dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove 2FA with email message

Browse Source
This commit is contained in:
Viacheslav Klimov 2022-03-20 09:21:41 +02:00
parent 0c36d4809c
commit 052068d7f4
7 changed files with 3 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
application/src/main/java/org/thingsboard/server/controller/TwoFactorAuthController.java
View File

@ -29,11 +29,7 @@ import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory; import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
/* /*
*
* TODO [viacheslav]: * TODO [viacheslav]:
* - Configurable hardlock (user blocking) after a total of XX (10) unsuccessful attempts - on user level
*
* FIXME [viacheslav]:
* - Tests for 2FA * - Tests for 2FA
* - Swagger documentation * - Swagger documentation
* *

3
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/DefaultTwoFactorAuthService.java
View File

@ -141,11 +141,10 @@ public class DefaultTwoFactorAuthService implements TwoFactorAuthService {
} }
@Autowired @Autowired
private void setProviders(Collection<TwoFactorAuthProvider<TwoFactorAuthProviderConfig, TwoFactorAuthAccountConfig>> providers) { private void setProviders(Collection<TwoFactorAuthProvider> providers) {
providers.forEach(provider -> { providers.forEach(provider -> {
this.providers.put(provider.getType(), provider); this.providers.put(provider.getType(), provider);
}); });
} }
} }

45
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/EmailTwoFactorAuthAccountConfig.java
View File

@ -1,45 +0,0 @@
/**
* Copyright © 2016-2022 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.service.security.auth.mfa.config.account;
import lombok.Data;
import lombok.EqualsAndHashCode;
import org.apache.commons.lang3.StringUtils;
import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
import javax.validation.constraints.AssertTrue;
import javax.validation.constraints.Email;
@EqualsAndHashCode(callSuper = true)
@Data
public class EmailTwoFactorAuthAccountConfig extends OtpBasedTwoFactorAuthAccountConfig {
private boolean useAccountEmail;
@Email(message = "Email is not valid")
private String email;
@Override
public TwoFactorAuthProviderType getProviderType() {
return TwoFactorAuthProviderType.EMAIL;
}
@AssertTrue(message = "Email must be specified") // TODO [viacheslav]: test !
private boolean isValid() {
return useAccountEmail || StringUtils.isNotEmpty(email);
}
}

3
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/account/TwoFactorAuthAccountConfig.java
View File

@ -28,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
property = "providerType") property = "providerType")
@JsonSubTypes({ @JsonSubTypes({
@Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ), @Type(name = "TOTP", value = TotpTwoFactorAuthAccountConfig.class ),
@Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class), @Type(name = "SMS", value = SmsTwoFactorAuthAccountConfig.class)
@Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
}) })
public interface TwoFactorAuthAccountConfig { public interface TwoFactorAuthAccountConfig {

33
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/EmailTwoFactorAuthProviderConfig.java
View File

@ -1,33 +0,0 @@
/**
* Copyright © 2016-2022 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.service.security.auth.mfa.config.provider;
import lombok.Data;
import lombok.EqualsAndHashCode;
import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
@EqualsAndHashCode(callSuper = true)
@Data
public class EmailTwoFactorAuthProviderConfig extends OtpBasedTwoFactorAuthProviderConfig{
private String emailVerificationMessageTemplate; // FIXME [viacheslav]:
@Override
public TwoFactorAuthProviderType getProviderType() {
return TwoFactorAuthProviderType.EMAIL;
}
}

4
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/config/provider/TwoFactorAuthProviderConfig.java
View File

@ -20,7 +20,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonSubTypes; import com.fasterxml.jackson.annotation.JsonSubTypes;
import com.fasterxml.jackson.annotation.JsonSubTypes.Type; import com.fasterxml.jackson.annotation.JsonSubTypes.Type;
import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType; import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
@ -29,8 +28,7 @@ import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthPr
property = "providerType") property = "providerType")
@JsonSubTypes({ @JsonSubTypes({
@Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class), @Type(name = "TOTP", value = TotpTwoFactorAuthProviderConfig.class),
@Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class), @Type(name = "SMS", value = SmsTwoFactorAuthProviderConfig.class)
@Type(name = "EMAIL", value = EmailTwoFactorAuthAccountConfig.class)
}) })
public interface TwoFactorAuthProviderConfig { public interface TwoFactorAuthProviderConfig {

67
application/src/main/java/org/thingsboard/server/service/security/auth/mfa/provider/impl/EmailTwoFactorAuthProvider.java
View File

@ -1,67 +0,0 @@
/**
* Copyright © 2016-2022 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.service.security.auth.mfa.provider.impl;
import org.springframework.cache.CacheManager;
import org.springframework.stereotype.Service;
import org.thingsboard.rule.engine.api.MailService;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.auth.mfa.config.account.EmailTwoFactorAuthAccountConfig;
import org.thingsboard.server.service.security.auth.mfa.config.provider.EmailTwoFactorAuthProviderConfig;
import org.thingsboard.server.service.security.auth.mfa.provider.TwoFactorAuthProviderType;
import org.thingsboard.server.service.security.model.SecurityUser;
@Service
@TbCoreComponent
public class EmailTwoFactorAuthProvider extends OtpBasedTwoFactorAuthProvider<EmailTwoFactorAuthProviderConfig, EmailTwoFactorAuthAccountConfig> {
private final MailService mailService;
protected EmailTwoFactorAuthProvider(CacheManager cacheManager, MailService mailService) {
super(cacheManager);
this.mailService = mailService;
}
@Override
public EmailTwoFactorAuthAccountConfig generateNewAccountConfig(User user, EmailTwoFactorAuthProviderConfig providerConfig) {
EmailTwoFactorAuthAccountConfig accountConfig = new EmailTwoFactorAuthAccountConfig();
accountConfig.setUseAccountEmail(true);
return accountConfig;
}
@Override
protected void sendVerificationCode(SecurityUser user, String verificationCode, EmailTwoFactorAuthProviderConfig providerConfig, EmailTwoFactorAuthAccountConfig accountConfig) throws ThingsboardException {
String email;
if (accountConfig.isUseAccountEmail()) {
email = user.getEmail();
} else {
email = accountConfig.getEmail();
}
// FIXME [viacheslav]: mail template for 2FA verification
mailService.sendEmail(user.getTenantId(), email, "subject", "");
}
@Override
public TwoFactorAuthProviderType getType() {
return TwoFactorAuthProviderType.EMAIL;
}
}