Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

Commit

Permalink
Don't swallow ApiException in the OKTA auth connecter, re-throw them …
Browse files Browse the repository at this point in the history
…as is (#180)
  • Loading branch information
fieldju authored Sep 27, 2018
1 parent 45316ac commit baccaf3
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 5 deletions.
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@
# limitations under the License.
#

version=3.25.0
version=3.25.1
groupId=com.nike.cerberus
artifactId=cms
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import com.nike.cerberus.auth.connector.okta.statehandlers.InitialLoginStateHandler;
import com.nike.cerberus.auth.connector.okta.statehandlers.MfaStateHandler;
import com.nike.cerberus.error.DefaultApiError;
import com.okta.authn.sdk.AuthenticationException;
import com.okta.authn.sdk.FactorValidationException;
import com.okta.authn.sdk.client.AuthenticationClient;
import com.okta.authn.sdk.impl.resource.DefaultVerifyPassCodeFactorRequest;
Expand All @@ -35,7 +36,9 @@
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

/**
* Okta version 1 API implementation of the AuthConnector interface.
Expand Down Expand Up @@ -66,6 +69,8 @@ public AuthResponse authenticate(String username, String password) {
try {
oktaAuthenticationClient.authenticate(username, password.toCharArray(), null, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder()
.withExceptionCause(e)
Expand All @@ -86,6 +91,8 @@ public AuthResponse triggerChallenge(String stateToken, String deviceId) {
try {
oktaAuthenticationClient.challengeFactor(deviceId, stateToken, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw ApiException.newBuilder()
.withExceptionCause(e)
Expand All @@ -111,6 +118,8 @@ public AuthResponse mfaCheck(String stateToken, String deviceId, String otpToken
try {
oktaAuthenticationClient.verifyFactor(deviceId, request, stateHandler);
return authResponse.get(45, TimeUnit.SECONDS);
} catch (ApiException e) {
throw e;
} catch(FactorValidationException e) {
throw ApiException.newBuilder()
.withExceptionCause(e)
Expand Down Expand Up @@ -145,4 +154,4 @@ public Set<String> getGroups(AuthData authData) {

return groups;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,11 @@ public abstract class AbstractOktaStateHandler extends AuthenticationStateHandle
.put("RECOVERY", "Please check for a recovery token to reset your password or unlock your account.")
.put("RECOVERY_CHALLENGE", "Please verify the factor-specific recovery challenge.")
.put("PASSWORD_RESET", "Please set a new password.")
.put("LOCKED_OUT", "Your user account is locked. Self-service or admin unlock is required.")
.put("LOCKED_OUT", "Your OKTA user account is locked.")
.put("MFA_ENROLL_ACTIVATE", "Please activate your factor to complete enrollment.")
.build();

// We currently do not support push notifications for Okta MFA verification.
// We currently do not support push notifications for Okta MFA verification.
private static final ImmutableSet UNSUPPORTED_OKTA_MFA_TYPES = ImmutableSet.of(FactorType.PUSH);

public final AuthenticationClient client;
Expand Down Expand Up @@ -186,4 +186,4 @@ public void handleUnknown(AuthenticationResponse typedUnknownResponse) {
DefaultApiError.AUTH_FAILED.getHttpStatusCode()))
.build();
}
}
}

0 comments on commit baccaf3

Please sign in to comment.