Improve user verifying mail sending logic

4 years ago · e2a143cde0
parent 7775c81926
commit e2a143cde0
3 changed files with 41 additions and 4 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
@ -360,6 +360,10 @@
            <groupId>org.wso2.carbon.multitenancy</groupId>
            <artifactId>org.wso2.carbon.tenant.mgt</artifactId>
        </dependency>
+        <dependency>
+            <groupId>commons-validator</groupId>
+            <artifactId>commons-validator</artifactId>
+        </dependency>
    </dependencies>

 </project>
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
@ -20,6 +20,7 @@ import com.google.gson.Gson;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
 import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException;
 import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
@ -41,6 +42,7 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory;
 import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
 import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil;
 import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
+import org.apache.commons.validator.routines.EmailValidator;
 import org.wso2.carbon.user.api.Tenant;

 import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties;
@ -102,13 +104,18 @@ public class OTPManagementServiceImpl implements OTPManagementService {

    @Override
    public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
+        if (StringUtils.isBlank(oneTimeToken)){
+            String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
        OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken);
        if (oneTimePinDTO == null) {
            String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
            log.error(msg);
            throw new BadRequestException(msg);
        }
-
        if (oneTimePinDTO.isExpired()) {
            log.warn("Token is expired. OTP: " + oneTimeToken);
            return null;
@ -197,9 +204,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
        DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance()
                .getDeviceManagementConfig();
        KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations();
-        String superTenantUsername = kmConfig.getAdminUsername();

-        if (!otpWrapper.getUsername().equals(superTenantUsername)) {
+        if (StringUtils.isBlank(otpWrapper.getUsername())) {
+            String msg = "Received Blank username to create OTP. Username: " + otpWrapper.getUsername();
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
+        String[] superTenantDetails = otpWrapper.getUsername().split("@");
+
+        if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(superTenantDetails[1]) || !superTenantDetails[0]
+                .equals(kmConfig.getAdminUsername())) {
            String msg = "You don't have required permission to create OTP";
            log.error(msg);
            throw new UnAuthorizedException(msg);
@ -262,11 +277,21 @@ public class OTPManagementServiceImpl implements OTPManagementService {
            log.error(msg);
            throw new BadRequestException(msg);
        }
+
+        EmailValidator validator = EmailValidator.getInstance();
+        if (!validator.isValid(otpWrapper.getEmail())) {
+            String msg = "Found invalid email. Hence please verify the email address and re-try. Email: " + otpWrapper
+                    .getEmail();
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
        if (StringUtils.isBlank(otpWrapper.getEmailType())) {
            String msg = "Received empty or blank email type field with OTP creating payload.";
            log.error(msg);
            throw new BadRequestException(msg);
        }
+        tenant.setDomain(otpWrapper.getEmail().split("@")[1]);
        tenant.setEmail(otpWrapper.getEmail());
        return tenant;
    }
--- a/pom.xml
+++ b/pom.xml
@ -1772,6 +1772,11 @@
                <artifactId>maven-checkstyle-plugin</artifactId>
                <version>${maven.checkstyle.vesion}</version>
            </dependency>
+            <dependency>
+                <groupId>commons-validator</groupId>
+                <artifactId>commons-validator</artifactId>
+                <version>${apache.validator.version}</version>
+            </dependency>
        </dependencies>
    </dependencyManagement>

@ -2219,6 +2224,9 @@
        <!--apache osgi mock version-->
        <apache.osgi.mock.version>2.3.2</apache.osgi.mock.version>

+        <!--apache validator version-->
+        <apache.validator.version>1.7</apache.validator.version>
+
        <!-- api-mgt handler version properties -->
        <org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
        <org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>