From a575a9f2de3bb1e9411999f40314f2fa631beb05 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 7 Jul 2022 12:29:21 +0300 Subject: [PATCH] add mfa info to user object --- .../core/service/identity/dao/UserDAO.java | 8 ++++++-- .../service/identity/representation/User.java | 18 ++++++++++++++++++ .../identity/resource/UserResource.java | 7 ++++--- .../service/identity/util/auth/DICEAuth.java | 6 ++---- token.properties.localdev | 14 +++++++++----- 5 files changed, 39 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java b/src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java index 7217635..da7857a 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java +++ b/src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java @@ -108,9 +108,11 @@ public abstract class UserDAO implements DaoBase, Transactional { @RegisterMapperFactory(TCBeanMapperFactory.class) @SqlQuery( "SELECT " + USER_COLUMNS + ", " + - "e.address AS email, e.status_id AS emailStatus " + + "e.address AS email, e.status_id AS emailStatus, " + + "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " + "FROM common_oltp.user AS u " + "LEFT OUTER JOIN common_oltp.email AS e ON u.user_id = e.user_id AND e.email_type_id = 1 " + + "LEFT JOIN common_oltp.user_2fa mfa ON mfa.user_id = u.user_id " + "WHERE u.handle_lower = LOWER(:handle)" ) public abstract User findUserByHandle(@Bind("handle") String handle); @@ -118,8 +120,10 @@ public abstract class UserDAO implements DaoBase, Transactional { @RegisterMapperFactory(TCBeanMapperFactory.class) @SqlQuery( "SELECT " + USER_COLUMNS + ", " + - "e.address AS email, e.status_id AS emailStatus " + + "e.address AS email, e.status_id AS emailStatus, " + + "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " + "FROM common_oltp.user AS u JOIN common_oltp.email AS e ON e.user_id = u.user_id " + + "LEFT JOIN common_oltp.user_2fa mfa ON mfa.user_id = u.user_id " + "WHERE LOWER(e.address) = LOWER(:email)" ) public abstract List findUsersByEmail(@Bind("email") String email); diff --git a/src/main/java/com/appirio/tech/core/service/identity/representation/User.java b/src/main/java/com/appirio/tech/core/service/identity/representation/User.java index dafa301..a904b92 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/representation/User.java +++ b/src/main/java/com/appirio/tech/core/service/identity/representation/User.java @@ -41,6 +41,8 @@ public class User extends AbstractIdResource { private String utmMedium; private String utmCampaign; private List roles; + private Boolean mfaEnabled; + private Boolean mfaVerified; /** * Represents the ssoLogin attribute. @@ -188,6 +190,22 @@ public void setUtmCampaign(String utmCampaign) { public List getRoles() { return roles; } public void setRoles(List roles) { this.roles = roles; } + + public Boolean getMfaEnabled() { + return mfaEnabled; + } + + public void setMfaEnabled(Boolean mfaEnabled) { + this.mfaEnabled = mfaEnabled; + } + + public Boolean getMfaVerified() { + return mfaVerified; + } + + public void setMfaVerified(Boolean mfaVerified) { + this.mfaVerified = mfaVerified; + } @JsonIgnore public boolean isReferralProgramCampaign() { diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index db55cb3..a75d6d0 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -9,11 +9,9 @@ import io.dropwizard.jersey.PATCH; import java.net.HttpURLConnection; -import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Calendar; -import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -1530,6 +1528,9 @@ public ApiResponse issueCredentials( // return 404 if user is not found if(user == null) throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND); + if(user.getMfaEnabled() == null || !user.getMfaEnabled()) { + throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user"); + } List roles = roleDao.getRolesBySubjectId(Long.parseLong(user.getId().getId())); ObjectMapper mapper = new ObjectMapper(); ObjectNode body = mapper.createObjectNode(); @@ -1573,7 +1574,7 @@ public ApiResponse issueCredentials( String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(), response.getMessage())); } - return ApiResponseFactory.createResponse(response.getText()); + return ApiResponseFactory.createResponse("SUCCESS"); } @PUT diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java index 062dfe1..4a5a30f 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java +++ b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java @@ -131,16 +131,14 @@ public String getToken() throws Exception { } } if (cachedToken == null || isCachedTokenExpired) { - Request request = new Request( + Response response = new Request( "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token", "POST") .param("grant_type", "password") .param("username", getUsername()) .param("password", getPassword()) .param("scope", getScope()) .param("client_id", getClientId()) - .param("client_secret", getClientSecret()); - logger.info(request.getQuery()); - Response response = request.execute(); + .param("client_secret", getClientSecret()).execute(); if (response.getStatusCode() != HttpURLConnection.HTTP_OK) { throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR, String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(), diff --git a/token.properties.localdev b/token.properties.localdev index 68f0a8a..f1a5a24 100644 --- a/token.properties.localdev +++ b/token.properties.localdev @@ -7,6 +7,11 @@ @auth.secret@=AUTH_SECRET +@application.sendgrid.template.id@=dummy +@application.sendgrid.welcome.template.id@=dummy +@application.sendgrid.selfservice.template.id@=dummy +@application.sendgrid.selfservice.welcome.template.id@=dummy + @ldap.host@=127.0.0.1 @ldap.port@=389 @ldap.password@=dummy @@ -31,7 +36,6 @@ @diceAuth.tenant@=dummy @diceAuth.username@=dummy @diceAuth.credDefId@=dummy -@diceAuth.credPreview@=dummy @zendesk.secret@=ZENDESK_SECRET @zendesk.idprefix@=ZENDESK_PREFIX @@ -68,7 +72,7 @@ @m2mAuthConfig.userProfiles.read@=read:user_profiles,all:user_profiles @m2mAuthConfig.userProfiles.update@=update:user_profiles,all:user_profiles @m2mAuthConfig.userProfiles.delete@=delete:user_profiles,all:user_profiles -@m2mAuthConfig.user2fa.create@=all:user-2fa -@m2mAuthConfig.user2fa.read@=all:user-2fa -@m2mAuthConfig.user2fa.update@=all:user-2fa -@m2mAuthConfig.user2fa.delete@=all:user-2fa \ No newline at end of file +@m2mAuthConfig.user2fa.create@=create:user_2fa,all:user_2fa +@m2mAuthConfig.user2fa.read@=read:user_2fa,all:user_2fa +@m2mAuthConfig.user2fa.update@=update:user_2fa,all:user_2fa +@m2mAuthConfig.user2fa.delete@=delete:user_2fa,all:user_2fa \ No newline at end of file