Improve user verifying mail sending logic

merge-requests/713/head
tcdlpds@gmail.com 4 years ago
parent 7775c81926
commit e2a143cde0

@ -360,6 +360,10 @@
<groupId>org.wso2.carbon.multitenancy</groupId>
<artifactId>org.wso2.carbon.tenant.mgt</artifactId>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
</dependency>
</dependencies>
</project>

@ -20,6 +20,7 @@ import com.google.gson.Gson;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException;
import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
@ -41,6 +42,7 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil;
import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
import org.apache.commons.validator.routines.EmailValidator;
import org.wso2.carbon.user.api.Tenant;
import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties;
@ -102,13 +104,18 @@ public class OTPManagementServiceImpl implements OTPManagementService {
@Override
public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
if (StringUtils.isBlank(oneTimeToken)){
String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
log.error(msg);
throw new BadRequestException(msg);
}
OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken);
if (oneTimePinDTO == null) {
String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
log.error(msg);
throw new BadRequestException(msg);
}
if (oneTimePinDTO.isExpired()) {
log.warn("Token is expired. OTP: " + oneTimeToken);
return null;
@ -197,9 +204,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance()
.getDeviceManagementConfig();
KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations();
String superTenantUsername = kmConfig.getAdminUsername();
if (!otpWrapper.getUsername().equals(superTenantUsername)) {
if (StringUtils.isBlank(otpWrapper.getUsername())) {
String msg = "Received Blank username to create OTP. Username: " + otpWrapper.getUsername();
log.error(msg);
throw new BadRequestException(msg);
}
String[] superTenantDetails = otpWrapper.getUsername().split("@");
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(superTenantDetails[1]) || !superTenantDetails[0]
.equals(kmConfig.getAdminUsername())) {
String msg = "You don't have required permission to create OTP";
log.error(msg);
throw new UnAuthorizedException(msg);
@ -262,11 +277,21 @@ public class OTPManagementServiceImpl implements OTPManagementService {
log.error(msg);
throw new BadRequestException(msg);
}
EmailValidator validator = EmailValidator.getInstance();
if (!validator.isValid(otpWrapper.getEmail())) {
String msg = "Found invalid email. Hence please verify the email address and re-try. Email: " + otpWrapper
.getEmail();
log.error(msg);
throw new BadRequestException(msg);
}
if (StringUtils.isBlank(otpWrapper.getEmailType())) {
String msg = "Received empty or blank email type field with OTP creating payload.";
log.error(msg);
throw new BadRequestException(msg);
}
tenant.setDomain(otpWrapper.getEmail().split("@")[1]);
tenant.setEmail(otpWrapper.getEmail());
return tenant;
}

@ -1772,6 +1772,11 @@
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven.checkstyle.vesion}</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>${apache.validator.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
@ -2219,6 +2224,9 @@
<!--apache osgi mock version-->
<apache.osgi.mock.version>2.3.2</apache.osgi.mock.version>
<!--apache validator version-->
<apache.validator.version>1.7</apache.validator.version>
<!-- api-mgt handler version properties -->
<org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
<org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>
@ -2252,7 +2260,7 @@
<node.version>v12.18.1</node.version>
<maven.checkstyle.vesion>3.1.0</maven.checkstyle.vesion>
<!--websocket related lib versions-->
<tomcat.websocket.version>7.0.85</tomcat.websocket.version>
<javax.websocket.version>1.0</javax.websocket.version>

Loading…
Cancel
Save