nevis
/
adn-agov-iam-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
adn-agov-iam-project/patterns/da38e049a1ff97663fb30a45_re.../eid_account_linking_mobile_...

101 lines
3.5 KiB
Groovy
Raw Permalink Blame History

import groovy.json.JsonBuilder
import ch.nevis.esauth.auth.engine.AuthResponse
def getHeader(String name) {
def inctx = request.getLoginContext()
// case-insensitive lookup of HTTP headers
def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
map.putAll(inctx)
return map['connection.HttpHeader.' + name]
}
def clearFidoUAFSession() {
LOG.debug("start new FIDO UAF session (skipping ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']}")
def s = request.getAuthSession(true)
s.removeAttribute('ch.nevis.auth.fido.uaf.fidouafsessionid')
inargs.remove('fallback')
}
def clearIdmSessionAttributes() {
def s = request.getAuthSession(true)
def sessionKeySet = new HashSet(session.keySet())
sessionKeySet.each { key ->
if ( key ==~ /ch.nevis.idm.*/ || key ==~ /ch.adnovum.nevisidm.*/ ) {
s.removeAttribute(key)
}
}
}
def sess = request.getAuthSession(true)
// dispatch AJAX calls and form POST when operation is done
if (inargs['fidoUafDone'] == 'true' ||
inargs.containsKey('o.fidoUafSessionId.v') ||
getHeader('Content-Type') == 'application/json') {
if (inargs.containsKey('o.fidoUafSessionId.v') && (inargs['o.fidoUafSessionId.v'] != session['ch.nevis.auth.fido.uaf.fidouafsessionid'])) {
// received polling for wrong fido session; make sure, that stops
LOG.debug("received polling for wrong fido session ${inargs['o.fidoUafSessionId.v']} (correct: ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']})")
def json = new JsonBuilder()
json {
"status" "unknown"
"timestamp" org.joda.time.DateTime.now().toString()
}
String body = json.toString()
response.setContent(body)
response.setContentType('application/json')
response.setHttpStatusCode(200)
response.setIsDirectResponse(true)
response.setStatus(AuthResponse.AUTH_CONTINUE)
return
}
if (inargs['fidoUafDone'] == 'true') {
// get clean state, before validating user in IDM
LOG.debug("clear IDM session attributes")
clearIdmSessionAttributes()
}
// continue with OutOfBandFidoUafAuthState
response.setResult('ok')
}
// dispatch form post with fallback input field : transition to FIDO Token authentication
if (inargs['fallback'] == 'fallback') {
sess.setAttribute("eid.placeholder.text", "Fido2 login not implemented yet")
response.setResult('fido2')
}
// dispatch to recovery
if (inargs['fallback'] == 'recovery') {
response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl'))
response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE)
response.setIsRedirectTransfer(true)
// Remove existing cookies before redirecting to RECOVERY
def agovRecoveryCookie = "agovRecovery=deleted; Path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie', agovRecoveryCookie)
return
}
// dispatch form post with fallback input field : go to registration with right loa
if (inargs['fallback'] == 'register') {
sess.setAttribute("eid.placeholder.text", "Registration should not be called here?")
response.setResult('registration')
}
// cancel and go back to login
if (inargs['fallback'] == 'back') {
response.setResult('back')
}
// dispatch form post with onReload input field : refresh QR-code FIDO UAF
if (inargs.containsKey('onReload')) {
clearFidoUAFSession()
response.setResult('default')
}
Reference in New Issue View Git Blame Copy Permalink