add mfa info to user object

src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java

@@ -108,18 +108,22 @@ public abstract class UserDAO implements DaoBase<User>, Transactional<UserDAO> {
     @RegisterMapperFactory(TCBeanMapperFactory.class)
     @SqlQuery(
             "SELECT " + USER_COLUMNS + ", " +
-            "e.address AS email, e.status_id AS emailStatus " +
+            "e.address AS email, e.status_id AS emailStatus, " +
+            "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " +
             "FROM common_oltp.user AS u " +
             "LEFT OUTER JOIN common_oltp.email AS e ON u.user_id = e.user_id AND e.email_type_id = 1 " +
+            "LEFT JOIN common_oltp.user_2fa mfa ON mfa.user_id = u.user_id " +
             "WHERE u.handle_lower = LOWER(:handle)"
     )
     public abstract User findUserByHandle(@Bind("handle") String handle);
 
     @RegisterMapperFactory(TCBeanMapperFactory.class)
     @SqlQuery(
             "SELECT " + USER_COLUMNS + ", " +
-            "e.address AS email, e.status_id AS emailStatus " +
+            "e.address AS email, e.status_id AS emailStatus, " +
+            "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " +
             "FROM common_oltp.user AS u JOIN common_oltp.email AS e ON e.user_id = u.user_id " +
+            "LEFT JOIN common_oltp.user_2fa mfa ON mfa.user_id = u.user_id " +
             "WHERE LOWER(e.address) = LOWER(:email)"
     )
     public abstract List<User> findUsersByEmail(@Bind("email") String email);

src/main/java/com/appirio/tech/core/service/identity/representation/User.java

@@ -41,6 +41,8 @@ public class User extends AbstractIdResource {
 	private String utmMedium;
 	private String utmCampaign;
 	private List<Role> roles;
+	private Boolean mfaEnabled;
+	private Boolean mfaVerified;
 
     /**
      * Represents the ssoLogin attribute.
@@ -188,6 +190,22 @@ public void setUtmCampaign(String utmCampaign) {
 	public List<Role> getRoles() { return roles; }
 
 	public void setRoles(List<Role> roles) { this.roles = roles; }
+
+	public Boolean getMfaEnabled() {
+		return mfaEnabled;
+	}
+
+	public void setMfaEnabled(Boolean mfaEnabled) {
+		this.mfaEnabled = mfaEnabled;
+	}
+
+	public Boolean getMfaVerified() {
+		return mfaVerified;
+	}
+
+	public void setMfaVerified(Boolean mfaVerified) {
+		this.mfaVerified = mfaVerified;
+	}
 
 	@JsonIgnore
 	public boolean isReferralProgramCampaign() {

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

@@ -9,11 +9,9 @@
 import io.dropwizard.jersey.PATCH;
 
 import java.net.HttpURLConnection;
-import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -1530,6 +1528,9 @@ public ApiResponse issueCredentials(
         // return 404 if user is not found
         if(user == null)
             throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND);
+        if(user.getMfaEnabled() == null || !user.getMfaEnabled()) {
+            throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");
+        }
         List<Role> roles = roleDao.getRolesBySubjectId(Long.parseLong(user.getId().getId()));
         ObjectMapper mapper = new ObjectMapper();
         ObjectNode body = mapper.createObjectNode();
@@ -1573,7 +1574,7 @@ public ApiResponse issueCredentials(
                     String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
                             response.getMessage()));
         }
-        return ApiResponseFactory.createResponse(response.getText());
+        return ApiResponseFactory.createResponse("SUCCESS");
     }
 
     @PUT

src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java

@@ -131,16 +131,14 @@ public String getToken() throws Exception {
             }
         }
         if (cachedToken == null || isCachedTokenExpired) {
-            Request request = new Request(
+            Response response = new Request(
                     "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token", "POST")
                     .param("grant_type", "password")
                     .param("username", getUsername())
                     .param("password", getPassword())
                     .param("scope", getScope())
                     .param("client_id", getClientId())
-                    .param("client_secret", getClientSecret());
-            logger.info(request.getQuery());
-            Response response = request.execute();
+                    .param("client_secret", getClientSecret()).execute();
             if (response.getStatusCode() != HttpURLConnection.HTTP_OK) {
                 throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
                         String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),

token.properties.localdev

@@ -7,6 +7,11 @@
 
 @auth.secret@=AUTH_SECRET
 
+@application.sendgrid.template.id@=dummy
+@application.sendgrid.welcome.template.id@=dummy
+@application.sendgrid.selfservice.template.id@=dummy
+@application.sendgrid.selfservice.welcome.template.id@=dummy
+
 @ldap.host@=127.0.0.1
 @ldap.port@=389
 @ldap.password@=dummy
@@ -31,7 +36,6 @@
 @diceAuth.tenant@=dummy
 @diceAuth.username@=dummy
 @diceAuth.credDefId@=dummy
-@diceAuth.credPreview@=dummy
 
 @zendesk.secret@=ZENDESK_SECRET
 @zendesk.idprefix@=ZENDESK_PREFIX
@@ -68,7 +72,7 @@
 @m2mAuthConfig.userProfiles.read@=read:user_profiles,all:user_profiles
 @m2mAuthConfig.userProfiles.update@=update:user_profiles,all:user_profiles
 @m2mAuthConfig.userProfiles.delete@=delete:user_profiles,all:user_profiles
-@m2mAuthConfig.user2fa.create@=all:user-2fa
-@m2mAuthConfig.user2fa.read@=all:user-2fa
-@m2mAuthConfig.user2fa.update@=all:user-2fa
-@m2mAuthConfig.user2fa.delete@=all:user-2fa
+@m2mAuthConfig.user2fa.create@=create:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.read@=read:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.update@=update:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.delete@=delete:user_2fa,all:user_2fa