topcoder-archive · eisbilir · Aug 3, 2022 · Aug 3, 2022 · Aug 3, 2022
diff --git a/buildtokenproperties.sh b/buildtokenproperties.sh
@@ -18,12 +18,7 @@ AUTH0_NEW_NONINTERACTIVE_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIV
 DICEAUTH_DICE_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_URL")
 DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL")
 DICEAUTH_DICE_VERIFIER=$(eval "echo \$${ENV}_DICEAUTH_DICE_VERIFIER")
-DICEAUTH_ID=$(eval "echo \$${ENV}_DICEAUTH_ID")
-DICEAUTH_ID_SECRET=$(eval "echo \$${ENV}_DICEAUTH_ID_SECRET")
-DICEAUTH_PASSWORD=$(eval "echo \$${ENV}_DICEAUTH_PASSWORD")
-DICEAUTH_SCOPE=$(eval "echo \$${ENV}_DICEAUTH_SCOPE")
-DICEAUTH_TENANT=$(eval "echo \$${ENV}_DICEAUTH_TENANT")
-DICEAUTH_USERNAME=$(eval "echo \$${ENV}_DICEAUTH_USERNAME")
+DICEAUTH_DICE_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_KEY")
 DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID")
 ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID")
 SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID")
@@ -43,10 +38,9 @@ M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFIL
 M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE")
 M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ")
 M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE")
-M2MAUTHCONFIG_USER2FA_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREATE")
-M2MAUTHCONFIG_USER2FA_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_UPDATE")
-M2MAUTHCONFIG_USER2FA_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_READ")
-M2MAUTHCONFIG_USER2FA_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_DELETE")
+M2MAUTHCONFIG_USER2FA_ENABLE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_ENABLE")
+M2MAUTHCONFIG_USER2FA_VERIFY=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_VERIFY")
+M2MAUTHCONFIG_USER2FA_CREDENTIAL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREDENTIAL")
 
 DOMAIN=$(eval "echo \$${ENV}_DOMAIN")
 SMTP=$(eval "echo \$${ENV}_SMTP")
@@ -98,12 +92,7 @@ perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID_SECRET\}\}/$AUTH0_NEW_NONINTERACT
 perl -pi -e "s|\{\{DICEAUTH_DICE_URL\}\}|$DICEAUTH_DICE_URL|g" $CONFFILENAME 
 perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILENAME 
 perl -pi -e "s|\{\{DICEAUTH_DICE_VERIFIER\}\}|$DICEAUTH_DICE_VERIFIER|g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_ID\}\}/$DICEAUTH_ID/g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_ID_SECRET\}\}/$DICEAUTH_ID_SECRET/g" $CONFFILENAME 
-perl -pi -e "s|\{\{DICEAUTH_PASSWORD\}\}|$DICEAUTH_PASSWORD|g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_SCOPE\}\}/$DICEAUTH_SCOPE/g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_TENANT\}\}/$DICEAUTH_TENANT/g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_USERNAME\}\}/$DICEAUTH_USERNAME/g" $CONFFILENAME 
+perl -pi -e "s|\{\{DICEAUTH_DICE_API_KEY\}\}|$DICEAUTH_DICE_API_KEY|g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME 
@@ -135,10 +124,9 @@ perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROF
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREATE\}\}|$M2MAUTHCONFIG_USER2FA_CREATE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_UPDATE\}\}|$M2MAUTHCONFIG_USER2FA_UPDATE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_READ\}\}|$M2MAUTHCONFIG_USER2FA_READ|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_DELETE\}\}|$M2MAUTHCONFIG_USER2FA_DELETE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_ENABLE\}\}|$M2MAUTHCONFIG_USER2FA_ENABLE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_VERIFY\}\}|$M2MAUTHCONFIG_USER2FA_VERIFY|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREDENTIAL\}\}|$M2MAUTHCONFIG_USER2FA_CREDENTIAL|g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME
 perl -pi -e "s/\{\{SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID\}\}/$SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID/g" $CONFFILENAME

diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java
@@ -1518,7 +1518,7 @@ public ApiResponse updateUser2fa(
             @Context HttpServletRequest request) {
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes());
+        validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getEnableScopes());
         // checking param
         checkParam(postRequest);
 
@@ -1549,7 +1549,7 @@ public ApiResponse updateUser2fa(
             try {
                 response = new Request(diceAuth.getDiceApiUrl() + "/connection/invitation", "POST")
                         .param("emailId", user2faInDb.getEmail())
-                        .header("Authorization", "Bearer " + diceAuth.getToken())
+                        .header("x-api-key", diceAuth.getDiceApiKey())
                         .execute();
             } catch (Exception e) {
                 logger.error("Error when calling 2fa submit api", e);
@@ -1576,7 +1576,7 @@ public ApiResponse issueCredentials(
             @Auth AuthUser authUser,
             @Valid PostPutRequest<CredentialRequest> postRequest,
             @Context HttpServletRequest request) {
-        Utils.checkAccess(authUser, user2faFactory.getCreateScopes(), Utils.AdminRoles);
+        Utils.checkAccess(authUser, user2faFactory.getCredentialIssuerScopes(), Utils.AdminRoles);
         checkParam(postRequest);
         CredentialRequest credential = postRequest.getParam();
 
@@ -1625,7 +1625,7 @@ public ApiResponse issueCredentials(
         Response response;
         try {
             response = new Request(diceAuth.getDiceApiUrl() + "/cred/issuance/offer", "POST")
-                    .header("Authorization", "Bearer " + diceAuth.getToken())
+                    .header("x-api-key", diceAuth.getDiceApiKey())
                     .json(mapper.writeValueAsString(body))
                     .execute();
         } catch (JsonProcessingException e) {
@@ -1654,7 +1654,7 @@ public ApiResponse update2faVerification(
             @Valid PostPutRequest<User2fa> putRequest,
             @Context HttpServletRequest request) {
 
-        Utils.checkAccess(authUser, user2faFactory.getUpdateScopes(), Utils.AdminRoles);
+        Utils.checkAccess(authUser, user2faFactory.getVerifyScopes(), Utils.AdminRoles);
         checkParam(putRequest);
         User2fa credential = putRequest.getParam();
 

diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java
@@ -1,23 +1,8 @@
 package com.appirio.tech.core.service.identity.util.auth;
 
-import java.net.HttpURLConnection;
-import java.util.Date;
-
 import javax.validation.constraints.NotNull;
 
-import org.apache.log4j.Logger;
-
-import com.appirio.tech.core.api.v3.exception.APIRuntimeException;
-import com.appirio.tech.core.api.v3.util.jwt.InvalidTokenException;
-import com.appirio.tech.core.service.identity.util.HttpUtil.Request;
-import com.appirio.tech.core.service.identity.util.HttpUtil.Response;
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.interfaces.DecodedJWT;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
 public class DICEAuth {
-    private static final Logger logger = Logger.getLogger(Auth0Client.class);
 
     @NotNull
     private String diceUrl;
@@ -29,44 +14,21 @@ public class DICEAuth {
     private String diceVerifier;
 
     @NotNull
-    private String tenant;
-
-    @NotNull
-    private String username;
-
-    @NotNull
-    private String password;
-
-    @NotNull
-    private String scope;
-
-    @NotNull
-    private String clientId;
-
-    @NotNull
-    private String clientSecret;
+    private String diceApiKey;
 
     @NotNull
     private String credDefId;
 
     private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview";
 
-    private String cachedToken;
-
     public DICEAuth() {
     }
 
-    public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String tenant, String username,
-            String password, String scope, String clientId, String clientSecret, String credDefId) {
+    public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String diceApiKey, String credDefId) {
         this.diceUrl = diceUrl;
         this.diceApiUrl = diceApiUrl;
         this.diceVerifier = diceVerifier;
-        this.tenant = tenant;
-        this.username = username;
-        this.password = password;
-        this.scope = scope;
-        this.clientId = clientId;
-        this.clientSecret = clientSecret;
+        this.diceApiKey = diceApiKey;
         this.credDefId = credDefId;
     }
 
@@ -94,52 +56,12 @@ public void setDiceVerifier(String diceVerifier) {
         this.diceVerifier = diceVerifier;
     }
 
-    public String getTenant() {
-        return tenant;
-    }
-
-    public void setTenant(String tenant) {
-        this.tenant = tenant;
-    }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    public String getPassword() {
-        return password;
-    }
-
-    public void setPassword(String password) {
-        this.password = password;
+    public String getDiceApiKey() {
+        return diceApiKey;
     }
 
-    public String getScope() {
-        return scope;
-    }
-
-    public void setScope(String scope) {
-        this.scope = scope;
-    }
-
-    public String getClientId() {
-        return clientId;
-    }
-
-    public void setClientId(String clientId) {
-        this.clientId = clientId;
-    }
-
-    public String getClientSecret() {
-        return clientSecret;
-    }
-
-    public void setClientSecret(String clientSecret) {
-        this.clientSecret = clientSecret;
+    public void setDiceApiKey(String diceApiKey) {
+        this.diceApiKey = diceApiKey;
     }
 
     public String getCredDefId() {
@@ -157,56 +79,4 @@ public String getCredPreview() {
     public void setCredPreview(String credPreview) {
         this.credPreview = credPreview;
     }
-
-    public String getToken() throws Exception {
-        Boolean isCachedTokenExpired = false;
-        if (cachedToken != null) {
-            if (getTokenExpiryTime(cachedToken) <= 0) {
-                isCachedTokenExpired = true;
-                logger.info("Application cached token expired");
-            }
-        }
-        if (cachedToken == null || isCachedTokenExpired) {
-            String url = "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token";
-            Response response = new Request(url, "POST")
-                    .param("grant_type", "password")
-                    .param("username", getUsername())
-                    .param("password", getPassword())
-                    .param("scope", getScope())
-                    .param("client_id", getClientId())
-                    .param("client_secret", getClientSecret()).execute();
-            if (response.getStatusCode() != HttpURLConnection.HTTP_OK) {
-                throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
-                        String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
-                                response.getText()));
-            }
-            cachedToken = new ObjectMapper().readValue(response.getText(), Auth0Credential.class).getIdToken();
-            logger.info("Fetched token from URL: " + url);
-        }
-        return cachedToken;
-    }
-
-    /**
-     * Get token expiry time in seconds
-     *
-     * @param token JWT token
-     *              throws Exception if any error occurs
-     * @return the Integer result
-     */
-    private Integer getTokenExpiryTime(String token) throws Exception {
-        DecodedJWT decodedJWT = null;
-        Integer tokenExpiryTime = 0;
-        if (token != null) {
-            try {
-                decodedJWT = JWT.decode(token);
-            } catch (JWTDecodeException e) {
-                throw new InvalidTokenException(token, "Error occurred in decoding token. " + e.getLocalizedMessage(),
-                        e);
-            }
-            Date tokenExpiryDate = decodedJWT.getExpiresAt();
-            Long tokenExpiryTimeInMilliSeconds = tokenExpiryDate.getTime() - (new Date().getTime()) - 60 * 1000;
-            tokenExpiryTime = (int) Math.floor(tokenExpiryTimeInMilliSeconds / 1000);
-        }
-        return tokenExpiryTime;
-    }
 }