Add OTP based remote session implementation

components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/otp/mgt/OTPEmailTypes.java

@@ -18,5 +18,5 @@
 package org.wso2.carbon.device.mgt.common.otp.mgt;
 
 public enum OTPEmailTypes {
-    USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE
+    USER_VERIFY, DEVICE_ENROLLMENT, USER_INVITE, REMOTE_SESSION
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/DefaultTokenHandler.java

@@ -18,21 +18,22 @@
 package io.entgra.ui.request.interceptor;
 
 import com.google.gson.Gson;
-import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import io.entgra.ui.request.interceptor.beans.AuthData;
 import io.entgra.ui.request.interceptor.util.HandlerConstants;
 import io.entgra.ui.request.interceptor.util.HandlerUtil;
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.http.HttpHeaders;
 import org.apache.http.HttpStatus;
-import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.entity.ContentType;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
+import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
+import org.wso2.carbon.device.mgt.common.otp.mgt.OTPEmailTypes;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OneTimePinDTO;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.core.service.RealmService;
 
 import javax.servlet.annotation.MultipartConfig;
 import javax.servlet.annotation.WebServlet;
@@ -54,71 +55,28 @@ public class DefaultTokenHandler extends HttpServlet {
             HttpSession httpSession = req.getSession(false);
 
             if (httpSession != null) {
-                AuthData authData = (AuthData) httpSession.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
-                if (authData == null) {
-                    HandlerUtil.sendUnAuthorizeResponse(resp);
-                    return;
+                String userWithDomain = (String) httpSession.getAttribute(HandlerConstants.USERNAME_WITH_DOMAIN);
+                String[] userNameParts = userWithDomain.split("@");
+
+                OneTimePinDTO oneTimePinData = new OneTimePinDTO();
+                oneTimePinData.setEmail(OTPEmailTypes.REMOTE_SESSION.toString());
+                oneTimePinData.setEmailType(OTPEmailTypes.REMOTE_SESSION.toString());
+                oneTimePinData.setUsername(userNameParts[0]);
+                PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+                RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
+                try {
+                    oneTimePinData.setTenantId(realmService.getTenantManager().getTenantId(userNameParts[1]));
+                } catch (UserStoreException e) {
+                    throw new RuntimeException(e);
                 }
-
-                AuthData defaultAuthData = (AuthData) httpSession
-                        .getAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY);
-                if (defaultAuthData != null) {
-                    HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultAuthData.getAccessToken()));
-                    return;
-                }
-
-                String clientId = authData.getClientId();
-                String clientSecret = authData.getClientSecret();
-
-                String queryString = req.getQueryString();
-                String scopeString = "";
-                if (StringUtils.isNotEmpty(queryString)) {
-                    scopeString = req.getParameter("scopes");
-                    if (scopeString != null) {
-                        scopeString = "?scopes=" + scopeString;
-                    }
-                }
-
-                String iotsCoreUrl = req.getScheme() + HandlerConstants.SCHEME_SEPARATOR
-                        + System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR)
-                        + HandlerConstants.COLON + HandlerUtil.getGatewayPort(req.getScheme());
-                String tokenUrl = iotsCoreUrl + "/api/device-mgt/v1.0/devices/" + clientId
-                                + "/" + clientSecret + "/default-token" + scopeString;
-
-                HttpGet defaultTokenRequest = new HttpGet(tokenUrl);
-                defaultTokenRequest
-                        .setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BEARER + authData.getAccessToken());
-                defaultTokenRequest
-                        .setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
-                ProxyResponse tokenResultResponse = HandlerUtil.execute(defaultTokenRequest);
-
-                if (tokenResultResponse.getExecutorResponse().contains(HandlerConstants.EXECUTOR_EXCEPTION_PREFIX)) {
-                    log.error("Error occurred while invoking the API to get default token data.");
-                    HandlerUtil.handleError(resp, tokenResultResponse);
-                    return;
-                }
-                String tokenResult = tokenResultResponse.getData();
-                if (tokenResult == null) {
-                    log.error("Invalid default token response is received.");
-                    HandlerUtil.handleError(resp, tokenResultResponse);
-                    return;
-                }
-
-                JsonParser jsonParser = new JsonParser();
-                JsonElement jTokenResult = jsonParser.parse(tokenResult);
-                if (jTokenResult.isJsonObject()) {
-                    JsonObject jTokenResultAsJsonObject = jTokenResult.getAsJsonObject();
-                    AuthData newDefaultAuthData = new AuthData();
-                    newDefaultAuthData.setClientId(clientId);
-                    newDefaultAuthData.setClientSecret(clientSecret);
-
-                    String defaultToken = jTokenResultAsJsonObject.get("accessToken").getAsString();
-                    newDefaultAuthData.setAccessToken(defaultToken);
-                    newDefaultAuthData.setRefreshToken(jTokenResultAsJsonObject.get("refreshToken").getAsString());
-                    newDefaultAuthData.setScope(jTokenResultAsJsonObject.get("scopes").getAsString());
-                    httpSession.setAttribute(HandlerConstants.SESSION_DEFAULT_AUTH_DATA_KEY, newDefaultAuthData);
-
-                    HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(defaultToken));
+                oneTimePinData.setExpiryTime(DeviceManagementConstants.OTPProperties.OTP_DEFAULT_EXPIRY_SECONDS);
+                OTPManagementService otpManagementService = HandlerUtil.getOTPManagementService();
+                try {
+                    oneTimePinData = otpManagementService.generateOneTimePin(oneTimePinData, true);
+                    HandlerUtil.handleSuccess(resp, constructSuccessProxyResponse(oneTimePinData.getOtpToken()));
+                } catch (OTPManagementException e) {
+                    log.error("Failed while generating remote session OTP for user " + userWithDomain, e);
+                    HandlerUtil.handleError(resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
                 }
             } else {
                 HandlerUtil.sendUnAuthorizeResponse(resp);

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java

@@ -120,6 +120,7 @@ public class UserHandler extends HttpServlet {
                 proxyResponse.setData(
                         jTokenResultAsJsonObject.get("username").getAsString().replaceAll("@carbon.super", ""));
                 HandlerUtil.handleSuccess(resp, proxyResponse);
+                httpSession.setAttribute(HandlerConstants.USERNAME_WITH_DOMAIN, jTokenResultAsJsonObject.get("username").getAsString());
                 log.info("Customer login", userLogContextBuilder.setUserName(proxyResponse.getData()).setUserRegistered(true).build());
             }
         } catch (IOException e) {

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java

@@ -106,4 +106,5 @@ public class HandlerConstants {
     public static final String IOT_REPORTING_WEBAPP_HOST_ENV_VAR = "iot.reporting.webapp.host";
     public static final String USER_SCOPES = "userScopes";
     public static final String HUBSPOT_CHAT_URL = "api.hubapi.com";
+    public static final String USERNAME_WITH_DOMAIN = "usernameWithDomain";
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java

@@ -55,6 +55,8 @@ import org.json.JSONException;
 import org.json.JSONObject;
 import org.w3c.dom.Document;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
 import org.xml.sax.SAXException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -79,6 +81,8 @@ public class HandlerUtil {
     private static boolean isLoginCacheInitialized = false;
     private static AuthData authData;
 
+    private static OTPManagementService otpManagementService;
+
     /***
      *
      * @param httpRequest - httpMethod e.g:- HttpPost, HttpGet
@@ -751,4 +755,12 @@ public class HandlerUtil {
     public static boolean isPropertyDefined(String property) {
         return StringUtils.isEmpty(System.getProperty(property));
     }
+
+    public static OTPManagementService getOTPManagementService() {
+        if (otpManagementService == null) {
+            otpManagementService = (OTPManagementService) PrivilegedCarbonContext
+                    .getThreadLocalCarbonContext().getOSGiService(OTPManagementService.class, null);
+        }
+        return otpManagementService;
+    }
 }