changes to get to the PageAttributeVerification

Evolveum · Dec 23, 2022 · 8e4e3d9 · 8e4e3d9
1 parent d8a8307
commit 8e4e3d9
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 21 deletions.
diff --git a/...ui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAttributeVerification.java b/...ui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAttributeVerification.java
@@ -46,7 +46,7 @@
 import java.util.List;
 
 @PageDescriptor(urls = {
-        @Url(mountUrl = "/verification/attributes", matchUrlForSecurity = "/verification/attributes")
+        @Url(mountUrl = "/attributeVerification", matchUrlForSecurity = "/attributeVerification")
 }, permitAll = true, loginPage = true, authModule = AuthenticationModuleNameConstants.ATTRIBUTE_VERIFICATION)
 public class PageAttributeVerification extends PageAuthenticationBase {
     private static final long serialVersionUID = 1L;
@@ -177,20 +177,6 @@ private void updateAttributeValue(ItemPathType path, String value) {
     }
 
     private void initButtons(MidpointForm form) {
-
-        AjaxButton back = new AjaxButton(ID_BACK_BUTTON) {
-
-            private static final long serialVersionUID = 1L;
-
-            @Override
-            public void onClick(AjaxRequestTarget target) {
-                userModel.detach();
-                attributesPathModel.detach();
-                target.add();
-            }
-        };
-        form.add(back);
-
         AjaxSubmitButton submit = new AjaxSubmitButton(ID_SUBMIT_BUTTON, createStringResource("PageAttributeVerification.verifyAttributeButton")) {
 
             private static final long serialVersionUID = 1L;

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -2220,6 +2220,7 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>
+            <xsd:element name="attributeVerification" type="tns:AttributeVerificationCredentialsType" minOccurs="0" />
             <!-- More credential types may be here, such as OTP seeds, X.509 credentials, etc. -->
         </xsd:sequence>
         <xsd:attribute name="id" type="xsd:long"/>
@@ -2466,6 +2467,18 @@
         </xsd:complexContent>
     </xsd:complexType>
 
+    <xsd:complexType name="AttributeVerificationCredentialsType">
+        <xsd:annotation>
+            <xsd:appinfo>
+                <a:container/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:complexContent>
+            <xsd:extension base="tns:AbstractCredentialType">
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
     <xsd:complexType name="SecurityQuestionAnswerType">
         <xsd:annotation>
             <xsd:documentation>

diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
@@ -1746,6 +1746,7 @@
                     </xsd:documentation>
                 </xsd:annotation>
             </xsd:element>
+            <xsd:element name="attributeVerification" type="tns:AttributeVerificationCredentialsPolicyType" minOccurs="0" />
             <!-- More credential types may come here in the future. -->
         </xsd:sequence>
         <xsd:attribute name="id" type="xsd:long"/>
@@ -2557,6 +2558,13 @@
         </xsd:complexContent>
     </xsd:complexType>
 
+    <xsd:complexType name="AttributeVerificationCredentialsPolicyType">
+        <xsd:complexContent>
+            <xsd:extension base="tns:CredentialPolicyType">
+            </xsd:extension>
+        </xsd:complexContent>
+    </xsd:complexType>
+
     <xsd:complexType name="SecurityQuestionDefinitionType">
         <xsd:annotation>
             <xsd:documentation>

diff --git a/...m/evolveum/midpoint/authentication/impl/evaluator/AttributeVerificationEvaluatorImpl.java b/...m/evolveum/midpoint/authentication/impl/evaluator/AttributeVerificationEvaluatorImpl.java
@@ -29,8 +29,8 @@ protected boolean supportsAuthzCheck() {
     }
 
     @Override
-    protected SecurityQuestionsCredentialsType getCredential(CredentialsType credentials) {
-        return credentials.getSecurityQuestions();
+    protected AttributeVerificationCredentialsType getCredential(CredentialsType credentials) {
+        return credentials.getAttributeVerification();
     }
 
     @Override

diff --git a/...olveum/midpoint/authentication/impl/filter/AttributeVerificationAuthenticationFilter.java b/...olveum/midpoint/authentication/impl/filter/AttributeVerificationAuthenticationFilter.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.authentication.impl.filter;
+
+import com.evolveum.midpoint.authentication.api.util.AuthConstants;
+import com.evolveum.midpoint.authentication.impl.module.authentication.token.AttributeVerificationToken;
+import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
+
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AttributeVerificationAuthenticationFilter extends MidpointUsernamePasswordAuthenticationFilter {
+
+    private static final String SPRING_SECURITY_FORM_ANSWER_KEY = "answer";
+    private static final String SPRING_SECURITY_FORM_USER_KEY = "user";
+
+    public Authentication attemptAuthentication(
+            HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+        if (isPostOnly() && !request.getMethod().equals("POST")) {
+            throw new AuthenticationServiceException(
+                    "Authentication method not supported: " + request.getMethod());
+        }
+
+        setUsernameParameter(SPRING_SECURITY_FORM_USER_KEY);
+        String username = obtainUsername(request);
+        if (username == null) {
+            username = "";
+        }
+
+        username = username.trim();
+
+        UsernamePasswordAuthenticationToken authRequest =
+                new AttributeVerificationToken(username, null);
+
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+
+    protected Map<String, String> obtainAnswers(HttpServletRequest request) {
+        String answers = request.getParameter(SPRING_SECURITY_FORM_ANSWER_KEY);
+
+        return AuthSequenceUtil.obtainAnswers(answers, AuthConstants.SEC_QUESTION_J_QID, AuthConstants.SEC_QUESTION_J_QANS);
+    }
+}
diff --git a/...thentication/impl/module/configurer/AttributeVerificationModuleWebSecurityConfigurer.java b/...thentication/impl/module/configurer/AttributeVerificationModuleWebSecurityConfigurer.java
@@ -8,7 +8,7 @@
 
 import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.authentication.impl.entry.point.WicketLoginUrlAuthenticationEntryPoint;
-import com.evolveum.midpoint.authentication.impl.filter.SecurityQuestionsAuthenticationFilter;
+import com.evolveum.midpoint.authentication.impl.filter.AttributeVerificationAuthenticationFilter;
 import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointExceptionHandlingConfigurer;
 import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointFormLoginConfigurer;
 import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler;
@@ -27,14 +27,14 @@ public AttributeVerificationModuleWebSecurityConfigurer(C configuration) {
     protected void configure(HttpSecurity http) throws Exception {
         super.configure(http);
         http.antMatcher(AuthUtil.stripEndingSlashes(getPrefix()) + "/**");
-        getOrApply(http, new MidpointFormLoginConfigurer<>(new SecurityQuestionsAuthenticationFilter()))
-                .loginPage("/verification/attribute")
+        getOrApply(http, new MidpointFormLoginConfigurer<>(new AttributeVerificationAuthenticationFilter()))
+                .loginPage("/attributeVerification")
                 .loginProcessingUrl(AuthUtil.stripEndingSlashes(getPrefix()) + "/spring_security_login")
                 .failureHandler(new MidpointAuthenticationFailureHandler())
                 .successHandler(getObjectPostProcessor().postProcess(
                         new MidPointAuthenticationSuccessHandler())).permitAll();
         getOrApply(http, new MidpointExceptionHandlingConfigurer<>())
-                .authenticationEntryPoint(new WicketLoginUrlAuthenticationEntryPoint("/verification/attribute"));
+                .authenticationEntryPoint(new WicketLoginUrlAuthenticationEntryPoint("/attributeVerification"));
 
         http.logout().clearAuthentication(true)
                 .logoutRequestMatcher(getLogoutMatcher(http, getPrefix() +"/logout"))