Add events for tokens

5aa5bbec · ls1947 · 7ff136e2 · 5aa5bbec · 5aa5bbec · 5aa5bbec
Commit 5aa5bbec authored Jul 23, 2020 by ls1947
--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/EventType.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/EventType.java
@@ -45,4 +45,13 @@ public enum EventType {
 	SSH_KEY_REGISTRY_DENIED,
 	SSH_KEY_REGISTRY_DELETED,
+	/*
+	 * 2FA Events
+	 */
+	TWOFA_CREATED,
+	TWOFA_INIT,
+	TWOFA_ENABLED,
+	TWOFA_DISABLED,
+	TWOFA_DELETED,
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/TokenEvent.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/TokenEvent.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.event;
+import java.util.HashMap;
+import edu.kit.scc.webreg.entity.audit.AuditEntryEntity;
+public class TokenEvent extends AbstractEvent<HashMap<String, Object>> {
+	private static final long serialVersionUID = 1L;
+	public TokenEvent(HashMap<String, Object> entity) {
+		super(entity);
+	}
+	public TokenEvent(HashMap<String, Object> entity, AuditEntryEntity audit) {
+		super(entity, audit);
+	}
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/TokenEventMailExecutor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/TokenEventMailExecutor.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.event;
+import java.util.HashMap;
+import java.util.Map;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import edu.kit.scc.webreg.service.mail.TemplateMailService;
+public class TokenEventMailExecutor extends
+		AbstractEventExecutor<TokenEvent, HashMap<String, Object>> {
+	private static final long serialVersionUID = 1L;
+	public TokenEventMailExecutor() {
+		super();
+	}
+	@Override
+	public void execute() {
+		Logger logger = LoggerFactory.getLogger(TokenEventMailExecutor.class);
+		logger.debug("Executing");
+		String templateName = getJobStore().get("mail_template");
+		if (templateName == null) {
+			logger.warn("No template configured for TokenEventMailExecutor");
+			return;
+		}
+		try {
+			InitialContext ic = new InitialContext();
+			TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
+			HashMap<String, Object> eventMap = getEvent().getEntity();
+			Map<String, Object> context = new HashMap<String, Object>();
+			context.put("serial", eventMap.get("serial"));
+			context.put("user", eventMap.get("user"));
+			templateMailService.sendMail(templateName, context, true);
+		} catch (NamingException e) {
+			logger.warn("Could not send email: {}", e);
+		}
+	}
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
@@ -9,22 +9,22 @@ public interface TwoFaService {
 	LinotpTokenResultList findByUserId(Long userId) throws TwoFaException;
-	LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException;
+	LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId, String executor) throws TwoFaException;
-	LinotpSimpleResponse disableToken(Long userId, String serial) throws TwoFaException;
+	LinotpSimpleResponse enableToken(Long userId, String serial, String executor) throws TwoFaException;
-	LinotpSimpleResponse enableToken(Long userId, String serial) throws TwoFaException;
 	LinotpSimpleResponse checkToken(Long userId, String token) throws TwoFaException;
 	Boolean hasActiveToken(Long userId) throws TwoFaException;
-	LinotpSimpleResponse deleteToken(Long userId, String serial) throws TwoFaException;
+	LinotpSimpleResponse deleteToken(Long userId, String serial, String executor) throws TwoFaException;
 	LinotpSimpleResponse checkSpecificToken(Long userId, String serial, String token) throws TwoFaException;
-	LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException;
+	LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi, String executor) throws TwoFaException;
+	LinotpSetFieldResult initToken(Long userId, String serial, String executor) throws TwoFaException;
-	LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException;
+	LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException;
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
 package edu.kit.scc.webreg.service.twofa;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -9,7 +10,11 @@ import javax.inject.Inject;
 import org.slf4j.Logger;
 import edu.kit.scc.webreg.dao.UserDao;
+import edu.kit.scc.webreg.entity.EventType;
 import edu.kit.scc.webreg.entity.UserEntity;
+import edu.kit.scc.webreg.event.EventSubmitter;
+import edu.kit.scc.webreg.event.TokenEvent;
+import edu.kit.scc.webreg.exc.EventSubmitException;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
@@ -30,6 +35,9 @@ public class TwoFaServiceImpl implements TwoFaService {
 	@Inject
 	private UserDao userDao;
+	@Inject
+	private EventSubmitter eventSubmitter;
 	@Override
 	public LinotpTokenResultList findByUserId(Long userId) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
@@ -94,18 +102,31 @@ public class TwoFaServiceImpl implements TwoFaService {
 	}
 	@Override
-	public LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException {
+	public LinotpSetFieldResult initToken(Long userId, String serial, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
 		LinotpConnection linotpConnection = new LinotpConnection(configMap);
 		linotpConnection.requestAdminSession();
-		return linotpConnection.initToken(serial);
+		LinotpSetFieldResult response = linotpConnection.initToken(serial);
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		eventMap.put("serial", serial);
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_INIT, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return response;
 	}
 	@Override
-	public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException {
+	public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
@@ -117,6 +138,19 @@ public class TwoFaServiceImpl implements TwoFaService {
 		if (response.getResult().isStatus() && response.getResult().isValue()) {
 			// Token succeful created
+			HashMap<String, Object> eventMap = new HashMap<String, Object>();
+			eventMap.put("user", user);
+			eventMap.put("respone", response);
+			if (response.getDetail() != null)
+				eventMap.put("serial", response.getDetail().getSerial());
+			TokenEvent event = new TokenEvent(eventMap);
+			try {
+				eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
+			} catch (EventSubmitException e) {
+				logger.warn("Could not submit event", e);
+			}
 			// Disable it for once
 			linotpConnection.disableToken(response.getDetail().getSerial());
 			return response;
@@ -127,7 +161,7 @@ public class TwoFaServiceImpl implements TwoFaService {
 	}
 	@Override
-	public LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException {
+	public LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
@@ -141,43 +175,91 @@ public class TwoFaServiceImpl implements TwoFaService {
 			throw new TwoFaException("Token generation did not succeed!");
 		}
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		if (response.getDetail() != null)
+			eventMap.put("serial", response.getDetail().getSerial());
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
 		return response;
 	}
 	@Override
-	public LinotpSimpleResponse disableToken(Long userId, String serial) throws TwoFaException {
+	public LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
 		LinotpConnection linotpConnection = new LinotpConnection(configMap);
 		linotpConnection.requestAdminSession();
+		LinotpSimpleResponse response = linotpConnection.disableToken(serial);
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		eventMap.put("serial", serial);
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_DISABLED, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
-		return linotpConnection.disableToken(serial);
+		return response;
 	}
 	@Override
-	public LinotpSimpleResponse enableToken(Long userId, String serial) throws TwoFaException {
+	public LinotpSimpleResponse enableToken(Long userId, String serial, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
 		LinotpConnection linotpConnection = new LinotpConnection(configMap);
 		linotpConnection.requestAdminSession();
+		LinotpSimpleResponse response = linotpConnection.enableToken(serial);
-		return linotpConnection.enableToken(serial);
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		eventMap.put("serial", serial);
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_ENABLED, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return response;
 	}
 	@Override
-	public LinotpSimpleResponse deleteToken(Long userId, String serial) throws TwoFaException {
+	public LinotpSimpleResponse deleteToken(Long userId, String serial, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);
 		Map<String, String> configMap = configResolver.resolveConfig(user);
 		LinotpConnection linotpConnection = new LinotpConnection(configMap);
 		linotpConnection.requestAdminSession();
+		LinotpSimpleResponse response = linotpConnection.deleteToken(serial);
-		return linotpConnection.deleteToken(serial);
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		eventMap.put("serial", serial);
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_DELETED, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return response;
 	}
 }
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
@@ -80,7 +80,7 @@ public class TwoFaUserBean implements Serializable {
 	public void createAuthenticatorToken() {
 		if (! getReadOnly()) {
 			try {
-				createTokenResponse = twoFaService.createAuthenticatorToken(user.getId());
+				createTokenResponse = twoFaService.createAuthenticatorToken(user.getId(), "user-" + user.getId());
 				tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 			} catch (TwoFaException e) {
 				logger.warn("TwoFaException", e);
@@ -91,10 +91,20 @@ public class TwoFaUserBean implements Serializable {
 	public void createYubicoToken() {
 		if (! getReadOnly()) {
 			try {
-				LinotpInitAuthenticatorTokenResponse response = twoFaService.createYubicoToken(user.getId(), yubicoCode);
+				LinotpInitAuthenticatorTokenResponse response = twoFaService.createYubicoToken(user.getId(), yubicoCode, "user-" + user.getId());
 				if (response.getResult().isStatus() && response.getResult().isValue()) {
+					if (response != null && response.getDetail() != null) {
+						String serial = response.getDetail().getSerial();
+						twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
+					}
 					tokenList = twoFaService.findByUserId(sessionManager.getUserId());
+					if (tokenList.size() == 1) {
+						// this was the first token. We have to set 2fa elevation
+						sessionManager.setTwoFaElevation(Instant.now());
+					}					
 				}
 				else {
 					messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
@@ -114,14 +124,14 @@ public class TwoFaUserBean implements Serializable {
 		try {
 			if (createTokenResponse != null && createTokenResponse.getDetail() != null) {
 				String serial = createTokenResponse.getDetail().getSerial();
-				LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial);
+				LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial, "user-" + user.getId());
 				if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
 					response = twoFaService.checkSpecificToken(user.getId(), serial, totpCode);
 					if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
 						// success, Token stays active, set correct description
-						twoFaService.initToken(user.getId(), serial);
+						twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
 						tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 						if (tokenList.size() == 1) {
 							// this was the first token. We have to set 2fa elevation
@@ -133,7 +143,7 @@ public class TwoFaUserBean implements Serializable {
 					} 
 					else {
 						// wrong code, disable token
-						response = twoFaService.disableToken(user.getId(), serial);
+						response = twoFaService.disableToken(user.getId(), serial, "user-" + user.getId());
 						totpCode = "";
 					}
 				}
@@ -146,7 +156,7 @@ public class TwoFaUserBean implements Serializable {
 	public void enableToken(String serial) {
 		if (! getReadOnly()) {
 			try {
-				LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial);
+				LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial, "user-" + user.getId());
 				tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 				if ((response.getResult() != null) && response.getResult().isStatus() &&
 						response.getResult().isValue()) {
@@ -165,7 +175,7 @@ public class TwoFaUserBean implements Serializable {
 	public void disableToken(String serial) {
 		if (! getReadOnly()) {
 			try {
-				LinotpSimpleResponse response = twoFaService.disableToken(user.getId(), serial);
+				LinotpSimpleResponse response = twoFaService.disableToken(user.getId(), serial, "user-" + user.getId());
 				tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 				if ((response.getResult() != null) && response.getResult().isStatus() &&
 						response.getResult().isValue()) {
@@ -184,7 +194,7 @@ public class TwoFaUserBean implements Serializable {
 	public void deleteToken(String serial) {
 		if (! getReadOnly()) {
 			try {
-				LinotpSimpleResponse response = twoFaService.deleteToken(user.getId(), serial);
+				LinotpSimpleResponse response = twoFaService.deleteToken(user.getId(), serial, "user-" + user.getId());
 				tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 				if ((response.getResult() != null) && response.getResult().isStatus() &&
 						response.getResult().isValue()) {