Commit 5aa5bbec authored by ls1947's avatar ls1947
Browse files

Add events for tokens

parent 7ff136e2
...@@ -45,4 +45,13 @@ public enum EventType { ...@@ -45,4 +45,13 @@ public enum EventType {
SSH_KEY_REGISTRY_DENIED, SSH_KEY_REGISTRY_DENIED,
SSH_KEY_REGISTRY_DELETED, SSH_KEY_REGISTRY_DELETED,
/*
* 2FA Events
*/
TWOFA_CREATED,
TWOFA_INIT,
TWOFA_ENABLED,
TWOFA_DISABLED,
TWOFA_DELETED,
} }
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.event;
import java.util.HashMap;
import edu.kit.scc.webreg.entity.audit.AuditEntryEntity;
public class TokenEvent extends AbstractEvent<HashMap<String, Object>> {
private static final long serialVersionUID = 1L;
public TokenEvent(HashMap<String, Object> entity) {
super(entity);
}
public TokenEvent(HashMap<String, Object> entity, AuditEntryEntity audit) {
super(entity, audit);
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.event;
import java.util.HashMap;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.service.mail.TemplateMailService;
public class TokenEventMailExecutor extends
AbstractEventExecutor<TokenEvent, HashMap<String, Object>> {
private static final long serialVersionUID = 1L;
public TokenEventMailExecutor() {
super();
}
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(TokenEventMailExecutor.class);
logger.debug("Executing");
String templateName = getJobStore().get("mail_template");
if (templateName == null) {
logger.warn("No template configured for TokenEventMailExecutor");
return;
}
try {
InitialContext ic = new InitialContext();
TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
HashMap<String, Object> eventMap = getEvent().getEntity();
Map<String, Object> context = new HashMap<String, Object>();
context.put("serial", eventMap.get("serial"));
context.put("user", eventMap.get("user"));
templateMailService.sendMail(templateName, context, true);
} catch (NamingException e) {
logger.warn("Could not send email: {}", e);
}
}
}
...@@ -9,22 +9,22 @@ public interface TwoFaService { ...@@ -9,22 +9,22 @@ public interface TwoFaService {
LinotpTokenResultList findByUserId(Long userId) throws TwoFaException; LinotpTokenResultList findByUserId(Long userId) throws TwoFaException;
LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException; LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId, String executor) throws TwoFaException;
LinotpSimpleResponse disableToken(Long userId, String serial) throws TwoFaException; LinotpSimpleResponse enableToken(Long userId, String serial, String executor) throws TwoFaException;
LinotpSimpleResponse enableToken(Long userId, String serial) throws TwoFaException;
LinotpSimpleResponse checkToken(Long userId, String token) throws TwoFaException; LinotpSimpleResponse checkToken(Long userId, String token) throws TwoFaException;
Boolean hasActiveToken(Long userId) throws TwoFaException; Boolean hasActiveToken(Long userId) throws TwoFaException;
LinotpSimpleResponse deleteToken(Long userId, String serial) throws TwoFaException; LinotpSimpleResponse deleteToken(Long userId, String serial, String executor) throws TwoFaException;
LinotpSimpleResponse checkSpecificToken(Long userId, String serial, String token) throws TwoFaException; LinotpSimpleResponse checkSpecificToken(Long userId, String serial, String token) throws TwoFaException;
LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException; LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi, String executor) throws TwoFaException;
LinotpSetFieldResult initToken(Long userId, String serial, String executor) throws TwoFaException;
LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException; LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException;
} }
package edu.kit.scc.webreg.service.twofa; package edu.kit.scc.webreg.service.twofa;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
...@@ -9,7 +10,11 @@ import javax.inject.Inject; ...@@ -9,7 +10,11 @@ import javax.inject.Inject;
import org.slf4j.Logger; import org.slf4j.Logger;
import edu.kit.scc.webreg.dao.UserDao; import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.entity.EventType;
import edu.kit.scc.webreg.entity.UserEntity; import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.event.EventSubmitter;
import edu.kit.scc.webreg.event.TokenEvent;
import edu.kit.scc.webreg.exc.EventSubmitException;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection; import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse; import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult; import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
...@@ -30,6 +35,9 @@ public class TwoFaServiceImpl implements TwoFaService { ...@@ -30,6 +35,9 @@ public class TwoFaServiceImpl implements TwoFaService {
@Inject @Inject
private UserDao userDao; private UserDao userDao;
@Inject
private EventSubmitter eventSubmitter;
@Override @Override
public LinotpTokenResultList findByUserId(Long userId) throws TwoFaException { public LinotpTokenResultList findByUserId(Long userId) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
...@@ -94,18 +102,31 @@ public class TwoFaServiceImpl implements TwoFaService { ...@@ -94,18 +102,31 @@ public class TwoFaServiceImpl implements TwoFaService {
} }
@Override @Override
public LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException { public LinotpSetFieldResult initToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap); LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession(); linotpConnection.requestAdminSession();
return linotpConnection.initToken(serial); LinotpSetFieldResult response = linotpConnection.initToken(serial);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
eventMap.put("serial", serial);
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_INIT, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return response;
} }
@Override @Override
public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException { public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
...@@ -117,6 +138,19 @@ public class TwoFaServiceImpl implements TwoFaService { ...@@ -117,6 +138,19 @@ public class TwoFaServiceImpl implements TwoFaService {
if (response.getResult().isStatus() && response.getResult().isValue()) { if (response.getResult().isStatus() && response.getResult().isValue()) {
// Token succeful created // Token succeful created
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
if (response.getDetail() != null)
eventMap.put("serial", response.getDetail().getSerial());
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
// Disable it for once // Disable it for once
linotpConnection.disableToken(response.getDetail().getSerial()); linotpConnection.disableToken(response.getDetail().getSerial());
return response; return response;
...@@ -127,7 +161,7 @@ public class TwoFaServiceImpl implements TwoFaService { ...@@ -127,7 +161,7 @@ public class TwoFaServiceImpl implements TwoFaService {
} }
@Override @Override
public LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException { public LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
...@@ -141,43 +175,91 @@ public class TwoFaServiceImpl implements TwoFaService { ...@@ -141,43 +175,91 @@ public class TwoFaServiceImpl implements TwoFaService {
throw new TwoFaException("Token generation did not succeed!"); throw new TwoFaException("Token generation did not succeed!");
} }
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
if (response.getDetail() != null)
eventMap.put("serial", response.getDetail().getSerial());
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return response; return response;
} }
@Override @Override
public LinotpSimpleResponse disableToken(Long userId, String serial) throws TwoFaException { public LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap); LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession(); linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.disableToken(serial);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
eventMap.put("serial", serial);
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_DISABLED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return linotpConnection.disableToken(serial); return response;
} }
@Override @Override
public LinotpSimpleResponse enableToken(Long userId, String serial) throws TwoFaException { public LinotpSimpleResponse enableToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap); LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession(); linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.enableToken(serial);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
eventMap.put("serial", serial);
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_ENABLED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return linotpConnection.enableToken(serial); return response;
} }
@Override @Override
public LinotpSimpleResponse deleteToken(Long userId, String serial) throws TwoFaException { public LinotpSimpleResponse deleteToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId); UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user); Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap); LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession(); linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.deleteToken(serial);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
eventMap.put("serial", serial);
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_DELETED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return linotpConnection.deleteToken(serial); return response;
} }
} }
...@@ -80,7 +80,7 @@ public class TwoFaUserBean implements Serializable { ...@@ -80,7 +80,7 @@ public class TwoFaUserBean implements Serializable {
public void createAuthenticatorToken() { public void createAuthenticatorToken() {
if (! getReadOnly()) { if (! getReadOnly()) {
try { try {
createTokenResponse = twoFaService.createAuthenticatorToken(user.getId()); createTokenResponse = twoFaService.createAuthenticatorToken(user.getId(), "user-" + user.getId());
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
} catch (TwoFaException e) { } catch (TwoFaException e) {
logger.warn("TwoFaException", e); logger.warn("TwoFaException", e);
...@@ -91,10 +91,20 @@ public class TwoFaUserBean implements Serializable { ...@@ -91,10 +91,20 @@ public class TwoFaUserBean implements Serializable {
public void createYubicoToken() { public void createYubicoToken() {
if (! getReadOnly()) { if (! getReadOnly()) {
try { try {
LinotpInitAuthenticatorTokenResponse response = twoFaService.createYubicoToken(user.getId(), yubicoCode); LinotpInitAuthenticatorTokenResponse response = twoFaService.createYubicoToken(user.getId(), yubicoCode, "user-" + user.getId());
if (response.getResult().isStatus() && response.getResult().isValue()) { if (response.getResult().isStatus() && response.getResult().isValue()) {
if (response != null && response.getDetail() != null) {
String serial = response.getDetail().getSerial();
twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
}
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation
sessionManager.setTwoFaElevation(Instant.now());
}
} }
else { else {
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true); messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
...@@ -114,14 +124,14 @@ public class TwoFaUserBean implements Serializable { ...@@ -114,14 +124,14 @@ public class TwoFaUserBean implements Serializable {
try { try {
if (createTokenResponse != null && createTokenResponse.getDetail() != null) { if (createTokenResponse != null && createTokenResponse.getDetail() != null) {
String serial = createTokenResponse.getDetail().getSerial(); String serial = createTokenResponse.getDetail().getSerial();
LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial); LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial, "user-" + user.getId());
if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) { if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
response = twoFaService.checkSpecificToken(user.getId(), serial, totpCode); response = twoFaService.checkSpecificToken(user.getId(), serial, totpCode);
if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) { if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
// success, Token stays active, set correct description // success, Token stays active, set correct description
twoFaService.initToken(user.getId(), serial); twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if (tokenList.size() == 1) { if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation // this was the first token. We have to set 2fa elevation
...@@ -133,7 +143,7 @@ public class TwoFaUserBean implements Serializable { ...@@ -133,7 +143,7 @@ public class TwoFaUserBean implements Serializable {
} }
else { else {
// wrong code, disable token // wrong code, disable token
response = twoFaService.disableToken(user.getId(), serial); response = twoFaService.disableToken(user.getId(), serial, "user-" + user.getId());
totpCode = ""; totpCode = "";
} }
} }
...@@ -146,7 +156,7 @@ public class TwoFaUserBean implements Serializable { ...@@ -146,7 +156,7 @@ public class TwoFaUserBean implements Serializable {
public void enableToken(String serial) { public void enableToken(String serial) {
if (! getReadOnly()) { if (! getReadOnly()) {
try { try {
LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial); LinotpSimpleResponse response = twoFaService.enableToken(user.getId(), serial, "user-" + user.getId());
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if ((response.getResult() != null) && response.getResult().isStatus() && if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) { response.getResult().isValue()) {
...@@ -165,7 +175,7 @@ public class TwoFaUserBean implements Serializable { ...@@ -165,7 +175,7 @@ public class TwoFaUserBean implements Serializable {
public void disableToken(String serial) { public void disableToken(String serial) {
if (! getReadOnly()) { if (! getReadOnly()) {
try { try {
LinotpSimpleResponse response = twoFaService.disableToken(user.getId(), serial); LinotpSimpleResponse response = twoFaService.disableToken(user.getId(), serial, "user-" + user.getId());
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if ((response.getResult() != null) && response.getResult().isStatus() && if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) { response.getResult().isValue()) {
...@@ -184,7 +194,7 @@ public class TwoFaUserBean implements Serializable { ...@@ -184,7 +194,7 @@ public class TwoFaUserBean implements Serializable {
public void deleteToken(String serial) { public void deleteToken(String serial) {
if (! getReadOnly()) { if (! getReadOnly()) {
try { try {
LinotpSimpleResponse response = twoFaService.deleteToken(user.getId(), serial); LinotpSimpleResponse response = twoFaService.deleteToken(user.getId(), serial, "user-" + user.getId());
tokenList = twoFaService.findByUserId(sessionManager.getUserId()); tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if ((response.getResult() != null) && response.getResult().isStatus() && if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) { response.getResult().isValue()) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment