GoogleAuthenticatorCouchDbTokenRepository

80 views
Skip to first unread message

Vittore Zen

unread,
Oct 28, 2021, 5:11:30 AM10/28/21
to cas-...@apereo.org
Hi,

I'm trying to set up google 2FA using couchdb. I have added to build.graddle file:
   implementation "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
   implementation "org.apereo.cas:cas-server-support-couchdb-ticket-registry:${project.'cas.version'}"
   implementation "org.apereo.cas:cas-server-support-gauth-couchdb:${project.'cas.version'}"

And in etc/cas/config/cas.properties file I have the following lines:
cas.ticket.registry.couch-db.db-name=cas
cas.ticket.registry.couch-db.password=my_pass
cas.ticket.registry.couch-db.url=http://localhost:5984
cas.ticket.registry.couch-db.username=admin
cas.authn.mfa.gauth.couch-db.db-name=cas
cas.authn.mfa.gauth.couch-db.password=my_pass
cas.authn.mfa.gauth.couch-db.url=http://localhost:5984
cas.authn.mfa.gauth.couch-db.username=admin

When run "./gradlew clean copyCasConfiguration build run" in couchdb I saw correctly db cas created, with two document: CouchDbGoogleAuthenticatorAccount and TicketDocument

But I get this error:
Current WebApplicationContext is not available for processing of GoogleAuthenticatorCouchDbTokenRepository: Make sure this class gets constructed in a Spring web application after the Spring WebApplicationContext has been initialized. Proceeding without injection.

Effectively in cas db there isn't a GoogleAuthenticatorCouchDbToken document.

Where is my mistake? What did I miss?

Thanks in advance.

v.

Matthew Gordon

unread,
Oct 29, 2021, 12:25:31 PM10/29/21
to CAS Community, Vittore Zen
Hello,

I am also seeing this same issue on version 6.4.1 and greater. I did not try anything older.

I am also seeing something similar with the CouchDb Surrogate Authentication module as well, so maybe there is something up with the CouchDb module in general.

_design/CouchDbSurrogateAuthorization/_view/by_surrogate_principal does not exist

Thank you,
Matt

Matthew Gordon

unread,
Oct 29, 2021, 2:54:32 PM10/29/21
to CAS Community, Matthew Gordon, Vittore Zen
In support/cas-server-support-gauth-couchdb/src/main/java/org/apereo/cas/couchdb/gauth/token/GoogleAuthenticatorTokenCouchDbRepository.java
It tries to create the same View twice @ lines 33 & 110 I don't know if that is why it fails to build that, but support/cas-server-support-surrogate-authentication-couchdb/src/main/java/org/apereo/cas/couchdb/surrogate/SurrogateAuthorizationCouchDbRepository.java does not have any duplicates and fails to create as well.

    /**
     * Find all by uid, otp pair.
     *
     * @param uid uid to search
     * @param otp otp to search
     * @return token for uid, otp pair
     */
    @View(name = "by_uid_otp", map = "function(doc) { if(doc.token && doc.userId) { emit([doc.userId, doc.token], doc) } }")
    public List<CouchDbGoogleAuthenticatorToken> findByUidForOtp(final String uid, final Integer otp) {
        val view = createQuery("by_uid_otp").key(ComplexKey.of(uid.trim().toLowerCase(), otp));
        return db.queryView(view, CouchDbGoogleAuthenticatorToken.class);
    }

The attached are what I interpreted the code was actually attempting to do. So you should be able to load them in CouchDB manually, and try again.

CouchDbGoogleAuthenticatorToken.txt -> Default Database: gauth_multifactor
CouchDbSurrogateAuthorization -> Default Database: surrogates

Also the document format for surrogates is:

{
  "_id": "1ff83a3e2c19db3ed3c3300f0401a31e",
  "_rev": "3-93412370e24c1980eea9b82a4579b041",
  "principal": "userID",
  "surrogate": [
    "surrogateUserYouWantToBe1",
    "surrogateUserYouWantToBe2"
  ]
}


Thank you,
Matt
CouchDbGoogleAuthenticatorToken.txt
CouchDbSurrogateAuthorization.txt

Vittore Zen

unread,
Nov 8, 2021, 8:11:39 AM11/8/21
to Matthew Gordon, CAS Community
I think that the problem is that cas didn't create document _design and views in the couchdb database.
I tried to create them manually but it still doesn't work. Now error is: WARN [org.springframework.web.context.support.SpringBeanAutowiringSupport] - <Current WebApplicationContext is not available for processing of GoogleAuthenticatorCouchDbTokenRepository: Make sure this class gets constructed in a Spring web application after the Spring WebApplicationContext has been initialized. Proceeding without injection.>

So my question is: is there anyone using cas with 2FA with gfa and couchdb?

Thanks in advance.
Vittore.

Vittore Zen

unread,
Nov 8, 2021, 8:23:01 AM11/8/21
to Matthew Gordon, CAS Community
If I upload this on couchDB all works fine:

{
  "_id": "_design/CouchDbGoogleAuthenticatorToken",
  "views": {
    "all": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc._id, doc) } }"
    },
    "by_uid_otp": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit([doc.userId, doc.token], doc) } }"
    },
    "by_issued_date_time": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.issuedDateTime, doc) } }"
    },
    "by_userId": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.userId, doc) } }"
    },
    "count_by_userId": {
      "reduce": "_count",
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.userId, doc) } }"
    },
    "count": {
      "reduce": "_count",
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc._id, doc) } }"
    },
    "by_token": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.token, doc) } }  "
    }
  },
  "lists": {},
  "shows": {},
  "language": "javascript",
  "filters": {},
  "updates": {}
}


Matthew Gordon

unread,
Jan 12, 2022, 10:53:23 AM1/12/22
to CAS Community, Vittore Zen, CAS Community, Matthew Gordon
If you want to use the trusted Device functionality...

{
  "_id": "_design/CouchDbMultifactorAuthenticationTrustRecord",
  "views": {
    "all": {
      "map": "function(doc) { if (doc.recordKey && doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc._id, doc) } }"
    },
    "by_recordKey": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.recordKey, doc) } }"
    },
    "by_recordDate": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.recordDate, doc) } }"
    },    
    "by_expirationDate": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.expirationDate) { emit(doc.expirationDate, doc) } }"
    },
    "by_principal": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.principal, doc) } }"
    },
    "by_id": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.id, doc) } }"
    },
    "by_principal_date": {
      "map": "function(doc) { if (doc.recordKey && doc.principal && doc.deviceFingerprint && doc.recordDate) { emit([doc.principal, doc.recordDate], doc) } }"
    },
    "by_all": {
      "map": "function(doc) { if (doc.recordKey) { emit([doc.recordKey], doc) } }"

    }
  },
  "lists": {},
  "shows": {},
  "language": "javascript",
  "filters": {}
}

Reply all
Reply to author
Forward
0 new messages