feature/credentials-schema-updates (#180)
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/180 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
@@ -1,7 +1,11 @@
|
||||
package net.hostsharing.hsadminng.credentials;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.time.ZoneOffset;
|
||||
import java.time.format.DateTimeFormatter;
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
|
||||
@@ -24,6 +28,8 @@ import jakarta.persistence.EntityNotFoundException;
|
||||
@SecurityRequirement(name = "casTicket")
|
||||
public class HsCredentialsController implements CredentialsApi {
|
||||
|
||||
private static DateTimeFormatter FULL_TIMESTAMP_FORMAT = DateTimeFormatter.BASIC_ISO_DATE;
|
||||
|
||||
@Autowired
|
||||
private Context context;
|
||||
|
||||
@@ -67,7 +73,7 @@ public class HsCredentialsController implements CredentialsApi {
|
||||
messageTranslator.translate("{0} \"{1}\" not found or not accessible", "personUuid", personUuid)
|
||||
)
|
||||
|
||||
); // FIXME: use proper exception
|
||||
);
|
||||
final var credentials = credentialsRepo.findByPerson(person);
|
||||
final var result = mapper.mapList(credentials, CredentialsResource.class);
|
||||
return ResponseEntity.ok(result);
|
||||
@@ -113,4 +119,25 @@ public class HsCredentialsController implements CredentialsApi {
|
||||
final var mapped = mapper.map(saved, CredentialsResource.class);
|
||||
return ResponseEntity.ok(mapped);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Timed("app.credentials.credentials.credentialsUsed")
|
||||
public ResponseEntity<CredentialsResource> credentialsUsed(
|
||||
final String assumedRoles,
|
||||
final UUID credentialsUuid) {
|
||||
context.assumeRoles(assumedRoles);
|
||||
|
||||
final var current = credentialsRepo.findByUuid(credentialsUuid).orElseThrow();
|
||||
|
||||
current.setOnboardingToken(null);
|
||||
current.setLastUsed(LocalDateTime.now());
|
||||
|
||||
final var saved = credentialsRepo.save(current);
|
||||
final var mapped = mapper.map(saved, CredentialsResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
return ResponseEntity.ok(mapped);
|
||||
}
|
||||
|
||||
final BiConsumer<HsCredentialsEntity, CredentialsResource> ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource) -> {
|
||||
resource.setLastUsed(entity.getLastUsed().atOffset(ZoneOffset.UTC));
|
||||
};
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
// import net.hostsharing.hsadminng.rbac.RbacSubjectEntity; // Assuming RbacSubjectEntity exists for the FK relationship
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
@@ -29,7 +30,7 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
|
||||
protected static Stringify<HsCredentialsEntity> stringify = stringify(HsCredentialsEntity.class, "credentials")
|
||||
.withProp(HsCredentialsEntity::isActive)
|
||||
.withProp(HsCredentialsEntity::getEmailAddress)
|
||||
.withProp(HsCredentialsEntity::getTwoFactorAuth)
|
||||
.withProp(HsCredentialsEntity::getTotpSecret)
|
||||
.withProp(HsCredentialsEntity::getPhonePassword)
|
||||
.withProp(HsCredentialsEntity::getSmsNumber)
|
||||
.quotedValues(false);
|
||||
@@ -49,6 +50,9 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@Column
|
||||
private LocalDateTime lastUsed;
|
||||
|
||||
@Column
|
||||
private boolean active;
|
||||
|
||||
@@ -62,7 +66,7 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
|
||||
private String onboardingToken;
|
||||
|
||||
@Column
|
||||
private String twoFactorAuth;
|
||||
private String totpSecret;
|
||||
|
||||
@Column
|
||||
private String phonePassword;
|
||||
|
||||
@@ -31,8 +31,8 @@ public class HsCredentialsEntityPatcher implements EntityPatcher<CredentialsPatc
|
||||
}
|
||||
OptionalFromJson.of(resource.getEmailAddress())
|
||||
.ifPresent(entity::setEmailAddress);
|
||||
OptionalFromJson.of(resource.getTwoFactorAuth())
|
||||
.ifPresent(entity::setTwoFactorAuth);
|
||||
OptionalFromJson.of(resource.getTotpSecret())
|
||||
.ifPresent(entity::setTotpSecret);
|
||||
OptionalFromJson.of(resource.getSmsNumber())
|
||||
.ifPresent(entity::setSmsNumber);
|
||||
OptionalFromJson.of(resource.getPhonePassword())
|
||||
|
||||
@@ -8,7 +8,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingDebitorRepository extends Repository<HsBookingDebitorEntity, UUID> {
|
||||
|
||||
@Timed("app.booking.debitor.repo.findByUuid")
|
||||
|
||||
@@ -6,7 +6,7 @@ import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface BookingItemCreatedEventRepository extends Repository<BookingItemCreatedEventEntity, UUID> {
|
||||
|
||||
@Timed("app.booking.items.repo.save")
|
||||
|
||||
@@ -32,7 +32,7 @@ import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
|
||||
|
||||
@RestController
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
@SecurityRequirement(name = "casTicket")
|
||||
public class HsBookingItemController implements HsBookingItemsApi {
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingItemRbacRepository extends HsBookingItemRepository<HsBookingItemRbacEntity>,
|
||||
Repository<HsBookingItemRbacEntity, UUID> {
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingItemRealRepository extends HsBookingItemRepository<HsBookingItemRealEntity>,
|
||||
Repository<HsBookingItemRealEntity, UUID> {
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingItemRepository<E extends HsBookingItem> {
|
||||
|
||||
Optional<E> findByUuid(final UUID bookingItemUuid);
|
||||
|
||||
@@ -22,7 +22,7 @@ import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
@RestController
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
@SecurityRequirement(name = "casTicket")
|
||||
public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingProjectRbacRepository extends HsBookingProjectRepository<HsBookingProjectRbacEntity>,
|
||||
Repository<HsBookingProjectRbacEntity, UUID> {
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingProjectRealRepository extends HsBookingProjectRepository<HsBookingProjectRealEntity>,
|
||||
Repository<HsBookingProjectRealEntity, UUID> {
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsBookingProjectRepository<E extends HsBookingProject> {
|
||||
|
||||
@Timed("app.booking.projects.repo.findByUuid")
|
||||
|
||||
@@ -29,7 +29,7 @@ import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
@RestController
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
@SecurityRequirement(name = "casTicket")
|
||||
public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ import java.util.Map;
|
||||
|
||||
|
||||
@RestController
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
@NoSecurityRequirement
|
||||
public class HsHostingAssetPropsController implements HsHostingAssetPropsApi {
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository<HsHostingAssetRbacEntity>, Repository<HsHostingAssetRbacEntity, UUID> {
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByUuid.rbac")
|
||||
|
||||
@@ -10,7 +10,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsHostingAssetRealRepository extends HsHostingAssetRepository<HsHostingAssetRealEntity>, Repository<HsHostingAssetRealEntity, UUID> {
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByUuid.real")
|
||||
|
||||
@@ -7,7 +7,7 @@ import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public interface HsHostingAssetRepository<E extends HsHostingAsset> {
|
||||
|
||||
@Timed("app.hosting.assets.repo.findByUuid")
|
||||
|
||||
@@ -17,7 +17,7 @@ import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
@Profile("!only-office")
|
||||
@Profile("!only-prod-schema")
|
||||
public class HsBookingItemCreatedListener implements ApplicationListener<BookingItemCreatedAppEvent> {
|
||||
|
||||
@Autowired
|
||||
|
||||
@@ -16,8 +16,12 @@ paths:
|
||||
|
||||
# Credentials
|
||||
|
||||
/api/hs/credentials/credentials:
|
||||
$ref: "credentials.yaml"
|
||||
/api/hs/credentials/credentials/{credentialsUuid}/used:
|
||||
$ref: "credentials-with-uuid-used.yaml"
|
||||
|
||||
/api/hs/credentials/credentials/{credentialsUuid}:
|
||||
$ref: "credentials-with-uuid.yaml"
|
||||
|
||||
/api/hs/credentials/credentials:
|
||||
$ref: "credentials.yaml"
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ components:
|
||||
uuid:
|
||||
type: string
|
||||
format: uuid
|
||||
twoFactorAuth:
|
||||
totpSecret:
|
||||
type: string
|
||||
telephonePassword:
|
||||
type: string
|
||||
@@ -29,6 +29,9 @@ components:
|
||||
type: array
|
||||
items:
|
||||
$ref: 'context-schemas.yaml#/components/schemas/Context'
|
||||
lastUsed:
|
||||
type: string
|
||||
format: date-time
|
||||
required:
|
||||
- uuid
|
||||
- active
|
||||
@@ -38,7 +41,7 @@ components:
|
||||
CredentialsPatch:
|
||||
type: object
|
||||
properties:
|
||||
twoFactorAuth:
|
||||
totpSecret:
|
||||
type: string
|
||||
nullable: true
|
||||
phonePassword:
|
||||
@@ -64,7 +67,7 @@ components:
|
||||
uuid:
|
||||
type: string
|
||||
format: uuid
|
||||
twoFactorAuth:
|
||||
totpSecret:
|
||||
type: string
|
||||
telephonePassword:
|
||||
type: string
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
post:
|
||||
tags:
|
||||
- -credentials
|
||||
description: 'Is called when credentials got used for a login.'
|
||||
operationId: credentialsUsed
|
||||
parameters:
|
||||
- $ref: 'auth.yaml#/components/parameters/assumedRoles'
|
||||
- name: credentialsUuid
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
format: uuid
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
content:
|
||||
'application/json':
|
||||
schema:
|
||||
$ref: 'credentials-schemas.yaml#/components/schemas/Credentials'
|
||||
"401":
|
||||
$ref: 'error-responses.yaml#/components/responses/Unauthorized'
|
||||
"403":
|
||||
$ref: 'error-responses.yaml#/components/responses/Forbidden'
|
||||
@@ -13,11 +13,12 @@ create table hs_credentials.credentials
|
||||
person_uuid uuid not null references hs_office.person(uuid),
|
||||
|
||||
active bool,
|
||||
last_used timestamp,
|
||||
global_uid int unique, -- w/o
|
||||
global_gid int unique, -- w/o
|
||||
onboarding_token text, -- w/o
|
||||
onboarding_token text, -- w/o, but can be set to null to invalidate
|
||||
|
||||
two_factor_auth text,
|
||||
totp_secret text,
|
||||
phone_password text,
|
||||
email_address text,
|
||||
sms_number text
|
||||
|
||||
@@ -51,7 +51,7 @@ begin
|
||||
-- call rbac.grantRoleToRole(hs_credentials.context_REFERRER(context_MATRIX_internal), rbac.global_ADMIN());
|
||||
|
||||
-- Add test credentials (linking to assumed rbac.subject UUIDs)
|
||||
INSERT INTO hs_credentials.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, two_factor_auth, phone_password, email_address, sms_number) VALUES
|
||||
INSERT INTO hs_credentials.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secret, phone_password, email_address, sms_number) VALUES
|
||||
( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', 'otp-secret-1', 'phone-pw-1', 'alex@example.com', '111-222-3333'),
|
||||
( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', 'otp-secret-2', 'phone-pw-2', 'fran@example.com', '444-555-6666');
|
||||
|
||||
|
||||
@@ -174,59 +174,61 @@ databaseChangeLog:
|
||||
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/600-hs-booking-schema.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
|
||||
context: "!only-office and !without-test-data"
|
||||
context: "!only-prod-schema and !without-test-data"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
|
||||
context: "!only-office and !without-test-data"
|
||||
context: "!only-prod-schema and !without-test-data"
|
||||
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
|
||||
context: "!only-office and !without-test-data"
|
||||
context: "!only-prod-schema and !without-test-data"
|
||||
|
||||
- include:
|
||||
file: db/changelog/9-hs-global/9000-statistics.sql
|
||||
context: "!only-office"
|
||||
context: "!only-prod-schema"
|
||||
|
||||
- include:
|
||||
file: db/changelog/9-hs-global/950-credentials/9500-hs-credentials-schema.sql
|
||||
context: "!only-prod-schema"
|
||||
- include:
|
||||
file: db/changelog/9-hs-global/950-credentials/9510-hs-credentials.sql
|
||||
context: "!only-prod-schema"
|
||||
# TODO_impl: RBAC rules for _rv do not yet work properly
|
||||
# - include:
|
||||
# file: db/changelog/9-hs-global/950-credentials/9513-hs-credentials-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/9-hs-global/950-credentials/9519-hs-credentials-test-data.sql
|
||||
context: "!without-test-data"
|
||||
context: "!only-prod-schema and !without-test-data"
|
||||
|
||||
- include:
|
||||
file: db/changelog/9-hs-global/960-integrations/9600-hs-integration-schema.sql
|
||||
|
||||
Reference in New Issue
Block a user