From 052068d7f48cd1639355fc6bb89bece6d0b9b7ee Mon Sep 17 00:00:00 2001 From: Viacheslav Klimov Date: Sun, 20 Mar 2022 09:21:41 +0200 Subject: [PATCH] Remove 2FA with email message --- .../controller/TwoFactorAuthController.java | 4 -- .../auth/mfa/DefaultTwoFactorAuthService.java | 3 +- .../EmailTwoFactorAuthAccountConfig.java | 45 ------------- .../account/TwoFactorAuthAccountConfig.java | 3 +- .../EmailTwoFactorAuthProviderConfig.java | 33 --------- .../provider/TwoFactorAuthProviderConfig.java | 4 +- .../impl/EmailTwoFactorAuthProvider.java | 67 ------------------- 7 files changed, 3 insertions(+), 156 deletions(-) delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java delete mode 100644 application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java diff --git a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java index 58a7af3d7a..76cc8f2f14 100644 --- a/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java +++ b/application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java @@ -29,11 +29,7 @@ import org.thingsboard.server.service.security.model.SecurityUser; import org.thingsboard.server.service.security.model.token.JwtTokenFactory; /* - * * TODO [viacheslav]: - * - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level - * - * FIXME [viacheslav]: * - Tests for 2FA * - Swagger documentation * diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java index e54a39951f..98cbeb0786 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java @@ -141,11 +141,10 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService { } @Autowired - private void setProviders(Collection> providers) { + private void setProviders(Collection providers) { providers.forEach(provider -> { this.providers.put(provider.getType(), provider); }); } } - diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java deleted file mode 100644 index dfbba22113..0000000000 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * Copyright © 2016-2022 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.service.security.auth.mfa.config.account; - -import lombok.Data; -import lombok.EqualsAndHashCode; -import org.apache.commons.lang3.StringUtils; -import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType; - -import javax.validation.constraints.AssertTrue; -import javax.validation.constraints.Email; - -@EqualsAndHashCode(callSuper = true) -@Data -public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig { - - private boolean useAccountEmail; - @Email(message = "Email is not valid") - private String email; - - @Override - public TwoFactorAuthProviderType getProviderType() { - return TwoFactorAuthProviderType.EMAIL; - } - - - @AssertTrue(message = "Email must be specified") // TODO [viacheslav]: test ! - private boolean isValid() { - return useAccountEmail || StringUtils.isNotEmpty(email); - } - -} diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java index 44774bb2a3..d1947a72be 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java @@ -28,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr property = "providerType") @JsonSubTypes({ @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ), - @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class), - @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class) + @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class) }) public interface TwoFactorAuthAccountConfig { diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java deleted file mode 100644 index a782f73a68..0000000000 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Copyright © 2016-2022 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.service.security.auth.mfa.config.provider; - -import lombok.Data; -import lombok.EqualsAndHashCode; -import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType; - -@EqualsAndHashCode(callSuper = true) -@Data -public class EmailTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig{ - - private String emailVerificationMessageTemplate; // FIXME [viacheslav]: - - @Override - public TwoFactorAuthProviderType getProviderType() { - return TwoFactorAuthProviderType.EMAIL; - } - -} diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java index c94c403fd8..f912f43144 100644 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java +++ b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java @@ -20,7 +20,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonSubTypes; import com.fasterxml.jackson.annotation.JsonSubTypes.Type; import com.fasterxml.jackson.annotation.JsonTypeInfo; -import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig; import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType; @JsonIgnoreProperties(ignoreUnknown = true) @@ -29,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr property = "providerType") @JsonSubTypes({ @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class), - @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class), - @Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class) + @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class) }) public interface TwoFactorAuthProviderConfig { diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java b/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java deleted file mode 100644 index aa34d5b2d6..0000000000 --- a/application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java +++ /dev/null @@ -1,67 +0,0 @@ -/** - * Copyright © 2016-2022 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.service.security.auth.mfa.provider.impl; - -import org.springframework.cache.CacheManager; -import org.springframework.stereotype.Service; -import org.thingsboard.rule.engine.api.MailService; -import org.thingsboard.server.common.data.User; -import org.thingsboard.server.common.data.exception.ThingsboardException; -import org.thingsboard.server.queue.util.TbCoreComponent; -import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig; -import org.thingsboard.server.service.security.auth.mfa.config.provider.EmailTwoFactorAuthProviderConfig; -import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType; -import org.thingsboard.server.service.security.model.SecurityUser; - -@Service -@TbCoreComponent -public class EmailTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider { - - private final MailService mailService; - - protected EmailTwoFactorAuthProvider(CacheManager cacheManager, MailService mailService) { - super(cacheManager); - this.mailService = mailService; - } - - - @Override - public EmailTwoFactorAuthAccountConfig generateNewAccountConfig(User user, EmailTwoFactorAuthProviderConfig providerConfig) { - EmailTwoFactorAuthAccountConfig accountConfig = new EmailTwoFactorAuthAccountConfig(); - accountConfig.setUseAccountEmail(true); - return accountConfig; - } - - @Override - protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFactorAuthProviderConfig providerConfig, EmailTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException { - String email; - if (accountConfig.isUseAccountEmail()) { - email = user.getEmail(); - } else { - email = accountConfig.getEmail(); - } - - // FIXME [viacheslav]: mail template for 2FA verification - mailService.sendEmail(user.getTenantId(), email, "subject", ""); - } - - - @Override - public TwoFactorAuthProviderType getType() { - return TwoFactorAuthProviderType.EMAIL; - } - -}