DefaultDuoMultifactorAuthenticationProvider.java

package org.apereo.cas.adaptors.duo.authn;

import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apereo.cas.adaptors.duo.DuoUserAccountAuthStatus;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.AbstractMultifactorAuthenticationProvider;
import org.apereo.cas.services.RegisteredService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.Event;

/**
 * This is {@link DefaultDuoMultifactorAuthenticationProvider}.
 *
 * @author Misagh Moayyed
 * @since 5.0.0
 */
public class DefaultDuoMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider
        implements DuoMultifactorAuthenticationProvider {

    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultDuoMultifactorAuthenticationProvider.class);
    private static final long serialVersionUID = 4789727148634156909L;

    private final DuoAuthenticationService duoAuthenticationService;

    public DefaultDuoMultifactorAuthenticationProvider(final DuoAuthenticationService duoAuthenticationService) {
        this.duoAuthenticationService = duoAuthenticationService;
    }

    @Override
    public DuoAuthenticationService getDuoAuthenticationService() {
        return this.duoAuthenticationService;
    }

    @Override
    protected boolean isAvailable() {
        return this.duoAuthenticationService.ping();
    }

    @Override
    public boolean equals(final Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj.getClass() != getClass()) {
            return false;
        }
        final DefaultDuoMultifactorAuthenticationProvider rhs = (DefaultDuoMultifactorAuthenticationProvider) obj;
        return new EqualsBuilder()
                .appendSuper(super.equals(obj))
                .append(duoAuthenticationService, rhs.duoAuthenticationService)
                .isEquals();
    }

    @Override
    public int hashCode() {
        return new HashCodeBuilder()
                .appendSuper(super.hashCode())
                .append(duoAuthenticationService)
                .toHashCode();
    }

    @Override
    protected boolean supportsInternal(final Event e, final Authentication authentication, final RegisteredService registeredService) {
        if (!super.supportsInternal(e, authentication, registeredService)) {
            return false;
        }

        final Principal principal = authentication.getPrincipal();
        final DuoUserAccountAuthStatus acct = this.duoAuthenticationService.getDuoUserAccountAuthStatus(principal.getId());
        LOGGER.debug("Found duo user account status [{}] for [{}]", acct, principal);

        if (acct == DuoUserAccountAuthStatus.ALLOW) {
            LOGGER.debug("Account status is set for allow/bypass for [{}]", principal);
            return false;
        }
        if (acct == DuoUserAccountAuthStatus.DENY) {
            LOGGER.warn("Account status is set to deny access to [{}]", principal);
        }

        return true;
    }
}