add api to update user2fa

Author: eisbilir

buildtokenproperties.sh

@@ -16,6 +16,7 @@ AUTH0_NEW_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_ID_SECRET")
 AUTH0_NEW_NONINTERACTIVE_ID=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIVE_ID")
 AUTH0_NEW_NONINTERACTIVE_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIVE_ID_SECRET")
 DICEAUTH_DICE_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_URL")
+DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL")
 DICEAUTH_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_API_KEY")
 DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID")
 ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID")
@@ -89,6 +90,7 @@ perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID\}\}/$AUTH0_NEW_NONINTERACTIVE_ID/
 perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID_SECRET\}\}/$AUTH0_NEW_NONINTERACTIVE_ID_SECRET/g" $CONFFILENAME 
 echo $DICEAUTH_DICE_URL
 perl -pi -e "s|\{\{DICEAUTH_DICE_URL\}\}|$DICEAUTH_DICE_URL|g" $CONFFILENAME 
+perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_API_KEY\}\}/$DICEAUTH_API_KEY/g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME 

src/main/java/com/appirio/tech/core/service/identity/clients/EventBusServiceClient.java

@@ -9,6 +9,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.net.SocketTimeoutException;
+
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation;
@@ -87,7 +89,11 @@ public void reFireEvent(EventMessage eventMessage) {
             if (response.getStatusInfo().getStatusCode() != HttpStatus.OK_200 &&  response.getStatusInfo().getStatusCode()!= HttpStatus.NO_CONTENT_204) {
                 LOGGER.error("Unable to fire the event: {}", response);
             }
-        }  catch (Exception e) {
+        } catch (SocketTimeoutException e) {
+                if(!e.getMessage().equals("Read timed out")) {
+                    LOGGER.error("Failed to fire the event: {}", e);
+                }
+        } catch (Exception e) {
             LOGGER.error("Failed to fire the event: {}", e);
         }
     }

src/main/java/com/appirio/tech/core/service/identity/dao/UserDAO.java

@@ -36,7 +36,7 @@
 import com.appirio.tech.core.service.identity.representation.Achievement;
 import com.appirio.tech.core.service.identity.representation.Country;
 import com.appirio.tech.core.service.identity.representation.Credential;
-import com.appirio.tech.core.service.identity.representation.CredentialVerification;
+import com.appirio.tech.core.service.identity.representation.User2fa;
 import com.appirio.tech.core.service.identity.representation.Email;
 import com.appirio.tech.core.service.identity.representation.GroupMembership;
 import com.appirio.tech.core.service.identity.representation.ProviderType;
@@ -98,9 +98,11 @@ public abstract class UserDAO implements DaoBase<User>, Transactional<UserDAO> {
     @SqlQuery(
             "SELECT " + USER_COLUMNS + ", " +
             "s.password AS credential$encodedPassword, e.address AS email, e.status_id AS emailStatus " +
+            "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " +
             "FROM common_oltp.user AS u " +
             "LEFT OUTER JOIN common_oltp.email AS e ON u.user_id = e.user_id AND e.email_type_id = 1 AND e.primary_ind = 1 " +
             "LEFT OUTER JOIN common_oltp.security_user AS s ON u.user_id = s.login_id " +
+            "LEFT JOIN common_oltp.user_2fa mfa ON mfa.user_id = u.user_id " +
             "WHERE u.user_id = :id"
     )
     public abstract User findUserById(@Bind("id") long id);
@@ -130,18 +132,33 @@ public abstract class UserDAO implements DaoBase<User>, Transactional<UserDAO> {
 
     @RegisterMapperFactory(TCBeanMapperFactory.class)
     @SqlQuery(
-            "SELECT ud.id AS id, u.user_id AS userId, e.address AS email, ud.enabled AS enabled, ud.verified AS verified " +
+            "SELECT mfa.id AS id, u.user_id AS userId, u.handle AS handle, u.first_name AS firstName, e.address AS email, mfa.enabled AS enabled, mfa.verified AS verified " +
             "FROM common_oltp.user AS u JOIN common_oltp.email AS e ON e.user_id = u.user_id " +
-            "LEFT JOIN common_oltp.user_2fa AS ud ON ud.user_id = u.user_id " +
+            "LEFT JOIN common_oltp.user_2fa AS mfa ON mfa.user_id = u.user_id " +
             "WHERE LOWER(e.address) = LOWER(:email)"
     )
-    public abstract List<CredentialVerification> findUser2faByEmail(@Bind("email") String email);
+    public abstract List<User2fa> findUser2faByEmail(@Bind("email") String email);
+
+    @SqlQuery(
+            "SELECT mfa.id AS id, u.user_id AS userId, u.handle AS handle, u.first_name AS firstName, e.address AS email, maf.enabled AS enabled, mfa.verified AS verified " +
+            "FROM common_oltp.user AS u LEFT JOIN common_oltp.email AS e ON e.user_id = u.user_id " +
+            "LEFT JOIN common_oltp.user_2fa AS mfa ON mfa.user_id = u.user_id " +
+            "WHERE u.user_id = :userId"
+    )
+    public abstract User2fa findUser2faById(@Bind("userId") long userId);
+
+    @SqlUpdate(
+            "INSERT INTO common_oltp.user_2fa " +
+            "(user_id, enabled) VALUES " +
+            "(:userId, :enabled)")
+    public abstract int insertUser2fa(@Bind("userId") long userId, @Bind("enabled") boolean enabled);
 
     @SqlUpdate(
             "UPDATE common_oltp.user_2fa SET " +
+            "enabled=:enabled " +
             "verified=:verified " +
             "WHERE id=:id")
-    public abstract int update2faVerification(@Bind("id") long id, @Bind("verified") boolean verified);
+    public abstract int update2fa(@Bind("id") long id, @Bind("enabled") boolean enabled, @Bind("verified") boolean verified);
 
     @RegisterMapperFactory(TCBeanMapperFactory.class)
     @SqlQuery(
@@ -156,7 +173,9 @@ public abstract class UserDAO implements DaoBase<User>, Transactional<UserDAO> {
     @SqlQuery(
             "SELECT " + USER_COLUMNS + ", " +
             "e.address AS email, e.status_id AS emailStatus " +
+            "mfa.enabled AS mfaEnabled, mfa.verified AS mfaVerified " +
             "FROM common_oltp.user AS u " +
+            "LEFT JOIN common_oltp.user_2fa AS mfa ON mfa.user_id = u.user_id " +
             "<joinOnEmail> common_oltp.email AS e ON u.user_id = e.user_id AND e.primary_ind = 1 " +
             "<condition> " +
             "<order> " +
@@ -385,15 +404,15 @@ public User findUserByEmail(String email) {
         return users.get(0);
     }
 
-    public CredentialVerification findUserCredentialByEmail(String email) {
-        List<CredentialVerification> users = findUser2faByEmail(email);
+    public User2fa findUserCredentialByEmail(String email) {
+        List<User2fa> users = findUser2faByEmail(email);
         if(users==null || users.size()==0)
             return null;
 
         if(users.size()==1)
             return users.get(0);
 
-        for (CredentialVerification user : users) {
+        for (User2fa user : users) {
             if(user.getEmail().equals(email))
                 return user;
         }

src/main/java/com/appirio/tech/core/service/identity/representation/CredentialInvitation.java

@@ -1,9 +1,11 @@
 package com.appirio.tech.core.service.identity.representation;
 
-public class CredentialVerification {
+public class User2fa {
 
 	private long id;
 	private long userId;
+	private String handle;
+	private String firstName;
 	private String email;
 	private Boolean enabled;
 	private Boolean verified;
@@ -24,6 +26,22 @@ public void setUserId(long userId) {
 		this.userId = userId;
 	}
 
+	public String getHandle() {
+		return handle;
+	}
+
+	public void setHandle(String handle) {
+		this.handle = handle;
+	}
+
+	public String getFirstName() {
+		return firstName;
+	}
+
+	public void setFirstName(String firstName) {
+		this.firstName = firstName;
+	}
+
 	public String getEmail() {
 		return email;
 	}

…presentation/CredentialVerification.java …ice/identity/representation/User2fa.javasrc/main/java/com/appirio/tech/core/service/identity/representation/CredentialVerification.java renamed to src/main/java/com/appirio/tech/core/service/identity/representation/User2fa.java src/main/java/com/appirio/tech/core/service/identity/representation/CredentialVerification.java renamed to src/main/java/com/appirio/tech/core/service/identity/representation/User2fa.java

@@ -58,9 +58,8 @@
 import com.appirio.tech.core.service.identity.representation.Achievement;
 import com.appirio.tech.core.service.identity.representation.Country;
 import com.appirio.tech.core.service.identity.representation.Credential;
-import com.appirio.tech.core.service.identity.representation.CredentialInvitation;
 import com.appirio.tech.core.service.identity.representation.CredentialRequest;
-import com.appirio.tech.core.service.identity.representation.CredentialVerification;
+import com.appirio.tech.core.service.identity.representation.User2fa;
 import com.appirio.tech.core.service.identity.representation.Email;
 import com.appirio.tech.core.service.identity.representation.ProviderType;
 import com.appirio.tech.core.service.identity.representation.Role;
@@ -1504,6 +1503,67 @@ public ApiResponse validateSocial(
                 createValidationResult((err == null), err));
     }
 
+    @PATCH
+    @Path("/{resourceId}/2fa")
+    @Timed
+    public ApiResponse updateUser2fa(
+            @Auth AuthUser authUser,
+            @PathParam("resourceId") String resourceId,
+            @Valid PostPutRequest<User2fa> postRequest,
+            @Context HttpServletRequest request) {
+
+        logger.info(String.format("update user 2fa(%s)", resourceId));
+
+        TCID id = new TCID(resourceId);
+        validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes());
+        // checking param
+        checkParam(postRequest);
+        
+        User2fa user2fa = postRequest.getParam();
+
+        if(user2fa.getEnabled() == null) {
+            throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "enabled"));
+        }
+
+        Long userId = Utils.toLongValue(id);
+        
+        logger.info(String.format("findUserById(%s)", resourceId));
+        User2fa user2faInDb = userDao.findUser2faById(userId);
+        if(user2faInDb==null)
+            throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND);
+        
+        Boolean shouldSendInvite = false;
+        if(user2faInDb.getEnabled() == null) {
+            userDao.insertUser2fa(userId, user2fa.getEnabled());
+            shouldSendInvite = user2fa.getEnabled();
+        } else if(!user2faInDb.getEnabled().equals(user2fa.getEnabled())) {
+            userDao.update2fa(user2faInDb.getId(), user2fa.getEnabled(), false);
+            shouldSendInvite = user2fa.getEnabled();
+        }
+
+        if (shouldSendInvite) {
+            Response response;
+            try {
+                response = new Request(diceAuth.getDiceApiUrl() + "/v1/connection/submit", "POST")
+                        .param("emailId", user2faInDb.getEmail())
+                        .header("x-api-key", diceAuth.getApiKey())
+                        .execute();
+            } catch (Exception e) {
+                logger.error("Error when calling 2fa submit api", e);
+                throw new APIRuntimeException(SC_INTERNAL_SERVER_ERROR, "Error when calling 2fa submit api");
+            }
+            if (response.getStatusCode() != HttpURLConnection.HTTP_CREATED) {
+                throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
+                        String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
+                                response.getMessage()));
+            }
+            logger.info(response.getText());
+            send2faInvitationEmailEvent(user2faInDb, diceAuth.getDiceUrl() + "/verify/" + response.getText());
+        }
+        
+        return ApiResponseFactory.createResponse("SUCCESS");
+    }
+
     @POST
     @Path("/2faCredentials")
     @Timed
@@ -1524,15 +1584,15 @@ public ApiResponse issueCredentials(
         logger.info(String.format("issue credential (%s)", credential.getEmail()));
 
         // find user by email
-        User user = userDao.findUserByEmail(credential.getEmail());
+        User2fa user = userDao.findUserCredentialByEmail(credential.getEmail());
 
         // return 404 if user is not found
         if(user == null)
             throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND);
-        if(user.getMfaEnabled() == null || !user.getMfaEnabled()) {
+        if(user.getEnabled() == null || !user.getEnabled()) {
             throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");
         }
-        List<Role> roles = roleDao.getRolesBySubjectId(Long.parseLong(user.getId().getId()));
+        List<Role> roles = roleDao.getRolesBySubjectId(user.getUserId());
         ObjectMapper mapper = new ObjectMapper();
         ObjectNode body = mapper.createObjectNode();
         body.put("comment", "TC credential");
@@ -1559,7 +1619,7 @@ public ApiResponse issueCredentials(
         preview.set("attributes", attributes);
         Response response;
         try {
-            response = new Request(diceAuth.getDiceUrl()+"/v1/credentialoffer/api/credentialoffer", "POST")
+            response = new Request(diceAuth.getDiceApiUrl()+"/v1/credentialoffer/api/credentialoffer", "POST")
                     .header("x-api-key", diceAuth.getApiKey())
             		.json(mapper.writeValueAsString(body))
             		.execute();
@@ -1583,12 +1643,12 @@ public ApiResponse issueCredentials(
     @Timed
     public ApiResponse update2faVerification(
             @Auth AuthUser authUser,
-            @Valid PostPutRequest<CredentialVerification> putRequest,
+            @Valid PostPutRequest<User2fa> putRequest,
             @Context HttpServletRequest request) {
 
         Utils.checkAccess(authUser, user2faFactory.getUpdateScopes(), Utils.AdminRoles);
         checkParam(putRequest);
-        CredentialVerification credential = putRequest.getParam();
+        User2fa credential = putRequest.getParam();
 
         if(credential.getEmail() == null || credential.getEmail().length() == 0) {
             throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Email address"));
@@ -1599,7 +1659,7 @@ public ApiResponse update2faVerification(
         logger.info(String.format("update 2fa verification (%s) - %b", credential.getEmail(), credential.getVerified()));
 
         // find user by email
-        CredentialVerification credVerification = userDao.findUserCredentialByEmail(credential.getEmail());
+        User2fa credVerification = userDao.findUserCredentialByEmail(credential.getEmail());
 
         // return 404 if user is not found
         if(credVerification == null)
@@ -1609,43 +1669,11 @@ public ApiResponse update2faVerification(
             throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");
         }
         if(!credVerification.getVerified().equals(credential.getVerified())) {
-            userDao.update2faVerification(credVerification.getId(), credential.getVerified());
+            userDao.update2fa(credVerification.getId(), true, credential.getVerified());
         }
         return ApiResponseFactory.createResponse("User verification updated");
     }
 
-    @POST
-    @Path("/2faInvitation")
-    @Timed
-    public ApiResponse send2faInvitation(
-            @Auth AuthUser authUser,
-            @Valid PostPutRequest<CredentialInvitation> postRequest,
-            @Context HttpServletRequest request) {
-        Utils.checkAccess(authUser, user2faFactory.getCreateScopes(), Utils.AdminRoles);
-        checkParam(postRequest);
-        CredentialInvitation invitation = postRequest.getParam();
-
-        if(invitation.getEmail() == null || invitation.getEmail().length() == 0) {
-            throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Email address"));
-        }
-        if(invitation.getInvitationUrl() == null || invitation.getInvitationUrl().length() == 0) {
-            throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Invitation Url"));
-        }
-        logger.info(String.format("send 2fa invitation to (%s)", invitation.getEmail()));
-
-        // find user by email
-        User user = userDao.findUserByEmail(invitation.getEmail());
-
-        // return 404 if user is not found
-        if(user == null)
-            throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND);
-        if(user.getMfaEnabled() == null || !user.getMfaEnabled()) {
-            throw new APIRuntimeException(SC_BAD_REQUEST, "2FA is not enabled for user");
-        }
-        send2faInvitationEmailEvent(user, invitation.getInvitationUrl());
-        return ApiResponseFactory.createResponse("SUCCESS");
-    }
-
     @POST
     @Path("/oneTimeToken")
     @Timed
@@ -2061,7 +2089,7 @@ private void sendActivationEmailEvent(User user, String redirectUrl) {
         }
     }
 
-    private void send2faInvitationEmailEvent(User user, String inviteLink) {
+    private void send2faInvitationEmailEvent(User2fa user, String inviteLink) {
 
         EventMessage msg = EventMessage.getDefault();
         msg.setTopic("external.action.email");
@@ -2086,11 +2114,7 @@ private void send2faInvitationEmailEvent(User user, String inviteLink) {
         payload.put("recipients", recipients);
 
         msg.setPayload(payload);
-        try {
-            this.eventBusServiceClient.reFireEvent(msg);
-        } catch (Exception e) {
-            logger.error("Error occured while publishing the events to new kafka.");
-        }
+        this.eventBusServiceClient.reFireEvent(msg);
     }
 
     private void sendWelcomeEmailEvent(User user) {