Remove 2FA with email message

2022-03-20 09:21:41 +02:00 · 2022-03-20 09:21:41 +02:00 · 052068d7f4
commit 052068d7f4
parent 0c36d4809c
7 changed files with 3 additions and 156 deletions
--- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
@ -29,11 +29,7 @@ import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;

 /*
- *
 * TODO [viacheslav]:
- *  - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level
- *
- * FIXME [viacheslav]:
 *  - Tests for 2FA
 *  - Swagger documentation
 *
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
@ -141,11 +141,10 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
    }

    @Autowired
-    private void setProviders(Collection<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers) {
+    private void setProviders(Collection<TwoFactorAuthProvider> providers) {
        providers.forEach(provider -> {
            this.providers.put(provider.getType(), provider);
        });
    }

 }
-
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
@ -1,45 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.config.account;
-
-import lombok.Data;
-import lombok.EqualsAndHashCode;
-import org.apache.commons.lang3.StringUtils;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-
-import javax.validation.constraints.AssertTrue;
-import javax.validation.constraints.Email;
-
-@EqualsAndHashCode(callSuper = true)
-@Data
-public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
-
-    private boolean useAccountEmail;
-    @Email(message = "Email is not valid")
-    private String email;
-
-    @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-
-    @AssertTrue(message = "Email must be specified") // TODO [viacheslav]: test !
-    private boolean isValid() {
-        return useAccountEmail || StringUtils.isNotEmpty(email);
-    }
-
-}
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
@ -28,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
        property = "providerType")
@JsonSubTypes({
        @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ),
-        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
+        @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class)
 })
 public interface TwoFactorAuthAccountConfig {

--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
@ -1,33 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.config.provider;
-
-import lombok.Data;
-import lombok.EqualsAndHashCode;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-
-@EqualsAndHashCode(callSuper = true)
-@Data
-public class EmailTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig{
-
-    private String emailVerificationMessageTemplate; // FIXME [viacheslav]:
-
-    @Override
-    public TwoFactorAuthProviderType getProviderType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-}
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
@ -20,7 +20,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
 import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;

@JsonIgnoreProperties(ignoreUnknown = true)
@ -29,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
        property = "providerType")
@JsonSubTypes({
        @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class),
-        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class),
-        @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
+        @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class)
 })
 public interface TwoFactorAuthProviderConfig {

--- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
@ -1,67 +0,0 @@
-/**
- * Copyright © 2016-2022 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.service.security.auth.mfa.provider.impl;
-
-import org.springframework.cache.CacheManager;
-import org.springframework.stereotype.Service;
-import org.thingsboard.rule.engine.api.MailService;
-import org.thingsboard.server.common.data.User;
-import org.thingsboard.server.common.data.exception.ThingsboardException;
-import org.thingsboard.server.queue.util.TbCoreComponent;
-import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
-import org.thingsboard.server.service.security.auth.mfa.config.provider.EmailTwoFactorAuthProviderConfig;
-import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
-import org.thingsboard.server.service.security.model.SecurityUser;
-
-@Service
-@TbCoreComponent
-public class EmailTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<EmailTwoFactorAuthProviderConfig, EmailTwoFactorAuthAccountConfig> {
-
-    private final MailService mailService;
-
-    protected EmailTwoFactorAuthProvider(CacheManager cacheManager, MailService mailService) {
-        super(cacheManager);
-        this.mailService = mailService;
-    }
-
-
-    @Override
-    public EmailTwoFactorAuthAccountConfig generateNewAccountConfig(User user, EmailTwoFactorAuthProviderConfig providerConfig) {
-        EmailTwoFactorAuthAccountConfig accountConfig = new EmailTwoFactorAuthAccountConfig();
-        accountConfig.setUseAccountEmail(true);
-        return accountConfig;
-    }
-
-    @Override
-    protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFactorAuthProviderConfig providerConfig, EmailTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
-        String email;
-        if (accountConfig.isUseAccountEmail()) {
-            email = user.getEmail();
-        } else {
-            email = accountConfig.getEmail();
-        }
-
-        // FIXME [viacheslav]: mail template for 2FA verification
-        mailService.sendEmail(user.getTenantId(), email, "subject", "");
-    }
-
-
-    @Override
-    public TwoFactorAuthProviderType getType() {
-        return TwoFactorAuthProviderType.EMAIL;
-    }
-
-}