Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement MFA #733

Merged
merged 133 commits into from
Dec 19, 2024
Merged

Implement MFA #733

Changes from 1 commit
Commits
Show all changes
133 commits
Select commit Hold shift + click to select a range
2105f7d
Allow config option in test client app to avoid disclosing tokens
andreaceccanti Sep 10, 2021
58049d1
Dynamic downscoping in test client app
andreaceccanti Sep 11, 2021
c91b30a
Bumped version to v1.7.1
andreaceccanti Sep 11, 2021
48c698a
v1.7.1 changelog
andreaceccanti Sep 11, 2021
08eb9fc
More CHANGELOG tweaks
andreaceccanti Sep 11, 2021
804a18f
Initial HTML and JS for enabling MFA on user account through dashboard
Nov 16, 2021
8fe2afd
Button and modal for editing MFA settings now appears
Nov 18, 2021
57969b8
Adding modal for enabling authenticator app
Nov 19, 2021
8f41565
Adding models for IamTotpMfa and IamTotpRecoveryCode
Nov 19, 2021
c43183f
Adding modal for disabling authenticator app
Nov 19, 2021
8bd4703
Unifying controllers, adding auth app service
Nov 22, 2021
15aa1b3
Initial HTML and JS for enabling MFA on user account through dashboard
Nov 16, 2021
a29e2c2
Button and modal for editing MFA settings now appears
Nov 18, 2021
75f47a6
Adding modal for enabling authenticator app
Nov 19, 2021
7ac2e71
Adding modal for disabling authenticator app
Nov 19, 2021
1597238
Syncing branch with origin
Nov 22, 2021
9491d32
Merging changes for updating Spring boot and Java version. Squashed c…
Nov 22, 2021
3ea2161
Making database schema changes for MySQL and H2
Nov 23, 2021
475d1b0
Ignoring .factorypath autogenerated file
Nov 23, 2021
ad0dc32
Backend for adding TOTP secret to a user
Nov 24, 2021
70bf513
Removing non-existent files
Nov 25, 2021
a606a1b
MFA secret and QR code now display on authenticator app enabling modal
Nov 25, 2021
6cc11ee
Dynamic mfa settings menu, toaster notifications on successful operation
Nov 26, 2021
fd3a402
Adding license to files, adding basic input detection for MFA modals
Nov 26, 2021
353e003
Verification code now sends through post successfully
Nov 29, 2021
7eb799c
Adding TOTP validation for enabling and disabling authenticator app MFA
Nov 29, 2021
505dbf2
Autowiring QR generator and code verifier into AuthenticatorAppContro…
Nov 29, 2021
698e58e
Database migrations for totp_mfa now in separate file
Nov 30, 2021
898f0c4
Adding tests for enabling and disabling TOTP MFA through IamAccountSe…
Nov 30, 2021
88a875d
Adding tests for MFA settings and auth app controllers
Dec 1, 2021
fcd86be
Adding ROLE_PRE_AUTHENTICATED
Dec 2, 2021
120eab2
Adding UUID for IamTotpMfa, fixing migration version numbers
Dec 2, 2021
1a9786f
Removing UUID from IamTotpMfa due to being unnecessary
Dec 2, 2021
28cc1e1
Adding java docs for files in iam-login-service
Dec 3, 2021
05ea3b7
Adding basic mfa login procedure
Dec 6, 2021
0fe6c64
Improving TOTP input screen post-login, fixing Java 17 Docker upgrade…
Dec 7, 2021
e1a3d5c
Adding error handling for MFA failure, fixing CSS bugs
Dec 8, 2021
7b81b90
Separating MFA verification controllers, adding "Back to login" button
Dec 8, 2021
d79bec4
Adding mechanism for looping through available factors of authenticat…
Dec 9, 2021
5f0e3be
Adding recovery code login procedure, backend for regenerating recove…
Dec 10, 2021
c4ec07a
Fixing css bug that broke the btn-login class
Dec 13, 2021
f1a91c2
Fixing css bugs with MFA verify button
Dec 13, 2021
d8948f1
Adding recovery code regeneration after use and webpage navigation
Dec 13, 2021
09a9581
Adding ability to view and reset recovery codes
Dec 14, 2021
bb9ddab
Fixing error message tests in AuthenticatorAppSettingsTests
Dec 14, 2021
8892de6
Fixing enabling and disabing totpMfa tests for IamAccount
Dec 15, 2021
fa774a4
Adding tests for MfaVerify and AuthenticatorAppVerify controllers
Dec 16, 2021
63926d9
Adding licence header
Dec 16, 2021
c0b8ec4
Adding tests for recovery code management controller endpoints
Dec 17, 2021
a322fbf
Adding tests on account service for adding recovery codes, fixing clo…
Dec 17, 2021
e6bcb17
Fixing submit button bug on dashboard modals
Jan 6, 2022
89c31cd
Recovery codes display to the user on MFA enabling
Jan 6, 2022
1bd32a4
Adding amr claim in OIDC id_token
Jan 17, 2022
32d694f
Removing unnecessary database migrations, extending authentication ob…
Jan 20, 2022
c7360c9
Fixing login bugs with MfaAuthenticationToken, extending authenticati…
Jan 21, 2022
1cc2671
Renaming MfaAuthenticationToken to ExtendedAuthenticationToken
Jan 21, 2022
bb5bb57
Renaming MfaAuthenticationFilter to ExtendedAuthenticationFilter
Jan 21, 2022
e0a664e
Moving db migrations to correct directory
Jan 24, 2022
eb6221d
Removing unneeded method to regenerate recovery codes
Jan 24, 2022
f68e956
Adding creation time and update time to IamTotpMfa
Jan 24, 2022
3a32ac1
Demonstrating reading of amr from request parameters to /token
Feb 3, 2022
d62d60a
Authentication method reference claim now successfully appears in id_…
Feb 17, 2022
e99132a
OAuth2 client login flow now works for MFA users
Feb 24, 2022
5585b5e
Fixing login credential failure handling
Feb 25, 2022
7f304b9
Fixing TOTP verification process
Feb 25, 2022
58d2465
Adding recovery code verification to login flow
Mar 4, 2022
1f39a2e
Merge branch mfa-db-migrations into issue-418-mfa-support
Mar 4, 2022
4ae4139
Adding comments, fixing assigned authorities bug
Mar 8, 2022
c8589f3
Fixing license header in verify JSP
Mar 8, 2022
95a3f68
Fixing existing MFA tests, improving controller functionality
Mar 10, 2022
74bac68
Adding license header for IamTotpMfaServiceTests
Mar 10, 2022
c0a8604
Fixing bugs with MFA verification
Mar 11, 2022
9402836
Fix MFA settings view
rmiccoli Oct 19, 2023
1a8ad23
Fix tests
rmiccoli Oct 23, 2023
7d0b835
Fix some test
federicaagostini Oct 24, 2023
1dbf7a3
Fix other tests
rmiccoli Oct 24, 2023
a36314d
Add download recovery codes button
Sae126V Nov 21, 2023
dd91e96
Add support to provide password and related config
Sae126V Nov 30, 2023
f8c78f0
Add totpMFA util and helper classes
Sae126V Nov 30, 2023
c1d269a
Update method name in mfa properties file
Sae126V Nov 30, 2023
a8d76c8
Update code with encryption and decryption method
Sae126V Nov 30, 2023
de0c3e6
Remove totp mfa helper class dependency
Sae126V Dec 2, 2023
65d5264
Update test cases to fix TotpMfaUtil changes
Sae126V Dec 3, 2023
c22da3e
Update tests to address totpMfa util change
Sae126V Dec 3, 2023
feb024e
Add missing license to the files
Sae126V Dec 4, 2023
d3a7e0b
Verify test cases after totp mfa util change
Sae126V Dec 4, 2023
e76957b
Improve code coverage for totp mfa util change
Sae126V Dec 5, 2023
078031a
Update AES size for to fix timeout errors
Sae126V Dec 6, 2023
782bce7
Add GCM mode option along with CBC
Sae126V Dec 15, 2023
ee679fd
Delete recovery codes from the interface
rmiccoli Mar 15, 2024
fc70576
Remove recovery codes generator and verifier
rmiccoli Mar 18, 2024
78f0b45
Fix test
rmiccoli Mar 18, 2024
d36ce0d
Change function name
rmiccoli Mar 18, 2024
4578db5
Fix infinite recursion problem
rmiccoli Mar 18, 2024
3a36d13
Add jackson dependency
rmiccoli Mar 18, 2024
fb1fa6d
Implement the Serializable interface
rmiccoli Mar 18, 2024
d853083
Ignore junit test
rmiccoli Mar 18, 2024
8000d23
Fix code
rmiccoli Oct 21, 2024
df5476f
Fix tests
rmiccoli Oct 21, 2024
00704ec
Fix test
rmiccoli Oct 22, 2024
2edf379
Fix docker compose file
rmiccoli Oct 25, 2024
cd08216
Allow admins to disable MFA for users
garaimanoj Nov 28, 2024
84de13b
Fix cosmetics
rmiccoli Nov 28, 2024
d61a5a7
Fix tests
rmiccoli Nov 28, 2024
b595f79
Other cosmetic fixes
rmiccoli Nov 28, 2024
292d1cd
Remove remaining recovery code methods/classes
rmiccoli Nov 29, 2024
6bef59a
Remove unused error classes
rmiccoli Nov 29, 2024
0e1ab99
Update code to enable MFA only when profile is selected
Sae126V Nov 29, 2024
2a11a6e
Hide the MFA label in the user homepage
rmiccoli Dec 3, 2024
8c3e459
Increase coverage
rmiccoli Dec 6, 2024
d55e5a8
Add more tests
rmiccoli Dec 6, 2024
fc82492
Add tests
rmiccoli Dec 6, 2024
fb123de
Fix tests
rmiccoli Dec 7, 2024
8a732e3
Add tests
rmiccoli Dec 9, 2024
280e0a9
Simplify piece of code
rmiccoli Dec 9, 2024
f9c58fc
Add tests
rmiccoli Dec 9, 2024
74d68cf
Add test
rmiccoli Dec 9, 2024
2f114c9
Cover all conditions
rmiccoli Dec 10, 2024
6841503
Test RegistrationFieldProperties
rmiccoli Dec 10, 2024
ba6224d
Test MultiFactorTotpCheckProvider class
rmiccoli Dec 11, 2024
8f6857e
Rename tests
rmiccoli Dec 11, 2024
053b336
Rename test class
rmiccoli Dec 11, 2024
8792f41
Test MultiFactorVerificationFilter class
rmiccoli Dec 11, 2024
feaacfe
Clear security context
rmiccoli Dec 11, 2024
ab4a8d2
Add more tests
rmiccoli Dec 11, 2024
e921538
Solve some code smells
rmiccoli Dec 11, 2024
f5f209d
Show bad TOTP error
rmiccoli Dec 12, 2024
04589a2
Override equals and hashCode methods
rmiccoli Dec 16, 2024
5053a7e
Change service name
rmiccoli Dec 16, 2024
57bb2d6
Delete remaining comment
rmiccoli Dec 16, 2024
9551c74
Revert migrations
rmiccoli Dec 19, 2024
ba5a88f
Fix formatting
rmiccoli Dec 19, 2024
73859a0
Change service name
rmiccoli Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Test MultiFactorVerificationFilter class
  • Loading branch information
@rmiccoli
rmiccoli committed Dec 11, 2024
commit 8792f41e1aaa236db9412ce7bb909403b5dbbf52
126 changes: 126 additions & 0 deletions ...a/it/infn/mw/iam/test/multi_factor_authentication/MultiFactorVerificationFilterTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
/**
* Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package it.infn.mw.iam.test.multi_factor_authentication;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import java.nio.file.ProviderNotFoundException;
import java.util.ArrayList;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import it.infn.mw.iam.authn.multi_factor_authentication.MultiFactorVerificationFilter;
import it.infn.mw.iam.core.ExtendedAuthenticationToken;

public class MultiFactorVerificationFilterTests {

@Mock
private AuthenticationManager authenticationManager;

@Mock
private AuthenticationSuccessHandler successHandler;

@Mock
private AuthenticationFailureHandler failureHandler;

@Mock
private HttpServletRequest request;

@Mock
private HttpServletResponse response;

@Mock
private Authentication authentication;

@InjectMocks
private MultiFactorVerificationFilter multiFactorVerificationFilter;

@BeforeEach
public void setUp() {
MockitoAnnotations.openMocks(this);
}

@Test
public void testAuthenticationSuccess() throws Exception {
Authentication mockAuth = mock(ExtendedAuthenticationToken.class);
when(mockAuth.getName()).thenReturn("username");

SecurityContextHolder.getContext().setAuthentication(mockAuth);

Authentication mockAuthenticatedToken =
new ExtendedAuthenticationToken("username", null, new ArrayList<>());
when(authenticationManager.authenticate(any(Authentication.class)))
.thenReturn(mockAuthenticatedToken);

when(request.getMethod()).thenReturn("POST");
when(request.getParameter("totp")).thenReturn("123456");

Authentication result = multiFactorVerificationFilter.attemptAuthentication(request, response);

assertNotNull(result);
assertEquals(mockAuthenticatedToken, result);
}

@Test
public void testAuthenticationFailureDueToInvalidTOTP() throws Exception {
Authentication mockAuth = mock(ExtendedAuthenticationToken.class);
when(mockAuth.getName()).thenReturn("username");

SecurityContextHolder.getContext().setAuthentication(mockAuth);

when(authenticationManager.authenticate(any(Authentication.class)))
.thenThrow(new BadCredentialsException("Invalid TOTP"));

when(request.getMethod()).thenReturn("POST");
when(request.getParameter("totp")).thenReturn("wrong-totp");

assertThrows(BadCredentialsException.class,
() -> multiFactorVerificationFilter.attemptAuthentication(request, response));
}

@Test
public void testAuthenticationFailureWhenTotpIsNull() throws Exception {
Authentication mockAuth = mock(ExtendedAuthenticationToken.class);
when(mockAuth.getName()).thenReturn("username");

SecurityContextHolder.getContext().setAuthentication(mockAuth);

when(request.getMethod()).thenReturn("POST");
when(request.getParameter("totp")).thenReturn(null);

assertThrows(ProviderNotFoundException.class,
() -> multiFactorVerificationFilter.attemptAuthentication(request, response));
}
}

Loading