From 79ea78393cb9d5543b13ab82cf1e13da4b25f859 Mon Sep 17 00:00:00 2001 From: Emre Date: Tue, 15 Nov 2022 17:20:59 +0300 Subject: [PATCH 1/6] assign role after changing status --- .../tech/core/service/identity/resource/UserResource.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index 92fc882..33b8907 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -1337,6 +1337,7 @@ public ApiResponse updateStatus( if(MemberStatus.UNVERIFIED == MemberStatus.getByValue(oldStatus) && MemberStatus.ACTIVE == MemberStatus.getByValue(user.getStatus())) { notifyWelcome(userInDB); + assignDefaultUserRole(userInDB); } return ApiResponseFactory.createResponse(userInDB); From f1f7ee7b3f6424b6a227c0c5623b71c8070e0f44 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Tue, 13 Dec 2022 21:16:18 +0300 Subject: [PATCH 2/6] update keystore --- build/build-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/build-image.sh b/build/build-image.sh index 6f3cb30..347992a 100755 --- a/build/build-image.sh +++ b/build/build-image.sh @@ -90,7 +90,7 @@ echo "[CHECK THIS IS CORRECT] application domain: ${APPDOMAIN}" echo "copying LDAP keystore file" #cp /mnt/ebs/deploy/topcoder/ap-identity/conf/$CONFIG/TC.prod.ldap.keystore $DOCKER_DIR/TC.prod.ldap.keystore -aws s3 cp s3://appirio-platform-$CONFIG/application/tc-api-core/$CONFIG/TC.prod.ldap.keystore $DOCKER_DIR/TC.prod.ldap.keystore +aws s3 cp s3://appirio-platform-$CONFIG/application/tc-api-core/$CONFIG/TC.prod.ldap.new.keystore $DOCKER_DIR/TC.prod.ldap.keystore echo "copying environment-specific resources" cat $WORK_DIR/config/sumo-template.conf | sed -e "s/@APINAME@/${SERVICE}/g" | sed -e "s/@CONFIG@/${CONFIG}/g" > $DOCKER_DIR/sumo.conf From 8b885b7d29878a73e61e5b95eaea9a18491d4187 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Tue, 13 Dec 2022 21:16:51 +0300 Subject: [PATCH 3/6] update ci --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2968f89..cfe3b8d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -146,7 +146,7 @@ workflows: context : org-global filters: branches: - only: [dev, 'feature/jira-plat-152', 'auth0-kt'] + only: [dev, 'feature/jira-plat-152', 'update-keystore'] # Production build is executed on "master" branch only. - "build-prod": context : org-global From 153698c582326fff1b363e00e3d3fcc6c09c6133 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Wed, 14 Dec 2022 10:13:10 +0300 Subject: [PATCH 4/6] send slack notification --- buildtokenproperties.sh | 4 +++ .../identity/resource/UserResource.java | 27 +++++++++++++++++-- .../service/identity/util/auth/DICEAuth.java | 27 ++++++++++++++++++- src/main/resources/config.yml | 2 ++ token.properties.template | 2 ++ 5 files changed, 59 insertions(+), 3 deletions(-) diff --git a/buildtokenproperties.sh b/buildtokenproperties.sh index d5a1c02..ac63f96 100755 --- a/buildtokenproperties.sh +++ b/buildtokenproperties.sh @@ -19,6 +19,8 @@ DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL") DICEAUTH_DICE_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_KEY") DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID") DICEAUTH_OTP_DURATION=$(eval "echo \$${ENV}_DICEAUTH_OTP_DURATION") +SLACK_BOT_KEY=$(eval "echo \$${ENV}_SLACK_BOT_KEY") +SLACK_CHANNEL_ID=$(eval "echo \$${ENV}_SLACK_CHANNEL_ID") ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID") SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID") AUTH_SECRET=$(eval "echo \$${ENV}_AUTH_SECRET") @@ -92,6 +94,8 @@ perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILE perl -pi -e "s|\{\{DICEAUTH_DICE_API_KEY\}\}|$DICEAUTH_DICE_API_KEY|g" $CONFFILENAME perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME perl -pi -e "s/\{\{DICEAUTH_OTP_DURATION\}\}/$DICEAUTH_OTP_DURATION/g" $CONFFILENAME +perl -pi -e "s|\{\{SLACK_BOT_KEY\}\}|$SLACK_BOT_KEY|g" $CONFFILENAME +perl -pi -e "s|\{\{SLACK_CHANNEL_ID\}\}|$SLACK_CHANNEL_ID|g" $CONFFILENAME perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME perl -pi -e "s/\{\{SERVICEACC01_CID\}\}/$SERVICEACC01_CID/g" $CONFFILENAME diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index 33b8907..0fde9bf 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -1649,11 +1649,13 @@ public ApiResponse updateUser2fa( throw new APIRuntimeException(SC_BAD_REQUEST, "You have multiple accounts registered with same email. Please contact with support."); } } + Boolean oldMfaStatus = user2faInDb.getMfaEnabled() == null ? false : user2faInDb.getMfaEnabled(); + Boolean oldDiceStatus = user2faInDb.getDiceEnabled() == null ? false : user2faInDb.getDiceEnabled(); if (user2fa.getMfaEnabled() == null) { - user2fa.setMfaEnabled(user2faInDb.getMfaEnabled() == null ? false : user2faInDb.getMfaEnabled()); + user2fa.setMfaEnabled(oldMfaStatus); } if (user2fa.getDiceEnabled() == null) { - user2fa.setDiceEnabled(user2faInDb.getDiceEnabled() == null ? false : user2faInDb.getDiceEnabled()); + user2fa.setDiceEnabled(oldDiceStatus); } if (user2faInDb.getId() == null) { long newId = userDao.insertUser2fa(userId, user2fa.getMfaEnabled(), user2fa.getDiceEnabled(), @@ -1665,6 +1667,9 @@ public ApiResponse updateUser2fa( user2fa.getDiceEnabled(), Utils.toLongValue(authUser.getUserId())); user2faInDb = userDao.findUser2faById(user2faInDb.getId()); } + if (!oldDiceStatus.equals(user2faInDb.getDiceEnabled())) { + sendSlackNotification(user2faInDb.getHandle(), null, user2faInDb.getDiceEnabled() ? "DICE enabled" : "DICE disabled"); + } return ApiResponseFactory.createResponse(user2faInDb); } @@ -1703,6 +1708,7 @@ public ApiResponse getDiceConnection( diceConnection.setCreatedAt(diceAttributes.getDiceConnectionCreatedAt()); diceConnection.setConnection(diceAuth.getDiceApiUrl() + "/web/connection/inviteurl/" + diceAttributes.getDiceConnection()); + sendSlackNotification(diceAttributes.getHandle(), diceAttributes.getEmail(), "Reusing DICE connection"); return ApiResponseFactory.createResponse(diceConnection); } } @@ -1731,6 +1737,7 @@ public ApiResponse getDiceConnection( diceConnection.setId(newId); diceConnection.setConnection(diceAuth.getDiceApiUrl() + "/web/connection/inviteurl/" + connectionId); diceConnection.setAccepted(false); + sendSlackNotification(diceAttributes.getHandle(), diceAttributes.getEmail(), "Created new DICE connection"); return ApiResponseFactory.createResponse(diceConnection); } @@ -1847,6 +1854,7 @@ public ApiResponse issueCredentials( response.getMessage())); } userDao.updateDiceConnectionStatus(user.getDiceConnectionId(), true); + sendSlackNotification(user.getHandle(), user.getEmail(), "DICE connection accepted"); return ApiResponseFactory.createResponse("SUCCESS"); } @@ -2455,6 +2463,21 @@ private void sendWelcomeEmailEvent(User user) { logger.error("Error occured while publishing the events to new kafka."); } } + + private void sendSlackNotification(String handle, String email, String message) { + ObjectMapper mapper = new ObjectMapper(); + ObjectNode body = mapper.createObjectNode(); + body.put("channel", diceAuth.getSlackChannelId()); + body.put("text", String.format("%s%s : %s", handle, email == null ? "" : String.format(" (%s)", email) , message)); + try { + new Request("https://slack.com/api/chat.postMessage", "POST") + .header("Authorization", "Bearer " + diceAuth.getSlackKey()) + .json(mapper.writeValueAsString(body)) + .execute(); + } catch (Exception e) { + logger.error("Error when calling slack bot", e); + } + } protected NotificationPayload createActivationNotificationPayload(User user, String redirectUrl) { //If for Connect registration, send activation email with activation code only. diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java index 5d33f72..984a77e 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java +++ b/src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java @@ -16,16 +16,25 @@ public class DICEAuth { @NotNull private Integer otpDuration; + @NotNull + private String slackKey; + + @NotNull + private String slackChannelId; + private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview"; public DICEAuth() { } - public DICEAuth(String diceApiUrl, String diceApiKey, String credDefId, Integer otpDuration) { + public DICEAuth(String diceApiUrl, String diceApiKey, String credDefId, Integer otpDuration, String slackKey, + String slackChannelId) { this.diceApiUrl = diceApiUrl; this.diceApiKey = diceApiKey; this.credDefId = credDefId; this.otpDuration = otpDuration; + this.slackKey = slackKey; + this.slackChannelId = slackChannelId; } public String getDiceApiUrl() { @@ -67,4 +76,20 @@ public String getCredPreview() { public void setCredPreview(String credPreview) { this.credPreview = credPreview; } + + public String getSlackKey() { + return slackKey; + } + + public void setSlackKey(String slackKey) { + this.slackKey = slackKey; + } + + public String getSlackChannelId() { + return slackChannelId; + } + + public void setSlackChannelId(String slackChannelId) { + this.slackChannelId = slackChannelId; + } } diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index 097e6cf..476e3cb 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -98,6 +98,8 @@ diceAuth: diceApiKey: @diceAuth.diceApiKey@ credDefId: @diceAuth.credDefId@ otpDuration: @diceAuth.otpDuration@ + slackKey: @diceAuth.slackKey@ + slackChannelId: @diceAuth.slackChannelId@ # Authorized accounts serviceAccount: diff --git a/token.properties.template b/token.properties.template index 6f749b1..9180f68 100644 --- a/token.properties.template +++ b/token.properties.template @@ -55,6 +55,8 @@ @diceAuth.diceApiKey@={{DICEAUTH_DICE_API_KEY}} @diceAuth.credDefId@={{DICEAUTH_CREDDEFID}} @diceAuth.otpDuration@={{DICEAUTH_OTP_DURATION}} +@diceAuth.slackKey@={{SLACK_BOT_KEY}} +@diceAuth.slackChannelId@={{SLACK_CHANNEL_ID}} @zendesk.secret@={{ZENDESK_KEY}} @zendesk.idprefix@={{ZENDESK_ID}} From b9b4efac19259dbe8412e2f57cec59d25cafb2e5 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Wed, 14 Dec 2022 10:27:47 +0300 Subject: [PATCH 5/6] add domain env --- .../tech/core/service/identity/resource/UserResource.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index 0fde9bf..ec71ac4 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -128,6 +128,8 @@ public class UserResource implements GetResource, DDLResource { private String domain; + private String domainEnv; + private String sendgridTemplateId; private String sendgridWelcomeTemplateId; @@ -2306,6 +2308,7 @@ public String getDomain() { public void setDomain(String domain) { this.domain = domain; + this.domainEnv = domain.toLowerCase().contains("dev") ? "DEV" : domain.toLowerCase().contains("qa") ? "QA" : "PROD"; } public String getSendgridTemplateId() { @@ -2468,7 +2471,7 @@ private void sendSlackNotification(String handle, String email, String message) ObjectMapper mapper = new ObjectMapper(); ObjectNode body = mapper.createObjectNode(); body.put("channel", diceAuth.getSlackChannelId()); - body.put("text", String.format("%s%s : %s", handle, email == null ? "" : String.format(" (%s)", email) , message)); + body.put("text", String.format("[%s] %s%s : %s", domainEnv, handle, email == null ? "" : String.format(" (%s)", email) , message)); try { new Request("https://slack.com/api/chat.postMessage", "POST") .header("Authorization", "Bearer " + diceAuth.getSlackKey()) From 7f5c82b26a0425a0a5602c9c826d15825993d828 Mon Sep 17 00:00:00 2001 From: eisbilir Date: Thu, 15 Dec 2022 12:21:18 +0300 Subject: [PATCH 6/6] fix handle --- .../tech/core/service/identity/resource/UserResource.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java index ec71ac4..8f25721 100644 --- a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java +++ b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java @@ -1653,6 +1653,7 @@ public ApiResponse updateUser2fa( } Boolean oldMfaStatus = user2faInDb.getMfaEnabled() == null ? false : user2faInDb.getMfaEnabled(); Boolean oldDiceStatus = user2faInDb.getDiceEnabled() == null ? false : user2faInDb.getDiceEnabled(); + String handle = user2faInDb.getHandle(); if (user2fa.getMfaEnabled() == null) { user2fa.setMfaEnabled(oldMfaStatus); } @@ -1670,7 +1671,7 @@ public ApiResponse updateUser2fa( user2faInDb = userDao.findUser2faById(user2faInDb.getId()); } if (!oldDiceStatus.equals(user2faInDb.getDiceEnabled())) { - sendSlackNotification(user2faInDb.getHandle(), null, user2faInDb.getDiceEnabled() ? "DICE enabled" : "DICE disabled"); + sendSlackNotification(handle, null, user2faInDb.getDiceEnabled() ? "DICE enabled :smile_cat:" : "DICE disabled :crying_cat_face:"); } return ApiResponseFactory.createResponse(user2faInDb); }