Merge branch 'tenant-improve' into 'tenant-improve'

Improve One Time Token Authenticator

See merge request entgra/carbon-device-mgt!603
revert-70ac1926
Dharmakeerthi Lasantha 5 years ago
commit 1cbb84345e

@ -182,15 +182,6 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent()); log.debug("Verify response:" + response.getContent());
} }
} else if (headers.containsKey(AuthConstants.ONE_TIME_TOKEN_HEADER)) {
String token = headers.get(AuthConstants.ONE_TIME_TOKEN_HEADER);
//TODO: validate token service. Since this is getting validated in the valve,
// this may not even be necessery
// if (log.isDebugEnabled()) {
// log.debug("One time time :" + token + ", status : " + );
// }
return true;
} else { } else {
log.warn("Unauthorized request for api: " + ctxPath); log.warn("Unauthorized request for api: " + ctxPath);
return false; return false;
@ -241,4 +232,4 @@ public class AuthenticationHandler extends AbstractHandler {
map.put(CONTENT_TYPE, "application/json"); map.put(CONTENT_TYPE, "application/json");
return map; return map;
} }
} }

@ -56,14 +56,12 @@ import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import javax.validation.constraints.Size;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam; import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.PUT; import javax.ws.rs.PUT;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;

@ -49,7 +49,7 @@
<param-name>nonSecuredEndPoints</param-name> <param-name>nonSecuredEndPoints</param-name>
<param-value> <param-value>
/api/device-mgt/v1.0/users/validate, /api/device-mgt/v1.0/users/validate,
/api/device-mgt/v1.0/users/one-time-pin, /api/device-mgt/v1.0/users/one-time-pin
</param-value> </param-value>
</context-param> </context-param>

@ -31,4 +31,6 @@ public interface OTPManagementService {
* @throws BadRequestException if found and incompatible payload to create OTP token. * @throws BadRequestException if found and incompatible payload to create OTP token.
*/ */
String createOTPToken (OTPMailWrapper otpMailWrapper) throws OTPManagementException, BadRequestException; String createOTPToken (OTPMailWrapper otpMailWrapper) throws OTPManagementException, BadRequestException;
boolean isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
} }

@ -29,4 +29,14 @@ public interface OTPManagementDAO {
* @throws OTPManagementDAOException if error occurred whule storing data * @throws OTPManagementDAOException if error occurred whule storing data
*/ */
int addOTPData(OTPMailDTO otpMailDTO) throws OTPManagementDAOException; int addOTPData(OTPMailDTO otpMailDTO) throws OTPManagementDAOException;
/**
* Get OTP data for requesting One Time Token
* @param oneTimeToken One Time Token
* @return {@link OTPMailDTO}
* @throws OTPManagementDAOException if error ocured while getting OTP data for requesting one time token
*/
OTPMailDTO getOTPDataByToken (String oneTimeToken) throws OTPManagementDAOException;
void ExpireOneTimeToken (String oneTimeToken);
} }

@ -82,4 +82,65 @@ public class GenericOTPManagementDAOImpl extends AbstractDAOImpl implements OTPM
throw new OTPManagementDAOException(msg, e); throw new OTPManagementDAOException(msg, e);
} }
} }
@Override
public OTPMailDTO getOTPDataByToken (String oneTimeToken) throws OTPManagementDAOException {
if (log.isDebugEnabled()) {
log.debug("Request received in DAO Layer to get an OTP data entry for OTP");
log.debug("OTP Details : OTP key : " + oneTimeToken );
}
String sql = "SELECT "
+ "ID, "
+ "OTP_TOKEN, "
+ "TENANT_DOMAIN,"
+ "EMAIL, "
+ "EMAIL_TYPE, "
+ "META_INFO, "
+ "CREATED_AT, "
+ "EXPIRY_TIME, "
+ "IS_EXPIRED, "
+ "TENANT_CREATED FROM DM_OTP_DATA "
+ "WHERE OTP_TOKEN = ?";
try {
Connection conn = this.getDBConnection();
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, oneTimeToken);
try (ResultSet rs = stmt.executeQuery()) {
if (rs.next()) {
OTPMailDTO otpMailDTO = new OTPMailDTO();
otpMailDTO.setId(rs.getInt("ID"));
otpMailDTO.setOtpToken(rs.getString("OTP_TOKEN"));
otpMailDTO.setTenantDomain(rs.getString("TENANT_DOMAIN"));
otpMailDTO.setEmail(rs.getString("EMAIL"));
otpMailDTO.setEmailType(rs.getString("EMAIL_TYPE"));
otpMailDTO.setMetaInfo(rs.getString("META_INFO"));
otpMailDTO.setCreatedAt(rs.getTimestamp("CREATED_AT"));
otpMailDTO.setExpiryTime(rs.getInt("EXPIRY_TIME"));
otpMailDTO.setExpired(rs.getBoolean("IS_EXPIRED"));
otpMailDTO.setTenantCreated(rs.getBoolean("TENANT_CREATED"));
return otpMailDTO;
}
return null;
}
}
} catch (DBConnectionException e) {
String msg = "Error occurred while obtaining the DB connection to get OPT data for given OTP. OTP: "
+ oneTimeToken;
log.error(msg, e);
throw new OTPManagementDAOException(msg, e);
} catch (SQLException e) {
String msg = "Error occurred while executing SQL to get OTP data for OTP. One time token: " + oneTimeToken;
log.error(msg, e);
throw new OTPManagementDAOException(msg, e);
}
}
@Override
public void ExpireOneTimeToken (String oneTimeToken) {
}
} }

@ -32,6 +32,9 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException; import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil; import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil;
import java.sql.Time;
import java.sql.Timestamp;
import java.util.Calendar;
import java.util.UUID; import java.util.UUID;
public class OTPManagementServiceImpl implements OTPManagementService { public class OTPManagementServiceImpl implements OTPManagementService {
@ -90,6 +93,58 @@ public class OTPManagementServiceImpl implements OTPManagementService {
String msg = "Error occurred while saving the OTP data. Email address: " + otpMailDTO.getEmail(); String msg = "Error occurred while saving the OTP data. Email address: " + otpMailDTO.getEmail();
log.error(msg, e); log.error(msg, e);
throw new OTPManagementException(msg, e); throw new OTPManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
}
}
@Override
public boolean isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
OTPMailDTO otpMailDTO = getOTPDataByToken(oneTimeToken);
if (otpMailDTO == null) {
String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
log.error(msg);
throw new BadRequestException(msg);
}
if (otpMailDTO.isExpired()) {
return false;
}
Calendar calendar = Calendar.getInstance();
Timestamp currentTimestamp = new Timestamp(calendar.getTime().getTime());
Timestamp expiredTimestamp = new Timestamp(
otpMailDTO.getCreatedAt().getTime() + otpMailDTO.getExpiryTime() * 1000);
if (currentTimestamp.after(expiredTimestamp)) {
//todo update the DB
return false;
}
return true;
}
/**
* Get OTPData from DB
* @param oneTimeToken One Time Token
* @return {@link OTPMailDTO}
* @throws OTPManagementException if error occurred while getting OTP data for given OTP in DB
*/
private OTPMailDTO getOTPDataByToken ( String oneTimeToken) throws OTPManagementException {
try {
ConnectionManagerUtil.openDBConnection();
return otpManagementDAO.getOTPDataByToken(oneTimeToken);
} catch (DBConnectionException e) {
String msg = "Error occurred while getting database connection to validate the given OTP.";
log.error(msg, e);
throw new OTPManagementException(msg, e);
} catch (OTPManagementDAOException e) {
String msg = "Error occurred while getting OTP data from DB. OTP: " + oneTimeToken;
log.error(msg, e);
throw new OTPManagementException(msg, e);
} finally {
ConnectionManagerUtil.closeDBConnection();
} }
} }

@ -89,7 +89,6 @@ import org.wso2.carbon.device.mgt.core.dto.DeviceType;
import org.wso2.carbon.device.mgt.core.dto.DeviceTypeVersion; import org.wso2.carbon.device.mgt.core.dto.DeviceTypeVersion;
import org.wso2.carbon.device.mgt.core.geo.GeoCluster; import org.wso2.carbon.device.mgt.core.geo.GeoCluster;
import org.wso2.carbon.device.mgt.core.geo.geoHash.GeoCoordinate; import org.wso2.carbon.device.mgt.core.geo.geoHash.GeoCoordinate;
import org.wso2.carbon.device.mgt.core.operation.mgt.CommandOperation;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.Date; import java.util.Date;

@ -20,21 +20,13 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Response; import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails; import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
import java.util.Properties; import java.util.Properties;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class OneTimeTokenAuthenticator implements WebappAuthenticator { public class OneTimeTokenAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(OneTimeTokenAuthenticator.class); private static final Log log = LogFactory.getLog(OneTimeTokenAuthenticator.class);
@ -51,6 +43,10 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) { public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {
OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
.getOtpManagementService();
String token = request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER); String token = request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER);
// DeviceMgtAPIUtils.getDeviceManagementService();//TODO: call token validate service in core // DeviceMgtAPIUtils.getDeviceManagementService();//TODO: call token validate service in core
OneTimeTokenDetails tokenDetails = new OneTimeTokenDetails();//TODO: use token details OneTimeTokenDetails tokenDetails = new OneTimeTokenDetails();//TODO: use token details

@ -20,7 +20,7 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@ -36,7 +36,7 @@ public class AuthenticatorFrameworkDataHolder {
private OAuth2TokenValidationService oAuth2TokenValidationService; private OAuth2TokenValidationService oAuth2TokenValidationService;
private TenantIndexingLoader tenantIndexingLoader; private TenantIndexingLoader tenantIndexingLoader;
private TenantRegistryLoader tenantRegistryLoader; private TenantRegistryLoader tenantRegistryLoader;
private DeviceManagementProviderService deviceManagementService; private OTPManagementService otpManagementService;
private static AuthenticatorFrameworkDataHolder private static AuthenticatorFrameworkDataHolder
thisInstance = new AuthenticatorFrameworkDataHolder(); thisInstance = new AuthenticatorFrameworkDataHolder();
@ -117,12 +117,9 @@ public class AuthenticatorFrameworkDataHolder {
return tenantRegistryLoader; return tenantRegistryLoader;
} }
public OTPManagementService getOtpManagementService() { return otpManagementService; }
public DeviceManagementProviderService getDeviceManagementService() { public void setOtpManagementService(OTPManagementService otpManagementService) {
return deviceManagementService; this.otpManagementService = otpManagementService;
}
public void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) {
this.deviceManagementService = deviceManagementService;
} }
} }

@ -25,6 +25,7 @@ import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
@ -81,13 +82,14 @@ import java.util.Properties;
* cardinality="1..1" policy="dynamic" * cardinality="1..1" policy="dynamic"
* bind="setTenantRegistryLoader" * bind="setTenantRegistryLoader"
* unbind="unsetTenantRegistryLoader" * unbind="unsetTenantRegistryLoader"
* @scr.reference name="org.wso2.carbon.device.manager" * @scr.reference name="org.wso2.carbon.otp.manager"
* interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService" * interface="org.wso2.carbon.device.mgt.common.spi.OTPManagementService"
* cardinality="1..1" * cardinality="1..1"
* policy="dynamic" * policy="dynamic"
* bind="setDeviceManagementService" * bind="setOTPManagementService"
* unbind="unsetDeviceManagementService" * unbind="unsetOTPManagementService"
*/ */
public class WebappAuthenticatorFrameworkServiceComponent { public class WebappAuthenticatorFrameworkServiceComponent {
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkServiceComponent.class); private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkServiceComponent.class);
@ -219,19 +221,17 @@ public class WebappAuthenticatorFrameworkServiceComponent {
AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null); AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null);
} }
@SuppressWarnings("unused") protected void setOTPManagementService(OTPManagementService otpManagementService) {
protected void setDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Setting ApplicationDTO Management OSGI Manager"); log.debug("Setting OTP Management OSGI Service");
} }
AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(deviceManagementProviderService); AuthenticatorFrameworkDataHolder.getInstance().setOtpManagementService(otpManagementService);
} }
@SuppressWarnings("unused") protected void unsetOTPManagementService(OTPManagementService otpManagementService) {
protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Removing ApplicationDTO Management OSGI Manager"); log.debug("Removing OTP Management OSGI Service");
} }
AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(null); AuthenticatorFrameworkDataHolder.getInstance().setOtpManagementService(null);
} }
} }

Loading…
Cancel
Save