Merge branch 'validate-token-user' into 'master'

Validate User API

See merge request entgra/carbon-device-mgt!44

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/beans/Credential.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.device.mgt.jaxrs.beans;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.http.HttpStatus;
+import org.apache.http.util.TextUtils;
+import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
+
+public class Credential {
+
+    private static final Log log = LogFactory.getLog(Credential.class);
+
+    private String username;
+    private String password;
+    private String tenantDomain;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getTenantDomain() {
+        return tenantDomain;
+    }
+
+    public void setTenantDomain(String tenantDomain) {
+        this.tenantDomain = tenantDomain;
+    }
+
+    public void validateRequest() {
+        if (TextUtils.isEmpty(getUsername())) {
+            String msg = "Error occurred while validating the user. Username is not found to validate the user";
+            log.error(msg);
+            throw new BadRequestException(
+                    new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
+                            .build());
+        }
+        if (TextUtils.isEmpty(getPassword())) {
+            String msg = "Error occurred while validating the user. Password is not found to validate the user";
+            log.error(msg);
+            throw new BadRequestException(
+                    new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
+                            .build());
+        }
+    }
+}

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java

@@ -15,6 +15,22 @@
  *   specific language governing permissions and limitations
  *   under the License.
  *
+ *
+ *   Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ *   Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied. See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
  */
 package org.wso2.carbon.device.mgt.jaxrs.service.api;
 
@@ -24,8 +40,6 @@ import io.swagger.annotations.ExtensionProperty;
 import io.swagger.annotations.Extension;
 import io.swagger.annotations.Tag;
 import io.swagger.annotations.Api;
-import io.swagger.annotations.AuthorizationScope;
-import io.swagger.annotations.Authorization;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
@@ -36,6 +50,7 @@ import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList;
+import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
 import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
@@ -905,4 +920,8 @@ public interface UserManagementService {
                     value = "List of email address of recipients",
                     required = true)
             @Valid EnrollmentInvitation enrollmentInvitation);
+
+    @POST
+    @Path("/validate")
+    Response validateUser(Credential credential);
 }

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java

@@ -15,12 +15,29 @@
  *   specific language governing permissions and limitations
  *   under the License.
  *
+ *   Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ *   Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied. See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
  */
 package org.wso2.carbon.device.mgt.jaxrs.service.impl;
 
+import com.google.gson.JsonObject;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.http.HttpStatus;
 import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
@@ -31,11 +48,13 @@ import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo;
 import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoWrapper;
+import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
 import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
 import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
 import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
 import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
+import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
 import org.wso2.carbon.device.mgt.jaxrs.service.api.UserManagementService;
 import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
 import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
@@ -45,9 +64,12 @@ import org.wso2.carbon.identity.user.store.count.UserStoreCountRetriever;
 import org.wso2.carbon.identity.user.store.count.exception.UserStoreCounterException;
 import org.wso2.carbon.user.api.Permission;
 import org.wso2.carbon.user.api.RealmConfiguration;
+import org.wso2.carbon.user.api.UserRealm;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.utils.CarbonUtils;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -738,6 +760,44 @@ public class UserManagementServiceImpl implements UserManagementService {
         return Response.status(Response.Status.OK).entity("Invitation mails have been sent.").build();
     }
 
+    @POST
+    @Path("/validate")
+    @Override
+    public Response validateUser(Credential credential) {
+        try {
+            credential.validateRequest();
+            RealmService realmService = DeviceMgtAPIUtils.getRealmService();
+            String tenant = credential.getTenantDomain();
+            int tenantId;
+            if (tenant == null || tenant.trim().isEmpty()) {
+                tenantId = MultitenantConstants.SUPER_TENANT_ID;
+            } else {
+                tenantId = realmService.getTenantManager().getTenantId(tenant);
+            }
+            if (tenantId == MultitenantConstants.INVALID_TENANT_ID) {
+                String msg = "Error occurred while validating the user. Invalid tenant domain " + tenant;
+                log.error(msg);
+                throw new BadRequestException(
+                        new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
+                                .build());
+            }
+            UserRealm userRealm = realmService.getTenantUserRealm(tenantId);
+            JsonObject result = new JsonObject();
+            if (userRealm.getUserStoreManager().authenticate(credential.getUsername(), credential.getPassword())) {
+                result.addProperty("valid", true);
+                return Response.status(Response.Status.OK).entity(result).build();
+            } else {
+                result.addProperty("valid", false);
+                return Response.status(Response.Status.OK).entity(result).build();
+            }
+        } catch (UserStoreException e) {
+            String msg = "Error occurred while retrieving user store to validate user";
+            log.error(msg, e);
+            return Response.serverError().entity(
+                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
+        }
+    }
+
     private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
         Map<String, String> defaultUserClaims = new HashMap<>();
         defaultUserClaims.put(Constants.USER_CLAIM_FIRST_NAME, firstName);

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -45,6 +45,13 @@
         <param-value>true</param-value>
     </context-param>
 
+    <context-param>
+        <param-name>nonSecuredEndPoints</param-name>
+        <param-value>
+            /api/device-mgt/v1.0/users/validate
+        </param-value>
+    </context-param>
+
     <!--publish to apim-->
     <context-param>
         <param-name>managed-api-enabled</param-name>

features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/apis/admin--OAuth2TokenManagement.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--OAuth2TokenManagement" context="/oauth2" version="1.0.0" version-type="context">
+    <resource methods="POST" uri-template="/introspect" faultSequence="fault">
+        <inSequence>
+            <property name="uri.var.portnum" expression="get-property('system','iot.core.https.port')"/>
+            <property name="uri.var.hostname" expression="get-property('system','iot.core.host')"/>
+            <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
+            <property name="AM_KEY_TYPE" value="PRODUCTION" scope="default"/>
+            <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
+                <then>
+                    <send>
+                        <endpoint name="admin--OAuth2TokenManagement_APIproductionEndpoint_0">
+                            <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2"/>
+                            <property name="ENDPOINT_ADDRESS" value="https://{uri.var.hostname}:{uri.var.portnum}/oauth2"/>
+                        </endpoint>
+                    </send>
+                </then>
+                <else>
+                    <sequence key="_sandbox_key_error_"/>
+                </else>
+            </filter>
+        </inSequence>
+        <outSequence>
+            <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
+            <send/>
+        </outSequence>
+    </resource>
+</api>

features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/apis/admin--UserValidateManagement.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--UserValidateManagement" context="/api/device-mgt/v1.0/users/validate" version="1.0.0" version-type="context">
+    <resource methods="POST" uri-template="/" faultSequence="fault">
+        <inSequence>
+            <property name="uri.var.portnum" expression="get-property('system','iot.core.https.port')"/>
+            <property name="uri.var.hostname" expression="get-property('system','iot.core.host')"/>
+            <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
+            <property name="AM_KEY_TYPE" value="PRODUCTION" scope="default"/>
+            <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
+                <then>
+                    <send>
+                        <endpoint name="admin--UserManagementValidateUser_APIproductionEndpoint_0">
+                            <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/api/device-mgt/v1.0/users/validate"/>
+                            <property name="ENDPOINT_ADDRESS" value="https://{uri.var.hostname}:{uri.var.portnum}/api/device-mgt/v1.0/users/validate"/>
+                        </endpoint>
+                    </send>
+                </then>
+                <else>
+                    <sequence key="_sandbox_key_error_"/>
+                </else>
+            </filter>
+        </inSequence>
+        <outSequence>
+            <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
+            <send/>
+        </outSequence>
+    </resource>
+</api>

features/device-mgt/org.wso2.carbon.device.mgt.basics.feature/src/main/resources/p2.inf

@@ -5,4 +5,6 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/dbscripts/cdm,target:${installFolder}/../../../dbscripts/cdm,overwrite:true);\
 org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/rxts/license.rxt,target:${installFolder}/../../../repository/resources/rxts/license.rxt,overwrite:true);\
 org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../../repository/resources/email-templates);\
-org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/email/templates,target:${installFolder}/../../../repository/resources/email-templates,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/email/templates,target:${installFolder}/../../../repository/resources/email-templates,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/apis/admin--OAuth2TokenManagement.xml,target:${installFolder}/../../deployment/server/synapse-configs/default/api/admin--OAuth2TokenManagement.xml,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/apis/admin--UserManagementValidateUser.xml,target:${installFolder}/../../deployment/server/synapse-configs/default/api/admin--UserManagementValidateUser.xml,overwrite:true);\