From e2a143cde09694ef27c6b6b365c6e229bdb0db20 Mon Sep 17 00:00:00 2001 From: "tcdlpds@gmail.com" Date: Wed, 12 Aug 2020 12:21:58 +0530 Subject: [PATCH] Improve user verifying mail sending logic --- .../org.wso2.carbon.device.mgt.core/pom.xml | 4 +++ .../mgt/service/OTPManagementServiceImpl.java | 31 +++++++++++++++++-- pom.xml | 10 +++++- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml index 4d1c23ba6c..347c710be6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml @@ -360,6 +360,10 @@ org.wso2.carbon.multitenancy org.wso2.carbon.tenant.mgt + + commons-validator + commons-validator + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java index 68297a5554..ee649baf1d 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java @@ -20,6 +20,7 @@ import com.google.gson.Gson; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException; import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException; import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException; @@ -41,6 +42,7 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory; import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException; import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil; import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo; +import org.apache.commons.validator.routines.EmailValidator; import org.wso2.carbon.user.api.Tenant; import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties; @@ -102,13 +104,18 @@ public class OTPManagementServiceImpl implements OTPManagementService { @Override public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException { + if (StringUtils.isBlank(oneTimeToken)){ + String msg = "Received blank OTP to verify. OTP: " + oneTimeToken; + log.error(msg); + throw new BadRequestException(msg); + } + OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken); if (oneTimePinDTO == null) { String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system."; log.error(msg); throw new BadRequestException(msg); } - if (oneTimePinDTO.isExpired()) { log.warn("Token is expired. OTP: " + oneTimeToken); return null; @@ -197,9 +204,17 @@ public class OTPManagementServiceImpl implements OTPManagementService { DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance() .getDeviceManagementConfig(); KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations(); - String superTenantUsername = kmConfig.getAdminUsername(); - if (!otpWrapper.getUsername().equals(superTenantUsername)) { + if (StringUtils.isBlank(otpWrapper.getUsername())) { + String msg = "Received Blank username to create OTP. Username: " + otpWrapper.getUsername(); + log.error(msg); + throw new BadRequestException(msg); + } + + String[] superTenantDetails = otpWrapper.getUsername().split("@"); + + if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(superTenantDetails[1]) || !superTenantDetails[0] + .equals(kmConfig.getAdminUsername())) { String msg = "You don't have required permission to create OTP"; log.error(msg); throw new UnAuthorizedException(msg); @@ -262,11 +277,21 @@ public class OTPManagementServiceImpl implements OTPManagementService { log.error(msg); throw new BadRequestException(msg); } + + EmailValidator validator = EmailValidator.getInstance(); + if (!validator.isValid(otpWrapper.getEmail())) { + String msg = "Found invalid email. Hence please verify the email address and re-try. Email: " + otpWrapper + .getEmail(); + log.error(msg); + throw new BadRequestException(msg); + } + if (StringUtils.isBlank(otpWrapper.getEmailType())) { String msg = "Received empty or blank email type field with OTP creating payload."; log.error(msg); throw new BadRequestException(msg); } + tenant.setDomain(otpWrapper.getEmail().split("@")[1]); tenant.setEmail(otpWrapper.getEmail()); return tenant; } diff --git a/pom.xml b/pom.xml index d522b61dab..d12b76d9f4 100644 --- a/pom.xml +++ b/pom.xml @@ -1772,6 +1772,11 @@ maven-checkstyle-plugin ${maven.checkstyle.vesion} + + commons-validator + commons-validator + ${apache.validator.version} + @@ -2219,6 +2224,9 @@ 2.3.2 + + 1.7 + 2.1.7-wso2v7 1.5.11.wso2v15 @@ -2252,7 +2260,7 @@ v12.18.1 3.1.0 - + 7.0.85 1.0