001/* 002 * Copyright 2022 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.plugins.site.authentication; 017 018import java.nio.charset.StandardCharsets; 019import java.util.ArrayList; 020import java.util.List; 021import java.util.Optional; 022 023import org.apache.cocoon.environment.Request; 024import org.apache.http.NameValuePair; 025import org.apache.http.client.entity.UrlEncodedFormEntity; 026import org.apache.http.client.methods.CloseableHttpResponse; 027import org.apache.http.client.methods.HttpPost; 028import org.apache.http.impl.client.CloseableHttpClient; 029import org.apache.http.message.BasicNameValuePair; 030 031import org.ametys.core.user.UserIdentity; 032import org.ametys.plugins.site.Site; 033import org.ametys.runtime.config.Config; 034import org.ametys.site.BackOfficeRequestHelper; 035 036/** 037 * The component to handle Multifactor authentication 038 * Provides methods to generate, send and check MFA codes 039 */ 040public class MultifactorAuthenticationManager extends org.ametys.plugins.core.authentication.MultifactorAuthenticationManager 041{ 042 @Override 043 public void sendMultifactorAuthenticationCodeByMail(Request request, UserIdentity userIdentity, String multifactorAuthenticationCode) throws RuntimeException 044 { 045 try (CloseableHttpClient httpClient = BackOfficeRequestHelper.getHttpClient()) 046 { 047 String cmsURL = Config.getInstance().getValue("org.ametys.site.bo"); 048 049 HttpPost httpPost = new HttpPost(cmsURL + "/_send_mfa_code.xml"); 050 httpPost.addHeader("X-Ametys-FO", "true"); 051 052 List<NameValuePair> nvps = new ArrayList<>(); 053 nvps.add(new BasicNameValuePair("code", multifactorAuthenticationCode)); 054 nvps.add(new BasicNameValuePair("login", userIdentity.getLogin())); 055 nvps.add(new BasicNameValuePair("populationId", userIdentity.getPopulationId())); 056 057 Optional.ofNullable(request.getAttribute("site")) 058 .filter(Site.class::isInstance) 059 .map(Site.class::cast) 060 .map(Site::getName) 061 .ifPresent(siteName -> nvps.add(new BasicNameValuePair("siteName", siteName))); 062 063 httpPost.setEntity(new UrlEncodedFormEntity(nvps, StandardCharsets.UTF_8)); 064 065 try (CloseableHttpResponse httpResponse = httpClient.execute(httpPost)) 066 { 067 int statusCode = httpResponse.getStatusLine().getStatusCode(); 068 switch (statusCode) 069 { 070 case 200: 071 // MFA code has been sent - nothing to do 072 break; 073 074 case 403: 075 throw new IllegalStateException("The CMS back-office refused the connection"); 076 077 case 500: 078 default: 079 throw new IllegalStateException("The CMS back-office returned an error with code " + statusCode); 080 } 081 } 082 } 083 catch (Exception e) 084 { 085 throw new RuntimeException("Unable to send the multifactor authentication code to user " + UserIdentity.userIdentityToString(userIdentity) + ".", e); 086 } 087 } 088}