Merge pull request #1304 from utmstack/backlog/google-tfa

Backlog/google tfa

Author: mjabascal10

backend/src/main/java/com/park/utmstack/config/SecurityConfiguration.java

@@ -108,7 +108,7 @@ public void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/api/account/reset-password/init").permitAll()
                 .antMatchers("/api/account/reset-password/finish").permitAll()
                 .antMatchers("/api/images/all").permitAll()
-                .antMatchers("/api/tfa/**").hasAuthority(AuthoritiesConstants.PRE_VERIFICATION_USER)
+                .antMatchers("/api/tfa/**").hasAnyAuthority(AuthoritiesConstants.PRE_VERIFICATION_USER, AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
                 .antMatchers("/api/utm-incident-jobs").hasAuthority(AuthoritiesConstants.ADMIN)
                 .antMatchers("/api/utm-incident-jobs/**").hasAuthority(AuthoritiesConstants.ADMIN)
                 .antMatchers("/api/utm-incident-variables/**").hasAuthority(AuthoritiesConstants.ADMIN)

backend/src/main/java/com/park/utmstack/domain/User.java

@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.park.utmstack.config.Constants;
+import lombok.Data;
 import org.apache.commons.lang3.StringUtils;
 import org.hibernate.annotations.BatchSize;
 
@@ -21,6 +22,7 @@
  * A user.
  */
 @Entity
+@Data
 @Table(name = "jhi_user")
 public class User extends AbstractAuditingEntity implements Serializable {
 
@@ -83,6 +85,9 @@ public class User extends AbstractAuditingEntity implements Serializable {
     @Column(name = "tfa_secret")
     private String tfaSecret;
 
+    @Column(name = "tfa_method")
+    private String tfaMethod;
+
     @Column(name = "fs_manager")
     private Boolean fsManager;
 
@@ -96,135 +101,16 @@ public class User extends AbstractAuditingEntity implements Serializable {
     @BatchSize(size = 20)
     private Set<Authority> authorities = new HashSet<>();
 
-    public Long getId() {
-        return id;
-    }
-
-    public void setId(Long id) {
-        this.id = id;
-    }
-
-    public String getLogin() {
-        return login;
-    }
 
     // Lowercase the login before saving it in database
     public void setLogin(String login) {
         this.login = StringUtils.lowerCase(login, Locale.ENGLISH);
     }
 
-    public String getPassword() {
-        return password;
-    }
-
-    public void setPassword(String password) {
-        this.password = password;
-    }
-
-    public String getFirstName() {
-        return firstName;
-    }
-
-    public void setFirstName(String firstName) {
-        this.firstName = firstName;
-    }
-
-    public String getLastName() {
-        return lastName;
-    }
-
-    public void setLastName(String lastName) {
-        this.lastName = lastName;
-    }
-
-    public String getEmail() {
-        return email;
-    }
-
-    public void setEmail(String email) {
-        this.email = email;
-    }
-
-    public String getImageUrl() {
-        return imageUrl;
-    }
-
-    public void setImageUrl(String imageUrl) {
-        this.imageUrl = imageUrl;
-    }
-
     public boolean getActivated() {
         return activated;
     }
 
-    public void setActivated(boolean activated) {
-        this.activated = activated;
-    }
-
-    public String getActivationKey() {
-        return activationKey;
-    }
-
-    public void setActivationKey(String activationKey) {
-        this.activationKey = activationKey;
-    }
-
-    public String getResetKey() {
-        return resetKey;
-    }
-
-    public void setResetKey(String resetKey) {
-        this.resetKey = resetKey;
-    }
-
-    public Instant getResetDate() {
-        return resetDate;
-    }
-
-    public void setResetDate(Instant resetDate) {
-        this.resetDate = resetDate;
-    }
-
-    public String getLangKey() {
-        return langKey;
-    }
-
-    public void setLangKey(String langKey) {
-        this.langKey = langKey;
-    }
-
-    public Set<Authority> getAuthorities() {
-        return authorities;
-    }
-
-    public void setAuthorities(Set<Authority> authorities) {
-        this.authorities = authorities;
-    }
-
-    public String getTfaSecret() {
-        return tfaSecret;
-    }
-
-    public void setTfaSecret(String tfaSecret) {
-        this.tfaSecret = tfaSecret;
-    }
-
-    public Boolean getFsManager() {
-        return fsManager;
-    }
-
-    public void setFsManager(Boolean fsManager) {
-        this.fsManager = fsManager;
-    }
-
-    public Boolean getDefaultPassword() {
-        return defaultPassword;
-    }
-
-    public void setDefaultPassword(Boolean defaultPassword) {
-        this.defaultPassword = defaultPassword;
-    }
-
     @Override
     public boolean equals(Object o) {
         if (this == o) {

backend/src/main/java/com/park/utmstack/service/UserService.java

@@ -213,13 +213,13 @@ public Optional<UserDTO> updateUser(UserDTO userDTO) {
         }).map(UserDTO::new);
     }
 
-    public User updateUserTfaSecret(String userLogin, String tfaSecret) throws Exception {
+    public void updateUserTfaSecret(String userLogin, String tfaSecret, String tfaMethod) throws Exception {
         final String ctx = CLASS_NAME + ".updateUserTfaSecret";
         try {
             User user = userRepository.findOneByLogin(userLogin)
                 .orElseThrow(() -> new Exception(String.format("User %1$s not found", userLogin)));
+            user.setTfaMethod(tfaMethod);
             user.setTfaSecret(tfaSecret);
-            return userRepository.save(user);
         } catch (Exception e) {
             throw new Exception(ctx + ": " + e.getMessage());
         }

backend/src/main/java/com/park/utmstack/service/UtmConfigurationParameterQueryService.java

@@ -1,9 +1,12 @@
 package com.park.utmstack.service;
 
+import com.park.utmstack.config.Constants;
+import com.park.utmstack.domain.User;
 import com.park.utmstack.domain.UtmConfigurationParameter;
 import com.park.utmstack.domain.UtmConfigurationParameter_;
 import com.park.utmstack.repository.UtmConfigurationParameterRepository;
 import com.park.utmstack.service.dto.UtmConfigurationParameterCriteria;
+import lombok.RequiredArgsConstructor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.data.domain.Page;
@@ -22,16 +25,15 @@
  * It returns a {@link List} of {@link UtmConfigurationParameter} or a {@link Page} of {@link UtmConfigurationParameter} which fulfills the criteria.
  */
 @Service
+@RequiredArgsConstructor
 @Transactional(readOnly = true)
 public class UtmConfigurationParameterQueryService extends QueryService<UtmConfigurationParameter> {
 
     private final Logger log = LoggerFactory.getLogger(UtmConfigurationParameterQueryService.class);
 
     private final UtmConfigurationParameterRepository utmConfigurationParameterRepository;
+    private final UserService userService;
 
-    public UtmConfigurationParameterQueryService(UtmConfigurationParameterRepository utmConfigurationParameterRepository) {
-        this.utmConfigurationParameterRepository = utmConfigurationParameterRepository;
-    }
 
     /**
      * Return a {@link List} of {@link UtmConfigurationParameter} which matches the criteria from the database
@@ -57,6 +59,16 @@ public List<UtmConfigurationParameter> findByCriteria(UtmConfigurationParameterC
     public Page<UtmConfigurationParameter> findByCriteria(UtmConfigurationParameterCriteria criteria, Pageable page) {
         log.debug("find by criteria : {}, page: {}", criteria, page);
         final Specification<UtmConfigurationParameter> specification = createSpecification(criteria);
+        Page<UtmConfigurationParameter> result = utmConfigurationParameterRepository.findAll(specification, page);
+
+        if (criteria.getSectionId().getEquals().equals(Constants.TFA_SETTING_ID)) {
+            User user = userService.getCurrentUserLogin();
+            result.getContent().forEach(utmConfigurationParameter -> {
+                if(utmConfigurationParameter.getConfParamShort().equals(Constants.PROP_TFA_METHOD)){
+                    utmConfigurationParameter.setConfParamValue(user.getTfaMethod());
+                }
+            });
+        }
         return utmConfigurationParameterRepository.findAll(specification, page);
     }
 

backend/src/main/java/com/park/utmstack/service/tfa/EmailTfaService.java

@@ -77,7 +77,7 @@ public void persistConfiguration(User user) throws Exception {
         String secret = cache.getState(user.getLogin(), TfaMethod.EMAIL)
                 .orElseThrow(() -> new IllegalStateException("No TFA setup found for user: " + user.getLogin()))
                 .getSecret();
-        userService.updateUserTfaSecret(user.getLogin(), secret);
+        userService.updateUserTfaSecret(user.getLogin(), secret, TfaMethod.EMAIL.toString());
         cache.clear(user.getLogin(), TfaMethod.EMAIL);
     }
 

backend/src/main/java/com/park/utmstack/service/tfa/TfaService.java

@@ -44,7 +44,7 @@ public void persistConfiguration(TfaMethod method) throws Exception {
 
     public void generateChallenge(User user) throws Exception {
 
-        TfaMethod method = TfaMethod.valueOf(Constants.CFG.get(Constants.PROP_TFA_METHOD));
+        TfaMethod method = TfaMethod.valueOf(user.getTfaMethod());
 
         TfaMethodService selected = getMethodService(method);
         selected.generateChallenge(user);

backend/src/main/java/com/park/utmstack/service/tfa/TotpTfaService.java

@@ -79,7 +79,7 @@ public void persistConfiguration(User user) throws Exception {
         String secret = cache.getState(user.getLogin(), TfaMethod.TOTP)
                 .orElseThrow(() -> new IllegalStateException("No TFA setup found for user: " + user.getLogin()))
                 .getSecret();
-        userService.updateUserTfaSecret(user.getLogin(), secret);
+        userService.updateUserTfaSecret(user.getLogin(), secret, TfaMethod.TOTP.toString());
         cache.clear(user.getLogin(), TfaMethod.TOTP);
     }
 

backend/src/main/java/com/park/utmstack/web/rest/UserJWTController.java

@@ -86,7 +86,6 @@ public ResponseEntity<LoginResponseDTO> authorize(@Valid @RequestBody LoginVM lo
                 throw new TooMuchLoginAttemptsException(String.format("Client IP %1$s blocked due to too many failed login attempts", loginAttemptService.getClientIP()));
 
             boolean isTfaEnabled = Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE));
-            String method  = Constants.CFG.get(Constants.PROP_TFA_METHOD);
 
             UsernamePasswordAuthenticationToken authenticationToken =
                 new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
@@ -95,15 +94,16 @@ public ResponseEntity<LoginResponseDTO> authorize(@Valid @RequestBody LoginVM lo
             SecurityContextHolder.getContext().setAuthentication(authentication);
             String tempToken = tokenProvider.createToken(authentication, false, false);
 
-            if (isTfaEnabled) {
-                User user = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername())
+            User user = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername())
                     .orElseThrow(() -> new BadCredentialsException("User " + loginVM.getUsername() + " not found"));
+
+            if (isTfaEnabled && (user.getTfaMethod() != null && !user.getTfaMethod().isEmpty())) {
                 tfaService.generateChallenge(user);
             }
 
             return new ResponseEntity<>( LoginResponseDTO.builder()
                     .token(tempToken)
-                    .method(method)
+                    .method(user.getTfaMethod())
                     .success(true)
                     .tfaRequired(isTfaEnabled)
                     .build(), HttpStatus.OK);

backend/src/main/java/com/park/utmstack/web/rest/UtmConfigurationParameterResource.java

@@ -142,7 +142,6 @@ public ResponseEntity<UtmConfigurationParameter> getUtmConfigurationParameter(@P
     public ResponseEntity<Void> checkEmailConfiguration(@Valid @RequestBody List<UtmConfigurationParameter> parameters) {
         final String ctx = CLASSNAME + ".checkEmailConfiguration";
         try {
-
             utmStackService.checkEmailConfiguration(this.mailConfigService.getMailConfigFromParameters(parameters));
             return ResponseEntity.ok().build();
         } catch (MessagingException e) {

backend/src/main/java/com/park/utmstack/web/rest/tfa/TfaController.java

@@ -87,7 +87,7 @@ public ResponseEntity<Void> completeTfa(@RequestBody TfaSaveRequest request) {
         final String ctx = CLASSNAME + ".completeTfa";
         try {
 
-            List<UtmConfigurationParameter> tfaParams = utmConfigurationParameterService.getConfigParameterBySectionId(Constants.TFA_SETTING_ID);
+            /*List<UtmConfigurationParameter> tfaParams = utmConfigurationParameterService.getConfigParameterBySectionId(Constants.TFA_SETTING_ID);
 
             for (UtmConfigurationParameter param : tfaParams) {
                 switch (param.getConfParamShort()) {
@@ -98,9 +98,11 @@ public ResponseEntity<Void> completeTfa(@RequestBody TfaSaveRequest request) {
                         param.setConfParamValue(String.valueOf(request.isEnable()));
                         break;
                 }
-            }
+            }*/
+
+
 
-            utmConfigurationParameterService.saveAll(tfaParams);
+            tfaService.persistConfiguration(request.getMethod());
             User user = userService.getCurrentUserLogin();
             tfaService.generateChallenge(user);
             return ResponseEntity.ok().build();
@@ -127,7 +129,7 @@ public ResponseEntity<JWTToken> verifyCode(@RequestBody String code) {
         final String ctx = CLASSNAME + ".verifyCode";
         try {
             User user = userService.getCurrentUserLogin();
-            TfaMethod method = TfaMethod.valueOf(Constants.CFG.get(Constants.PROP_TFA_METHOD));
+            TfaMethod method = TfaMethod.valueOf(user.getTfaMethod());
             TfaVerifyRequest request = new TfaVerifyRequest(method, code);
             TfaVerifyResponse response = tfaService.verifyCode(user, request);