add active field and update functionality to userMfaConfig

[#151568420] https://www.pivotaltracker.com/story/show/151568420

model/src/main/java/org/cloudfoundry/identity/uaa/mfa_provider/UserGoogleMfaCredentials.java

@@ -5,16 +5,23 @@
 public class UserGoogleMfaCredentials {
     private String userId;
     private String secretKey;
+    private boolean active;
     private List<Integer> scratchCodes;
     private int validationCode;
 
     public UserGoogleMfaCredentials(String userId, String secretKey, int validationCode, List<Integer> scratchCodes) {
+        this(userId, secretKey, validationCode, scratchCodes, false);
+    }
+
+    public UserGoogleMfaCredentials(String userId, String secretKey, int validationCode, List<Integer> scratchCodes, boolean active) {
         this.userId = userId;
         this.secretKey = secretKey;
         this.scratchCodes = scratchCodes;
         this.validationCode = validationCode;
+        this.active = active;
     }
 
+
     public String getUserId() {
         return userId;
     }
@@ -46,4 +53,12 @@ public int getValidationCode() {
     public void setValidationCode(int validationCode) {
         this.validationCode = validationCode;
     }
+
+    public boolean isActive() {
+        return active;
+    }
+
+    public void setActive(boolean active) {
+        this.active = active;
+    }
 }

server/src/main/java/org/cloudfoundry/identity/uaa/login/TotpEndpoint.java

@@ -53,7 +53,7 @@ public String generateQrUrl(HttpSession session, Model model) throws NoSuchAlgor
          }
 
          //TODO and credential is active
-        if(userGoogleMfaCredentialsProvisioning.userCredentialExists(uaaPrincipal.getId())) {
+        if(userGoogleMfaCredentialsProvisioning.activeUserCredentialExists(uaaPrincipal.getId())) {
             return "enter_code";
         } else{
             //TODO set credential to inactive

server/src/main/java/org/cloudfoundry/identity/uaa/mfa_provider/UserGoogleMfaCredentialsProvisioning.java

@@ -6,6 +6,8 @@
 import org.cloudfoundry.identity.uaa.mfa_provider.exception.UserMfaConfigDoesNotExistException;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.dao.IncorrectResultSizeDataAccessException;
+import org.springframework.dao.OptimisticLockingFailureException;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.core.RowMapper;
 
@@ -21,10 +23,13 @@ public class UserGoogleMfaCredentialsProvisioning implements UserMfaCredentialsP
     public static final String TABLE_NAME = "user_google_mfa_credentials";
 
     private static final String CREATE_USER_MFA_CONFIG_SQL =
-            "INSERT INTO " + TABLE_NAME + "(user_id, secret_key, validation_code, scratch_codes) VALUES (?,?,?,?)";
+            "INSERT INTO " + TABLE_NAME + "(user_id, secret_key, validation_code, scratch_codes, active) VALUES (?,?,?,?,?)";
 
-    private static final String QUERY_USER_MFA_CONFIG_SQL = "SELECT * FROM " + TABLE_NAME + " WHERE user_id=? AND active=true";
-    private static final String QUERY_USER_MFA_CONFIG_INACTIVE_SQL = "SELECT * FROM " + TABLE_NAME + " WHERE user_id=? AND active=true";
+    private static final String UPDATE_USER_MFA_CONFIG_SQL =
+        "UPDATE " + TABLE_NAME + " SET secret_key=?, validation_code=?, scratch_codes=?, active=? WHERE user_id=?";
+
+    private static final String QUERY_USER_MFA_CONFIG_ACTIVE_SQL = "SELECT * FROM " + TABLE_NAME + " WHERE user_id=? AND active=true";
+    private static final String QUERY_USER_MFA_CONFIG_ALL_SQL = "SELECT * FROM " + TABLE_NAME + " WHERE user_id=?";
 
     private static final String DELETE_USER_MFA_CONFIG_SQL = "DELETE FROM " + TABLE_NAME + " WHERE user_id=?";
 
@@ -35,7 +40,7 @@ public UserGoogleMfaCredentialsProvisioning(JdbcTemplate jdbcTemplate) {
         this.jdbcTemplate = jdbcTemplate;
     }
 
-    public boolean userCredentialExists(String userId) {
+    public boolean activeUserCredentialExists(String userId) {
         try {
             retrieveActive(userId);
             return true;
@@ -65,23 +70,41 @@ public void save(UserGoogleMfaCredentials credentials) {
                 ps.setString(pos++, credentials.getSecretKey());
                 ps.setInt(pos++, credentials.getValidationCode());
                 ps.setString(pos++, toCSScratchCode(credentials.getScratchCodes()));
+                ps.setBoolean(pos++, credentials.isActive());
             });
         } catch (DuplicateKeyException e) {
             throw new UserMfaConfigAlreadyExistsException(e.getMostSpecificCause().getMessage());
         }
     }
 
+    @Override
+    public void update(UserGoogleMfaCredentials credentials) {
+        int updated = jdbcTemplate.update(UPDATE_USER_MFA_CONFIG_SQL, ps -> {
+            int pos = 1;
+            ps.setString(pos++, credentials.getSecretKey());
+            ps.setInt(pos++, credentials.getValidationCode());
+            ps.setString(pos++, toCSScratchCode(credentials.getScratchCodes()));
+            ps.setBoolean(pos++, credentials.isActive());
+            ps.setString(pos++, credentials.getUserId());
+        });
+        retrieve(credentials.getUserId());
+    }
+
     @Override
     public UserGoogleMfaCredentials retrieve(String userId) {
         try{
-            return jdbcTemplate.queryForObject(QUERY_USER_MFA_CONFIG_SQL, mapper, userId);
+            return jdbcTemplate.queryForObject(QUERY_USER_MFA_CONFIG_ALL_SQL, mapper, userId);
         } catch(EmptyResultDataAccessException e) {
             throw new UserMfaConfigDoesNotExistException("No Creds for user " +userId);
         }
     }
 
     public UserGoogleMfaCredentials retrieveActive(String userId) {
-        return null;
+        try{
+            return jdbcTemplate.queryForObject(QUERY_USER_MFA_CONFIG_ACTIVE_SQL, mapper, userId);
+        } catch(EmptyResultDataAccessException e) {
+            throw new UserMfaConfigDoesNotExistException("No Creds for user " +userId);
+        }
     }
 
     @Override
@@ -100,7 +123,8 @@ public UserGoogleMfaCredentials mapRow(ResultSet rs, int rowNum) throws SQLExcep
                     rs.getString("user_id"),
                     rs.getString("secret_key"),
                     rs.getInt("validation_code"),
-                    fromSCString(rs.getString("scratch_codes"))
+                    fromSCString(rs.getString("scratch_codes")),
+                    rs.getBoolean("active")
             );
         }
 

server/src/main/java/org/cloudfoundry/identity/uaa/mfa_provider/UserMfaCredentialsProvisioning.java

@@ -2,6 +2,7 @@
 
 public interface UserMfaCredentialsProvisioning<T extends UserGoogleMfaCredentials> {
     void save(T credentials);
+    void update(T credentials);
     T retrieve(String userId);
     int delete(String userID);
 }

server/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_7_2__Add_Google_Mfa_User_Creds_Table.sql

@@ -2,5 +2,6 @@ CREATE TABLE user_google_mfa_credentials (
    user_id VARCHAR(36) NOT NULL PRIMARY KEY,
    secret_key VARCHAR(255) NOT NULL,
    validation_code INTEGER NOT NULL,
-   scratch_codes VARCHAR(255) NOT NULL
+   scratch_codes VARCHAR(255) NOT NULL,
+   active BOOLEAN NOT NULL,
 );

server/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_7_2__Add_Google_Mfa_User_Creds_Table.sql

@@ -3,5 +3,6 @@ CREATE TABLE `user_google_mfa_credentials` (
    `secret_key` VARCHAR(255) NOT NULL,
    `validation_code` INTEGER NOT NULL,
    `scratch_codes` VARCHAR(255) NOT NULL,
+   `active` BOOLEAN NOT NULL,
     PRIMARY KEY (`user_id`)
 );

server/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_7_2__Add_Google_Mfa_User_Creds_Table.sql

@@ -2,5 +2,7 @@ CREATE TABLE `user_google_mfa_credentials` (
    `user_id` VARCHAR(36) NOT NULL    PRIMARY KEY,
    `secret_key` VARCHAR(255) NOT NULL,
    `validation_code` INTEGER NOT NULL,
-   `scratch_codes` VARCHAR(255) NOT NULL
+   `scratch_codes` VARCHAR(255) NOT NULL,
+   `active` BOOLEAN NOT NULL
+
 );

server/src/main/resources/org/cloudfoundry/identity/uaa/db/sqlserver/V4_7_2__Add_Google_Mfa_User_Creds_Table.sql

@@ -3,5 +3,6 @@ CREATE TABLE user_google_mfa_credentials (
    secret_key NVARCHAR(255) NOT NULL,
    validation_code INTEGER NOT NULL,
    scratch_codes NVARCHAR(255) NOT NULL,
+   active BIT not null,
    PRIMARY KEY (user_id)
 );

server/src/test/java/org/cloudfoundry/identity/uaa/login/TotpEndpointTest.java

@@ -56,7 +56,7 @@ public void testCreateCredentials() {
     @Test
     public void testGenerateQrUrl() throws Exception{
         when(uaaAuthentication.getPrincipal()).thenReturn(new UaaPrincipal(userId, "Marissa", null, null, null, null), null, null);
-        when(userGoogleMfaCredentialsProvisioning.userCredentialExists(userId)).thenReturn(false);
+        when(userGoogleMfaCredentialsProvisioning.activeUserCredentialExists(userId)).thenReturn(false);
 
         String returnView = endpoint.generateQrUrl(session, mock(Model.class));
 
@@ -66,7 +66,7 @@ public void testGenerateQrUrl() throws Exception{
     @Test
     public void testGenerateQrUrlForNewUserRegistration() throws Exception{
         when(uaaAuthentication.getPrincipal()).thenReturn(new UaaPrincipal(userId, "Marissa", null, null, null, null), null, null);
-        when(userGoogleMfaCredentialsProvisioning.userCredentialExists(userId)).thenReturn(true);
+        when(userGoogleMfaCredentialsProvisioning.activeUserCredentialExists(userId)).thenReturn(true);
 
         String returnView = endpoint.generateQrUrl(session, mock(Model.class));
 

server/src/test/java/org/cloudfoundry/identity/uaa/mfa_provider/UserGoogleMfaCredentialsProvisioningTest.java

@@ -6,6 +6,7 @@
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+import org.springframework.dao.EmptyResultDataAccessException;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -21,23 +22,6 @@ public class UserGoogleMfaCredentialsProvisioningTest extends JdbcTestBase {
     @Before
     public void initJdbcScimUserProvisioningTests() throws Exception {
         db = new UserGoogleMfaCredentialsProvisioning(jdbcTemplate);
-//        zoneDb = new JdbcIdentityZoneProvisioning(jdbcTemplate);
-//        providerDb = new JdbcIdentityProviderProvisioning(jdbcTemplate);
-//        SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter();
-//        Map<String, String> replaceWith = new HashMap<String, String>();
-//        replaceWith.put("emails\\.value", "email");
-//        replaceWith.put("groups\\.display", "authorities");
-//        replaceWith.put("phoneNumbers\\.value", "phoneNumber");
-//        filterConverter.setAttributeNameMapper(new SimpleAttributeNameMapper(replaceWith));
-//        db.setQueryConverter(filterConverter);
-//        BCryptPasswordEncoder pe = new BCryptPasswordEncoder(4);
-//
-//        existingUserCount = jdbcTemplate.queryForObject("select count(id) from users", Integer.class);
-//
-//        defaultIdentityProviderId = jdbcTemplate.queryForObject("select id from identity_provider where origin_key = ? and identity_zone_id = ?", String.class, OriginKeys.UAA, "uaa");
-//
-//        addUser(JOE_ID, "joe", pe.encode("joespassword"), "joe@joe.com", "Joe", "User", "+1-222-1234567", defaultIdentityProviderId, "uaa");
-//        addUser(MABEL_ID, "mabel", pe.encode("mabelspassword"), "mabel@mabel.com", "Mabel", "User", "", defaultIdentityProviderId, "uaa");
     }
 
 
@@ -52,7 +36,8 @@ public void testSaveUserGoogleMfaCredentials(){
         UserGoogleMfaCredentials userGoogleMfaCredentials = new UserGoogleMfaCredentials("jabbahut",
                 "very_sercret_key",
                 74718234,
-                Arrays.asList(1,22));
+                Arrays.asList(1,22),
+                true);
 
         db.save(userGoogleMfaCredentials);
         List<Map<String, Object>> credentials = jdbcTemplate.queryForList("SELECT * FROM user_google_mfa_credentials");
@@ -62,6 +47,7 @@ public void testSaveUserGoogleMfaCredentials(){
         assertEquals("very_sercret_key", record.get("secret_key"));
         assertEquals(74718234, record.get("validation_code"));
         assertEquals("1,22", record.get("scratch_codes"));
+        assertTrue((boolean) record.get("active"));
     }
 
     @Test(expected = UserMfaConfigAlreadyExistsException.class)
@@ -76,6 +62,35 @@ public void testSaveUserGoogleMfaCredentials_whenExistsForUser(){
         db.save(userGoogleMfaCredentials);
     }
 
+    @Test(expected = UserMfaConfigDoesNotExistException.class)
+    public void testUpdateUserGoogleMfaCredentials_noUser() {
+        assertEquals(0, jdbcTemplate.queryForList("SELECT * FROM user_google_mfa_credentials").size());
+        UserGoogleMfaCredentials userGoogleMfaCredentials = new UserGoogleMfaCredentials("jabbahut",
+            "very_sercret_key",
+            74718234,
+            Arrays.asList(1,22));
+        db.update(userGoogleMfaCredentials);
+    }
+
+
+    @Test
+    public void testUpdateUserGoogleMfaCredentials(){
+        assertEquals(0, jdbcTemplate.queryForList("SELECT * FROM user_google_mfa_credentials").size());
+        UserGoogleMfaCredentials userGoogleMfaCredentials = new UserGoogleMfaCredentials("jabbahut",
+            "very_sercret_key",
+            74718234,
+            Arrays.asList(1,22));
+
+        db.save(userGoogleMfaCredentials);
+        userGoogleMfaCredentials.setActive(true);
+        userGoogleMfaCredentials.setSecretKey("new_secret_key");
+        db.update(userGoogleMfaCredentials);
+
+        UserGoogleMfaCredentials updated = db.retrieve(userGoogleMfaCredentials.getUserId());
+        assertEquals("new_secret_key", updated.getSecretKey());
+        assertEquals(true, updated.isActive());
+    }
+
     @Test
     public void testRetrieveExisting() {
         db.save(new UserGoogleMfaCredentials("user1", "secret", 12345, Collections.singletonList(123)));