Class MultifactorAuthenticationManager
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.authentication.MultifactorAuthenticationManager
- All Implemented Interfaces:
LogEnabled
,Disposable
,Initializable
,Component
,Contextualizable
,Serviceable
- Direct Known Subclasses:
MultifactorAuthenticationManager
public class MultifactorAuthenticationManager
extends AbstractLogEnabled
implements Component, Serviceable, Initializable, Contextualizable, Disposable
The component to handle Multifactor authentication
Provides methods to generate, send and check MFA codes
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final record
Record to get MFA code and its expiration date -
Field Summary
Modifier and TypeFieldDescriptionprotected Context
The coccon contextprotected Map<String,
MultifactorAuthenticationCryptoHelper> The crypto helpers by user populationprotected CurrentUserProvider
The current user providerprotected String
The id of the data source storing the user's secretsprotected I18nUtils
I18n utilsprotected ServiceManager
The service managerprotected SQLDatabaseTypeExtensionPoint
The extension point for SQL database typesprotected UserManager
The user managerstatic final String
Avalon Role -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected I18nizableText
_getMailSubjectPrefix
(Request request) Retrieves the prefix of mail's subjectvoid
authenticationApplicationForCurrentUser
(boolean value) Activate/deactivate the multifactor authentication by application for the current user.void
contextualize
(Context context) void
dispose()
generateMultifactorAuthenticationCode
(UserIdentity userIdentity) Generate the multifactor authentication codedev.samstevens.totp.qr.QrData
Retrieves the QrData containing the current user secretint
Email code validity durationCheck if the current user has activated multifactor authentication by application and gets its secretvoid
void
initializeMFACryptoComponent
(UserPopulation userPopulation) Initialize theMultifactorAuthenticationCryptoHelper
for the given user population A key file will be generated for secret encrypting/decryptingboolean
isAuthenticationApplicationActivated
(UserIdentity userIdentity) Check if the given user has activated multifactor authentication by applicationboolean
isValidMultifactorAuthenticationCode
(UserIdentity userIdentity, String multifactorAuthenticationCode) Check if the given code is validrenewSecret
(UserIdentity userIdentity) Creates a new secret for the userCreates a new secret for the current uservoid
sendMultifactorAuthenticationCodeByMail
(Request request, UserIdentity userIdentity, String multifactorAuthenticationCode) Generate a MFA code and send it by mail to the given uservoid
service
(ServiceManager manager) Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Field Details
-
ROLE
Avalon Role -
_serviceManager
The service manager -
_context
The coccon context -
_i18nUtils
I18n utils -
_userManager
The user manager -
_sqlDatabaseTypeExtensionPoint
The extension point for SQL database types -
_currentUserProvider
The current user provider -
_cryptoHelpers
The crypto helpers by user population -
_datasourceId
The id of the data source storing the user's secrets
-
-
Constructor Details
-
MultifactorAuthenticationManager
public MultifactorAuthenticationManager()
-
-
Method Details
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
initialize
- Specified by:
initialize
in interfaceInitializable
- Throws:
Exception
-
contextualize
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
dispose
- Specified by:
dispose
in interfaceDisposable
-
getEmailCodeDuration
Email code validity duration- Returns:
- The number of seconds
-
initializeMFACryptoComponent
public void initializeMFACryptoComponent(UserPopulation userPopulation) throws IllegalStateException Initialize theMultifactorAuthenticationCryptoHelper
for the given user population A key file will be generated for secret encrypting/decrypting- Parameters:
userPopulation
- the user population- Throws:
IllegalStateException
- If an error occurs during helper setup
-
generateMultifactorAuthenticationCode
public MultifactorAuthenticationManager.MultifactorAuthenticationCode generateMultifactorAuthenticationCode(UserIdentity userIdentity) throws RuntimeException Generate the multifactor authentication code- Parameters:
userIdentity
- the user trying to connect- Returns:
- The generated the multifactor authentication code, or
null
if the code couldn't have bee generated - Throws:
RuntimeException
- if an error occurs while getting or generating the secret or generating the MFA code
-
getUserSecretForCurrentUser
Check if the current user has activated multifactor authentication by application and gets its secret- Returns:
- A map with key "active"
true
if the current user has activated multifactor authentication by application,false
otherwise, and key "secret" with its secret
-
renewSecretForCurrentUser
Creates a new secret for the current user- Returns:
- The new secret
-
isAuthenticationApplicationActivated
Check if the given user has activated multifactor authentication by application- Parameters:
userIdentity
- the user identity to check- Returns:
true
if the given user has activated multifactor authentication by application,false
otherwise
-
authenticationApplicationForCurrentUser
Activate/deactivate the multifactor authentication by application for the current user.- Parameters:
value
- True to activate. False to deactivate
-
getCurrentUserQrData
Retrieves the QrData containing the current user secret- Returns:
- the QrData for the current user
-
isValidMultifactorAuthenticationCode
public boolean isValidMultifactorAuthenticationCode(UserIdentity userIdentity, String multifactorAuthenticationCode) throws RuntimeException Check if the given code is valid- Parameters:
userIdentity
- the user trying to connectmultifactorAuthenticationCode
- the code submitted by the user- Returns:
true
if the given code is valid,false
otherwise- Throws:
RuntimeException
- if an error occurs while getting the secret from the datasource
-
renewSecret
Creates a new secret for the user- Parameters:
userIdentity
- The user to change- Returns:
- The new secret
-
sendMultifactorAuthenticationCodeByMail
public void sendMultifactorAuthenticationCodeByMail(Request request, UserIdentity userIdentity, String multifactorAuthenticationCode) throws RuntimeException Generate a MFA code and send it by mail to the given user- Parameters:
request
- the requestuserIdentity
- the user trying to connectmultifactorAuthenticationCode
- the multifactor authentication code to send- Throws:
RuntimeException
- if an error occurs while sending the mail with the code
-
_getMailSubjectPrefix
Retrieves the prefix of mail's subject- Parameters:
request
- the request- Returns:
- the prefix of mail's subject
-