser() if user == None: print "Basic (with password update). Authenticate for step 2. Failed to determine user name" return False user_name = user.getUserId() find_user_by_uid = userService.getUser(user_name) update_button = requestParameters.get("loginForm:updateButton") if ArrayHelper.isEmpty(update_button): return True new_password_array = requestParameters.get("new_password") if ArrayHelper.isEmpty(new_password_array) or StringHelper.isEmpty( new_password_array[0]): print "Basic (with password update). Authenticate for step 2. New password is empty" return False new_password = new_password_array[0] find_user_by_uid.setAttribute("userPassword", new_password) print "Basic (with password update). Authenticate for step 2. Attempting to set new user '%s' password" % user_name userService.updateUser(find_user_by_uid) print "Basic (with password update). Authenticate for step 2. Password updated successfully" return True else: return False
def getNextStep(self, configurationAttributes, requestParameters, step): print "Casa. getNextStep called %s" % str(step) if step > 1: acr = ServerUtil.getFirstValue(requestParameters, "alternativeMethod") if acr != None: print "Casa. getNextStep. Use alternative method %s" % acr CdiUtil.bean(Identity).setWorkingParameter("ACR", acr) #retry step with different acr return 2 return -1
def postRegistration(self, user, requestParameters, configurationAttributes): print "User registration. Post method" appConfiguration = CdiUtil.bean(AppConfiguration) servername = appConfiguration.getApplianceUrl() mailService = CdiUtil.bean(MailService) subject = "Confirmation mail for user registration" body = "User Registered for %s. Please Confirm User Registration by clicking url: %s/confirm/registration?code=%s" % ( user.getMail(), servername, self.guid) print body mailService.sendMail(user.getMail(), subject, body) return True
def getPageForStep(self, configurationAttributes, step): print "TwilioSMS. getPageForStep called %s" % step print "numbers are %s" % CdiUtil.bean(Identity).getWorkingParameter("numbers") defPage = "/casa/twiliosms.xhtml" if step == 2: if CdiUtil.bean(Identity).getWorkingParameter("numbers") == None: return defPage else: return "/casa/twiliosms_prompt.xhtml" elif step == 3: return defPage return ""
def authenticate(self, configurationAttributes, requestParameters, step): extensionResult = self.extensionAuthenticate(configurationAttributes, requestParameters, step) if extensionResult != None: return extensionResult authenticationService = CdiUtil.bean(AuthenticationService) userService = CdiUtil.bean(UserService) identity = CdiUtil.bean(Identity) try: UserId = self.getUserValueFromAuth("username", requestParameters) except Exception, err: print "Passport-social: Error: " + str(err)