Merge branch 'tenant-improve' into 'tenant-improve'

Improve OTP creating functionality See merge request entgra/carbon-device-mgt!608
2025-10-06 02:01:45 +00:00 · 2020-08-04 02:53:20 +00:00 · 2020-08-04 02:53:20 +00:00 · 446962737c
commit 446962737c
parent 13b4663e7d 59eeec55d6
10 changed files with 17 additions and 214 deletions
--- a/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java
+++ b/components/device-mgt/io.entgra.carbon.device.mgt.config.api/src/main/java/io/entgra/carbon/device/mgt/config/jaxrs/service/impl/DeviceManagementConfigServiceImpl.java
@ -24,7 +24,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import io.entgra.carbon.device.mgt.config.jaxrs.beans.ErrorResponse;
 import io.entgra.carbon.device.mgt.config.jaxrs.service.DeviceManagementConfigService;
 import io.entgra.carbon.device.mgt.config.jaxrs.util.DeviceMgtAPIUtils;
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.base.MultitenantConstants;
@ -36,7 +35,6 @@ import org.wso2.carbon.device.mgt.common.configuration.mgt.AmbiguousConfiguratio
 import org.wso2.carbon.device.mgt.common.configuration.mgt.DeviceConfiguration;
 import org.wso2.carbon.device.mgt.common.exceptions.DeviceManagementException;
 import org.wso2.carbon.device.mgt.common.exceptions.DeviceNotFoundException;
-import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
 import org.wso2.carbon.device.mgt.common.general.TenantDetail;
 import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
 import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
@ -50,8 +48,6 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil;
 import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
 import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
-import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
-import org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService;
 import org.wso2.carbon.user.api.Tenant;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.core.service.RealmService;
@ -68,9 +64,6 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.List;
 import java.util.Map;

@ -277,87 +270,6 @@ public class DeviceManagementConfigServiceImpl implements DeviceManagementConfig
        return tenantDetail;
    }

-    /**
-     * This API will add a tenant to the system and can be called by the super tenant only.
-     * @return Returns the
-     */
-    @Path("/tenant")
-    @POST
-    @Produces(MediaType.APPLICATION_JSON)
-    public Response addTenant(@HeaderParam("one-time-token") String token) {
-
-        TenantMgtAdminService tenantMgtAdminService = null;
-        OneTimeTokenDetails tenantWrapper = null;
-
-        // Request validation
-        String errorMsg = null;
-        Response.Status errorStatus = Response.Status.BAD_REQUEST;
-        if (StringUtils.isEmpty(token)) {
-            errorMsg = "Authentication failure when creating tenant";
-        } else {
-            tenantWrapper = new OneTimeTokenDetails(); //TODO: Call one time token validation API
-            if (tenantWrapper == null) {
-                errorMsg = "One time token is not present in the database";
-            } else {
-                try {
-                    tenantMgtAdminService = new TenantMgtAdminService();
-                    if (tenantMgtAdminService == null) {
-                        errorMsg = "Request can only be made by super admin";
-                        errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
-                    } else {
-                        TenantInfoBean[] tenant = tenantMgtAdminService.retrievePartialSearchTenants(tenantWrapper.getDomain());
-                        if (!PrivilegedCarbonContext.getThreadLocalCarbonContext()
-                                .getTenantDomain().equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
-                            errorMsg = "Request can only be made by super admin";
-                        } else if (tenant != null && tenant.length > 0) {
-                            for (TenantInfoBean tenantInfoBean : tenant) {
-                                if (tenantInfoBean.getTenantDomain().equals(tenantWrapper.getDomain())) {
-                                    errorMsg = "Tenant domain is already in use";
-                                    break;
-                                }
-                            }
-                        }
-                    }
-
-                } catch (Exception e) { // Carbon multi-tenancy is throwing generic exceptions.
-                    errorMsg = "Could not create tenant domain " + tenantWrapper.getDomain();
-                    errorStatus = Response.Status.INTERNAL_SERVER_ERROR;
-                }
-            }
-        }
-
-        if (errorMsg != null) {
-            log.error(errorMsg);
-            return Response.status(errorStatus).entity(
-                    new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()
-            ).build();
-        }
-
-        try {
-            TenantInfoBean tenantInfoBean = new TenantInfoBean();
-            tenantInfoBean.setActive(true);
-            tenantInfoBean.setAdminPassword(tenantWrapper.getPassword());
-            tenantInfoBean.setAdmin(tenantWrapper.getAdminName());
-            tenantInfoBean.setFirstname(tenantWrapper.getAdminFirstName());
-            tenantInfoBean.setLastname(tenantWrapper.getAdminLastName());
-            tenantInfoBean.setEmail(tenantWrapper.getEmail());
-            Calendar calendar = new GregorianCalendar();
-            calendar.setTime(new Date());
-            tenantInfoBean.setCreatedDate(calendar);
-            tenantInfoBean.setTenantDomain(tenantWrapper.getDomain());
-
-            String response = tenantMgtAdminService.addTenant(tenantInfoBean);
-            return Response.status(Response.Status.OK).entity(response).build();
-
-        } catch (Exception e) { // The underlying API is throwing a generic exception.
-            String msg = "Error while adding tenant";
-            log.error(msg, e);
-            return Response.serverError().entity(
-                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
-        }
-
-    }
-
    @POST
    @Path("/permissions")
    @Produces({MediaType.APPLICATION_JSON})
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java
@ -1221,50 +1221,4 @@ public interface UserManagementService {
                    response = ErrorResponse.class)
    })
    Response getPermissionsOfUser();
-
-    @POST
-    @Path("/one-time-pin")
-    @ApiOperation(
-            produces = MediaType.APPLICATION_JSON,
-            httpMethod = "GET",
-            value = "Getting the permission details of the current user",
-            notes = "A user may granted more than one permission in IoTS. Using this REST API "
-                    + "you can get the permission/permission the current user has granted. ",
-            tags = "User Management",
-            extensions = {
-                    @Extension(properties = {
-                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:user:permission-view")
-                    })
-            }
-    )
-    @ApiResponses(value = {
-            @ApiResponse(
-                    code = 200,
-                    message = "OK. \n Successfully fetched the list of permissions the user "
-                            + "has granted.",
-                    response = PermissionList.class,
-                    responseHeaders = {
-                            @ResponseHeader(
-                                    name = "Content-Type",
-                                    description = "The content type of the body"),
-                            @ResponseHeader(
-                                    name = "ETag",
-                                    description = "Entity Tag of the response resource.\n" +
-                                            "Used by caches, or in conditional requests."),
-                            @ResponseHeader(
-                                    name = "Last-Modified",
-                                    description = "Date and time the resource was last modified.\n" +
-                                            "Used by caches, or in conditional requests."),
-                    }),
-            @ApiResponse(
-                    code = 404,
-                    message = "Not Found. \n The specified resource does not exist.\n",
-                    response = ErrorResponse.class),
-            @ApiResponse(
-                    code = 500,
-                    message = "Internal Server Error. \n Server error occurred while fetching the "
-                            + "list of roles assigned to the specified user.",
-                    response = ErrorResponse.class)
-    })
-    Response sendEmailVerifyingMail(OTPMailWrapper otpMailWrapper);
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java
@ -1118,53 +1118,6 @@ public class UserManagementServiceImpl implements UserManagementService {
        }
    }

-    /**
-     * Method used to send an invitation email to a existing user to enroll a device.
-     *
-     * @param otpMailWrapper Username list of the users to be invited
-     */
-    @POST
-    @Path("/one-time-pin")
-    @Produces({MediaType.APPLICATION_JSON})
-    public Response sendEmailVerifyingMail(OTPMailWrapper otpMailWrapper) {
-        if (log.isDebugEnabled()) {
-            log.debug("Sending enrollment invitation mail to existing user.");
-        }
-        DeviceManagementProviderService dms = DeviceMgtAPIUtils.getDeviceManagementService();
-        OTPManagementService oms = DeviceMgtAPIUtils.getOTPManagementService();
-        try {
-            String otpToken = oms.createOTPToken(otpMailWrapper);
-            Properties props = new Properties();
-            props.setProperty("first-name", otpMailWrapper.getFirstName());
-            props.setProperty("otp-token", otpToken);
-
-            EmailMetaInfo metaInfo = new EmailMetaInfo(otpMailWrapper.getEmail(), props);
-            dms.sendEnrolmentInvitation(DeviceManagementConstants.EmailAttributes.USER_VERIFY_TEMPLATE,
-                    metaInfo);
-        } catch (DeviceManagementException e) {
-            String msg = "Error occurred while inviting user to enrol their device";
-            if (e.getMessage() != null && !e.getMessage().isEmpty()) {
-                msg = e.getMessage();
-            }
-            log.error(msg, e);
-            return Response.serverError().entity(
-                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
-        } catch (ConfigurationManagementException e) {
-            String msg = "Error occurred while sending the email invitations. Mail server not configured.";
-            return Response.serverError().entity(
-                    new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build();
-        } catch (OTPManagementException e) {
-            String msg = "Error occurred while generating and storing the OTP data";
-            log.error(msg, e);
-            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
-        } catch (org.wso2.carbon.device.mgt.common.exceptions.BadRequestException e) {
-            String msg = "Bad Request : Found invalid request payload to create OTP toke.";
-            log.error(msg, e);
-            return Response.status(Response.Status.BAD_REQUEST).entity(msg).build();
-        }
-        return Response.status(Response.Status.OK).entity("Invitation mails have been sent.").build();
-    }
-
    private Map<String, String> buildDefaultUserClaims(String firstName, String lastName, String emailAddress,
                                                       boolean isFresh) {
        Map<String, String> defaultUserClaims = new HashMap<>();
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java
@ -142,7 +142,6 @@ public class DeviceMgtAPIUtils {

    private static IntegrationClientService integrationClientService;
    private static MetadataManagementService metadataManagementService;
-    private static volatile OTPManagementService otpManagementService;

    static {
        String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
@ -461,29 +460,6 @@ public class DeviceMgtAPIUtils {
        return metadataManagementService;
    }

-    /**
-     * Initializing and accessing method for OTPManagementService.
-     *
-     * @return OTPManagementService instance
-     * @throws IllegalStateException if OTPManagementService cannot be initialized
-     */
-    public static OTPManagementService getOTPManagementService() {
-        if (otpManagementService == null) {
-            synchronized (DeviceMgtAPIUtils.class) {
-                if (otpManagementService == null) {
-                    PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-                    otpManagementService = (OTPManagementService) ctx.getOSGiService(OTPManagementService.class, null);
-                    if (otpManagementService == null) {
-                        String msg = "OTP Management service not initialized.";
-                        log.error(msg);
-                        throw new IllegalStateException(msg);
-                    }
-                }
-            }
-        }
-        return otpManagementService;
-    }
-
    /**
     * Method for initializing ReportManagementService
     * @return ReportManagementServie Instance
--- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml
@ -48,8 +48,7 @@
    <context-param>
        <param-name>nonSecuredEndPoints</param-name>
        <param-value>
-            /api/device-mgt/v1.0/users/validate,
-            /api/device-mgt/v1.0/users/one-time-pin
+            /api/device-mgt/v1.0/users/validate
        </param-value>
    </context-param>

--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
@ -93,7 +93,7 @@
                            org.apache.axis2.transport.http,
                            org.wso2.carbon.certificate.mgt.core.*,
                            org.wso2.carbon.device.mgt.core.permission.mgt,
-                            org.wso2.carbon.device.mgt.common,
+                            org.wso2.carbon.device.mgt.common.*,
                            org.wso2.carbon.device.mgt.common.permission.mgt,
                            org.apache.axis2,
                            org.apache.axis2.client,
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
@ -42,11 +42,11 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {

    public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {

-        OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
-                .getOtpManagementService();
        AuthenticationInfo authenticationInfo = new AuthenticationInfo();

        try {
+            OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
+                    .getOtpManagementService();
            if (otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER))) {
                authenticationInfo.setStatus(Status.CONTINUE);
                authenticationInfo.setTenantId(-1);
@ -55,8 +55,10 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
                authenticationInfo.setMessage("Invalid OTP token.");
            }
        } catch (Exception e) {
+            String msg = "OTP Token Validation Failed.";
+            log.error(msg, e);
            authenticationInfo.setStatus(Status.FAILURE);
-            authenticationInfo.setMessage("CToken Validation Failed.");
+            authenticationInfo.setMessage(msg);
        }
        return authenticationInfo;
    }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java
@ -26,7 +26,6 @@ import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
 import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
 import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
 import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@ -82,7 +81,7 @@ import java.util.Properties;
 * cardinality="1..1" policy="dynamic"
 * bind="setTenantRegistryLoader"
 * unbind="unsetTenantRegistryLoader"
- * @scr.reference name="org.wso2.carbon.otp.manager"
+ * @scr.reference name="org.wso2.carbon.device.manager"
 * interface="org.wso2.carbon.device.mgt.common.spi.OTPManagementService"
 * cardinality="1..1"
 * policy="dynamic"
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/config/etc/webapp-authenticator-config.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/test/resources/config/etc/webapp-authenticator-config.xml
@ -24,5 +24,9 @@
            <Name>CertificateAuth</Name>
            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
        </Authenticator>
+        <Authenticator>
+            <Name>OTPAuth</Name>
+            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OneTimeTokenAuthenticator</ClassName>
+        </Authenticator>
 	</Authenticators>
 </WebappAuthenticatorConfig>
--- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
+++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
@ -29,7 +29,11 @@
        </Authenticator>
        <Authenticator>
            <Name>CertificateAuth</Name>
-            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
+            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.gitCertificateAuthenticator</ClassName>
+        </Authenticator>
+        <Authenticator>
+            <Name>OTPAuth</Name>
+            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OneTimeTokenAuthenticator</ClassName>
        </Authenticator>
        <Authenticator>
            <Name>BST</Name>