Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: one_step related fixes #1753

Merged
merged 1 commit into from
Nov 30, 2022
Merged

fix: one_step related fixes #1753

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 37 additions & 24 deletions Server/integrations/super_gluu/SuperGluuExternalAuthenticator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from org.gluu.oxauth.security import Identity
from org.gluu.model.custom.script.type.auth import PersonAuthenticationType
from org.gluu.oxauth.model.config import ConfigurationFactory
from org.gluu.oxauth.model.configuration import AppConfiguration
from org.gluu.oxauth.service import AuthenticationService, SessionIdService
from org.gluu.oxauth.service.fido.u2f import DeviceRegistrationService
from org.gluu.oxauth.service.net import HttpService
Expand Down Expand Up @@ -229,7 +230,8 @@ def authenticate(self, configurationAttributes, requestParameters, step):
if u2f_device == None:
print "Super-Gluu. Authenticate for step 1. Failed to load u2f_device '%s'" % u2f_device_id
return False

found = userService.getUserByInum(user_inum)
user_name = found.getUserId()
logged_in = authenticationService.authenticate(user_name)
if not logged_in:
print "Super-Gluu. Authenticate for step 1. Failed to authenticate user '%s'" % user_name
Expand Down Expand Up @@ -280,38 +282,48 @@ def authenticate(self, configurationAttributes, requestParameters, step):
return False
elif step == 2:
print "Super-Gluu. Authenticate for step 2"

user = authenticationService.getAuthenticatedUser()
if (user == None):
print "Super-Gluu. Authenticate for step 2. Failed to determine user name"
return False
user_name = user.getUserId()

session_attributes = identity.getSessionId().getSessionAttributes()

session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)
if session_device_status == None:
return False

u2f_device_id = session_device_status['device_id']

# There are two steps only in enrollment mode
if self.oneStep and session_device_status['enroll']:
if self.oneStep :
authenticated_user = self.processBasicAuthentication(credentials)
if authenticated_user == None:
return False

user_inum = userService.getUserInum(authenticated_user)

attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id)
session_device_status = self.getSessionDeviceStatus(session_attributes, user_inum)

if session_device_status['enroll']:

if session_device_status == None:
print "Super-Gluu. oneStep, authenticate for step2, session_device_status is false"
return False

u2f_device_id = session_device_status['device_id']

attach_result = deviceRegistrationService.attachUserDeviceRegistration(user_inum, u2f_device_id)

print "Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'" % (u2f_device_id, user_name, attach_result)
print "Super-Gluu. Authenticate for step 2. Result after attaching u2f_device '%s' to user '%s': '%s'" % (u2f_device_id, user_inum, attach_result)

return attach_result
return attach_result
else:
print "Super-Gluu. one_step but session_device_status['enroll'] = false"
return False
elif self.twoStep:
if user_name == None:
user = authenticationService.getAuthenticatedUser()
if (user == None):
print "Super-Gluu. Authenticate for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
session_device_status = self.getSessionDeviceStatus(session_attributes, user_name)
if session_device_status == None:
print "Super-Gluu. twoStep, authenticate for step2, session_device_status is false"
return False

u2f_device_id = session_device_status['device_id']

if user_name == None:
print "Super-Gluu. Authenticate for step 2. Failed to determine user id"
return False

validation_result = self.validateSessionDeviceStatus(client_redirect_uri, session_device_status, user_name)
if validation_result:
Expand Down Expand Up @@ -352,8 +364,9 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
if session == None:
print "Super-Gluu. Prepare for step 2. Failed to determine session_id"
return False
issuer = CdiUtil.bean(AppConfiguration).getIssuer()

issuer = CdiUtil.bean(ConfigurationFactory).getAppConfiguration().getIssuer()

super_gluu_request_dictionary = {'app': client_redirect_uri,
'issuer': issuer,
'state': session.getId(),
Expand Down Expand Up @@ -398,8 +411,8 @@ def prepareForStep(self, configurationAttributes, requestParameters, step):
return False

print "Super-Gluu. Prepare for step 2. auth_method: '%s'" % auth_method
issuer = CdiUtil.bean(ConfigurationFactory).getAppConfiguration().getIssuer()

issuer = CdiUtil.bean(AppConfiguration).getIssuer()
super_gluu_request_dictionary = {'username': user.getUserId(),
'app': client_redirect_uri,
'issuer': issuer,
Expand Down
5 changes: 4 additions & 1 deletion Server/src/main/java/org/gluu/oxauth/service/fido/u2f/DeviceRegistrationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,10 @@ public boolean attachUserDeviceRegistration(String userInum, String oneStepDevic

// Final registration entry should be without expiration
deviceRegistration.clearExpiration();


//fix: personInum should be populated
deviceRegistration.setUserInum(userInum);

addUserDeviceRegistration(userInum, deviceRegistration);

return true;
Expand Down