Release

.circleci/config.yml

@@ -146,7 +146,7 @@ workflows:
           context : org-global
           filters:
             branches:
-              only: [dev, 'feature/jira-plat-152', 'auth0-kt']
+              only: [dev, 'feature/jira-plat-152', 'update-keystore']
       # Production build is executed on "master" branch only.
       - "build-prod":
           context : org-global

build/build-image.sh

@@ -90,7 +90,7 @@ echo "[CHECK THIS IS CORRECT] application domain: ${APPDOMAIN}"
 
 echo "copying LDAP keystore file"
 #cp /mnt/ebs/deploy/topcoder/ap-identity/conf/$CONFIG/TC.prod.ldap.keystore $DOCKER_DIR/TC.prod.ldap.keystore
-aws s3 cp s3://appirio-platform-$CONFIG/application/tc-api-core/$CONFIG/TC.prod.ldap.keystore $DOCKER_DIR/TC.prod.ldap.keystore
+aws s3 cp s3://appirio-platform-$CONFIG/application/tc-api-core/$CONFIG/TC.prod.ldap.new.keystore $DOCKER_DIR/TC.prod.ldap.keystore
 
 echo "copying environment-specific resources"
 cat $WORK_DIR/config/sumo-template.conf | sed -e "s/@APINAME@/${SERVICE}/g" | sed -e "s/@CONFIG@/${CONFIG}/g" > $DOCKER_DIR/sumo.conf

buildtokenproperties.sh

@@ -19,6 +19,8 @@ DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL")
 DICEAUTH_DICE_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_KEY")
 DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID")
 DICEAUTH_OTP_DURATION=$(eval "echo \$${ENV}_DICEAUTH_OTP_DURATION")
+SLACK_BOT_KEY=$(eval "echo \$${ENV}_SLACK_BOT_KEY")
+SLACK_CHANNEL_ID=$(eval "echo \$${ENV}_SLACK_CHANNEL_ID")
 ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID")
 SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID")
 AUTH_SECRET=$(eval "echo \$${ENV}_AUTH_SECRET")
@@ -92,6 +94,8 @@ perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILE
 perl -pi -e "s|\{\{DICEAUTH_DICE_API_KEY\}\}|$DICEAUTH_DICE_API_KEY|g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_OTP_DURATION\}\}/$DICEAUTH_OTP_DURATION/g" $CONFFILENAME 
+perl -pi -e "s|\{\{SLACK_BOT_KEY\}\}|$SLACK_BOT_KEY|g" $CONFFILENAME 
+perl -pi -e "s|\{\{SLACK_CHANNEL_ID\}\}|$SLACK_CHANNEL_ID|g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME 
 perl -pi -e "s/\{\{SERVICEACC01_CID\}\}/$SERVICEACC01_CID/g" $CONFFILENAME 

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

@@ -128,6 +128,8 @@ public class UserResource implements GetResource<User>, DDLResource<User> {
 
     private String domain;
 
+    private String domainEnv;
+
     private String sendgridTemplateId;
 
     private String sendgridWelcomeTemplateId;
@@ -1337,6 +1339,7 @@ public ApiResponse updateStatus(
         if(MemberStatus.UNVERIFIED == MemberStatus.getByValue(oldStatus) &&
             MemberStatus.ACTIVE == MemberStatus.getByValue(user.getStatus())) {
             notifyWelcome(userInDB);
+            assignDefaultUserRole(userInDB);
         }
 
         return ApiResponseFactory.createResponse(userInDB);
@@ -1648,11 +1651,14 @@ public ApiResponse updateUser2fa(
                 throw new APIRuntimeException(SC_BAD_REQUEST, "You have multiple accounts registered with same email. Please contact with support.");
             }
         }
+        Boolean oldMfaStatus = user2faInDb.getMfaEnabled() == null ? false : user2faInDb.getMfaEnabled();
+        Boolean oldDiceStatus = user2faInDb.getDiceEnabled() == null ? false : user2faInDb.getDiceEnabled();
+        String handle = user2faInDb.getHandle();
         if (user2fa.getMfaEnabled() == null) {
-            user2fa.setMfaEnabled(user2faInDb.getMfaEnabled() == null ? false : user2faInDb.getMfaEnabled());
+            user2fa.setMfaEnabled(oldMfaStatus);
         }
         if (user2fa.getDiceEnabled() == null) {
-            user2fa.setDiceEnabled(user2faInDb.getDiceEnabled() == null ? false : user2faInDb.getDiceEnabled());
+            user2fa.setDiceEnabled(oldDiceStatus);
         }
         if (user2faInDb.getId() == null) {
             long newId = userDao.insertUser2fa(userId, user2fa.getMfaEnabled(), user2fa.getDiceEnabled(),
@@ -1664,6 +1670,9 @@ public ApiResponse updateUser2fa(
                     user2fa.getDiceEnabled(), Utils.toLongValue(authUser.getUserId()));
             user2faInDb = userDao.findUser2faById(user2faInDb.getId());
         }
+        if (!oldDiceStatus.equals(user2faInDb.getDiceEnabled())) {
+            sendSlackNotification(handle, null, user2faInDb.getDiceEnabled() ? "DICE enabled :smile_cat:" : "DICE disabled :crying_cat_face:");
+        }
         return ApiResponseFactory.createResponse(user2faInDb);
     }
 
@@ -1702,6 +1711,7 @@ public ApiResponse getDiceConnection(
                 diceConnection.setCreatedAt(diceAttributes.getDiceConnectionCreatedAt());
                 diceConnection.setConnection(diceAuth.getDiceApiUrl() + "/web/connection/inviteurl/"
                         + diceAttributes.getDiceConnection());
+                sendSlackNotification(diceAttributes.getHandle(), diceAttributes.getEmail(), "Reusing DICE connection");
                 return ApiResponseFactory.createResponse(diceConnection);
             }
         }
@@ -1730,6 +1740,7 @@ public ApiResponse getDiceConnection(
         diceConnection.setId(newId);
         diceConnection.setConnection(diceAuth.getDiceApiUrl() + "/web/connection/inviteurl/" + connectionId);
         diceConnection.setAccepted(false);
+        sendSlackNotification(diceAttributes.getHandle(), diceAttributes.getEmail(), "Created new DICE connection");
         return ApiResponseFactory.createResponse(diceConnection);
     }
 
@@ -1846,6 +1857,7 @@ public ApiResponse issueCredentials(
                             response.getMessage()));
         }
         userDao.updateDiceConnectionStatus(user.getDiceConnectionId(), true);
+        sendSlackNotification(user.getHandle(), user.getEmail(), "DICE connection accepted");
         return ApiResponseFactory.createResponse("SUCCESS");
     }
 
@@ -2297,6 +2309,7 @@ public String getDomain() {
 
     public void setDomain(String domain) {
         this.domain = domain;
+        this.domainEnv = domain.toLowerCase().contains("dev") ? "DEV" : domain.toLowerCase().contains("qa") ? "QA" : "PROD";
     }
 
     public String getSendgridTemplateId() {
@@ -2454,6 +2467,21 @@ private void sendWelcomeEmailEvent(User user) {
             logger.error("Error occured while publishing the events to new kafka.");
         }
     }
+
+    private void sendSlackNotification(String handle, String email, String message) {
+        ObjectMapper mapper = new ObjectMapper();
+        ObjectNode body = mapper.createObjectNode();
+        body.put("channel", diceAuth.getSlackChannelId());
+        body.put("text", String.format("[%s] %s%s : %s", domainEnv, handle, email == null ? "" : String.format(" (%s)", email) , message));
+        try {
+            new Request("https://slack.com/api/chat.postMessage", "POST")
+                    .header("Authorization", "Bearer " + diceAuth.getSlackKey())
+                    .json(mapper.writeValueAsString(body))
+                    .execute();
+        } catch (Exception e) {
+            logger.error("Error when calling slack bot", e);
+        }
+    }
 
     protected NotificationPayload createActivationNotificationPayload(User user, String redirectUrl) {
     	//If for Connect registration, send activation email with activation code only.

src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java

@@ -16,16 +16,25 @@ public class DICEAuth {
     @NotNull
     private Integer otpDuration;
 
+    @NotNull
+    private String slackKey;
+
+    @NotNull
+    private String slackChannelId;
+
     private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview";
 
     public DICEAuth() {
     }
 
-    public DICEAuth(String diceApiUrl, String diceApiKey, String credDefId, Integer otpDuration) {
+    public DICEAuth(String diceApiUrl, String diceApiKey, String credDefId, Integer otpDuration, String slackKey,
+            String slackChannelId) {
         this.diceApiUrl = diceApiUrl;
         this.diceApiKey = diceApiKey;
         this.credDefId = credDefId;
         this.otpDuration = otpDuration;
+        this.slackKey = slackKey;
+        this.slackChannelId = slackChannelId;
     }
 
     public String getDiceApiUrl() {
@@ -67,4 +76,20 @@ public String getCredPreview() {
     public void setCredPreview(String credPreview) {
         this.credPreview = credPreview;
     }
+
+    public String getSlackKey() {
+        return slackKey;
+    }
+
+    public void setSlackKey(String slackKey) {
+        this.slackKey = slackKey;
+    }
+
+    public String getSlackChannelId() {
+        return slackChannelId;
+    }
+
+    public void setSlackChannelId(String slackChannelId) {
+        this.slackChannelId = slackChannelId;
+    }
 }

src/main/resources/config.yml

@@ -98,6 +98,8 @@ diceAuth:
   diceApiKey: @diceAuth.diceApiKey@
   credDefId: @diceAuth.credDefId@
   otpDuration: @diceAuth.otpDuration@
+  slackKey: @diceAuth.slackKey@
+  slackChannelId: @diceAuth.slackChannelId@
 
 # Authorized accounts
 serviceAccount:

token.properties.template

@@ -55,6 +55,8 @@
 @diceAuth.diceApiKey@={{DICEAUTH_DICE_API_KEY}}
 @diceAuth.credDefId@={{DICEAUTH_CREDDEFID}}
 @diceAuth.otpDuration@={{DICEAUTH_OTP_DURATION}}
+@diceAuth.slackKey@={{SLACK_BOT_KEY}}
+@diceAuth.slackChannelId@={{SLACK_CHANNEL_ID}}
 
 @zendesk.secret@={{ZENDESK_KEY}}
 @zendesk.idprefix@={{ZENDESK_ID}}