make adding 2fa from registration more flowlike

bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/RegisterServiceBean.java

@@ -15,7 +15,9 @@ import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.faces.application.FacesMessage;
 import javax.faces.bean.ManagedBean;
@@ -212,7 +214,10 @@ public class RegisterServiceBean implements Serializable {
 				LinotpTokenResultList tokenList = twoFaService.findByUserId(user.getId());
 				if (tokenList.size() == 0) {
 					accessAllowed = false;
-		    		messageGenerator.addResolvedErrorMessage("reqs", "error", "twofa_mandatory", true);
+					Map<String, Object> rendererContext = new HashMap<String, Object>();
+					rendererContext.put("service", service);
+		    		messageGenerator.addResolvedMessage("reqs", FacesMessage.SEVERITY_ERROR, "error", 
+		    				"twofa_mandatory", true, rendererContext);
 				}
 			} catch (TwoFaException e) {
 				logger.warn("There is a problem communicating with twofa server" + e.getMessage());

bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java

@@ -58,6 +58,8 @@ public class TwoFaUserBean implements Serializable {
 	private String totpCode, yubicoCode;
 	private String defaultButton;
 	
+	private Long returnServiceId;
+	
 	public void preRenderView(ComponentSystemEvent ev) {
 
 		defaultButton = "yubicoStartButton";
@@ -236,4 +238,15 @@ public class TwoFaUserBean implements Serializable {
 		this.yubicoCode = yubicoCode;
 	}
 
+	public Long getReturnServiceId() {
+		return returnServiceId;
+	}
+
+	public void setReturnServiceId(Long returnServiceId) {
+		// make this not overwriteable. Ajax requests would overwrite this parameter
+		if (returnServiceId != null) {
+			this.returnServiceId = returnServiceId;
+		}
+	}
+
 }

bwreg-webapp/src/main/java/edu/kit/scc/webreg/util/FacesMessageGenerator.java

@@ -10,6 +10,8 @@
  ******************************************************************************/
 package edu.kit.scc.webreg.util;
 
+import java.util.Map;
+
 import javax.enterprise.context.ApplicationScoped;
 import javax.faces.application.FacesMessage;
 import javax.faces.application.FacesMessage.Severity;
@@ -79,6 +81,18 @@ public class FacesMessageGenerator {
 	public void addInfoMessage(String messageText, String detail) {
 		addInfoMessage(null, messageText, detail);				
 	}
+
+	public void addResolvedMessage(String msgName, Severity severity, String messageText, String detail, boolean resolveDetail, Map<String, Object> rendererContext) {
+		FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true);
+		if (resolveDetail)
+			FacesContext.getCurrentInstance().addMessage(msgName, 
+				new FacesMessage(severity, resourceHelper.resolveMessage(messageText, rendererContext), 
+						resourceHelper.resolveMessage(detail, rendererContext)));
+		else
+			FacesContext.getCurrentInstance().addMessage(msgName, 
+					new FacesMessage(severity, resourceHelper.resolveMessage(messageText, rendererContext), 
+							detail));
+	}	
 	
 	public void addResolvedMessage(String msgName, Severity severity, String messageText, String detail, boolean resolveDetail) {
 		FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true);

bwreg-webapp/src/main/java/edu/kit/scc/webreg/util/ResourceBundleHelper.java

@@ -11,16 +11,44 @@
 package edu.kit.scc.webreg.util;
 
 import java.util.Locale;
+import java.util.Map;
 import java.util.ResourceBundle;
 
 import javax.enterprise.context.ApplicationScoped;
 import javax.faces.context.FacesContext;
+import javax.inject.Inject;
 import javax.inject.Named;
 
+import edu.kit.scc.webreg.service.mail.TemplateRenderer;
+
 @Named
 @ApplicationScoped
 public class ResourceBundleHelper {
 
+	@Inject
+	private TemplateRenderer renderer;
+
+	public String resolveMessage(String key, Map<String, Object> rendererContext) {
+		FacesContext facesContext = FacesContext.getCurrentInstance();
+
+		if (facesContext == null || facesContext.getViewRoot() == null || facesContext.getViewRoot().getLocale() == null)
+			return "???" + key + "???";
+			
+		Locale locale = facesContext.getViewRoot().getLocale();
+		ResourceBundle bundle = ResourceBundle.getBundle("edu.kit.scc.webreg.res.DbMessageBundle", locale);		
+
+		if (bundle == null)
+			return "???" + key + "???";
+			
+		try {
+			String template = bundle.getString(key);
+			String body = renderer.evaluate(template, rendererContext);
+			return body;
+		} catch (Exception e) {
+			return "???" + key + "???";
+		}
+	}
+
 	public String resolveMessage(String key) {
 		FacesContext facesContext = FacesContext.getCurrentInstance();
 

bwreg-webapp/src/main/resources/msg/messages_de.properties

@@ -7,8 +7,10 @@ twofa_tokentype_totp=Smartphone App
 twofa_create_new_token=Hier k\u00F6nnen Sie ein neues Token erstellen. 
 twofa_create_new_totp=Neues Smartphone Token
 twofa_create_totp_token=Ein neues Smartphone Token erstellen
-twofa_create_totp_token_desc=<div>Hier k\u00F6nnen Sie Ihr Smartphone als Token registrieren. Dazu ben\u00F6tigen Sie eine passende App gem\u00E4\u00DF RFC 6238 (z.B. Google Authenticator, Microsoft Authenticator, FreeOTP oder Sophos Authenticator).</div>\n\n<div>\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n</div>\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div>\nWenn Sie auf Starten klicken, wird das Token erstellt und ein QR-Code angezeigt. Diesen m\u00FCssen Sie mit der App auf dem Smartphone erfassen.</div>
+twofa_create_totp_token_desc=<div style\="margin-bottom\: 16px;">Hier k\u00F6nnen Sie Ihr Smartphone als Token registrieren. Dazu ben\u00F6tigen Sie eine passende App gem\u00E4\u00DF RFC 6238 (z.B. Google Authenticator, Microsoft Authenticator, FreeOTP oder Sophos Authenticator).</div>\n\n<div style\="margin-bottom\: 16px;">\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div style\="margin-bottom\: 16px;">\nWenn Sie auf Starten klicken, wird das Token erstellt und ein QR-Code angezeigt. Diesen m\u00FCssen Sie mit der App auf dem Smartphone erfassen.</div>
 twofa_create_new_yubico=Neues Yubikey Token
+twofa_mandatory=F\u00FCr diesen Dienst ist es notwendig einen zweiten Faktor einzurichten. Bitte richten Sie sich <a href\="../user/twofa.xhtml?retsid\=$service.id">hier</a> einen zweiten Faktor ein.
+twofa_back_to_register=Zur\u00FCck zum Registriervorgang
 check=Pr\u00FCfen
 twofa_elevated_since_recently=Mit 2FA eben
 logged_in_since_recently=Eingeloggt seit eben
@@ -31,6 +33,7 @@ ssh_pub_key_command=SSH Key f\u00FCr benannte Kommandos
 ssh_pub_key_interactiv=SSH Key f\u00FCr eine interaktive Shell
 ssh_pub_key_list=List der SSH Keys
 add_ssh_pub_key_desc=<div>Hier k\u00F6nnen Sie einen SSH Pub Key erstellen. Dies ist der \u00F6ffentliche Teil Ihres SSH Schl\u00FCssels. Der private Teil des Schl\u00FCssels sollte nur Ihnen bekannt sein.<div>\n\n<ul style\="color\:red">\n<li>Geben Sie nie Ihren private Schl\u00FCssel preis</li>\n<li>Sch\u00FCtzen Sie Ihren privaten Schl\u00FCssel mit einem sicheren Passwort</li>\n</ul>\n\n<div>Das Format des SSH Keys ist das selbe wie eine Zeile aus der Datei .ssh/authorized_keys.</div>
+ssh-pub-key-missing=Sie haben noch keinen SSH Pub Key angelegt
 set_ssh_pub_key_for=SSH Key freischalten\: 
 ssh_pub_key_selected=Ausgew\u00E4hlter SSH Key
 ssh_pub_key_usage_type=Benutzungsart

bwreg-webapp/src/main/resources/msg/messages_en.properties

@@ -8,10 +8,12 @@ twofa_create_new_token=Create a new token here.
 twofa_create_new_totp=New smartphone token
 twofa_create_new_yubico=New yubikey token
 twofa_create_totp_token=Create new smartphone token
-twofa_create_totp_token_desc=<div>Here you can register your smartphone as a token. For this you need a suitable app according to RFC 6238 (e.g. Google Authenticator, Microsoft Authenticator, FreeOTP or Sophos Authenticator).</div>\n\n<div>\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n</div>\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div>When you click Start, the token is created and a QR Code is displayed. You must scan this code with the app on your smartphone.</div>
+twofa_create_totp_token_desc=<div style\="margin-bottom\: 16px;">Here you can register your smartphone as a token. For this you need a suitable app according to RFC 6238 (e.g. Google Authenticator, Microsoft Authenticator, FreeOTP or Sophos Authenticator).</div>\n\n<div style\="margin-bottom\: 16px;">\n<a href\='https\://play.google.com/store/apps/details?id\=com.google.android.apps.authenticator2&hl\=en&pcampaignid\=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1'><img alt\='Get it on Google Play' src\='../resources/img/en_badge_web_generic.png'/></a>\n\n<a href\='https\://apps.apple.com/us/app/google-authenticator/id388497605'><img alt\='Download on Apple Store' src\='../resources/img/link_badge_appstore_large.png'/></a>\n</div>\n\n<div style\="margin-bottom\: 16px;">When you click Start, the token is created and a QR Code is displayed. You must scan this code with the app on your smartphone.</div>
 twofa_login_text=To perform the requested action, a second factor must be entered. Please enter any second factor from the list below to continue.
 twofa_login=Login with second factor
 twofa_code=Current code
+twofa_mandatory=For this service it is necessary to set up a second factor. Please set up a second factor <a href\="../user/twofa.xhtml?retsid\=$service.id">here</a>.
+twofa_back_to_register=Back to registration
 check=Check
 twofa_elevated_since_recently=With 2FA recently
 logged_in_since_recently=Logged in recently
@@ -27,6 +29,7 @@ set_ssh_pub_key=Set SSH Key
 key_blacklisted=This SSH key was already used in the system. It cannot be used again.
 ssh_pub_key_list=List of ssh keys
 add_ssh_pub_key_desc=<div>You can create an SSH Pub Key here. This is the public part of your SSH key. The private part of the key should only be known to you.</div>\n\n<ul style\="color\:red">\n<li>Never give away your private key</li>\n<li>Protect your private key with a secure password</li>\n</ul>\n\n<div>The format of the SSH Key field ist the same as a single line from your .ssh/authorized_keys file.</div>
+ssh-pub-key-missing=You have not yet created an SSH Pub Key
 add_ssh_pub_key=Add SSH Key
 ssh_key_type=Key type
 accept_tou=I have read and accepted the terms of use.

bwreg-webapp/src/main/webapp/user/register-service.xhtml

@@ -30,7 +30,7 @@
 		<h:panelGroup rendered="#{registerServiceBean.errorState}">
 			<div class="panel">
 				<p:panel header="#{messages.error}">
-					<p:messages id="messageErrorState" for="errorState" showDetail="true" />
+					<p:messages id="messageErrorState" for="errorState" showDetail="true" escape="false" />
 				</p:panel>
 			</div>
 		</h:panelGroup>
@@ -43,7 +43,7 @@
 					</h:panelGroup>
 					<h:panelGroup rendered="#{! registerServiceBean.accessAllowed}">
 						<h:outputText value="#{messages.requirements_unsatisfied}" />
-						<p:messages id="messageBoxReqs" for="reqs" showDetail="true" />
+						<p:messages id="messageBoxReqs" for="reqs" showDetail="true" escape="false" />
 					</h:panelGroup>
 				</p:panel>
 			</div>
@@ -52,7 +52,7 @@
 					<h3>Um sich für den Dienst zu registrieren, müssen Sie den folgenden Nutzungsbedingungen 
 					zustimmen.</h3>
 				
-					<p:messages id="messageBox" for="need_check" showDetail="true" />
+					<p:messages id="messageBox" for="need_check" showDetail="true" escape="false" />
 				
 					<div style="margin: 16px 0;">
 						<ui:repeat var="policyHolder" value="#{registerServiceBean.policyHolderList}">

bwreg-webapp/src/main/webapp/user/twofa.xhtml

@@ -15,6 +15,7 @@
 
 <f:view>
 <f:metadata>
+	<f:viewParam name="retsid" value="#{twoFaUserBean.returnServiceId}"/>
 	<f:event type="javax.faces.event.PreRenderViewEvent"
            listener="#{twoFaUserBean.preRenderView}" />
 </f:metadata>
@@ -77,11 +78,18 @@
 		</p:dataGrid>
 
 		<p:panel rendered="#{! twoFaUserBean.readOnly}">
-			<div>
+			<div style="margin-bottom: 16px;">
 				<h:outputText value="#{messages.twofa_create_new_token}" />
 			</div>
-			<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
-			<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
+			<p:outputPanel style="margin-bottom: 16px;">
+				<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
+				<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
+			</p:outputPanel>
+			<p:outputPanel rendered="#{not empty twoFaUserBean.returnServiceId}">
+				<p:link href="../user/register-service.xhtml" value="#{messages.twofa_back_to_register}">
+					<f:param name="serviceId" value="#{twoFaUserBean.returnServiceId}"/>
+				</p:link>
+			</p:outputPanel>
 		</p:panel>
 	
 		<p:dialog header="#{messages.twofa_create_totp_token}"