Refactor
This commit is contained in:
oyurov
parent
126d7215c5
commit
df732a8f58
@ -323,7 +323,7 @@ public class AuthController extends BaseController {
|
||||
|
||||
private void logLogoutAction(HttpServletRequest request) throws ThingsboardException {
|
||||
try {
|
||||
systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null, "REST");
|
||||
systemSecurityService.logLoginAction(getCurrentUser(), new RestAuthenticationDetails(request), ActionType.LOGOUT, null);
|
||||
} catch (Exception e) {
|
||||
throw handleException(e);
|
||||
}
|
||||
|
||||
@ -58,8 +58,6 @@ import static org.thingsboard.server.controller.ControllerConstants.NEW_LINE;
|
||||
@RequiredArgsConstructor
|
||||
public class TwoFactorAuthController extends BaseController {
|
||||
|
||||
private static final String TwoFA_PROVIDER = "2FA ";
|
||||
|
||||
private final TwoFactorAuthService twoFactorAuthService;
|
||||
private final TwoFaConfigManager twoFaConfigManager;
|
||||
private final JwtTokenFactory tokenFactory;
|
||||
@ -94,12 +92,12 @@ public class TwoFactorAuthController extends BaseController {
|
||||
SecurityUser user = getCurrentUser();
|
||||
boolean verificationSuccess = twoFactorAuthService.checkVerificationCode(user, providerType, verificationCode, true);
|
||||
if (verificationSuccess) {
|
||||
systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null, TwoFA_PROVIDER + providerType);
|
||||
systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, null);
|
||||
user = new SecurityUser(userService.findUserById(user.getTenantId(), user.getId()), true, user.getUserPrincipal());
|
||||
return tokenFactory.createTokenPair(user);
|
||||
} else {
|
||||
ThingsboardException error = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
|
||||
systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error, TwoFA_PROVIDER + providerType);
|
||||
systemSecurityService.logLoginAction(user, new RestAuthenticationDetails(servletRequest), ActionType.LOGIN, error);
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.DashboardInfo;
|
||||
import org.thingsboard.server.common.data.StringUtils;
|
||||
import org.thingsboard.server.common.data.Tenant;
|
||||
import org.thingsboard.server.common.data.User;
|
||||
import org.thingsboard.server.common.data.audit.ActionType;
|
||||
import org.thingsboard.server.common.data.id.CustomerId;
|
||||
import org.thingsboard.server.common.data.id.DashboardId;
|
||||
import org.thingsboard.server.common.data.id.IdBased;
|
||||
@ -47,6 +48,7 @@ import org.thingsboard.server.dao.oauth2.OAuth2User;
|
||||
import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
|
||||
import org.thingsboard.server.dao.tenant.TenantService;
|
||||
import org.thingsboard.server.dao.user.UserService;
|
||||
import org.thingsboard.server.service.entitiy.TbNotificationEntityService;
|
||||
import org.thingsboard.server.service.install.InstallScripts;
|
||||
import org.thingsboard.server.service.security.model.SecurityUser;
|
||||
import org.thingsboard.server.service.security.model.UserPrincipal;
|
||||
@ -81,6 +83,9 @@ public abstract class AbstractOAuth2ClientMapper {
|
||||
@Autowired
|
||||
private InstallScripts installScripts;
|
||||
|
||||
@Autowired
|
||||
private TbNotificationEntityService notificationEntityService;
|
||||
|
||||
@Autowired
|
||||
protected TbTenantProfileCache tenantProfileCache;
|
||||
|
||||
@ -151,6 +156,9 @@ public abstract class AbstractOAuth2ClientMapper {
|
||||
UserCredentials userCredentials = userService.findUserCredentialsByUserId(user.getTenantId(), user.getId());
|
||||
userService.activateUserCredentials(user.getTenantId(), userCredentials.getActivateToken(), passwordEncoder.encode(""));
|
||||
}
|
||||
|
||||
notificationEntityService.notifyCreateOrUpdateOrDelete(tenantId, customerId, user.getId(),
|
||||
user, user, ActionType.ADDED, true, null);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.error("Can't get or create security user from oauth2 user", e);
|
||||
|
||||
@ -104,7 +104,7 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
|
||||
|
||||
clearAuthenticationAttributes(request, response);
|
||||
getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + accessToken.getToken() + "&refreshToken=" + refreshToken.getToken());
|
||||
systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null, "OAUTH2: " + registration.getName());
|
||||
systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, null);
|
||||
} catch (Exception e) {
|
||||
log.debug("Error occurred during processing authentication success result. " +
|
||||
"request [{}], response [{}], authentication [{}]", request, response, authentication, e);
|
||||
|
||||
@ -53,8 +53,6 @@ import java.util.UUID;
|
||||
@TbCoreComponent
|
||||
public class RestAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String REST_PROVIDER = "REST";
|
||||
|
||||
private final SystemSecurityService systemSecurityService;
|
||||
private final UserService userService;
|
||||
private final CustomerService customerService;
|
||||
@ -89,7 +87,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
|
||||
if (twoFactorAuthService.isTwoFaEnabled(securityUser.getTenantId(), securityUser.getId())) {
|
||||
return new MfaAuthenticationToken(securityUser);
|
||||
} else {
|
||||
systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null, REST_PROVIDER);
|
||||
systemSecurityService.logLoginAction(securityUser, authentication.getDetails(), ActionType.LOGIN, null);
|
||||
}
|
||||
} else {
|
||||
String publicId = userPrincipal.getValue();
|
||||
@ -115,7 +113,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
|
||||
try {
|
||||
systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
|
||||
} catch (LockedException e) {
|
||||
systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null, REST_PROVIDER);
|
||||
systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOCKOUT, null);
|
||||
throw e;
|
||||
}
|
||||
|
||||
@ -124,7 +122,7 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
return new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
|
||||
} catch (Exception e) {
|
||||
systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e, REST_PROVIDER);
|
||||
systemSecurityService.logLoginAction(user, authentication.getDetails(), ActionType.LOGIN, e);
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,9 +59,8 @@ import org.thingsboard.server.queue.util.TbCoreComponent;
|
||||
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
|
||||
import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
|
||||
import org.thingsboard.server.service.security.model.SecurityUser;
|
||||
import org.thingsboard.server.utils.AuthorizationDetails;
|
||||
import org.thingsboard.server.utils.MiscUtils;
|
||||
import org.thingsboard.server.utils.RestAuthenticationDetailsUtils;
|
||||
import ua_parser.Client;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -264,24 +263,54 @@ public class DefaultSystemSecurityService implements SystemSecurityService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider) {
|
||||
public void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e) {
|
||||
String clientAddress = "Unknown";
|
||||
String browser = "Unknown";
|
||||
String os = "Unknown";
|
||||
String device = "Unknown";
|
||||
if (authenticationDetails instanceof RestAuthenticationDetails) {
|
||||
AuthorizationDetails details = RestAuthenticationDetailsUtils.getRestAuthenticationDetails((RestAuthenticationDetails) authenticationDetails);
|
||||
RestAuthenticationDetails details = (RestAuthenticationDetails) authenticationDetails;
|
||||
clientAddress = details.getClientAddress();
|
||||
browser = details.getBrowser();
|
||||
os = details.getOs();
|
||||
device = details.getDevice();
|
||||
if (details.getUserAgent() != null) {
|
||||
Client userAgent = details.getUserAgent();
|
||||
if (userAgent.userAgent != null) {
|
||||
browser = userAgent.userAgent.family;
|
||||
if (userAgent.userAgent.major != null) {
|
||||
browser += " " + userAgent.userAgent.major;
|
||||
if (userAgent.userAgent.minor != null) {
|
||||
browser += "." + userAgent.userAgent.minor;
|
||||
if (userAgent.userAgent.patch != null) {
|
||||
browser += "." + userAgent.userAgent.patch;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (userAgent.os != null) {
|
||||
os = userAgent.os.family;
|
||||
if (userAgent.os.major != null) {
|
||||
os += " " + userAgent.os.major;
|
||||
if (userAgent.os.minor != null) {
|
||||
os += "." + userAgent.os.minor;
|
||||
if (userAgent.os.patch != null) {
|
||||
os += "." + userAgent.os.patch;
|
||||
if (userAgent.os.patchMinor != null) {
|
||||
os += "." + userAgent.os.patchMinor;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (userAgent.device != null) {
|
||||
device = userAgent.device.family;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (actionType == ActionType.LOGIN && e == null) {
|
||||
userService.setLastLoginTs(user.getTenantId(), user.getId());
|
||||
}
|
||||
auditLogService.logEntityAction(
|
||||
user.getTenantId(), user.getCustomerId(), user.getId(),
|
||||
user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device, provider);
|
||||
user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
|
||||
}
|
||||
|
||||
private static boolean isPositiveInteger(Integer val) {
|
||||
|
||||
@ -42,6 +42,6 @@ public interface SystemSecurityService {
|
||||
|
||||
String getBaseUrl(TenantId tenantId, CustomerId customerId, HttpServletRequest httpServletRequest);
|
||||
|
||||
void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e, String provider);
|
||||
void logLoginAction(User user, Object authenticationDetails, ActionType actionType, Exception e);
|
||||
|
||||
}
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
/**
|
||||
* Copyright © 2016-2022 The Thingsboard Authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.thingsboard.server.utils;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public class AuthorizationDetails {
|
||||
private String clientAddress;
|
||||
private String browser;
|
||||
private String os;
|
||||
private String device;
|
||||
}
|
||||
@ -1,63 +0,0 @@
|
||||
/**
|
||||
* Copyright © 2016-2022 The Thingsboard Authors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.thingsboard.server.utils;
|
||||
|
||||
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
|
||||
import ua_parser.Client;
|
||||
|
||||
public class RestAuthenticationDetailsUtils {
|
||||
|
||||
public static AuthorizationDetails getRestAuthenticationDetails(RestAuthenticationDetails details) {
|
||||
String clientAddress = details.getClientAddress();
|
||||
String browser = "Unknown";
|
||||
String os = "Unknown";
|
||||
String device = "Unknown";
|
||||
if (details.getUserAgent() != null) {
|
||||
Client userAgent = details.getUserAgent();
|
||||
if (userAgent.userAgent != null) {
|
||||
browser = userAgent.userAgent.family;
|
||||
if (userAgent.userAgent.major != null) {
|
||||
browser += " " + userAgent.userAgent.major;
|
||||
if (userAgent.userAgent.minor != null) {
|
||||
browser += "." + userAgent.userAgent.minor;
|
||||
if (userAgent.userAgent.patch != null) {
|
||||
browser += "." + userAgent.userAgent.patch;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (userAgent.os != null) {
|
||||
os = userAgent.os.family;
|
||||
if (userAgent.os.major != null) {
|
||||
os += " " + userAgent.os.major;
|
||||
if (userAgent.os.minor != null) {
|
||||
os += "." + userAgent.os.minor;
|
||||
if (userAgent.os.patch != null) {
|
||||
os += "." + userAgent.os.patch;
|
||||
if (userAgent.os.patchMinor != null) {
|
||||
os += "." + userAgent.os.patchMinor;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (userAgent.device != null) {
|
||||
device = userAgent.device.family;
|
||||
}
|
||||
}
|
||||
return new AuthorizationDetails(clientAddress, browser, os, device);
|
||||
}
|
||||
}
|
||||
@ -257,12 +257,10 @@ public class AuditLogServiceImpl implements AuditLogService {
|
||||
String browser = extractParameter(String.class, 1, additionalInfo);
|
||||
String os = extractParameter(String.class, 2, additionalInfo);
|
||||
String device = extractParameter(String.class, 3, additionalInfo);
|
||||
String provider = extractParameter(String.class, 4, additionalInfo);
|
||||
actionData.put("clientAddress", clientAddress);
|
||||
actionData.put("browser", browser);
|
||||
actionData.put("os", os);
|
||||
actionData.put("device", device);
|
||||
actionData.put("provider", provider);
|
||||
break;
|
||||
case PROVISION_SUCCESS:
|
||||
case PROVISION_FAILURE:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user