Merge branch 'tenant-improve' into 'tenant-improve'

Improve OTP creating functionality

See merge request entgra/carbon-device-mgt!608
revert-70ac1926
Dharmakeerthi Lasantha 4 years ago
commit 446962737c

@ -24,7 +24,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import io.entgra.carbon.device.mgt.config.jaxrs.beans.ErrorResponse; import io.entgra.carbon.device.mgt.config.jaxrs.beans.ErrorResponse;
import io.entgra.carbon.device.mgt.config.jaxrs.service.DeviceManagementConfigService; import io.entgra.carbon.device.mgt.config.jaxrs.service.DeviceManagementConfigService;
import io.entgra.carbon.device.mgt.config.jaxrs.util.DeviceMgtAPIUtils; import io.entgra.carbon.device.mgt.config.jaxrs.util.DeviceMgtAPIUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.base.MultitenantConstants;
@ -36,7 +35,6 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfiguratio
import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration; import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException; import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
import org.wso2.carbon.device.mgt.common.general.TenantDetail; import org.wso2.carbon.device.mgt.common.general.TenantDetail;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
@ -50,8 +48,6 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil; import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo; import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
import org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService;
import org.wso2.carbon.user.api.Tenant; import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -68,9 +64,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -277,87 +270,6 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
return tenantDetail; return tenantDetail;
} }
/**
* This API will add a tenant to the system and can be called by the super tenant only.
* @return Returns the
*/
@Path("/tenant")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response addTenant(@HeaderParam("one-time-token") String token) {
TenantMgtAdminService tenantMgtAdminService = null;
OneTimeTokenDetails tenantWrapper = null;
// Request validation
String errorMsg = null;
Response.Status errorStatus = Response.Status.BAD_REQUEST;
if (StringUtils.isEmpty(token)) {
errorMsg = "Authentication failure when creating tenant";
} else {
tenantWrapper = new OneTimeTokenDetails(); //TODO: Call one time token validation API
if (tenantWrapper == null) {
errorMsg = "One time token is not present in the database";
} else {
try {
tenantMgtAdminService = new TenantMgtAdminService();
if (tenantMgtAdminService == null) {
errorMsg = "Request can only be made by super admin";
errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
} else {
TenantInfoBean[] tenant = tenantMgtAdminService.retrievePartialSearchTenants(tenantWrapper.getDomain());
if (!PrivilegedCarbonContext.getThreadLocalCarbonContext()
.getTenantDomain().equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
errorMsg = "Request can only be made by super admin";
} else if (tenant != null && tenant.length > 0) {
for (TenantInfoBean tenantInfoBean : tenant) {
if (tenantInfoBean.getTenantDomain().equals(tenantWrapper.getDomain())) {
errorMsg = "Tenant domain is already in use";
break;
}
}
}
}
} catch (Exception e) { // Carbon multi-tenancy is throwing generic exceptions.
errorMsg = "Could not create tenant domain " + tenantWrapper.getDomain();
errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
}
}
}
if (errorMsg != null) {
log.error(errorMsg);
return Response.status(errorStatus).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()
).build();
}
try {
TenantInfoBean tenantInfoBean = new TenantInfoBean();
tenantInfoBean.setActive(true);
tenantInfoBean.setAdminPassword(tenantWrapper.getPassword());
tenantInfoBean.setAdmin(tenantWrapper.getAdminName());
tenantInfoBean.setFirstname(tenantWrapper.getAdminFirstName());
tenantInfoBean.setLastname(tenantWrapper.getAdminLastName());
tenantInfoBean.setEmail(tenantWrapper.getEmail());
Calendar calendar = new GregorianCalendar();
calendar.setTime(new Date());
tenantInfoBean.setCreatedDate(calendar);
tenantInfoBean.setTenantDomain(tenantWrapper.getDomain());
String response = tenantMgtAdminService.addTenant(tenantInfoBean);
return Response.status(Response.Status.OK).entity(response).build();
} catch (Exception e) { // The underlying API is throwing a generic exception.
String msg = "Error while adding tenant";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
@POST @POST
@Path("/permissions") @Path("/permissions")
@Produces({MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_JSON})

@ -1221,50 +1221,4 @@ public interface UserManagementService {
response = ErrorResponse.class) response = ErrorResponse.class)
}) })
Response getPermissionsOfUser(); Response getPermissionsOfUser();
@POST
@Path("/one-time-pin")
@ApiOperation(
produces = MediaType.APPLICATION_JSON,
httpMethod = "GET",
value = "Getting the permission details of the current user",
notes = "A user may granted more than one permission in IoTS. Using this REST API "
+ "you can get the permission/permission the current user has granted. ",
tags = "User Management",
extensions = {
@Extension(properties = {
@ExtensionProperty(name = Constants.SCOPE, value = "perm:user:permission-view")
})
}
)
@ApiResponses(value = {
@ApiResponse(
code = 200,
message = "OK. \n Successfully fetched the list of permissions the user "
+ "has granted.",
response = PermissionList.class,
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body"),
@ResponseHeader(
name = "ETag",
description = "Entity Tag of the response resource.\n" +
"Used by caches, or in conditional requests."),
@ResponseHeader(
name = "Last-Modified",
description = "Date and time the resource was last modified.\n" +
"Used by caches, or in conditional requests."),
}),
@ApiResponse(
code = 404,
message = "Not Found. \n The specified resource does not exist.\n",
response = ErrorResponse.class),
@ApiResponse(
code = 500,
message = "Internal Server Error. \n Server error occurred while fetching the "
+ "list of roles assigned to the specified user.",
response = ErrorResponse.class)
})
Response sendEmailVerifyingMail(OTPMailWrapper otpMailWrapper);
} }

@ -1118,53 +1118,6 @@ public class UserManagementServiceImpl implements UserManagementService {
} }
} }
/**
* Method used to send an invitation email to a existing user to enroll a device.
*
* @param otpMailWrapper Username list of the users to be invited
*/
@POST
@Path("/one-time-pin")
@Produces({MediaType.APPLICATION_JSON})
public Response sendEmailVerifyingMail(OTPMailWrapper otpMailWrapper) {
if (log.isDebugEnabled()) {
log.debug("Sending enrollment invitation mail to existing user.");
}
DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
OTPManagementService oms = DeviceMgtAPIUtils.getOTPManagementService();
try {
String otpToken = oms.createOTPToken(otpMailWrapper);
Properties props = new Properties();
props.setProperty("first-name", otpMailWrapper.getFirstName());
props.setProperty("otp-token", otpToken);
EmailMetaInfo metaInfo = new EmailMetaInfo(otpMailWrapper.getEmail(), props);
dms.sendEnrolmentInvitation(DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE,
metaInfo);
} catch (DeviceManagementException e) {
String msg = "Error occurred while inviting user to enrol their device";
if (e.getMessage() != null && !e.getMessage().isEmpty()) {
msg = e.getMessage();
}
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (ConfigurationManagementException e) {
String msg = "Error occurred while sending the email invitations. Mail server not configured.";
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
} catch (OTPManagementException e) {
String msg = "Error occurred while generating and storing the OTP data";
log.error(msg, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
} catch (org.wso2.carbon.device.mgt.common.exceptions.BadRequestException e) {
String msg = "Bad Request : Found invalid request payload to create OTP toke.";
log.error(msg, e);
return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
}
return Response.status(Response.Status.OK).entity("Invitation mails have been sent.").build();
}
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress, private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress,
boolean isFresh) { boolean isFresh) {
Map<String, String> defaultUserClaims = new HashMap<>(); Map<String, String> defaultUserClaims = new HashMap<>();

@ -142,7 +142,6 @@ public class DeviceMgtAPIUtils {
private static IntegrationClientService integrationClientService; private static IntegrationClientService integrationClientService;
private static MetadataManagementService metadataManagementService; private static MetadataManagementService metadataManagementService;
private static volatile OTPManagementService otpManagementService;
static { static {
String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
@ -461,29 +460,6 @@ public class DeviceMgtAPIUtils {
return metadataManagementService; return metadataManagementService;
} }
/**
* Initializing and accessing method for OTPManagementService.
*
* @return OTPManagementService instance
* @throws IllegalStateException if OTPManagementService cannot be initialized
*/
public static OTPManagementService getOTPManagementService() {
if (otpManagementService == null) {
synchronized (DeviceMgtAPIUtils.class) {
if (otpManagementService == null) {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null);
if (otpManagementService == null) {
String msg = "OTP Management service not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
}
}
}
return otpManagementService;
}
/** /**
* Method for initializing ReportManagementService * Method for initializing ReportManagementService
* @return ReportManagementServie Instance * @return ReportManagementServie Instance

@ -48,8 +48,7 @@
<context-param> <context-param>
<param-name>nonSecuredEndPoints</param-name> <param-name>nonSecuredEndPoints</param-name>
<param-value> <param-value>
/api/device-mgt/v1.0/users/validate, /api/device-mgt/v1.0/users/validate
/api/device-mgt/v1.0/users/one-time-pin
</param-value> </param-value>
</context-param> </context-param>

@ -93,7 +93,7 @@
org.apache.axis2.transport.http, org.apache.axis2.transport.http,
org.wso2.carbon.certificate.mgt.core.*, org.wso2.carbon.certificate.mgt.core.*,
org.wso2.carbon.device.mgt.core.permission.mgt, org.wso2.carbon.device.mgt.core.permission.mgt,
org.wso2.carbon.device.mgt.common, org.wso2.carbon.device.mgt.common.*,
org.wso2.carbon.device.mgt.common.permission.mgt, org.wso2.carbon.device.mgt.common.permission.mgt,
org.apache.axis2, org.apache.axis2,
org.apache.axis2.client, org.apache.axis2.client,

@ -42,11 +42,11 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) { public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {
OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
.getOtpManagementService();
AuthenticationInfo authenticationInfo = new AuthenticationInfo(); AuthenticationInfo authenticationInfo = new AuthenticationInfo();
try { try {
OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
.getOtpManagementService();
if (otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER))) { if (otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER))) {
authenticationInfo.setStatus(Status.CONTINUE); authenticationInfo.setStatus(Status.CONTINUE);
authenticationInfo.setTenantId(-1); authenticationInfo.setTenantId(-1);
@ -55,8 +55,10 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
authenticationInfo.setMessage("Invalid OTP token."); authenticationInfo.setMessage("Invalid OTP token.");
} }
} catch (Exception e) { } catch (Exception e) {
String msg = "OTP Token Validation Failed.";
log.error(msg, e);
authenticationInfo.setStatus(Status.FAILURE); authenticationInfo.setStatus(Status.FAILURE);
authenticationInfo.setMessage("CToken Validation Failed."); authenticationInfo.setMessage(msg);
} }
return authenticationInfo; return authenticationInfo;
} }

@ -26,7 +26,6 @@ import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager; import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.common.spi.OTPManagementService; import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService; import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader; import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@ -82,7 +81,7 @@ import java.util.Properties;
* cardinality="1..1" policy="dynamic" * cardinality="1..1" policy="dynamic"
* bind="setTenantRegistryLoader" * bind="setTenantRegistryLoader"
* unbind="unsetTenantRegistryLoader" * unbind="unsetTenantRegistryLoader"
* @scr.reference name="org.wso2.carbon.otp.manager" * @scr.reference name="org.wso2.carbon.device.manager"
* interface="org.wso2.carbon.device.mgt.common.spi.OTPManagementService" * interface="org.wso2.carbon.device.mgt.common.spi.OTPManagementService"
* cardinality="1..1" * cardinality="1..1"
* policy="dynamic" * policy="dynamic"

@ -24,5 +24,9 @@
<Name>CertificateAuth</Name> <Name>CertificateAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName> <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
</Authenticator> </Authenticator>
<Authenticator>
<Name>OTPAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OneTimeTokenAuthenticator</ClassName>
</Authenticator>
</Authenticators> </Authenticators>
</WebappAuthenticatorConfig> </WebappAuthenticatorConfig>

@ -29,7 +29,11 @@
</Authenticator> </Authenticator>
<Authenticator> <Authenticator>
<Name>CertificateAuth</Name> <Name>CertificateAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName> <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.gitCertificateAuthenticator</ClassName>
</Authenticator>
<Authenticator>
<Name>OTPAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OneTimeTokenAuthenticator</ClassName>
</Authenticator> </Authenticator>
<Authenticator> <Authenticator>
<Name>BST</Name> <Name>BST</Name>

Loading…
Cancel
Save