Improve user verifying mail sending logic

merge-requests/713/head
tcdlpds@gmail.com 4 years ago
parent 7775c81926
commit e2a143cde0

@ -360,6 +360,10 @@
<groupId>org.wso2.carbon.multitenancy</groupId> <groupId>org.wso2.carbon.multitenancy</groupId>
<artifactId>org.wso2.carbon.tenant.mgt</artifactId> <artifactId>org.wso2.carbon.tenant.mgt</artifactId>
</dependency> </dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -20,6 +20,7 @@ import com.google.gson.Gson;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException; import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException; import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException;
import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException; import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
@ -41,6 +42,7 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory;
import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException; import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil; import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil;
import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo; import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
import org.apache.commons.validator.routines.EmailValidator;
import org.wso2.carbon.user.api.Tenant; import org.wso2.carbon.user.api.Tenant;
import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties; import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties;
@ -102,13 +104,18 @@ public class OTPManagementServiceImpl implements OTPManagementService {
@Override @Override
public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException { public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
if (StringUtils.isBlank(oneTimeToken)){
String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
log.error(msg);
throw new BadRequestException(msg);
}
OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken); OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken);
if (oneTimePinDTO == null) { if (oneTimePinDTO == null) {
String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system."; String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
if (oneTimePinDTO.isExpired()) { if (oneTimePinDTO.isExpired()) {
log.warn("Token is expired. OTP: " + oneTimeToken); log.warn("Token is expired. OTP: " + oneTimeToken);
return null; return null;
@ -197,9 +204,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance() DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance()
.getDeviceManagementConfig(); .getDeviceManagementConfig();
KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations(); KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations();
String superTenantUsername = kmConfig.getAdminUsername();
if (!otpWrapper.getUsername().equals(superTenantUsername)) { if (StringUtils.isBlank(otpWrapper.getUsername())) {
String msg = "Received Blank username to create OTP. Username: " + otpWrapper.getUsername();
log.error(msg);
throw new BadRequestException(msg);
}
String[] superTenantDetails = otpWrapper.getUsername().split("@");
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(superTenantDetails[1]) || !superTenantDetails[0]
.equals(kmConfig.getAdminUsername())) {
String msg = "You don't have required permission to create OTP"; String msg = "You don't have required permission to create OTP";
log.error(msg); log.error(msg);
throw new UnAuthorizedException(msg); throw new UnAuthorizedException(msg);
@ -262,11 +277,21 @@ public class OTPManagementServiceImpl implements OTPManagementService {
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
EmailValidator validator = EmailValidator.getInstance();
if (!validator.isValid(otpWrapper.getEmail())) {
String msg = "Found invalid email. Hence please verify the email address and re-try. Email: " + otpWrapper
.getEmail();
log.error(msg);
throw new BadRequestException(msg);
}
if (StringUtils.isBlank(otpWrapper.getEmailType())) { if (StringUtils.isBlank(otpWrapper.getEmailType())) {
String msg = "Received empty or blank email type field with OTP creating payload."; String msg = "Received empty or blank email type field with OTP creating payload.";
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
tenant.setDomain(otpWrapper.getEmail().split("@")[1]);
tenant.setEmail(otpWrapper.getEmail()); tenant.setEmail(otpWrapper.getEmail());
return tenant; return tenant;
} }

@ -1772,6 +1772,11 @@
<artifactId>maven-checkstyle-plugin</artifactId> <artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven.checkstyle.vesion}</version> <version>${maven.checkstyle.vesion}</version>
</dependency> </dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>${apache.validator.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
@ -2219,6 +2224,9 @@
<!--apache osgi mock version--> <!--apache osgi mock version-->
<apache.osgi.mock.version>2.3.2</apache.osgi.mock.version> <apache.osgi.mock.version>2.3.2</apache.osgi.mock.version>
<!--apache validator version-->
<apache.validator.version>1.7</apache.validator.version>
<!-- api-mgt handler version properties --> <!-- api-mgt handler version properties -->
<org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version> <org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
<org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version> <org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>
@ -2252,7 +2260,7 @@
<node.version>v12.18.1</node.version> <node.version>v12.18.1</node.version>
<maven.checkstyle.vesion>3.1.0</maven.checkstyle.vesion> <maven.checkstyle.vesion>3.1.0</maven.checkstyle.vesion>
<!--websocket related lib versions--> <!--websocket related lib versions-->
<tomcat.websocket.version>7.0.85</tomcat.websocket.version> <tomcat.websocket.version>7.0.85</tomcat.websocket.version>
<javax.websocket.version>1.0</javax.websocket.version> <javax.websocket.version>1.0</javax.websocket.version>

Loading…
Cancel
Save