Track correct status in linotp token description field

5b781af2 · ls1947 · 9ef6777c · 5b781af2 · 5b781af2 · 5b781af2
Commit 5b781af2 authored Jul 14, 2020 by ls1947
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
 package edu.kit.scc.webreg.service.twofa;

 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
+import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;

@@ -24,4 +25,6 @@ public interface TwoFaService {

 	LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi) throws TwoFaException;

+	LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException;
+
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
@@ -12,6 +12,7 @@ import edu.kit.scc.webreg.dao.UserDao;
 import edu.kit.scc.webreg.entity.UserEntity;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
+import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpShowUserResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpToken;
@@ -92,6 +93,17 @@ public class TwoFaServiceImpl implements TwoFaService {
 		return linotpConnection.checkSpecificToken(serial, token);
 	}

+	@Override
+	public LinotpSetFieldResult initToken(Long userId, String serial) throws TwoFaException {
+		UserEntity user = userDao.findById(userId);
+		
+		Map<String, String> configMap = configResolver.resolveConfig(user);
+
+		LinotpConnection linotpConnection = new LinotpConnection(configMap);
+		linotpConnection.requestAdminSession();
+		return linotpConnection.initToken(serial);
+	}
+	
 	@Override
 	public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpConnection.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpConnection.java
@@ -3,7 +3,9 @@ package edu.kit.scc.webreg.service.twofa.linotp;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.List;
 import java.util.Map;

@@ -166,7 +168,7 @@ public class LinotpConnection {
 			nvps.add(new BasicNameValuePair("genkey", "1"));
 			nvps.add(new BasicNameValuePair("hashlib", "sha1"));
 			nvps.add(new BasicNameValuePair("timeStep", "30"));
-			nvps.add(new BasicNameValuePair("description", "This is a description"));
+			nvps.add(new BasicNameValuePair("description", "INIT,DELABLE,BWIDM,TS " + formatDate() + ","));

 			if (configMap.containsKey("userId"))
 			    nvps.add(new BasicNameValuePair("user", configMap.get("userId")));
@@ -227,6 +229,37 @@ public class LinotpConnection {
 			throw new TwoFaException(e);
 		}		
 	}
+
+	public LinotpSetFieldResult initToken(String serial) throws TwoFaException {
+		return setTokenField(serial, "description", "ACTIVE,DELABLE,TS " + formatDate() + ",");
+	}
+	
+	public LinotpSetFieldResult setTokenField(String serial, String key, String value) throws TwoFaException {
+		try {
+			HttpPost httpPost = new HttpPost(configMap.get("url") + "/admin/set");
+			List<NameValuePair> nvps = new ArrayList <NameValuePair>();
+			if (configMap.containsKey("realm"))
+				nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
+			nvps.add(new BasicNameValuePair("session", adminSession));
+			nvps.add(new BasicNameValuePair("serial", serial));
+			nvps.add(new BasicNameValuePair(key, value));
+			httpPost.setEntity(new UrlEncodedFormEntity(nvps));
+			
+			CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
+			try {
+			    HttpEntity entity = response.getEntity();
+			    String responseString = EntityUtils.toString(entity);
+			    logger.trace(responseString);
+
+			    return resultParser.parseSetFieldResponse(responseString);
+
+			} finally {
+				response.close();
+			}
+		} catch (ParseException | IOException e) {
+			throw new TwoFaException(e);
+		}		
+	}
 	
 	public LinotpSimpleResponse disableToken(String serial) throws TwoFaException {
 		try {
@@ -381,4 +414,9 @@ public class LinotpConnection {
        	return null;
        }
 	}
+	
+	protected String formatDate() {
+		SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd hh:mm");
+		return formatter.format(new Date());
+	}
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpResultParser.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpResultParser.java
@@ -44,4 +44,14 @@ public class LinotpResultParser {
 		}		
 	}

+	public LinotpSetFieldResult parseSetFieldResponse(String responseString) throws TwoFaException {
+		try {
+			LinotpSetFieldResult response = 
+					om.readValue(responseString, LinotpSetFieldResult.class);
+			return response;
+		} catch (IOException e) {
+			throw new TwoFaException(e);
+		}		
+	}
+
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResponse.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResponse.java
+package edu.kit.scc.webreg.service.twofa.linotp;
+
+import java.io.Serializable;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class LinotpSetFieldResponse implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	private String version;
+	
+	@JsonProperty("jsonrpc")
+	private String jsonRpc;
+	
+	private LinotpSetFieldResult result;
+	
+	private Integer id;
+
+	public String getVersion() {
+		return version;
+	}
+	
+	public void setVersion(String version) {
+		this.version = version;
+	}
+	
+	public String getJsonRpc() {
+		return jsonRpc;
+	}
+	
+	public void setJsonRpc(String jsonRpc) {
+		this.jsonRpc = jsonRpc;
+	}
+
+	public Integer getId() {
+		return id;
+	}
+
+	public void setId(Integer id) {
+		this.id = id;
+	}
+
+	public LinotpSetFieldResult getResult() {
+		return result;
+	}
+
+	public void setResult(LinotpSetFieldResult result) {
+		this.result = result;
+	}
+	
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResult.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpSetFieldResult.java
+package edu.kit.scc.webreg.service.twofa.linotp;
+
+import java.util.Map;
+
+public class LinotpSetFieldResult {
+
+	private boolean status;
+	private Map<String, Object> value;
+
+	public boolean isStatus() {
+		return status;
+	}
+
+	public void setStatus(boolean status) {
+		this.status = status;
+	}
+
+	public Map<String, Object> getValue() {
+		return value;
+	}
+
+	public void setValue(Map<String, Object> value) {
+		this.value = value;
+	}
+}
\ No newline at end of file
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
@@ -120,7 +120,8 @@ public class TwoFaUserBean implements Serializable {
 				
 					response = twoFaService.checkSpecificToken(user.getId(), serial, totpCode);
 					if (response.getResult() != null && response.getResult().isStatus() && response.getResult().isValue()) {
-						// success, Token stays active
+						// success, Token stays active, set correct description
+						twoFaService.initToken(user.getId(), serial);
 						tokenList = twoFaService.findByUserId(sessionManager.getUserId());
 						if (tokenList.size() == 1) {
 							// this was the first token. We have to set 2fa elevation

--- a/bwreg-webapp/src/main/resources/msg/messages_de.properties
+++ b/bwreg-webapp/src/main/resources/msg/messages_de.properties
 my_twofa=Zweite Faktoren
+start=Starten
 twofa_tokentype=Toketyp
 twofa_serial=Serial
 twofa_active=Aktiv

--- a/bwreg-webapp/src/main/resources/msg/messages_en.properties
+++ b/bwreg-webapp/src/main/resources/msg/messages_en.properties
 my_twofa=Second factors
+start=Start
 twofa_tokentype=Tokentype
 twofa_serial=Serial
 twofa_active=Active

--- a/bwreg-webapp/src/main/webapp/user/twofa.xhtml
+++ b/bwreg-webapp/src/main/webapp/user/twofa.xhtml
@@ -52,27 +52,31 @@
 						<h:graphicImage width="60px" value="#{resource['img/yubikey_small.png']}" alt="Yubikey" rendered="#{token.tokenType == 'yubico'}"/>
 					</p:outputPanel>
 					<p:outputPanel>
-					<h:panelGrid columns="2">
-						<p:outputLabel for="@next" value="#{messages.twofa_tokentype}:" />
-						<h:panelGroup>
-							<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
-							<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
-							<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
-							<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
-						</h:panelGroup>
-	
-						<p:outputLabel for="@next" value="#{messages.twofa_active}:" />
-						<h:outputText value="#{token.isactive ? messages.yes : messages.no}" />
-					</h:panelGrid>
-					<p:commandButton action="#{twoFaUserBean.disableToken(token.serial)}" value="Disable" 
-						update="@form" rendered="#{token.isactive}"/>
-					<p:commandButton action="#{twoFaUserBean.enableToken(token.serial)}" value="Enable" 
-						update="@form" rendered="#{! token.isactive}"/>
-					<p:commandButton action="#{twoFaUserBean.deleteToken(token.serial)}" value="Delete" 
-						update="@form" rendered="#{! token.isactive}">
-						<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
-					</p:commandButton>
-					</p:outputPanel>
+						<h:panelGrid columns="2">
+							<p:outputLabel for="@next" value="#{messages.twofa_tokentype}:" />
+							<h:panelGroup>
+								<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
+								<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
+								<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
+								<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
+							</h:panelGroup>
+		
+							<p:outputLabel for="@next" value="#{messages.twofa_active}:" />
+							<h:outputText value="#{token.isactive ? messages.yes : messages.no}" />
+						</h:panelGrid>
+						<p:panel style="margin: 8px;">
+							<h:outputText value="#{messages.twofa_token_not_init}" style="color:red;" 
+									rendered="#{! token.isactive and (token.tokenDesc.contains('INIT'))}" />
+						</p:panel>
+						<p:commandButton action="#{twoFaUserBean.disableToken(token.serial)}" value="#{messages.disable}" 
+							update="@form" rendered="#{token.isactive}"/>
+						<p:commandButton action="#{twoFaUserBean.enableToken(token.serial)}" value="#{messages.disable}" 
+							update="@form" rendered="#{! token.isactive and (! token.tokenDesc.contains('INIT'))}"/>
+						<p:commandButton action="#{twoFaUserBean.deleteToken(token.serial)}" value="#{messages.delete}" 
+							update="@form" rendered="#{! token.isactive}" style="color:red;">
+							<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
+						</p:commandButton>
+						</p:outputPanel>
 				</p:panelGrid>
 			</p:panel>
 		</p:dataGrid>
@@ -97,26 +101,30 @@
 					showEffect="fade" hideEffect="fade">
 			<p:ajax event="close" update="@form" />

-			<div class="panel" style="width:360px;">
+			<div class="panel" style="width:520px;">
 			    <h:outputText value="#{messages.twofa_create_totp_token_desc}" escape="false" />
 		    </div>

-			<p:panel id="totpResponsePanel">
+			<p:panel id="totpResponsePanel" style="height: 260px;">
 			    <p:commandButton id="totpStartButton" action="#{twoFaUserBean.createAuthenticatorToken()}" value="#{messages.start}"
 		    		update="totpResponsePanel" oncomplete="PF('addTotpDlg').initPosition()" rendered="#{empty twoFaUserBean.createTokenResponse}"/>
 				<h:panelGroup rendered="#{not empty twoFaUserBean.createTokenResponse}">
-					<div>
-						<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.googleurl.img}" escape="false" />
-					</div>
 					<h:panelGrid columns="2">
-						<p:outputLabel for="@next" value="#{messages.twofa_serial}:" />
-						<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.serial}"/>
-						
-						<p:outputLabel for="@next" value="#{messages.twofa_code}:" />
-						<p:inputText id="totpText" value="#{twoFaUserBean.totpCode}"/>
-					</h:panelGrid>
-					<p:commandButton id="checkTotpButton" action="#{twoFaUserBean.checkAuthenticatorToken()}" value="#{messages.check}"
-						update="totpResponsePanel" />
+						<p:outputPanel>
+							<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.googleurl.img}" escape="false" />
+						</p:outputPanel>
+						<p:outputPanel>
+							<h:panelGrid columns="2">
+								<p:outputLabel for="@next" value="#{messages.twofa_serial}:" />
+								<h:outputText value="#{twoFaUserBean.createTokenResponse.detail.serial}"/>
+								
+								<p:outputLabel for="@next" value="#{messages.twofa_code}:" />
+								<p:inputText id="totpText" value="#{twoFaUserBean.totpCode}"/>
+							</h:panelGrid>
+							<p:commandButton id="checkTotpButton" action="#{twoFaUserBean.checkAuthenticatorToken()}" value="#{messages.check}"
+								update="totpResponsePanel" />
+							</p:outputPanel>
+						</h:panelGrid>
 				</h:panelGroup>
 			</p:panel>
 		</p:dialog>