[cas-user] GoogleAuthenticatorCouchDbTokenRepository

[Vittore Zen]

Hi,

I'm trying to set up google 2FA using couchdb. I have added to build.graddle file:

   implementation "org.apereo.cas:cas-server-support-gauth:${project.'cas.version'}"
   implementation "org.apereo.cas:cas-server-support-couchdb-ticket-registry:${project.'cas.version'}"
   implementation "org.apereo.cas:cas-server-support-gauth-couchdb:${project.'cas.version'}"

And in etc/cas/config/cas.properties file I have the following lines:

cas.ticket.registry.couch-db.db-name=cas
cas.ticket.registry.couch-db.password=my_pass
cas.ticket.registry.couch-db.url=http://localhost:5984
cas.ticket.registry.couch-db.username=admin
cas.authn.mfa.gauth.couch-db.db-name=cas
cas.authn.mfa.gauth.couch-db.password=my_pass
cas.authn.mfa.gauth.couch-db.url=http://localhost:5984
cas.authn.mfa.gauth.couch-db.username=admin

When run "./gradlew clean copyCasConfiguration build run" in couchdb I saw correctly db cas created, with two document: CouchDbGoogleAuthenticatorAccount and TicketDocument

But I get this error:

Current WebApplicationContext is not available for processing of GoogleAuthenticatorCouchDbTokenRepository: Make sure this class gets constructed in a Spring web application after the Spring WebApplicationContext has been initialized. Proceeding without injection.

Effectively in cas db there isn't a GoogleAuthenticatorCouchDbToken document.

Where is my mistake? What did I miss?

Thanks in advance.

v.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAO79vSCH2c9TVOO6Yw0x7ct-7s%2Bt4nBPYMxoTNy%3DdijopjV0fQ%40mail.gmail.com.

[Matthew Gordon]

Hello,

I am also seeing this same issue on version 6.4.1 and greater. I did not try anything older.

I am also seeing something similar with the CouchDb Surrogate Authentication module as well, so maybe there is something up with the CouchDb module in general.

_design/CouchDbSurrogateAuthorization/_view/by_surrogate_principal does not exist

Thank you,

Matt

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/36c71342-5e50-49de-9a99-a9d15b537d5dn%40apereo.org.

[Matthew Gordon]

In support/cas-server-support-gauth-couchdb/src/main/java/org/apereo/cas/couchdb/gauth/token/GoogleAuthenticatorTokenCouchDbRepository.java

It tries to create the same View twice @ lines 33 & 110 I don't know if that is why it fails to build that, but support/cas-server-support-surrogate-authentication-couchdb/src/main/java/org/apereo/cas/couchdb/surrogate/SurrogateAuthorizationCouchDbRepository.java does not have any duplicates and fails to create as well.

    /**
     * Find all by uid, otp pair.
     *
     * @param uid uid to search
     * @param otp otp to search
     * @return token for uid, otp pair
     */
    @View(name = "by_uid_otp", map = "function(doc) { if(doc.token && doc.userId) { emit([doc.userId, doc.token], doc) } }")
    public List<CouchDbGoogleAuthenticatorToken> findByUidForOtp(final String uid, final Integer otp) {
        val view = createQuery("by_uid_otp").key(ComplexKey.of(uid.trim().toLowerCase(), otp));
        return db.queryView(view, CouchDbGoogleAuthenticatorToken.class);
    }

The attached are what I interpreted the code was actually attempting to do. So you should be able to load them in CouchDB manually, and try again.

CouchDbGoogleAuthenticatorToken.txt -> Default Database: gauth_multifactor

CouchDbSurrogateAuthorization -> Default Database: surrogates

Also the document format for surrogates is:

{
  "_id": "1ff83a3e2c19db3ed3c3300f0401a31e",
  "_rev": "3-93412370e24c1980eea9b82a4579b041",
  "principal": "userID",
  "surrogate": [
    "surrogateUserYouWantToBe1",
    "surrogateUserYouWantToBe2"
  ]
}

Thank you,

Matt

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d6fec844-cae9-4b2b-aa5a-c78e87c86121n%40apereo.org.

[Vittore Zen]

I think that the problem is that cas didn't create document _design and views in the couchdb database.

I tried to create them manually but it still doesn't work. Now error is: WARN [org.springframework.web.context.support.SpringBeanAutowiringSupport] - <Current WebApplicationContext is not available for processing of GoogleAuthenticatorCouchDbTokenRepository: Make sure this class gets constructed in a Spring web application after the Spring WebApplicationContext has been initialized. Proceeding without injection.>

So my question is: is there anyone using cas with 2FA with gfa and couchdb?

Thanks in advance.

Vittore.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAO79vSAyfM9dUnB6VEiTEQyXf%2BwP2-qvJe%2BJ4U8xs89wsR4Ubg%40mail.gmail.com.

[Vittore Zen]

If I upload this on couchDB all works fine:

{
  "_id": "_design/CouchDbGoogleAuthenticatorToken",
  "views": {
    "all": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc._id, doc) } }"
    },
    "by_uid_otp": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit([doc.userId, doc.token], doc) } }"
    },
    "by_issued_date_time": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.issuedDateTime, doc) } }"
    },
    "by_userId": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.userId, doc) } }"
    },
    "count_by_userId": {
      "reduce": "_count",
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.userId, doc) } }"
    },
    "count": {
      "reduce": "_count",
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc._id, doc) } }"
    },
    "by_token": {
      "map": "function(doc) { if(doc.token && doc.userId) { emit(doc.token, doc) } }  "
    }
  },
  "lists": {},
  "shows": {},
  "language": "javascript",
  "filters": {},
  "updates": {}
}

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAO79vSCb%2BSWM%3D2%3DM-mvE1ghEKj72s0hidoSf%2BvMPy7o-HONEvw%40mail.gmail.com.

[Matthew Gordon]

If you want to use the trusted Device functionality...

{

  "_id": "_design/CouchDbMultifactorAuthenticationTrustRecord",
  "views": {
    "all": {
      "map": "function(doc) { if (doc.recordKey && doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc._id, doc) } }"
    },
    "by_recordKey": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.recordKey, doc) } }"
    },
    "by_recordDate": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.recordDate, doc) } }"
    },    
    "by_expirationDate": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.expirationDate) { emit(doc.expirationDate, doc) } }"
    },
    "by_principal": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.principal, doc) } }"
    },
    "by_id": {
      "map": "function(doc) { if (doc.principal && doc.deviceFingerprint && doc.recordDate) { emit(doc.id, doc) } }"
    },
    "by_principal_date": {
      "map": "function(doc) { if (doc.recordKey && doc.principal && doc.deviceFingerprint && doc.recordDate) { emit([doc.principal, doc.recordDate], doc) } }"
    },
    "by_all": {
      "map": "function(doc) { if (doc.recordKey) { emit([doc.recordKey], doc) } }"

    }
  },
  "lists": {},
  "shows": {},
  "language": "javascript",
  "filters": {}
}

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/907e3770-f674-4e8f-a0b7-512cd6cc1930n%40apereo.org.