private Credentials fixCase(Credentials credentials) { if (config.getBoolean("sonar.authenticator.downcase").orElse(false)) { return new Credentials(credentials.getLogin().toLowerCase(Locale.ENGLISH), credentials.getPassword().orElse(null)); } return credentials; }
private UserDto authenticate(Credentials credentials, HttpServletRequest request) { if (!credentials.getPassword().isPresent()) { UserDto userDto = authenticateFromUserToken(credentials.getLogin()); authenticationEvent.loginSuccess(request, userDto.getLogin(), Source.local(Method.BASIC_TOKEN)); return userDto; } return credentialsAuthentication.authenticate(credentials, request, Method.BASIC); }
@Test public void login_cant_be_empty() { Throwable thrown = catchThrowable(() -> new Credentials("", "bar")); assertThat(thrown) .isInstanceOf(IllegalArgumentException.class) .hasMessage("login must not be null nor empty"); thrown = catchThrowable(() -> new Credentials(null, "bar")); assertThat(thrown) .isInstanceOf(IllegalArgumentException.class) .hasMessage("login must not be null nor empty"); Credentials underTest = new Credentials("foo", "bar"); assertThat(underTest.getLogin()).isEqualTo("foo"); }
private UserDto doAuthenticate(Credentials credentials, HttpServletRequest request, AuthenticationEvent.Method method) { try { ExternalUsersProvider.Context externalUsersProviderContext = new ExternalUsersProvider.Context(credentials.getLogin(), request); UserDetails details = externalUsersProvider.doGetUserDetails(externalUsersProviderContext); if (details == null) { throw AuthenticationException.newBuilder() .setSource(realmEventSource(method)) .setLogin(credentials.getLogin()) .setMessage("No user details") .build(); Authenticator.Context authenticatorContext = new Authenticator.Context(credentials.getLogin(), credentials.getPassword().orElse(null), request); boolean status = authenticator.doAuthenticate(authenticatorContext); if (!status) { throw AuthenticationException.newBuilder() .setSource(realmEventSource(method)) .setLogin(credentials.getLogin()) .setMessage("Realm returned authenticate=false") .build(); UserDto userDto = synchronize(credentials.getLogin(), details, request, method); authenticationEvent.loginSuccess(request, credentials.getLogin(), realmEventSource(method)); return userDto; } catch (AuthenticationException e) { throw AuthenticationException.newBuilder() .setSource(realmEventSource(method)) .setLogin(credentials.getLogin()) .setMessage(e.getMessage()) .build();
private UserDto authenticate(DbSession dbSession, Credentials credentials, HttpServletRequest request, Method method) { UserDto localUser = dbClient.userDao().selectActiveUserByLogin(dbSession, credentials.getLogin()); if (localUser != null && localUser.isLocal()) { localAuthentication.authenticate(dbSession, localUser, credentials.getPassword().orElse(null), method); dbSession.commit(); authenticationEvent.loginSuccess(request, localUser.getLogin(), Source.local(method)); return localUser; } Optional<UserDto> externalUser = externalAuthentication.authenticate(credentials, request, method); if (externalUser.isPresent()) { return externalUser.get(); } throw AuthenticationException.newBuilder() .setSource(Source.local(method)) .setLogin(credentials.getLogin()) .setMessage(localUser != null && !localUser.isLocal() ? "User is not local" : "No active user for login") .build(); } }