Merge branch 'validate-token-user' into 'master'

Validate User API

See merge request entgra/carbon-device-mgt!44
revert-70aa11f8
Milan Perera 6 years ago
commit 20ffbdc36d

@ -0,0 +1,74 @@
/*
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.device.mgt.jaxrs.beans;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpStatus;
import org.apache.http.util.TextUtils;
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
public class Credential {
private static final Log log = LogFactory.getLog(Credential.class);
private String username;
private String password;
private String tenantDomain;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getTenantDomain() {
return tenantDomain;
}
public void setTenantDomain(String tenantDomain) {
this.tenantDomain = tenantDomain;
}
public void validateRequest() {
if (TextUtils.isEmpty(getUsername())) {
String msg = "Error occurred while validating the user. Username is not found to validate the user";
log.error(msg);
throw new BadRequestException(
new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
.build());
}
if (TextUtils.isEmpty(getPassword())) {
String msg = "Error occurred while validating the user. Password is not found to validate the user";
log.error(msg);
throw new BadRequestException(
new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
.build());
}
}
}

@ -15,6 +15,22 @@
* specific language governing permissions and limitations * specific language governing permissions and limitations
* under the License. * under the License.
* *
*
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.api; package org.wso2.carbon.device.mgt.jaxrs.service.api;
@ -24,8 +40,6 @@ import io.swagger.annotations.ExtensionProperty;
import io.swagger.annotations.Extension; import io.swagger.annotations.Extension;
import io.swagger.annotations.Tag; import io.swagger.annotations.Tag;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.AuthorizationScope;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam; import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponse;
@ -36,6 +50,7 @@ import org.wso2.carbon.apimgt.annotations.api.Scopes;
import org.wso2.carbon.apimgt.annotations.api.Scope; import org.wso2.carbon.apimgt.annotations.api.Scope;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList;
import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation; import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
@ -905,4 +920,8 @@ public interface UserManagementService {
value = "List of email address of recipients", value = "List of email address of recipients",
required = true) required = true)
@Valid EnrollmentInvitation enrollmentInvitation); @Valid EnrollmentInvitation enrollmentInvitation);
@POST
@Path("/validate")
Response validateUser(Credential credential);
} }

@ -15,12 +15,29 @@
* specific language governing permissions and limitations * specific language governing permissions and limitations
* under the License. * under the License.
* *
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.impl; package org.wso2.carbon.device.mgt.jaxrs.service.impl;
import com.google.gson.JsonObject;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpStatus;
import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder; import org.eclipse.wst.common.uriresolver.internal.util.URIEncoder;
import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.DeviceManagementException;
import org.wso2.carbon.device.mgt.common.EnrolmentInfo; import org.wso2.carbon.device.mgt.common.EnrolmentInfo;
@ -31,11 +48,13 @@ import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfo;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoList;
import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.BasicUserInfoWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.Credential;
import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation; import org.wso2.carbon.device.mgt.jaxrs.beans.EnrollmentInvitation;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList; import org.wso2.carbon.device.mgt.jaxrs.beans.RoleList;
import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo; import org.wso2.carbon.device.mgt.jaxrs.beans.UserInfo;
import org.wso2.carbon.device.mgt.jaxrs.exception.BadRequestException;
import org.wso2.carbon.device.mgt.jaxrs.service.api.UserManagementService; import org.wso2.carbon.device.mgt.jaxrs.service.api.UserManagementService;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
import org.wso2.carbon.device.mgt.jaxrs.util.Constants; import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
@ -45,9 +64,12 @@ import org.wso2.carbon.identity.user.store.count.UserStoreCountRetriever;
import org.wso2.carbon.identity.user.store.count.exception.UserStoreCounterException; import org.wso2.carbon.identity.user.store.count.exception.UserStoreCounterException;
import org.wso2.carbon.user.api.Permission; import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.RealmConfiguration; import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
@ -738,6 +760,44 @@ public class UserManagementServiceImpl implements UserManagementService {
return Response.status(Response.Status.OK).entity("Invitation mails have been sent.").build(); return Response.status(Response.Status.OK).entity("Invitation mails have been sent.").build();
} }
@POST
@Path("/validate")
@Override
public Response validateUser(Credential credential) {
try {
credential.validateRequest();
RealmService realmService = DeviceMgtAPIUtils.getRealmService();
String tenant = credential.getTenantDomain();
int tenantId;
if (tenant == null || tenant.trim().isEmpty()) {
tenantId = MultitenantConstants.SUPER_TENANT_ID;
} else {
tenantId = realmService.getTenantManager().getTenantId(tenant);
}
if (tenantId == MultitenantConstants.INVALID_TENANT_ID) {
String msg = "Error occurred while validating the user. Invalid tenant domain " + tenant;
log.error(msg);
throw new BadRequestException(
new ErrorResponse.ErrorResponseBuilder().setCode(HttpStatus.SC_BAD_REQUEST).setMessage(msg)
.build());
}
UserRealm userRealm = realmService.getTenantUserRealm(tenantId);
JsonObject result = new JsonObject();
if (userRealm.getUserStoreManager().authenticate(credential.getUsername(), credential.getPassword())) {
result.addProperty("valid", true);
return Response.status(Response.Status.OK).entity(result).build();
} else {
result.addProperty("valid", false);
return Response.status(Response.Status.OK).entity(result).build();
}
} catch (UserStoreException e) {
String msg = "Error occurred while retrieving user store to validate user";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
}
}
private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) { private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress) {
Map<String, String> defaultUserClaims = new HashMap<>(); Map<String, String> defaultUserClaims = new HashMap<>();
defaultUserClaims.put(Constants.USER_CLAIM_FIRST_NAME, firstName); defaultUserClaims.put(Constants.USER_CLAIM_FIRST_NAME, firstName);

@ -45,6 +45,13 @@
<param-value>true</param-value> <param-value>true</param-value>
</context-param> </context-param>
<context-param>
<param-name>nonSecuredEndPoints</param-name>
<param-value>
/api/device-mgt/v1.0/users/validate
</param-value>
</context-param>
<!--publish to apim--> <!--publish to apim-->
<context-param> <context-param>
<param-name>managed-api-enabled</param-name> <param-name>managed-api-enabled</param-name>

@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--OAuth2TokenManagement" context="/oauth2" version="1.0.0" version-type="context">
<resource methods="POST" uri-template="/introspect" faultSequence="fault">
<inSequence>
<property name="uri.var.portnum" expression="get-property('system','iot.core.https.port')"/>
<property name="uri.var.hostname" expression="get-property('system','iot.core.host')"/>
<property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
<property name="AM_KEY_TYPE" value="PRODUCTION" scope="default"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="admin--OAuth2TokenManagement_APIproductionEndpoint_0">
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2"/>
<property name="ENDPOINT_ADDRESS" value="https://{uri.var.hostname}:{uri.var.portnum}/oauth2"/>
</endpoint>
</send>
</then>
<else>
<sequence key="_sandbox_key_error_"/>
</else>
</filter>
</inSequence>
<outSequence>
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
<send/>
</outSequence>
</resource>
</api>

@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--UserValidateManagement" context="/api/device-mgt/v1.0/users/validate" version="1.0.0" version-type="context">
<resource methods="POST" uri-template="/" faultSequence="fault">
<inSequence>
<property name="uri.var.portnum" expression="get-property('system','iot.core.https.port')"/>
<property name="uri.var.hostname" expression="get-property('system','iot.core.host')"/>
<property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
<property name="AM_KEY_TYPE" value="PRODUCTION" scope="default"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="admin--UserManagementValidateUser_APIproductionEndpoint_0">
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/api/device-mgt/v1.0/users/validate"/>
<property name="ENDPOINT_ADDRESS" value="https://{uri.var.hostname}:{uri.var.portnum}/api/device-mgt/v1.0/users/validate"/>
</endpoint>
</send>
</then>
<else>
<sequence key="_sandbox_key_error_"/>
</else>
</filter>
</inSequence>
<outSequence>
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
<send/>
</outSequence>
</resource>
</api>

@ -5,4 +5,6 @@ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../featur
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/dbscripts/cdm,target:${installFolder}/../../../dbscripts/cdm,overwrite:true);\ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/dbscripts/cdm,target:${installFolder}/../../../dbscripts/cdm,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/rxts/license.rxt,target:${installFolder}/../../../repository/resources/rxts/license.rxt,overwrite:true);\ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/rxts/license.rxt,target:${installFolder}/../../../repository/resources/rxts/license.rxt,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../../repository/resources/email-templates);\ org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../../repository/resources/email-templates);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/email/templates,target:${installFolder}/../../../repository/resources/email-templates,overwrite:true);\ org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/email/templates,target:${installFolder}/../../../repository/resources/email-templates,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/apis/admin--OAuth2TokenManagement.xml,target:${installFolder}/../../deployment/server/synapse-configs/default/api/admin--OAuth2TokenManagement.xml,overwrite:true);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.device.mgt.basics_${feature.version}/apis/admin--UserManagementValidateUser.xml,target:${installFolder}/../../deployment/server/synapse-configs/default/api/admin--UserManagementValidateUser.xml,overwrite:true);\
Loading…
Cancel
Save