Skip to content

Commit

Permalink
Merge pull request #148 from wultra/issues/merge-upstream
Browse files Browse the repository at this point in the history
Merge upstream
  • Loading branch information
banterCZ authored Sep 10, 2024
2 parents 19e78b3 + c3aeb45 commit 0656ec6
Show file tree
Hide file tree
Showing 5 changed files with 188 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
* PowerAuth Enrollment Server
* Copyright (C) 2024 Wultra s.r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package com.wultra.app.enrollmentserver.api.model.enrollment.request;

import jakarta.validation.constraints.NotBlank;
import lombok.Data;

/**
* Request object for OIDC application configuration.
*
* @author Lubos Racansky, [email protected]
*/
@Data
public class OidcApplicationConfigurationRequest {

@NotBlank
private String providerId;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* PowerAuth Enrollment Server
* Copyright (C) 2024 Wultra s.r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package com.wultra.app.enrollmentserver.api.model.enrollment.response;

import lombok.Data;

/**
* Response object for OIDC application configuration.
*
* @author Lubos Racansky, [email protected]
*/
@Data
public class OidcApplicationConfigurationResponse {

private String providerId;
private String clientId;
private String scopes;
private String authorizeUri;
private String redirectUri;

/**
* A hint for the mobile application whether to user PKCE.
* If set to {@code true}, {@code codeVerifier} must be present in identity attributes during create activation step.
*/
private boolean pkceEnabled;

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
/*
* PowerAuth Enrollment Server
* Copyright (C) 2024 Wultra s.r.o.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package com.wultra.app.enrollmentserver.controller.api;

import com.wultra.app.enrollmentserver.api.model.enrollment.request.OidcApplicationConfigurationRequest;
import com.wultra.app.enrollmentserver.api.model.enrollment.response.OidcApplicationConfigurationResponse;
import io.getlime.core.rest.model.base.response.ObjectResponse;
import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody;
import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfiguration;
import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfigurationService;
import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcConfigurationQuery;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
* Controller that provides application configuration.
*
* @author Lubos Racansky, [email protected]
*/
@RestController
@RequestMapping("/api/config")
@Slf4j
@AllArgsConstructor
public class ApplicationConfigurationController {

private OidcApplicationConfigurationService oidcApplicationConfigurationService;

/**
* Fetch OIDC application configuration.
*
* @param request Request OIDC application configuration.
* @param encryptionContext PowerAuth ECIES encryption context.
* @return OIDC application configuration.
* @throws PowerAuthApplicationConfigurationException In case there is an error while fetching claims.
* @throws PowerAuthEncryptionException In case of failed encryption.
*/
@PowerAuthEncryption(scope = EncryptionScope.APPLICATION_SCOPE)
@PostMapping("oidc")
@Operation(
summary = "Fetch OIDC application configuration.",
description = "Fetch OIDC application configuration."
)
public ObjectResponse<OidcApplicationConfigurationResponse> fetchOidcConfiguration(
@EncryptedRequestBody OidcApplicationConfigurationRequest request,
@Parameter(hidden = true) EncryptionContext encryptionContext) throws PowerAuthEncryptionException, PowerAuthApplicationConfigurationException {

if (encryptionContext == null) {
logger.error("Encryption failed");
throw new PowerAuthEncryptionException("Encryption failed");
}

final OidcApplicationConfiguration oidcApplicationConfiguration = oidcApplicationConfigurationService.fetchOidcApplicationConfiguration(OidcConfigurationQuery.builder()
.providerId(request.getProviderId())
.applicationKey(encryptionContext.getApplicationKey())
.build());
final OidcApplicationConfigurationResponse result = convert(oidcApplicationConfiguration);
return new ObjectResponse<>(result);
}

private static OidcApplicationConfigurationResponse convert(final OidcApplicationConfiguration source) {
final OidcApplicationConfigurationResponse target = new OidcApplicationConfigurationResponse();
target.setClientId(source.getClientId());
target.setAuthorizeUri(source.getAuthorizeUri());
target.setScopes(source.getScopes());
target.setRedirectUri(source.getRedirectUri());
target.setProviderId(source.getProviderId());
target.setPkceEnabled(source.isPkceEnabled());
return target;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

import com.wultra.security.powerauth.lib.mtoken.model.enumeration.ErrorCode;
import io.getlime.core.rest.model.base.response.ErrorResponse;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
Expand Down Expand Up @@ -147,6 +148,18 @@ public class DefaultExceptionHandler {
return new ErrorResponse("ACTIVATION_CODE_FAILED", "Unable to fetch activation code.");
}

/**
* Handling of application configuration exceptions.
* @param ex Exception.
* @return Response with error details.
*/
@ExceptionHandler(PowerAuthApplicationConfigurationException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public @ResponseBody ErrorResponse handleActivationCodeException(PowerAuthApplicationConfigurationException ex) {
logger.warn("Unable to fetch application configuration", ex);
return new ErrorResponse("APPLICATION_CONFIGURATION_ERROR", "Unable to fetch application configuration.");
}

/**
* Handling of inbox exceptions.
* @param ex Exception.
Expand Down
10 changes: 5 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.3.2</version>
<version>3.3.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>

Expand Down Expand Up @@ -88,11 +88,11 @@
</modules>

<properties>
<openapi-generator-maven-plugin.version>7.7.0</openapi-generator-maven-plugin.version>
<openapi-generator-maven-plugin.version>7.8.0</openapi-generator-maven-plugin.version>

<shedlock.version>5.14.0</shedlock.version>
<shedlock.version>5.16.0</shedlock.version>
<spring-statemachine.version>4.0.0</spring-statemachine.version>
<swagger-annotations-jakarta.version>2.2.22</swagger-annotations-jakarta.version>
<swagger-annotations-jakarta.version>2.2.23</swagger-annotations-jakarta.version>
<springdoc-openapi-starter-webmvc-ui.version>2.6.0</springdoc-openapi-starter-webmvc-ui.version>
<moneta.version>1.4.4</moneta.version>

Expand All @@ -101,7 +101,7 @@
<powerauth-restful-integration.version>1.9.0-SNAPSHOT</powerauth-restful-integration.version>
<powerauth-push.version>1.9.0-SNAPSHOT</powerauth-push.version>

<logstash.version>7.4</logstash.version>
<logstash.version>8.0</logstash.version>
</properties>

<dependencyManagement>
Expand Down

0 comments on commit 0656ec6

Please sign in to comment.