Skip to content

Commit

Permalink
Merge pull request #983 from wultra/develop
Browse files Browse the repository at this point in the history
Merge develop to master
  • Loading branch information
romanstrobl authored Sep 18, 2023
2 parents 5a13522 + 5937454 commit 30bfa16
Show file tree
Hide file tree
Showing 379 changed files with 13,324 additions and 10,716 deletions.
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "weekly"
70 changes: 12 additions & 58 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,67 +1,21 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
workflow_dispatch:
push:
branches: [ develop, master ]
branches: [ 'develop', 'master', 'releases/**' ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ develop ]
branches: [ 'develop', 'master', 'releases/**' ]
schedule:
- cron: '19 8 * * 5'
- cron: '0 2 * * 4'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
language: [ 'java', 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

steps:
- name: Checkout repository
uses: actions/checkout@v2

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
codeql-analysis:
uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop
secrets: inherit
with:
languages: "['java', 'javascript']"
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
12 changes: 0 additions & 12 deletions .github/workflows/owas-dependecy-check.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .run/PowerAuthAdminApplication.run.xml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="PowerAuthAdminApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
<option name="ACTIVE_PROFILES" />
<option name="ACTIVE_PROFILES" value="dev" />
<option name="DEBUG_MODE" value="true" />
<module name="powerauth-admin" />
<option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.app.admin.PowerAuthAdminApplication" />
Expand Down
4 changes: 4 additions & 0 deletions .run/PowerAuthServerApplication.run.xml
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="PowerAuthServerApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
<option name="ACTIVE_PROFILES" value="dev" />
<option name="DEBUG_MODE" value="true" />
<module name="powerauth-java-server" />
<option name="SPRING_BOOT_MAIN_CLASS" value="io.getlime.security.powerauth.app.server.Application" />
<option name="VM_PARAMETERS" value="-Dserver.servlet.context-path=/powerauth-java-server" />
<option name="WORKING_DIRECTORY" value="file://$MODULE_WORKING_DIR$" />
<method v="2">
<option name="Make" enabled="true" />
<option name="Maven.BeforeRunTask" enabled="true" file="$PROJECT_DIR$/powerauth-java-server/pom.xml" goal="process-resources" />
</method>
</configuration>
</component>
13 changes: 13 additions & 0 deletions docs-private/Developer-How-To-Start.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,19 @@
- Open [http://localhost:8080/powerauth-java-server/actuator/health](http://localhost:8080/powerauth-java-server/actuator/health) and you should get `{"status":"UP"}`


### Database

Database changes are driven by Liquibase.

This is an example how to manually check the Liquibase status.
Important and fixed parameter is `changelog-file`.
Others (like URL, username, password) depend on your environment.

```shell
liquibase --changelog-file=./docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml --url=jdbc:postgresql://localhost:5432/powerauth --username=powerauth status
```


## PowerAuth Admin Server


Expand Down
10 changes: 5 additions & 5 deletions docs/Activation-Recovery.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Configuration of Activation Recovery

PowerAuth Server supports activation recovery in case user loses mobile device or it gets stolen. Activation recovery
PowerAuth Server supports activation recovery in case user loses mobile device, or it gets stolen. Activation recovery
can be enabled using PowerAuth Admin.

## Enabling Activation Recovery

By default activation recovery is disabled, which means that if the user loses the mobile device a new activation needs
By default, activation recovery is disabled, which means that if the user loses the mobile device a new activation needs
to be created.

Activation recovery allows recovering the activation using a recovery code and recovery PUK without going through
Expand All @@ -26,7 +26,7 @@ You can enable Activation Recovery for Activations using following steps in Powe
- Enable the `Activation Recovery Enabled` checkbox

From now on the PowerAuth Server will generate recovery codes and PUKs for new activations. Users will be asked
to write down the recovery code and PUK during an activation and they can use these details to recover an activation
to write down the recovery code and PUK during an activation, and they can use these details to recover an activation
later on.

### Enabling Activation Recovery using Recovery Postcard
Expand All @@ -39,14 +39,14 @@ You can enable Activation Recovery using Recovery Postcard using following steps
- Enabled the `Recovery Postcard Enabled` checkbox

The `Recovery Postcard Public Key` value contains public key for key exchange with Recovery Postcard printing center which represents PowerAuth server.
This key needs to be entered into the Recovery Postcard Printing Center application and it enables secure sharing of recovery code and PUK data.
This key needs to be entered into the Recovery Postcard Printing Center application, and it enables secure sharing of recovery code and PUK data.

You need to configure the `Recovery Postcard Printing Center Public Key` which represents the Recovery Postcard printing center.
This key is provided by the Recovery Postcard Printing Center application and is also required for secure sharing of recovery code and PUK data.

The checkbox `Allow Multiple Recovery Codes for User` is used to configure whether existing recovery codes for the user need to be revoked before
creating another recovery code. In case the checkbox is enabled, it is not necessary to revoke existing codes and multiple recovery postcards can exist.
Otherwise revoking recovery code is necessary before creating a new recovery code.
Otherwise, revoking recovery code is necessary before creating a new recovery code.

Once activation recovery using recovery postcard is configured it is possible to create recovery postcards with
recovery codes and PUKs and distribute them securely to users.
Expand Down
39 changes: 24 additions & 15 deletions docs/Configuration-Properties.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,33 @@ The PowerAuth Server uses the following public configuration properties:

## Activation and Cryptography Configuration

| Property | Default | Note |
|---|---|---|
| `powerauth.service.crypto.activationValidityInMilliseconds` | `120000` | Default activation validity period in miliseconds |
| `powerauth.service.crypto.signatureMaxFailedAttempts` | `5` | Maximum failed attempts for signature verification |
| `powerauth.service.token.timestamp.validity` | `7200000` |PowerAuth MAC token timestamp validity in miliseconds |
| `powerauth.service.recovery.maxFailedAttempts` | `5` | Maximum failed attempts for activation recovery |
| `powerauth.service.secureVault.enableBiometricAuthentication` | `false` | Whether biometric authentication is enabled when accessing Secure Vault |
| `powerauth.server.db.master.encryption.key` | `_empty_` | Master DB encryption key for decryption of server private key in database |
| Property | Default | Note |
|--------------------------------------------------------------------|-----------|-----------------------------------------------------------------------------------------|
| `powerauth.service.crypto.activationValidityInMilliseconds` | `120000` | Default activation validity period in miliseconds |
| `powerauth.service.crypto.signatureMaxFailedAttempts` | `5` | Maximum failed attempts for signature verification |
| `powerauth.service.crypto.requestExpirationInMilliseconds` | `60000` | Expiration for ECIES and MAC token requests. |
| `powerauth.service.crypto.requestExpirationInMillisecondsExtended` | `7200000` | Expiration for ECIES and MAC token requests for protocol versions 3.1 and older. |
| `powerauth.service.crypto.replayVerificationService` | `default` | Request replay verification service, options: `default`, `none` |
| `powerauth.service.token.timestamp.validity` | `7200000` | PowerAuth MAC token timestamp validity in miliseconds |
| `powerauth.service.recovery.maxFailedAttempts` | `5` | Maximum failed attempts for activation recovery |
| `powerauth.service.secureVault.enableBiometricAuthentication` | `false` | Whether biometric authentication is enabled when accessing Secure Vault |
| `powerauth.server.db.master.encryption.key` | `_empty_` | Master DB encryption key for decryption of server private key in database |
| `powerauth.service.proximity-check.otp.length` | `8` | Length of OTP generated for proximity check |
| `powerauth.service.pagination.default-page-size` | `100` | The default number of records per page when paginated results are requested |
| `powerauth.service.pagination.default-page-number` | `0` | The default page number when paginated results are requested. Page numbers start from 0 |

## HTTP Configuration

| Property | Default | Note |
|---|---|---|
| `powerauth.service.http.proxy.enabled` | `false` | Whether proxy is enabled for outgoing HTTP requests |
| `powerauth.service.http.proxy.host` | `127.0.0.1` | Proxy host for outgoing HTTP requests |
| `powerauth.service.http.proxy.port` | `8080` | Proxy port for outgoing HTTP requests |
| `powerauth.service.http.proxy.username` | `_emtpy_` | Proxy username for outgoing HTTP requests |
| `powerauth.service.http.proxy.password` | `_empty_` | Proxy password for outgoing HTTP requests |
| Property | Default | Note |
|---------------------------------------------------|-------------|-----------------------------------------------------|
| `powerauth.service.http.proxy.enabled` | `false` | Whether proxy is enabled for outgoing HTTP requests |
| `powerauth.service.http.proxy.host` | `127.0.0.1` | Proxy host for outgoing HTTP requests |
| `powerauth.service.http.proxy.port` | `8080` | Proxy port for outgoing HTTP requests |
| `powerauth.service.http.proxy.username` | `_emtpy_` | Proxy username for outgoing HTTP requests |
| `powerauth.service.http.proxy.password` | `_empty_` | Proxy password for outgoing HTTP requests |
| `powerauth.service.http.connection.timeout` | `5s` | HTTP connection timeout |
| `powerauth.service.http.response.timeout` | `60s` | HTTP response timeout |
| `powerauth.service.http.connection.max-idle-time` | `200s` | HTTP max idle time |

## Spring Vault Configuration

Expand Down
Loading

0 comments on commit 30bfa16

Please sign in to comment.