Improve token validation login in valve

2025-10-06 02:01:45 +00:00 · 2020-08-04 20:12:37 +05:30 · 2020-08-04 20:12:37 +05:30 · b61e9a667b
commit b61e9a667b
parent 18531d0500
3 changed files with 16 additions and 9 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/spi/OTPManagementService.java
@ -19,6 +19,7 @@ package org.wso2.carbon.device.mgt.common.spi;

 import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException;
 import org.wso2.carbon.device.mgt.common.exceptions.OTPManagementException;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OTPMailDTO;
 import org.wso2.carbon.device.mgt.common.otp.mgt.wrapper.OTPMailWrapper;

 public interface OTPManagementService {
@ -35,9 +36,9 @@ public interface OTPManagementService {
    /**
     * Check the validity of the OTP
     * @param oneTimeToken OTP
-     * @return Ture if OTP is valid one, otherise returns false
+     * @return The OTP data
     * @throws OTPManagementException if error occurred whle verifying validity of the OPT
     * @throws BadRequestException if found an null value for OTP
     */
-    boolean isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
+    OTPMailDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException;
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
@ -105,7 +105,7 @@ public class OTPManagementServiceImpl implements OTPManagementService {
    }

    @Override
-    public boolean isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
+    public OTPMailDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
        OTPMailDTO otpMailDTO = getOTPDataByToken(oneTimeToken);
        if (otpMailDTO == null) {
            String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
@ -115,11 +115,11 @@ public class OTPManagementServiceImpl implements OTPManagementService {

        if (otpMailDTO.isExpired()) {
            log.warn("Token is expired. OTP: " + oneTimeToken);
-            return false;
+            return null;
        }
        if (otpMailDTO.isTenantCreated()) {
            log.warn("Tenant is already created for the token. OTP: " + oneTimeToken);
-            return false;
+            return null;
        }

        Calendar calendar = Calendar.getInstance();
@ -133,9 +133,9 @@ public class OTPManagementServiceImpl implements OTPManagementService {
            Gson gson = new Gson();
            OTPMailWrapper otpMailWrapper = gson.fromJson(otpMailDTO.getMetaInfo(), OTPMailWrapper.class);
            resendUserVerifyingMail(otpMailWrapper.getFirstName(), renewedOTP, otpMailDTO.getEmail());
-            return false;
+            return null;
        }
-        return true;
+        return otpMailDTO;
    }

    /**
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java
@ -20,9 +20,11 @@ package org.wso2.carbon.webapp.authenticator.framework.authenticator;
 import org.apache.catalina.connector.Response;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.otp.mgt.dto.OTPMailDTO;
 import org.wso2.carbon.device.mgt.common.spi.OTPManagementService;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
 import org.wso2.carbon.webapp.authenticator.framework.Constants;
+import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
 import org.wso2.carbon.webapp.authenticator.framework.internal.AuthenticatorFrameworkDataHolder;

 import java.util.Properties;
@ -47,9 +49,13 @@ public class OneTimeTokenAuthenticator implements WebappAuthenticator {
        try {
            OTPManagementService otpManagementService = AuthenticatorFrameworkDataHolder.getInstance()
                    .getOtpManagementService();
-            if (otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER))) {
+            OTPMailDTO validOTP = otpManagementService.isValidOTP(request.getHeader(Constants.HTTPHeaders
+                    .ONE_TIME_TOKEN_HEADER));
+            if (validOTP != null) {
                authenticationInfo.setStatus(Status.CONTINUE);
-                authenticationInfo.setTenantId(-1);
+                authenticationInfo.setTenantId(validOTP.getTenantId());
+                authenticationInfo.setTenantDomain(Utils.getTenantDomain(validOTP.getTenantId()));
+                authenticationInfo.setUsername(validOTP.getUsername());
            } else {
                authenticationInfo.setStatus(Status.FAILURE);
                authenticationInfo.setMessage("Invalid OTP token.");