Add OTP based remote session implementation

remotes/1717824210486943042/master
Pahansith Gunathilake 2 years ago
parent a5c2de290f
commit b18003a1cd

@ -18,5 +18,5 @@
package org.wso2.carbon.device.mgt.common.otp.mgt; package org.wso2.carbon.device.mgt.common.otp.mgt;
public enum OTPEmailTypes { public enum OTPEmailTypes {
USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION
} }

@ -18,21 +18,22 @@
package io.entgra.ui.request.interceptor; package io.entgra.ui.request.interceptor;
import com.google.gson.Gson; import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import io.entgra.ui.request.interceptor.beans.AuthData;
import io.entgra.ui.request.interceptor.util.HandlerConstants; import io.entgra.ui.request.interceptor.util.HandlerConstants;
import io.entgra.ui.request.interceptor.util.HandlerUtil; import io.entgra.ui.request.interceptor.util.HandlerUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpStatus; import org.apache.http.HttpStatus;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder; import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import io.entgra.ui.request.interceptor.beans.ProxyResponse; import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import javax.servlet.annotation.MultipartConfig; import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet; import javax.servlet.annotation.WebServlet;
@ -54,71 +55,28 @@ public class DefaultTokenHandler extends HttpServlet {
HttpSession httpSession = req.getSession(false); HttpSession httpSession = req.getSession(false);
if (httpSession != null) { if (httpSession != null) {
AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY); String userWithDomain = (String) httpSession.getAttribute(HandlerConstants.USERNAME_WITH_DOMAIN);
if (authData == null) { String[] userNameParts = userWithDomain.split("@");
HandlerUtil.sendUnAuthorizeResponse(resp);
return; OneTimePinDTO oneTimePinData = new OneTimePinDTO();
} oneTimePinData.setEmail(OTPEmailTypes.REMOTE_SESSION.toString());
oneTimePinData.setEmailType(OTPEmailTypes.REMOTE_SESSION.toString());
AuthData defaultAuthData = (AuthData) httpSession oneTimePinData.setUsername(userNameParts[0]);
.getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
if (defaultAuthData != null) { RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultAuthData.getAccessToken())); try {
return; oneTimePinData.setTenantId(realmService.getTenantManager().getTenantId(userNameParts[1]));
} } catch (UserStoreException e) {
throw new RuntimeException(e);
String clientId = authData.getClientId();
String clientSecret = authData.getClientSecret();
String queryString = req.getQueryString();
String scopeString = "";
if (StringUtils.isNotEmpty(queryString)) {
scopeString = req.getParameter("scopes");
if (scopeString != null) {
scopeString = "?scopes=" + scopeString;
}
}
String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
+ System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR)
+ HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
String tokenUrl = iotsCoreUrl + "/api/device-mgt/v1.0/devices/" + clientId
+ "/" + clientSecret + "/default-token" + scopeString;
HttpGet defaultTokenRequest = new HttpGet(tokenUrl);
defaultTokenRequest
.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken());
defaultTokenRequest
.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
ProxyResponse tokenResultResponse = HandlerUtil.execute(defaultTokenRequest);
if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
log.error("Error occurred while invoking the API to get default token data.");
HandlerUtil.handleError(resp, tokenResultResponse);
return;
}
String tokenResult = tokenResultResponse.getData();
if (tokenResult == null) {
log.error("Invalid default token response is received.");
HandlerUtil.handleError(resp, tokenResultResponse);
return;
} }
oneTimePinData.setExpiryTime(DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS);
JsonParser jsonParser = new JsonParser(); OTPManagementService otpManagementService = HandlerUtil.getOTPManagementService();
JsonElement jTokenResult = jsonParser.parse(tokenResult); try {
if (jTokenResult.isJsonObject()) { oneTimePinData = otpManagementService.generateOneTimePin(oneTimePinData, true);
JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject(); HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(oneTimePinData.getOtpToken()));
AuthData newDefaultAuthData = new AuthData(); } catch (OTPManagementException e) {
newDefaultAuthData.setClientId(clientId); log.error("Failed while generating remote session OTP for user " + userWithDomain, e);
newDefaultAuthData.setClientSecret(clientSecret); HandlerUtil.handleError(resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
String defaultToken = jTokenResultAsJsonObject.get("accessToken").getAsString();
newDefaultAuthData.setAccessToken(defaultToken);
newDefaultAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refreshToken").getAsString());
newDefaultAuthData.setScope(jTokenResultAsJsonObject.get("scopes").getAsString());
httpSession.setAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY, newDefaultAuthData);
HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultToken));
} }
} else { } else {
HandlerUtil.sendUnAuthorizeResponse(resp); HandlerUtil.sendUnAuthorizeResponse(resp);

@ -120,6 +120,7 @@ public class UserHandler extends HttpServlet {
proxyResponse.setData( proxyResponse.setData(
jTokenResultAsJsonObject.get("username").getAsString().replaceAll("@carbon.super", "")); jTokenResultAsJsonObject.get("username").getAsString().replaceAll("@carbon.super", ""));
HandlerUtil.handleSuccess(resp, proxyResponse); HandlerUtil.handleSuccess(resp, proxyResponse);
httpSession.setAttribute(HandlerConstants.USERNAME_WITH_DOMAIN, jTokenResultAsJsonObject.get("username").getAsString());
log.info("Customer login", userLogContextBuilder.setUserName(proxyResponse.getData()).setUserRegistered(true).build()); log.info("Customer login", userLogContextBuilder.setUserName(proxyResponse.getData()).setUserRegistered(true).build());
} }
} catch (IOException e) { } catch (IOException e) {

@ -106,4 +106,5 @@ public class HandlerConstants {
public static final String IOT_REPORTING_WEBAPP_HOST_ENV_VAR = "iot.reporting.webapp.host"; public static final String IOT_REPORTING_WEBAPP_HOST_ENV_VAR = "iot.reporting.webapp.host";
public static final String USER_SCOPES = "userScopes"; public static final String USER_SCOPES = "userScopes";
public static final String HUBSPOT_CHAT_URL = "api.hubapi.com"; public static final String HUBSPOT_CHAT_URL = "api.hubapi.com";
public static final String USERNAME_WITH_DOMAIN = "usernameWithDomain";
} }

@ -55,6 +55,8 @@ import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import io.entgra.ui.request.interceptor.beans.ProxyResponse; import io.entgra.ui.request.interceptor.beans.ProxyResponse;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -79,6 +81,8 @@ public class HandlerUtil {
private static boolean isLoginCacheInitialized = false; private static boolean isLoginCacheInitialized = false;
private static AuthData authData; private static AuthData authData;
private static OTPManagementService otpManagementService;
/*** /***
* *
* @param httpRequest - httpMethod e.g:- HttpPost, HttpGet * @param httpRequest - httpMethod e.g:- HttpPost, HttpGet
@ -751,4 +755,12 @@ public class HandlerUtil {
public static boolean isPropertyDefined(String property) { public static boolean isPropertyDefined(String property) {
return StringUtils.isEmpty(System.getProperty(property)); return StringUtils.isEmpty(System.getProperty(property));
} }
public static OTPManagementService getOTPManagementService() {
if (otpManagementService == null) {
otpManagementService = (OTPManagementService) PrivilegedCarbonContext
.getThreadLocalCarbonContext().getOSGiService(OTPManagementService.class, null);
}
return otpManagementService;
}
} }

Loading…
Cancel
Save