Skip to content
This repository was archived by the owner on Dec 9, 2025. It is now read-only.

Commit 272bc44

Browse files
eisbilireisbilir
authored
Merge pull request #78 from appirio-tech/feature/2fa
update dice
2 parents 9be0e04 + f6aa138 commit 272bc44

File tree

8 files changed

+75
-273
lines changed

8 files changed

+75
-273
lines changed

buildtokenproperties.sh

Lines changed: 8 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,7 @@ AUTH0_NEW_NONINTERACTIVE_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIV
1818
DICEAUTH_DICE_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_URL")
1919
DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL")
2020
DICEAUTH_DICE_VERIFIER=$(eval "echo \$${ENV}_DICEAUTH_DICE_VERIFIER")
21-
DICEAUTH_ID=$(eval "echo \$${ENV}_DICEAUTH_ID")
22-
DICEAUTH_ID_SECRET=$(eval "echo \$${ENV}_DICEAUTH_ID_SECRET")
23-
DICEAUTH_PASSWORD=$(eval "echo \$${ENV}_DICEAUTH_PASSWORD")
24-
DICEAUTH_SCOPE=$(eval "echo \$${ENV}_DICEAUTH_SCOPE")
25-
DICEAUTH_TENANT=$(eval "echo \$${ENV}_DICEAUTH_TENANT")
26-
DICEAUTH_USERNAME=$(eval "echo \$${ENV}_DICEAUTH_USERNAME")
21+
DICEAUTH_DICE_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_KEY")
2722
DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID")
2823
ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID")
2924
SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID")
@@ -43,10 +38,9 @@ M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFIL
4338
M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE")
4439
M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ")
4540
M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE")
46-
M2MAUTHCONFIG_USER2FA_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREATE")
47-
M2MAUTHCONFIG_USER2FA_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_UPDATE")
48-
M2MAUTHCONFIG_USER2FA_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_READ")
49-
M2MAUTHCONFIG_USER2FA_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_DELETE")
41+
M2MAUTHCONFIG_USER2FA_ENABLE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_ENABLE")
42+
M2MAUTHCONFIG_USER2FA_VERIFY=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_VERIFY")
43+
M2MAUTHCONFIG_USER2FA_CREDENTIAL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREDENTIAL")
5044

5145
DOMAIN=$(eval "echo \$${ENV}_DOMAIN")
5246
SMTP=$(eval "echo \$${ENV}_SMTP")
@@ -98,12 +92,7 @@ perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID_SECRET\}\}/$AUTH0_NEW_NONINTERACT
9892
perl -pi -e "s|\{\{DICEAUTH_DICE_URL\}\}|$DICEAUTH_DICE_URL|g" $CONFFILENAME
9993
perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILENAME
10094
perl -pi -e "s|\{\{DICEAUTH_DICE_VERIFIER\}\}|$DICEAUTH_DICE_VERIFIER|g" $CONFFILENAME
101-
perl -pi -e "s/\{\{DICEAUTH_ID\}\}/$DICEAUTH_ID/g" $CONFFILENAME
102-
perl -pi -e "s/\{\{DICEAUTH_ID_SECRET\}\}/$DICEAUTH_ID_SECRET/g" $CONFFILENAME
103-
perl -pi -e "s|\{\{DICEAUTH_PASSWORD\}\}|$DICEAUTH_PASSWORD|g" $CONFFILENAME
104-
perl -pi -e "s/\{\{DICEAUTH_SCOPE\}\}/$DICEAUTH_SCOPE/g" $CONFFILENAME
105-
perl -pi -e "s/\{\{DICEAUTH_TENANT\}\}/$DICEAUTH_TENANT/g" $CONFFILENAME
106-
perl -pi -e "s/\{\{DICEAUTH_USERNAME\}\}/$DICEAUTH_USERNAME/g" $CONFFILENAME
95+
perl -pi -e "s|\{\{DICEAUTH_DICE_API_KEY\}\}|$DICEAUTH_DICE_API_KEY|g" $CONFFILENAME
10796
perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME
10897
perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME
10998
perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME
@@ -135,10 +124,9 @@ perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROF
135124
perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME
136125
perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME
137126
perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME
138-
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREATE\}\}|$M2MAUTHCONFIG_USER2FA_CREATE|g" $CONFFILENAME
139-
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_UPDATE\}\}|$M2MAUTHCONFIG_USER2FA_UPDATE|g" $CONFFILENAME
140-
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_READ\}\}|$M2MAUTHCONFIG_USER2FA_READ|g" $CONFFILENAME
141-
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_DELETE\}\}|$M2MAUTHCONFIG_USER2FA_DELETE|g" $CONFFILENAME
127+
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_ENABLE\}\}|$M2MAUTHCONFIG_USER2FA_ENABLE|g" $CONFFILENAME
128+
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_VERIFY\}\}|$M2MAUTHCONFIG_USER2FA_VERIFY|g" $CONFFILENAME
129+
perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREDENTIAL\}\}|$M2MAUTHCONFIG_USER2FA_CREDENTIAL|g" $CONFFILENAME
142130
perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME
143131
perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME
144132
perl -pi -e "s/\{\{SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID\}\}/$SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID/g" $CONFFILENAME

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1518,7 +1518,7 @@ public ApiResponse updateUser2fa(
15181518
@Context HttpServletRequest request) {
15191519

15201520
TCID id = new TCID(resourceId);
1521-
validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes());
1521+
validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getEnableScopes());
15221522
// checking param
15231523
checkParam(postRequest);
15241524

@@ -1549,7 +1549,7 @@ public ApiResponse updateUser2fa(
15491549
try {
15501550
response = new Request(diceAuth.getDiceApiUrl() + "/connection/invitation", "POST")
15511551
.param("emailId", user2faInDb.getEmail())
1552-
.header("Authorization", "Bearer " + diceAuth.getToken())
1552+
.header("x-api-key", diceAuth.getDiceApiKey())
15531553
.execute();
15541554
} catch (Exception e) {
15551555
logger.error("Error when calling 2fa submit api", e);
@@ -1576,7 +1576,7 @@ public ApiResponse issueCredentials(
15761576
@Auth AuthUser authUser,
15771577
@Valid PostPutRequest<CredentialRequest> postRequest,
15781578
@Context HttpServletRequest request) {
1579-
Utils.checkAccess(authUser, user2faFactory.getCreateScopes(), Utils.AdminRoles);
1579+
Utils.checkAccess(authUser, user2faFactory.getCredentialIssuerScopes(), Utils.AdminRoles);
15801580
checkParam(postRequest);
15811581
CredentialRequest credential = postRequest.getParam();
15821582

@@ -1625,7 +1625,7 @@ public ApiResponse issueCredentials(
16251625
Response response;
16261626
try {
16271627
response = new Request(diceAuth.getDiceApiUrl() + "/cred/issuance/offer", "POST")
1628-
.header("Authorization", "Bearer " + diceAuth.getToken())
1628+
.header("x-api-key", diceAuth.getDiceApiKey())
16291629
.json(mapper.writeValueAsString(body))
16301630
.execute();
16311631
} catch (JsonProcessingException e) {
@@ -1654,7 +1654,7 @@ public ApiResponse update2faVerification(
16541654
@Valid PostPutRequest<User2fa> putRequest,
16551655
@Context HttpServletRequest request) {
16561656

1657-
Utils.checkAccess(authUser, user2faFactory.getUpdateScopes(), Utils.AdminRoles);
1657+
Utils.checkAccess(authUser, user2faFactory.getVerifyScopes(), Utils.AdminRoles);
16581658
checkParam(putRequest);
16591659
User2fa credential = putRequest.getParam();
16601660

src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java

Lines changed: 7 additions & 137 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,8 @@
11
package com.appirio.tech.core.service.identity.util.auth;
22

3-
import java.net.HttpURLConnection;
4-
import java.util.Date;
5-
63
import javax.validation.constraints.NotNull;
74

8-
import org.apache.log4j.Logger;
9-
10-
import com.appirio.tech.core.api.v3.exception.APIRuntimeException;
11-
import com.appirio.tech.core.api.v3.util.jwt.InvalidTokenException;
12-
import com.appirio.tech.core.service.identity.util.HttpUtil.Request;
13-
import com.appirio.tech.core.service.identity.util.HttpUtil.Response;
14-
import com.auth0.jwt.JWT;
15-
import com.auth0.jwt.exceptions.JWTDecodeException;
16-
import com.auth0.jwt.interfaces.DecodedJWT;
17-
import com.fasterxml.jackson.databind.ObjectMapper;
18-
195
public class DICEAuth {
20-
private static final Logger logger = Logger.getLogger(Auth0Client.class);
216

227
@NotNull
238
private String diceUrl;
@@ -29,44 +14,21 @@ public class DICEAuth {
2914
private String diceVerifier;
3015

3116
@NotNull
32-
private String tenant;
33-
34-
@NotNull
35-
private String username;
36-
37-
@NotNull
38-
private String password;
39-
40-
@NotNull
41-
private String scope;
42-
43-
@NotNull
44-
private String clientId;
45-
46-
@NotNull
47-
private String clientSecret;
17+
private String diceApiKey;
4818

4919
@NotNull
5020
private String credDefId;
5121

5222
private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview";
5323

54-
private String cachedToken;
55-
5624
public DICEAuth() {
5725
}
5826

59-
public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String tenant, String username,
60-
String password, String scope, String clientId, String clientSecret, String credDefId) {
27+
public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String diceApiKey, String credDefId) {
6128
this.diceUrl = diceUrl;
6229
this.diceApiUrl = diceApiUrl;
6330
this.diceVerifier = diceVerifier;
64-
this.tenant = tenant;
65-
this.username = username;
66-
this.password = password;
67-
this.scope = scope;
68-
this.clientId = clientId;
69-
this.clientSecret = clientSecret;
31+
this.diceApiKey = diceApiKey;
7032
this.credDefId = credDefId;
7133
}
7234

@@ -94,52 +56,12 @@ public void setDiceVerifier(String diceVerifier) {
9456
this.diceVerifier = diceVerifier;
9557
}
9658

97-
public String getTenant() {
98-
return tenant;
99-
}
100-
101-
public void setTenant(String tenant) {
102-
this.tenant = tenant;
103-
}
104-
105-
public String getUsername() {
106-
return username;
107-
}
108-
109-
public void setUsername(String username) {
110-
this.username = username;
111-
}
112-
113-
public String getPassword() {
114-
return password;
115-
}
116-
117-
public void setPassword(String password) {
118-
this.password = password;
59+
public String getDiceApiKey() {
60+
return diceApiKey;
11961
}
12062

121-
public String getScope() {
122-
return scope;
123-
}
124-
125-
public void setScope(String scope) {
126-
this.scope = scope;
127-
}
128-
129-
public String getClientId() {
130-
return clientId;
131-
}
132-
133-
public void setClientId(String clientId) {
134-
this.clientId = clientId;
135-
}
136-
137-
public String getClientSecret() {
138-
return clientSecret;
139-
}
140-
141-
public void setClientSecret(String clientSecret) {
142-
this.clientSecret = clientSecret;
63+
public void setDiceApiKey(String diceApiKey) {
64+
this.diceApiKey = diceApiKey;
14365
}
14466

14567
public String getCredDefId() {
@@ -157,56 +79,4 @@ public String getCredPreview() {
15779
public void setCredPreview(String credPreview) {
15880
this.credPreview = credPreview;
15981
}
160-
161-
public String getToken() throws Exception {
162-
Boolean isCachedTokenExpired = false;
163-
if (cachedToken != null) {
164-
if (getTokenExpiryTime(cachedToken) <= 0) {
165-
isCachedTokenExpired = true;
166-
logger.info("Application cached token expired");
167-
}
168-
}
169-
if (cachedToken == null || isCachedTokenExpired) {
170-
String url = "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token";
171-
Response response = new Request(url, "POST")
172-
.param("grant_type", "password")
173-
.param("username", getUsername())
174-
.param("password", getPassword())
175-
.param("scope", getScope())
176-
.param("client_id", getClientId())
177-
.param("client_secret", getClientSecret()).execute();
178-
if (response.getStatusCode() != HttpURLConnection.HTTP_OK) {
179-
throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
180-
String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
181-
response.getText()));
182-
}
183-
cachedToken = new ObjectMapper().readValue(response.getText(), Auth0Credential.class).getIdToken();
184-
logger.info("Fetched token from URL: " + url);
185-
}
186-
return cachedToken;
187-
}
188-
189-
/**
190-
* Get token expiry time in seconds
191-
*
192-
* @param token JWT token
193-
* throws Exception if any error occurs
194-
* @return the Integer result
195-
*/
196-
private Integer getTokenExpiryTime(String token) throws Exception {
197-
DecodedJWT decodedJWT = null;
198-
Integer tokenExpiryTime = 0;
199-
if (token != null) {
200-
try {
201-
decodedJWT = JWT.decode(token);
202-
} catch (JWTDecodeException e) {
203-
throw new InvalidTokenException(token, "Error occurred in decoding token. " + e.getLocalizedMessage(),
204-
e);
205-
}
206-
Date tokenExpiryDate = decodedJWT.getExpiresAt();
207-
Long tokenExpiryTimeInMilliSeconds = tokenExpiryDate.getTime() - (new Date().getTime()) - 60 * 1000;
208-
tokenExpiryTime = (int) Math.floor(tokenExpiryTimeInMilliSeconds / 1000);
209-
}
210-
return tokenExpiryTime;
211-
}
21282
}

0 commit comments

Comments
 (0)