Commit f1a038b0 authored by michael.simon's avatar michael.simon
Browse files

Enable and disable functionality for token admins

parent f184beb1
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.audit;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.dao.audit.AuditDetailDao;
import edu.kit.scc.webreg.dao.audit.AuditEntryDao;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.audit.AuditUserEntity;
public class TokenAuditor extends AbstractAuditor<AuditUserEntity> {
private static final long serialVersionUID = 1L;
public TokenAuditor(AuditEntryDao auditEntryDao,
AuditDetailDao auditDetailDao, ApplicationConfig appConfig) {
super(auditEntryDao, auditDetailDao, appConfig);
}
public void setUser(UserEntity entity) {
audit.setUser(entity);
}
@Override
protected AuditUserEntity newInstance() {
return new AuditUserEntity();
}
}
......@@ -9,9 +9,14 @@ import javax.inject.Inject;
import org.slf4j.Logger;
import edu.kit.scc.webreg.audit.TokenAuditor;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.dao.audit.AuditDetailDao;
import edu.kit.scc.webreg.dao.audit.AuditEntryDao;
import edu.kit.scc.webreg.entity.EventType;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.audit.AuditStatus;
import edu.kit.scc.webreg.event.EventSubmitter;
import edu.kit.scc.webreg.event.TokenEvent;
import edu.kit.scc.webreg.exc.EventSubmitException;
......@@ -39,6 +44,15 @@ public class TwoFaServiceImpl implements TwoFaService {
@Inject
private EventSubmitter eventSubmitter;
@Inject
private AuditEntryDao auditEntryDao;
@Inject
private AuditDetailDao auditDetailDao;
@Inject
private ApplicationConfig appConfig;
@Override
public LinotpTokenResultList findByUserId(Long userId) throws TwoFaException {
UserEntity user = userDao.findById(userId);
......@@ -110,11 +124,19 @@ public class TwoFaServiceImpl implements TwoFaService {
public LinotpSetFieldResult initToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-InitToken-Audit");
auditor.setUser(user);
auditor.setDetail("Init token " + serial + " for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpSetFieldResult response = linotpConnection.initToken(serial);
auditor.logAction(user.getEppn(), "INIT TOTP TOKEN", "serial-" + serial, "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
......@@ -127,13 +149,21 @@ public class TwoFaServiceImpl implements TwoFaService {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
@Override
public LinotpInitAuthenticatorTokenResponse createAuthenticatorToken(Long userId, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-CreateAuthenticatorToken-Audit");
auditor.setUser(user);
auditor.setDetail("Creating authenticator token for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
......@@ -142,7 +172,9 @@ public class TwoFaServiceImpl implements TwoFaService {
LinotpInitAuthenticatorTokenResponse response = linotpConnection.createAuthenticatorToken(user);
if (response.getResult().isStatus() && response.getResult().isValue()) {
// Token succeful created
// Token successfully created
auditor.logAction(user.getEppn(), "CREATE TOTP TOKEN", "serial-" + response.getDetail().getSerial(), "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
......@@ -158,9 +190,15 @@ public class TwoFaServiceImpl implements TwoFaService {
// Disable it for once
linotpConnection.disableToken(response.getDetail().getSerial());
auditor.logAction(user.getEppn(), "DISABLE TOTP TOKEN", "serial-" + response.getDetail().getSerial(), "", AuditStatus.SUCCESS);
auditor.finishAuditTrail();
return response;
}
else {
auditor.logAction(user.getEppn(), "CREATE TOTP TOKEN", "", "", AuditStatus.FAIL);
auditor.finishAuditTrail();
throw new TwoFaException("Token generation did not succeed!");
}
}
......@@ -168,7 +206,13 @@ public class TwoFaServiceImpl implements TwoFaService {
@Override
public LinotpInitAuthenticatorTokenResponse createYubicoToken(Long userId, String yubi, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-CreateYubicoToken-Audit");
auditor.setUser(user);
auditor.setDetail("Creating yubico token for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
......@@ -177,9 +221,13 @@ public class TwoFaServiceImpl implements TwoFaService {
LinotpInitAuthenticatorTokenResponse response = linotpConnection.createYubicoToken(user, yubi);
if (response == null) {
auditor.logAction(user.getEppn(), "CREATE YUBICO TOKEN", "", "", AuditStatus.FAIL);
auditor.finishAuditTrail();
throw new TwoFaException("Token generation did not succeed!");
}
auditor.logAction(user.getEppn(), "CREATE YUBICO TOKEN", "serial-" + response.getDetail().getSerial(), "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
......@@ -192,13 +240,20 @@ public class TwoFaServiceImpl implements TwoFaService {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
@Override
public LinotpInitAuthenticatorTokenResponse createBackupTanList(Long userId, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-CreateBackupTanList-Audit");
auditor.setUser(user);
auditor.setDetail("Creating backup tan list for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
......@@ -207,9 +262,13 @@ public class TwoFaServiceImpl implements TwoFaService {
LinotpInitAuthenticatorTokenResponse response = linotpConnection.createBackupTanList(user);
if (response == null) {
auditor.logAction(user.getEppn(), "CREATE BACKUP TAN LIST", "", "", AuditStatus.FAIL);
auditor.finishAuditTrail();
throw new TwoFaException("Token generation did not succeed!");
}
auditor.logAction(user.getEppn(), "CREATE BACKUP TAN LIST", "serial-" + response.getDetail().getSerial(), "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
......@@ -222,6 +281,8 @@ public class TwoFaServiceImpl implements TwoFaService {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
......@@ -250,12 +311,20 @@ public class TwoFaServiceImpl implements TwoFaService {
@Override
public LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-DisableToken-Audit");
auditor.setUser(user);
auditor.setDetail("Disable token " + serial + " for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.disableToken(serial);
auditor.logAction(user.getEppn(), "DISABLE TOKEN", "serial-" + serial, "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
......@@ -267,6 +336,8 @@ public class TwoFaServiceImpl implements TwoFaService {
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
......@@ -274,13 +345,21 @@ public class TwoFaServiceImpl implements TwoFaService {
@Override
public LinotpSimpleResponse enableToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-EnableToken-Audit");
auditor.setUser(user);
auditor.setDetail("Enable token " + serial + " for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.enableToken(serial);
auditor.logAction(user.getEppn(), "ENABLE TOKEN", "serial-" + serial, "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
......@@ -292,12 +371,20 @@ public class TwoFaServiceImpl implements TwoFaService {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
@Override
public LinotpSimpleResponse deleteToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
TokenAuditor auditor = new TokenAuditor(auditEntryDao, auditDetailDao, appConfig);
auditor.startAuditTrail(executor, true);
auditor.setName(this.getClass().getName() + "-DeleteToken-Audit");
auditor.setUser(user);
auditor.setDetail("Delete token " + serial + " for user " + user.getEppn());
Map<String, String> configMap = configResolver.resolveConfig(user);
......@@ -305,6 +392,8 @@ public class TwoFaServiceImpl implements TwoFaService {
linotpConnection.requestAdminSession();
LinotpSimpleResponse response = linotpConnection.deleteToken(serial);
auditor.logAction(user.getEppn(), "DELETE TOKEN", "serial-" + serial, "", AuditStatus.SUCCESS);
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
......@@ -316,6 +405,8 @@ public class TwoFaServiceImpl implements TwoFaService {
logger.warn("Could not submit event", e);
}
auditor.finishAuditTrail();
return response;
}
......
......@@ -225,7 +225,7 @@ public class TwoFaUserBean implements Serializable {
tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) {
messageGenerator.addInfoMessage("Info", "Token " + serial + " disable");
messageGenerator.addInfoMessage("Info", "Token " + serial + " disabled");
}
else {
messageGenerator.addWarningMessage("Warn", "Token " + serial + " could not be disable");
......
......@@ -20,6 +20,8 @@ import javax.faces.bean.ViewScoped;
import javax.faces.event.ComponentSystemEvent;
import javax.inject.Inject;
import org.slf4j.Logger;
import edu.kit.scc.webreg.dao.GenericSortOrder;
import edu.kit.scc.webreg.dao.ops.MultipathOrPredicate;
import edu.kit.scc.webreg.dao.ops.OrPredicate;
......@@ -29,6 +31,7 @@ import edu.kit.scc.webreg.sec.AuthorizationBean;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.service.twofa.TwoFaException;
import edu.kit.scc.webreg.service.twofa.TwoFaService;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;
import edu.kit.scc.webreg.session.SessionManager;
import edu.kit.scc.webreg.util.FacesMessageGenerator;
......@@ -39,6 +42,9 @@ public class TokenAdminIndexBean implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private UserService userService;
......@@ -94,6 +100,44 @@ public class TokenAdminIndexBean implements Serializable {
));
return userService.findAllPaging(0, 10, "eppn", GenericSortOrder.ASC, filterMap);
}
public void enableToken(String serial) {
if (! getReadOnly()) {
try {
LinotpSimpleResponse response = twoFaService.enableToken(selectedUser.getId(), serial, "user-" + session.getUserId());
userTokenList = twoFaService.findByUserId(selectedUser.getId());
if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) {
messageGenerator.addInfoMessage("Info", "Token " + serial + " enabled");
}
else {
messageGenerator.addWarningMessage("Warn", "Token " + serial + " could not be enabled");
}
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
messageGenerator.addErrorMessage("Error", e.toString());
}
}
}
public void disableToken(String serial) {
if (! getReadOnly()) {
try {
LinotpSimpleResponse response = twoFaService.disableToken(selectedUser.getId(), serial, "user-" + session.getUserId());
userTokenList = twoFaService.findByUserId(selectedUser.getId());
if ((response.getResult() != null) && response.getResult().isStatus() &&
response.getResult().isValue()) {
messageGenerator.addInfoMessage("Info", "Token " + serial + " disabled");
}
else {
messageGenerator.addWarningMessage("Warn", "Token " + serial + " could not be disable");
}
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
messageGenerator.addErrorMessage("Error", e.toString());
}
}
}
public Boolean getReadOnly() {
if (userTokenList != null)
......
......@@ -43,7 +43,7 @@
<h:outputText value="#{u.givenName}" />
</p:column>
</p:autoComplete>
<p:focus for="userAutocompl" />
</p:panelGrid>
<p:outputPanel style="margin-bottom: 16px;">
......@@ -88,17 +88,10 @@
<p:panel style="margin: 8px;" rendered="#{! token.isactive and (token.tokenDesc.contains('INIT'))}">
<h:outputText value="#{messages.twofa_token_not_init}" style="color:red;" />
</p:panel>
<p:commandButton action="#{twoFaUserBean.disableToken(token.serial)}" value="#{messages.disable}"
<p:commandButton action="#{tokenAdminIndexBean.disableToken(token.serial)}" value="#{messages.disable}"
update="@form" rendered="#{token.isactive}"/>
<p:commandButton action="#{twoFaUserBean.enableToken(token.serial)}" value="#{messages.enable}"
<p:commandButton action="#{tokenAdminIndexBean.enableToken(token.serial)}" value="#{messages.enable}"
update="@form" rendered="#{! token.isactive and (! token.tokenDesc.contains('INIT'))}"/>
<p:commandButton action="#{twoFaUserBean.deleteToken(token.serial)}" value="#{messages.delete}"
update="@form" rendered="#{! token.isactive and (token.tokenDesc.contains('DELABLE'))}" style="color:red;">
<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
</p:commandButton>
<p:commandButton action="#{twoFaUserBean.getBackupTanList(token.serial)}" value="#{messages.token_get_tanlist_values}"
update="@form" rendered="#{token.isactive and token.tokenType == 'HMAC'}"
oncomplete="PF('showBackupTanDlg').show();"/>
</p:outputPanel>
</p:panelGrid>
</p:panel>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment