Class MultifactorAuthenticationManager
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.authentication.MultifactorAuthenticationManager
- All Implemented Interfaces:
LogEnabled,Disposable,Initializable,Component,Contextualizable,Serviceable
- Direct Known Subclasses:
MultifactorAuthenticationManager
public class MultifactorAuthenticationManager
extends AbstractLogEnabled
implements Component, Serviceable, Initializable, Contextualizable, Disposable
The component to handle Multifactor authentication
Provides methods to generate, send and check MFA codes
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final recordRecord to get MFA code and its expiration date -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected ContextThe coccon contextprotected Map<String,MultifactorAuthenticationCryptoHelper> The crypto helpers by user populationprotected CurrentUserProviderThe current user providerprotected StringThe id of the data source storing the user's secretsprotected I18nUtilsI18n utilsprotected ServiceManagerThe service managerprotected SQLDatabaseTypeExtensionPointThe extension point for SQL database typesprotected UserManagerThe user managerstatic final StringAvalon Role -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected I18nizableText_getMailSubjectPrefix(Request request) Retrieves the prefix of mail's subjectvoidauthenticationApplicationForCurrentUser(boolean value) Activate/deactivate the multifactor authentication by application for the current user.voidcontextualize(Context context) voiddispose()generateMultifactorAuthenticationCode(UserIdentity userIdentity) Generate the multifactor authentication codedev.samstevens.totp.qr.QrDataRetrieves the QrData containing the current user secretintEmail code validity durationCheck if the current user has activated multifactor authentication by application and gets its secretvoidvoidinitializeMFACryptoComponent(UserPopulation userPopulation) Initialize theMultifactorAuthenticationCryptoHelperfor the given user population A key file will be generated for secret encrypting/decryptingbooleanisAuthenticationApplicationActivated(UserIdentity userIdentity) Check if the given user has activated multifactor authentication by applicationbooleanisValidMultifactorAuthenticationCode(UserIdentity userIdentity, String multifactorAuthenticationCode) Check if the given code is validrenewSecret(UserIdentity userIdentity) Creates a new secret for the userCreates a new secret for the current uservoidsendMultifactorAuthenticationCodeByMail(Request request, UserIdentity userIdentity, String multifactorAuthenticationCode) Generate a MFA code and send it by mail to the given uservoidservice(ServiceManager manager) Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Field Details
-
ROLE
Avalon Role -
_serviceManager
The service manager -
_context
The coccon context -
_i18nUtils
I18n utils -
_userManager
The user manager -
_sqlDatabaseTypeExtensionPoint
The extension point for SQL database types -
_currentUserProvider
The current user provider -
_cryptoHelpers
The crypto helpers by user population -
_datasourceId
The id of the data source storing the user's secrets
-
-
Constructor Details
-
MultifactorAuthenticationManager
public MultifactorAuthenticationManager()
-
-
Method Details
-
service
- Specified by:
servicein interfaceServiceable- Throws:
ServiceException
-
initialize
- Specified by:
initializein interfaceInitializable- Throws:
Exception
-
contextualize
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
dispose
- Specified by:
disposein interfaceDisposable
-
getEmailCodeDuration
Email code validity duration- Returns:
- The number of seconds
-
initializeMFACryptoComponent
public void initializeMFACryptoComponent(UserPopulation userPopulation) throws IllegalStateException Initialize theMultifactorAuthenticationCryptoHelperfor the given user population A key file will be generated for secret encrypting/decrypting- Parameters:
userPopulation- the user population- Throws:
IllegalStateException- If an error occurs during helper setup
-
generateMultifactorAuthenticationCode
public MultifactorAuthenticationManager.MultifactorAuthenticationCode generateMultifactorAuthenticationCode(UserIdentity userIdentity) throws RuntimeException Generate the multifactor authentication code- Parameters:
userIdentity- the user trying to connect- Returns:
- The generated the multifactor authentication code, or
nullif the code couldn't have bee generated - Throws:
RuntimeException- if an error occurs while getting or generating the secret or generating the MFA code
-
getUserSecretForCurrentUser
Check if the current user has activated multifactor authentication by application and gets its secret- Returns:
- A map with key "active"
trueif the current user has activated multifactor authentication by application,falseotherwise, and key "secret" with its secret
-
renewSecretForCurrentUser
Creates a new secret for the current user- Returns:
- The new secret
-
isAuthenticationApplicationActivated
Check if the given user has activated multifactor authentication by application- Parameters:
userIdentity- the user identity to check- Returns:
trueif the given user has activated multifactor authentication by application,falseotherwise
-
authenticationApplicationForCurrentUser
Activate/deactivate the multifactor authentication by application for the current user.- Parameters:
value- True to activate. False to deactivate
-
getCurrentUserQrData
Retrieves the QrData containing the current user secret- Returns:
- the QrData for the current user
-
isValidMultifactorAuthenticationCode
public boolean isValidMultifactorAuthenticationCode(UserIdentity userIdentity, String multifactorAuthenticationCode) throws RuntimeException Check if the given code is valid- Parameters:
userIdentity- the user trying to connectmultifactorAuthenticationCode- the code submitted by the user- Returns:
trueif the given code is valid,falseotherwise- Throws:
RuntimeException- if an error occurs while getting the secret from the datasource
-
renewSecret
Creates a new secret for the user- Parameters:
userIdentity- The user to change- Returns:
- The new secret
-
sendMultifactorAuthenticationCodeByMail
public void sendMultifactorAuthenticationCodeByMail(Request request, UserIdentity userIdentity, String multifactorAuthenticationCode) throws RuntimeException Generate a MFA code and send it by mail to the given user- Parameters:
request- the requestuserIdentity- the user trying to connectmultifactorAuthenticationCode- the multifactor authentication code to send- Throws:
RuntimeException- if an error occurs while sending the mail with the code
-
_getMailSubjectPrefix
Retrieves the prefix of mail's subject- Parameters:
request- the request- Returns:
- the prefix of mail's subject
-