From e7bf59331de50261e03843281017e31619e31005 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 01:22:37 +0000 Subject: [PATCH 01/22] Bump net.logstash.logback:logstash-logback-encoder from 7.4 to 8.0 Bumps [net.logstash.logback:logstash-logback-encoder](https://github.com/logfellow/logstash-logback-encoder) from 7.4 to 8.0. - [Release notes](https://github.com/logfellow/logstash-logback-encoder/releases) - [Commits](https://github.com/logfellow/logstash-logback-encoder/compare/logstash-logback-encoder-7.4...logstash-logback-encoder-8.0) --- updated-dependencies: - dependency-name: net.logstash.logback:logstash-logback-encoder dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index da9b1f2c3..470ddda02 100644 --- a/pom.xml +++ b/pom.xml @@ -101,7 +101,7 @@ 1.4.4 20240325.1 - 7.4 + 8.0 1.10.0-SNAPSHOT From 0cda02d9a3e5ae9854f7aea5ac427e6cda0b64a3 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 29 Jul 2024 13:41:32 +0200 Subject: [PATCH 02/22] Fix #1656: Set develop version to 1.9.0-SNAPSHOT --- pom.xml | 10 +++++----- powerauth-data-adapter-client/pom.xml | 2 +- powerauth-data-adapter-model/pom.xml | 2 +- powerauth-mtoken-model/pom.xml | 2 +- powerauth-nextstep-client/pom.xml | 2 +- powerauth-nextstep-model/pom.xml | 2 +- powerauth-nextstep/pom.xml | 2 +- powerauth-tpp-engine-client/pom.xml | 2 +- powerauth-tpp-engine-model/pom.xml | 2 +- powerauth-tpp-engine/pom.xml | 2 +- powerauth-webflow-authentication-approval-sca/pom.xml | 2 +- powerauth-webflow-authentication-consent/pom.xml | 2 +- powerauth-webflow-authentication-form/pom.xml | 2 +- powerauth-webflow-authentication-init/pom.xml | 2 +- powerauth-webflow-authentication-login-sca/pom.xml | 2 +- powerauth-webflow-authentication-mtoken/pom.xml | 2 +- .../pom.xml | 2 +- powerauth-webflow-authentication-sms/pom.xml | 2 +- powerauth-webflow-authentication/pom.xml | 2 +- powerauth-webflow-client/pom.xml | 2 +- powerauth-webflow-i18n/pom.xml | 2 +- powerauth-webflow-resources/pom.xml | 2 +- powerauth-webflow/pom.xml | 2 +- 23 files changed, 27 insertions(+), 27 deletions(-) diff --git a/pom.xml b/pom.xml index 1604b20f1..42116af9d 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT pom @@ -104,10 +104,10 @@ 7.4 - 1.10.0 - 1.8.0 - 1.8.0 - 1.8.0 + 1.11.0-SNAPSHOT + 1.9.0-SNAPSHOT + 1.9.0-SNAPSHOT + 1.9.0-SNAPSHOT diff --git a/powerauth-data-adapter-client/pom.xml b/powerauth-data-adapter-client/pom.xml index 2c117cbb8..e5e3660ad 100644 --- a/powerauth-data-adapter-client/pom.xml +++ b/powerauth-data-adapter-client/pom.xml @@ -28,7 +28,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-data-adapter-model/pom.xml b/powerauth-data-adapter-model/pom.xml index 7eba0a47c..0e9836f5c 100644 --- a/powerauth-data-adapter-model/pom.xml +++ b/powerauth-data-adapter-model/pom.xml @@ -28,7 +28,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-mtoken-model/pom.xml b/powerauth-mtoken-model/pom.xml index 07e8279fb..3e44ffa7d 100644 --- a/powerauth-mtoken-model/pom.xml +++ b/powerauth-mtoken-model/pom.xml @@ -27,7 +27,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-nextstep-client/pom.xml b/powerauth-nextstep-client/pom.xml index 89d0978ae..ee001bb8b 100644 --- a/powerauth-nextstep-client/pom.xml +++ b/powerauth-nextstep-client/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-nextstep-client diff --git a/powerauth-nextstep-model/pom.xml b/powerauth-nextstep-model/pom.xml index 5519b7197..b0dacfd72 100644 --- a/powerauth-nextstep-model/pom.xml +++ b/powerauth-nextstep-model/pom.xml @@ -29,7 +29,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-nextstep/pom.xml b/powerauth-nextstep/pom.xml index c7ef55d63..7831ce5fe 100644 --- a/powerauth-nextstep/pom.xml +++ b/powerauth-nextstep/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-tpp-engine-client/pom.xml b/powerauth-tpp-engine-client/pom.xml index 50e5472c3..8386b844b 100644 --- a/powerauth-tpp-engine-client/pom.xml +++ b/powerauth-tpp-engine-client/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-tpp-engine-client diff --git a/powerauth-tpp-engine-model/pom.xml b/powerauth-tpp-engine-model/pom.xml index 9eadfebc3..0f48efe51 100644 --- a/powerauth-tpp-engine-model/pom.xml +++ b/powerauth-tpp-engine-model/pom.xml @@ -24,7 +24,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-tpp-engine-model diff --git a/powerauth-tpp-engine/pom.xml b/powerauth-tpp-engine/pom.xml index 259ef8fa3..86adb7418 100644 --- a/powerauth-tpp-engine/pom.xml +++ b/powerauth-tpp-engine/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-webflow-authentication-approval-sca/pom.xml b/powerauth-webflow-authentication-approval-sca/pom.xml index 448f641fd..521fa4143 100644 --- a/powerauth-webflow-authentication-approval-sca/pom.xml +++ b/powerauth-webflow-authentication-approval-sca/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-approval-sca diff --git a/powerauth-webflow-authentication-consent/pom.xml b/powerauth-webflow-authentication-consent/pom.xml index 3390ece85..af61cf3db 100644 --- a/powerauth-webflow-authentication-consent/pom.xml +++ b/powerauth-webflow-authentication-consent/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-consent diff --git a/powerauth-webflow-authentication-form/pom.xml b/powerauth-webflow-authentication-form/pom.xml index e93b3dc18..72bdf2274 100644 --- a/powerauth-webflow-authentication-form/pom.xml +++ b/powerauth-webflow-authentication-form/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-form diff --git a/powerauth-webflow-authentication-init/pom.xml b/powerauth-webflow-authentication-init/pom.xml index a85824923..8694e8f42 100644 --- a/powerauth-webflow-authentication-init/pom.xml +++ b/powerauth-webflow-authentication-init/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-init diff --git a/powerauth-webflow-authentication-login-sca/pom.xml b/powerauth-webflow-authentication-login-sca/pom.xml index fa0f331b4..478d7ee2f 100644 --- a/powerauth-webflow-authentication-login-sca/pom.xml +++ b/powerauth-webflow-authentication-login-sca/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-login-sca diff --git a/powerauth-webflow-authentication-mtoken/pom.xml b/powerauth-webflow-authentication-mtoken/pom.xml index 0b0f8be1b..336fe8941 100644 --- a/powerauth-webflow-authentication-mtoken/pom.xml +++ b/powerauth-webflow-authentication-mtoken/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-mtoken diff --git a/powerauth-webflow-authentication-operation-review/pom.xml b/powerauth-webflow-authentication-operation-review/pom.xml index fb8d2cdf2..2c4e1fce1 100644 --- a/powerauth-webflow-authentication-operation-review/pom.xml +++ b/powerauth-webflow-authentication-operation-review/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-operation-review diff --git a/powerauth-webflow-authentication-sms/pom.xml b/powerauth-webflow-authentication-sms/pom.xml index d51dda749..8f6ebcf96 100644 --- a/powerauth-webflow-authentication-sms/pom.xml +++ b/powerauth-webflow-authentication-sms/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow-authentication-sms diff --git a/powerauth-webflow-authentication/pom.xml b/powerauth-webflow-authentication/pom.xml index 063b582f1..e3389213f 100644 --- a/powerauth-webflow-authentication/pom.xml +++ b/powerauth-webflow-authentication/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT io.getlime.security diff --git a/powerauth-webflow-client/pom.xml b/powerauth-webflow-client/pom.xml index eb1da0096..7ef8a86e7 100644 --- a/powerauth-webflow-client/pom.xml +++ b/powerauth-webflow-client/pom.xml @@ -30,7 +30,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-webflow-i18n/pom.xml b/powerauth-webflow-i18n/pom.xml index 288f266bb..b26562c11 100644 --- a/powerauth-webflow-i18n/pom.xml +++ b/powerauth-webflow-i18n/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT diff --git a/powerauth-webflow-resources/pom.xml b/powerauth-webflow-resources/pom.xml index b17262fd0..bcabecad5 100644 --- a/powerauth-webflow-resources/pom.xml +++ b/powerauth-webflow-resources/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.8.0 + 1.9.0-SNAPSHOT io.getlime.security diff --git a/powerauth-webflow/pom.xml b/powerauth-webflow/pom.xml index 6cc8dee00..e952fcc30 100644 --- a/powerauth-webflow/pom.xml +++ b/powerauth-webflow/pom.xml @@ -24,7 +24,7 @@ io.getlime.security powerauth-webflow-parent - 1.8.0 + 1.9.0-SNAPSHOT powerauth-webflow From a36adc5d877b0a375d937472a6816a197340cb37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 31 Jul 2024 13:06:25 +0200 Subject: [PATCH 03/22] Fix #1668: Add configuration to disable websockets (#1669) --- .../mtoken/controller/MessageController.java | 4 +- .../controller/MobileAppApiController.java | 15 ++++- .../WebFlowServicesConfiguration.java | 14 +++++ .../listener/WebSocketDisconnectListener.java | 2 + .../websocket/WebSocketMessageService.java | 63 +++++++++++++++++++ .../WebSocketMessageServiceDummy.java | 56 +++++++++++++++++ .../WebSocketMessageServiceImpl.java} | 43 ++++--------- powerauth-webflow/pom.xml | 33 ++++++++++ .../WebFlowServerConfiguration.java | 14 +++++ .../configuration/WebSocketConfiguration.java | 6 +- .../webflow/controller/HomeController.java | 1 + .../src/main/js/websocket-client.js | 15 +++++ .../src/main/resources/application.properties | 3 + .../src/main/resources/templates/index.html | 2 + 14 files changed, 235 insertions(+), 36 deletions(-) create mode 100644 powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java create mode 100644 powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java rename powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/{WebSocketMessageService.java => websocket/WebSocketMessageServiceImpl.java} (78%) diff --git a/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java b/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java index 33e4cff3f..a04247957 100644 --- a/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java +++ b/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MessageController.java @@ -18,8 +18,9 @@ package io.getlime.security.powerauth.lib.webflow.authentication.mtoken.controller; import io.getlime.security.powerauth.lib.webflow.authentication.model.request.WebSocketRegistrationRequest; -import io.getlime.security.powerauth.lib.webflow.authentication.service.WebSocketMessageService; +import io.getlime.security.powerauth.lib.webflow.authentication.service.websocket.WebSocketMessageService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.messaging.handler.annotation.MessageMapping; import org.springframework.messaging.simp.SimpMessageHeaderAccessor; import org.springframework.stereotype.Controller; @@ -30,6 +31,7 @@ * @author Roman Strobl */ @Controller +@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true") public class MessageController { private final WebSocketMessageService webSocketMessageService; diff --git a/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java b/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java index 871003fb4..43baccb87 100644 --- a/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java +++ b/powerauth-webflow-authentication-mtoken/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/mtoken/controller/MobileAppApiController.java @@ -55,7 +55,7 @@ import io.getlime.security.powerauth.lib.webflow.authentication.mtoken.model.response.MobileTokenAuthenticationResponse; import io.getlime.security.powerauth.lib.webflow.authentication.service.AuthMethodQueryService; import io.getlime.security.powerauth.lib.webflow.authentication.service.PowerAuthOperationService; -import io.getlime.security.powerauth.lib.webflow.authentication.service.WebSocketMessageService; +import io.getlime.security.powerauth.lib.webflow.authentication.service.websocket.WebSocketMessageService; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken; import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation; @@ -65,6 +65,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -95,6 +96,12 @@ public class MobileAppApiController extends AuthMethodController getOperationConfigs(List getOperationConfigs(List { private final OperationSessionService operationSessionService; diff --git a/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java new file mode 100644 index 000000000..9d94f4c7c --- /dev/null +++ b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageService.java @@ -0,0 +1,63 @@ +/* + * Copyright 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket; + +import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult; + +/** + * Interface for WebSocket messages. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public interface WebSocketMessageService { + + /** + * Notification of clients about completed authorization. + * + * @param operationId Operation ID. + * @param authResult Authorization result. + */ + void notifyAuthorizationComplete(String operationId, AuthResult authResult); + + /** + * Sends a message about successful websocket registration to the user. + * + * @param operationHash Operation hash. + * @param sessionId Session ID. + * @param registrationSucceeded Whether Web Socket registration was successful. + */ + void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded); + + /** + * Get Web Socket session ID for given operation hash. + * + * @param operationHash Operation hash. + * @return Web Socket session ID. + */ + String lookupWebSocketSessionId(String operationHash); + + /** + * Store a mapping for new web socket identifier to the Web Socket session with given ID. + * + * @param operationHash Operation hash. + * @param webSocketSessionId Web Socket Session ID. + * @param clientIpAddress Remote client IP address. + * @return Whether Web Socket registration was successful. + */ + boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress); + +} diff --git a/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java new file mode 100644 index 000000000..0f027984d --- /dev/null +++ b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceDummy.java @@ -0,0 +1,56 @@ +/* + * Copyright 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket; + +import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult; +import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.stereotype.Service; + +/** + * Dummy WebSocket service. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Service +@Slf4j +@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "false", matchIfMissing = true) +public class WebSocketMessageServiceDummy implements WebSocketMessageService { + + { + logger.info("WebSocketMessageServiceDummy was initialized."); + } + + @Override + public void notifyAuthorizationComplete(String operationId, AuthResult authResult) { + } + + @Override + public void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded) { + } + + @Override + public String lookupWebSocketSessionId(String operationHash) { + return null; + } + + @Override + public boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress) { + return false; + } + +} diff --git a/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/WebSocketMessageService.java b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceImpl.java similarity index 78% rename from powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/WebSocketMessageService.java rename to powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceImpl.java index a7c7761eb..1ea2495f9 100644 --- a/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/WebSocketMessageService.java +++ b/powerauth-webflow-authentication/src/main/java/io/getlime/security/powerauth/lib/webflow/authentication/service/websocket/WebSocketMessageServiceImpl.java @@ -14,12 +14,15 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.lib.webflow.authentication.service; +package io.getlime.security.powerauth.lib.webflow.authentication.service.websocket; import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthResult; import io.getlime.security.powerauth.lib.webflow.authentication.model.response.WebSocketAuthorizationResponse; import io.getlime.security.powerauth.lib.webflow.authentication.model.response.WebSocketRegistrationResponse; +import io.getlime.security.powerauth.lib.webflow.authentication.service.OperationSessionService; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.messaging.MessageHeaders; import org.springframework.messaging.simp.SimpMessageHeaderAccessor; import org.springframework.messaging.simp.SimpMessageType; @@ -33,7 +36,9 @@ * @author Petr Dvorak, petr@wultra.com */ @Service -public class WebSocketMessageService { +@Slf4j +@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true") +public class WebSocketMessageServiceImpl implements WebSocketMessageService { private final SimpMessagingTemplate websocket; private final OperationSessionService operationSessionService; @@ -44,9 +49,10 @@ public class WebSocketMessageService { * @param operationSessionService Operation to session mapping service. */ @Autowired - public WebSocketMessageService(SimpMessagingTemplate websocket, OperationSessionService operationSessionService) { + public WebSocketMessageServiceImpl(SimpMessagingTemplate websocket, OperationSessionService operationSessionService) { this.websocket = websocket; this.operationSessionService = operationSessionService; + logger.info("WebSocketMessageServiceImpl was initialized."); } /** @@ -62,12 +68,7 @@ private MessageHeaders createHeaders(String webSocketSessionId) { return headerAccessor.getMessageHeaders(); } - /** - * Notification of clients about completed authorization. - * - * @param operationId Operation ID. - * @param authResult Authorization result. - */ + @Override public void notifyAuthorizationComplete(String operationId, AuthResult authResult) { final String webSocketId = operationSessionService.generateOperationHash(operationId); final String sessionId = lookupWebSocketSessionId(webSocketId); @@ -79,13 +80,7 @@ public void notifyAuthorizationComplete(String operationId, AuthResult authResul } } - /** - * Sends a message about successful websocket registration to the user. - * - * @param operationHash Operation hash. - * @param sessionId Session ID. - * @param registrationSucceeded Whether Web Socket registration was successful. - */ + @Override public void sendRegistrationMessage(String operationHash, String sessionId, boolean registrationSucceeded) { WebSocketRegistrationResponse registrationResponse = new WebSocketRegistrationResponse(); registrationResponse.setWebSocketId(operationHash); @@ -93,24 +88,12 @@ public void sendRegistrationMessage(String operationHash, String sessionId, bool websocket.convertAndSendToUser(sessionId, "/topic/registration", registrationResponse, createHeaders(sessionId)); } - /** - * Get Web Socket session ID for given operation hash. - * - * @param operationHash Operation hash. - * @return Web Socket session ID. - */ + @Override public String lookupWebSocketSessionId(String operationHash) { return operationSessionService.lookupWebSocketSessionIdByOperationHash(operationHash); } - /** - * Store a mapping for new web socket identifier to the Web Socket session with given ID. - * - * @param operationHash Operation hash. - * @param webSocketSessionId Web Socket Session ID. - * @param clientIpAddress Remote client IP address. - * @return Whether Web Socket registration was successful. - */ + @Override public boolean registerWebSocketSession(String operationHash, String webSocketSessionId, String clientIpAddress) { return operationSessionService.registerWebSocketSession(operationHash, webSocketSessionId, clientIpAddress); } diff --git a/powerauth-webflow/pom.xml b/powerauth-webflow/pom.xml index e952fcc30..c68742b0a 100644 --- a/powerauth-webflow/pom.xml +++ b/powerauth-webflow/pom.xml @@ -242,6 +242,39 @@ + + websockets-enabled + + true + + + + org.springframework + spring-messaging + + + org.springframework + spring-websocket + + + + + + websockets-disabled + + + org.springframework + spring-messaging + provided + + + org.springframework + spring-websocket + provided + + + + test-repository diff --git a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java index 642fafe71..1406ac561 100644 --- a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java +++ b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebFlowServerConfiguration.java @@ -187,6 +187,12 @@ public class WebFlowServerConfiguration { @Value("${powerauth.webflow.approval.certificate.signer.ica.extensionInstallURLFirefox:}") private String icaExtensionInstallURLFirefox; + /** + * WebSocket support configuration. + */ + @Value("${powerauth.webflow.websockets.enabled:true}") + private boolean webSocketSupportEnabled; + /** * Configuration constructor. * @param auditFactory Audit factory. @@ -392,6 +398,14 @@ public String getIcaExtensionInstallURLFirefox() { return icaExtensionInstallURLFirefox; } + /** + * Get whether WebSocket support is enabled. + * @return Whether WebSocket support is enabled. + */ + public boolean isWebSocketSupportEnabled() { + return webSocketSupportEnabled; + } + /** * Prepare audit interface. * @return Audit interface. diff --git a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebSocketConfiguration.java b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebSocketConfiguration.java index a9e5c6ae7..d961d1398 100644 --- a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebSocketConfiguration.java +++ b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebSocketConfiguration.java @@ -20,8 +20,9 @@ import io.getlime.security.powerauth.lib.webflow.authentication.configuration.WebFlowServicesConfiguration; import io.getlime.security.powerauth.lib.webflow.authentication.interceptor.WebSocketHandshakeInterceptor; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Configuration; import org.springframework.messaging.simp.config.MessageBrokerRegistry; -import org.springframework.stereotype.Component; import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker; import org.springframework.web.socket.config.annotation.StompEndpointRegistry; import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer; @@ -31,8 +32,9 @@ * * @author Roman Strobl, roman.strobl@wultra.com */ -@Component +@Configuration @EnableWebSocketMessageBroker +@ConditionalOnProperty(name = "powerauth.webflow.websockets.enabled", havingValue = "true") public class WebSocketConfiguration implements WebSocketMessageBrokerConfigurer { public static final String MESSAGE_PREFIX = "/topic"; diff --git a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/controller/HomeController.java b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/controller/HomeController.java index 6063148de..c33d8fc7a 100644 --- a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/controller/HomeController.java +++ b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/controller/HomeController.java @@ -210,6 +210,7 @@ public String authenticate(Map model, HttpServletRequest request model.put("icaExtensionIDEdge", webFlowConfig.getIcaExtensionIDEdge()); model.put("icaExtensionIDFirefox", webFlowConfig.getIcaExtensionIDFirefox()); model.put("icaExtensionInstallURLFirefox", webFlowConfig.getIcaExtensionInstallURLFirefox()); + model.put("webSocketSupportEnabled", webFlowConfig.isWebSocketSupportEnabled()); logger.info("The /authenticate request succeeded"); return "index"; } diff --git a/powerauth-webflow/src/main/js/websocket-client.js b/powerauth-webflow/src/main/js/websocket-client.js index 10e89d048..c13443ddb 100644 --- a/powerauth-webflow/src/main/js/websocket-client.js +++ b/powerauth-webflow/src/main/js/websocket-client.js @@ -27,6 +27,9 @@ require('stompjs'); * @param webSocketId Web Socket ID. */ function register(registrations, webSocketId) { + if (!webSocketSupportEnabled) { + return; + } try { var msie = document.documentMode; if (msie && msie < 11) { @@ -60,6 +63,9 @@ function register(registrations, webSocketId) { * @param callback Callback function to call on an event. */ function subscribe(route, callback) { + if (!webSocketSupportEnabled) { + return; + } try { if (client !== undefined) { client.subscribe(route, callback); @@ -75,6 +81,9 @@ function subscribe(route, callback) { * @param route Web Socket route. */ function unsubscribe(route) { + if (!webSocketSupportEnabled) { + return; + } try { if (client !== undefined) { client.unsubscribe(route); @@ -92,6 +101,9 @@ function unsubscribe(route) { * @param message Text of the message as JSON. */ function send(destination, params, message) { + if (!webSocketSupportEnabled) { + return; + } try { if (client !== undefined) { client.send(destination, params, message); @@ -106,6 +118,9 @@ function send(destination, params, message) { * Disconnect the WebSocket. */ function disconnect() { + if (!webSocketSupportEnabled) { + return; + } try { if (client !== undefined) { client.disconnect(); diff --git a/powerauth-webflow/src/main/resources/application.properties b/powerauth-webflow/src/main/resources/application.properties index c20569a7d..13b4f957f 100644 --- a/powerauth-webflow/src/main/resources/application.properties +++ b/powerauth-webflow/src/main/resources/application.properties @@ -52,6 +52,9 @@ powerauth.webflow.offlineMode.available=true # Enable or disable operations support in PowerAuth server powerauth.webflow.pa.operations.enabled=false +# Enable or disable WebSocket support +powerauth.webflow.websockets.enabled=true + # Configuration of Android Security Warning powerauth.webflow.android.showSecurityWarning=true diff --git a/powerauth-webflow/src/main/resources/templates/index.html b/powerauth-webflow/src/main/resources/templates/index.html index 8cc5ceb70..c4415da72 100644 --- a/powerauth-webflow/src/main/resources/templates/index.html +++ b/powerauth-webflow/src/main/resources/templates/index.html @@ -70,6 +70,8 @@ const extensionIDFirefox = [[${icaExtensionIDFirefox}]]; const extensionInstallURLFirefox = [[${icaExtensionInstallURLFirefox}]]; + const webSocketSupportEnabled = [[${webSocketSupportEnabled}]]; + window.onbeforeunload = function() { // Modern browsers do not allow custom messages, so text will be only shown in old browsers. // Note that the onbeforeunload dialog does not appear in case user does no action, see: From bbaddc788208db005f2bf7dab008c8e66ebe0def Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Tue, 6 Aug 2024 15:03:08 +0200 Subject: [PATCH 04/22] Fix #1683: Provide default lang.json for external resources (#1684) --- .../app/webflow/configuration/WebMvcConfiguration.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java index 5b4353193..9634b879a 100644 --- a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java +++ b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java @@ -26,12 +26,14 @@ import io.getlime.security.powerauth.rest.api.spring.annotation.support.PowerAuthEncryptionArgumentResolver; import io.getlime.security.powerauth.rest.api.spring.annotation.support.PowerAuthWebArgumentResolver; import io.getlime.security.powerauth.rest.api.spring.filter.PowerAuthRequestFilter; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import org.springframework.core.io.UrlResource; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; @@ -52,6 +54,7 @@ * @author Petr Dvorak, petr@wultra.com */ @Configuration +@Slf4j public class WebMvcConfiguration implements WebMvcConfigurer { @Autowired @@ -140,7 +143,12 @@ public ReloadableResourceBundleMessageSourceWithListing messageSource() { @Bean public Resource languageSettingSource() throws MalformedURLException { - return resourceLoader.getResource(configuration.getResourcesLocation() + "lang.json"); + Resource resource = resourceLoader.getResource(configuration.getResourcesLocation() + "lang.json"); + if (!resource.exists()) { + logger.info("The lang.json file was not found in {}, using default location", configuration.getResourcesLocation()); + resource = new UrlResource("classpath:/static/resources/lang.json"); + } + return resource; } @Override From 6cbf405b6d9d31ff5571ed00e4b4891ff0511d63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 8 Aug 2024 09:29:14 +0200 Subject: [PATCH 05/22] Fix #1687: Error java.net.MalformedURLException: unknown protocol: classpath (#1688) --- .../app/webflow/configuration/WebMvcConfiguration.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java index 9634b879a..6521e5398 100644 --- a/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java +++ b/powerauth-webflow/src/main/java/io/getlime/security/powerauth/app/webflow/configuration/WebMvcConfiguration.java @@ -33,7 +33,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; -import org.springframework.core.io.UrlResource; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; @@ -146,7 +145,7 @@ public Resource languageSettingSource() throws MalformedURLException { Resource resource = resourceLoader.getResource(configuration.getResourcesLocation() + "lang.json"); if (!resource.exists()) { logger.info("The lang.json file was not found in {}, using default location", configuration.getResourcesLocation()); - resource = new UrlResource("classpath:/static/resources/lang.json"); + resource = resourceLoader.getResource("classpath:/static/resources/lang.json"); } return resource; } From 2c9c2141259eb5f26395a04f3139ad75bcade6df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 01:42:17 +0000 Subject: [PATCH 06/22] Bump org.passay:passay from 1.6.4 to 1.6.5 Bumps [org.passay:passay](https://github.com/vt-middleware/passay) from 1.6.4 to 1.6.5. - [Release notes](https://github.com/vt-middleware/passay/releases) - [Changelog](https://github.com/vt-middleware/passay/blob/main/release) - [Commits](https://github.com/vt-middleware/passay/compare/v1.6.4...v1.6.5) --- updated-dependencies: - dependency-name: org.passay:passay dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bd1b692aa..0a1214e57 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 17 1.78.1 3.5.3 - 1.6.4 + 1.6.5 2.6.0 From 5f1132db674c4280824ba819afdb302c349689fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 01:42:27 +0000 Subject: [PATCH 07/22] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bd1b692aa..6ec5d2393 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.2 + 3.3.3 From f7105fbb7443dcdde750d103eb6f89d3970c197c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 01:04:54 +0000 Subject: [PATCH 08/22] Bump io.swagger.core.v3:swagger-annotations-jakarta Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.22 to 2.2.23. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bd1b692aa..f37e05500 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.6.0 - 2.2.22 + 2.2.23 1.4.4 20240325.1 From a6468bc6aac020fe24c1c3d02d7b35fa8cecc21c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 01:24:23 +0000 Subject: [PATCH 09/22] Bump com.github.eirslett:frontend-maven-plugin from 1.15.0 to 1.15.1 Bumps [com.github.eirslett:frontend-maven-plugin](https://github.com/eirslett/frontend-maven-plugin) from 1.15.0 to 1.15.1. - [Changelog](https://github.com/eirslett/frontend-maven-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/eirslett/frontend-maven-plugin/compare/frontend-plugins-1.15.0...frontend-plugins-1.15.1) --- updated-dependencies: - dependency-name: com.github.eirslett:frontend-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- powerauth-webflow/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-webflow/pom.xml b/powerauth-webflow/pom.xml index c68742b0a..1fd860c7a 100644 --- a/powerauth-webflow/pom.xml +++ b/powerauth-webflow/pom.xml @@ -206,7 +206,7 @@ com.github.eirslett frontend-maven-plugin - 1.15.0 + 1.15.1 target From 2dda5d520029316bda1480f758b266d26619092c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 01:24:29 +0000 Subject: [PATCH 10/22] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.3.3 to 3.3.4. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.3...v3.3.4) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b976ef19..f010de641 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.3 + 3.3.4 From 1ed4be0fb66647afc9b5ee9d42cb654d3e999838 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 01:24:00 +0000 Subject: [PATCH 11/22] Bump de.skuzzle.enforcer:restrict-imports-enforcer-rule Bumps [de.skuzzle.enforcer:restrict-imports-enforcer-rule](https://github.com/skuzzle/restrict-imports-enforcer-rule) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/skuzzle/restrict-imports-enforcer-rule/releases) - [Changelog](https://github.com/skuzzle/restrict-imports-enforcer-rule/blob/master/CHANGELOG_LEGACY.md) - [Commits](https://github.com/skuzzle/restrict-imports-enforcer-rule/compare/v2.5.0...v2.6.0) --- updated-dependencies: - dependency-name: de.skuzzle.enforcer:restrict-imports-enforcer-rule dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f010de641..cd3f5219f 100644 --- a/pom.xml +++ b/pom.xml @@ -345,7 +345,7 @@ de.skuzzle.enforcer restrict-imports-enforcer-rule - 2.5.0 + 2.6.0 From d0c2172fa0d6d8a33b7229474837b3487689360d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 01:24:07 +0000 Subject: [PATCH 12/22] Bump io.swagger.core.v3:swagger-annotations-jakarta Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.23 to 2.2.24. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f010de641..6f25e4d4d 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.6.0 - 2.2.23 + 2.2.24 1.4.4 20240325.1 From ae1b51f138a7d8e868de073deeecc836f7c0c26c Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 2 Oct 2024 10:51:34 +0200 Subject: [PATCH 13/22] Add migration instructions from 1.8.x to 1.9.x --- docs/Migration-Instructions.md | 1 + docs/Web-Flow-1.9.0.md | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 docs/Web-Flow-1.9.0.md diff --git a/docs/Migration-Instructions.md b/docs/Migration-Instructions.md index 50e22cd23..649fcf524 100644 --- a/docs/Migration-Instructions.md +++ b/docs/Migration-Instructions.md @@ -2,6 +2,7 @@ This page contains PowerAuth Web Flow migration instructions. +- [PowerAuth Web Flow 1.9.0](./Web-Flow-1.9.0.md) - [PowerAuth Web Flow 1.8.0](./Web-Flow-1.8.0.md) - [PowerAuth Web Flow 1.7.0](./Web-Flow-1.7.0.md) - [PowerAuth Web Flow 1.6.0](./Web-Flow-1.6.0.md) diff --git a/docs/Web-Flow-1.9.0.md b/docs/Web-Flow-1.9.0.md new file mode 100644 index 000000000..37a8e6a8f --- /dev/null +++ b/docs/Web-Flow-1.9.0.md @@ -0,0 +1,5 @@ +# Migration from 1.8.0 to 1.9.0 + +This guide contains instructions for migration from PowerAuth WebFlow version `1.8.x` to version `1.9.0`. + +There are no database changes needed for this version. From 235972a65816a3d7136564effc3d97313f778f92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 01:21:23 +0000 Subject: [PATCH 14/22] Bump wultra-core.version from 1.11.0-SNAPSHOT to 1.11.0 Bumps `wultra-core.version` from 1.11.0-SNAPSHOT to 1.11.0. Updates `io.getlime.core:rest-client-base` from 1.11.0-SNAPSHOT to 1.11.0 - [Release notes](https://github.com/wultra/lime-java-core/releases) - [Commits](https://github.com/wultra/lime-java-core/commits/1.11.0) Updates `io.getlime.core:rest-model-base` from 1.11.0-SNAPSHOT to 1.11.0 - [Release notes](https://github.com/wultra/lime-java-core/releases) - [Commits](https://github.com/wultra/lime-java-core/commits/1.11.0) Updates `io.getlime.core:audit-base` from 1.11.0-SNAPSHOT to 1.11.0 - [Release notes](https://github.com/wultra/lime-java-core/releases) - [Commits](https://github.com/wultra/lime-java-core/commits/1.11.0) --- updated-dependencies: - dependency-name: io.getlime.core:rest-client-base dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.getlime.core:rest-model-base dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.getlime.core:audit-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e81166981..63e7b7891 100644 --- a/pom.xml +++ b/pom.xml @@ -104,7 +104,7 @@ 8.0 - 1.11.0-SNAPSHOT + 1.11.0 1.9.0-SNAPSHOT 1.9.0-SNAPSHOT 1.9.0-SNAPSHOT From b7666c6e8c1d0d44021a4c67ec87610043e26e7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 01:22:23 +0000 Subject: [PATCH 15/22] Bump io.swagger.core.v3:swagger-annotations-jakarta Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.24 to 2.2.25. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e81166981..bade46d39 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.6.0 - 2.2.24 + 2.2.25 1.4.4 20240325.1 From 77fe031556e6586f4bc0bf4d26fd2af5c7d7de87 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Fri, 11 Oct 2024 10:55:43 +0200 Subject: [PATCH 16/22] Fix #1712: Set release version to 1.9.0 --- pom.xml | 2 +- powerauth-data-adapter-client/pom.xml | 2 +- powerauth-data-adapter-model/pom.xml | 2 +- powerauth-mtoken-model/pom.xml | 2 +- powerauth-nextstep-client/pom.xml | 2 +- powerauth-nextstep-model/pom.xml | 2 +- powerauth-nextstep/pom.xml | 2 +- powerauth-tpp-engine-client/pom.xml | 2 +- powerauth-tpp-engine-model/pom.xml | 2 +- powerauth-tpp-engine/pom.xml | 2 +- powerauth-webflow-authentication-approval-sca/pom.xml | 2 +- powerauth-webflow-authentication-consent/pom.xml | 2 +- powerauth-webflow-authentication-form/pom.xml | 2 +- powerauth-webflow-authentication-init/pom.xml | 2 +- powerauth-webflow-authentication-login-sca/pom.xml | 2 +- powerauth-webflow-authentication-mtoken/pom.xml | 2 +- powerauth-webflow-authentication-operation-review/pom.xml | 2 +- powerauth-webflow-authentication-sms/pom.xml | 2 +- powerauth-webflow-authentication/pom.xml | 2 +- powerauth-webflow-client/pom.xml | 2 +- powerauth-webflow-i18n/pom.xml | 2 +- powerauth-webflow-resources/pom.xml | 2 +- powerauth-webflow/pom.xml | 2 +- 23 files changed, 23 insertions(+), 23 deletions(-) diff --git a/pom.xml b/pom.xml index 0e5868f80..890ce1515 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 pom diff --git a/powerauth-data-adapter-client/pom.xml b/powerauth-data-adapter-client/pom.xml index e5e3660ad..abeb0de16 100644 --- a/powerauth-data-adapter-client/pom.xml +++ b/powerauth-data-adapter-client/pom.xml @@ -28,7 +28,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-data-adapter-model/pom.xml b/powerauth-data-adapter-model/pom.xml index 0e9836f5c..053e7555e 100644 --- a/powerauth-data-adapter-model/pom.xml +++ b/powerauth-data-adapter-model/pom.xml @@ -28,7 +28,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-mtoken-model/pom.xml b/powerauth-mtoken-model/pom.xml index 3e44ffa7d..475952411 100644 --- a/powerauth-mtoken-model/pom.xml +++ b/powerauth-mtoken-model/pom.xml @@ -27,7 +27,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-nextstep-client/pom.xml b/powerauth-nextstep-client/pom.xml index ee001bb8b..93f5f8394 100644 --- a/powerauth-nextstep-client/pom.xml +++ b/powerauth-nextstep-client/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-nextstep-client diff --git a/powerauth-nextstep-model/pom.xml b/powerauth-nextstep-model/pom.xml index b0dacfd72..786ce4b08 100644 --- a/powerauth-nextstep-model/pom.xml +++ b/powerauth-nextstep-model/pom.xml @@ -29,7 +29,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-nextstep/pom.xml b/powerauth-nextstep/pom.xml index 7831ce5fe..71f1e44c3 100644 --- a/powerauth-nextstep/pom.xml +++ b/powerauth-nextstep/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-tpp-engine-client/pom.xml b/powerauth-tpp-engine-client/pom.xml index 8386b844b..aefaf2257 100644 --- a/powerauth-tpp-engine-client/pom.xml +++ b/powerauth-tpp-engine-client/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-tpp-engine-client diff --git a/powerauth-tpp-engine-model/pom.xml b/powerauth-tpp-engine-model/pom.xml index 0f48efe51..aaa74dd52 100644 --- a/powerauth-tpp-engine-model/pom.xml +++ b/powerauth-tpp-engine-model/pom.xml @@ -24,7 +24,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-tpp-engine-model diff --git a/powerauth-tpp-engine/pom.xml b/powerauth-tpp-engine/pom.xml index 86adb7418..0516ad74f 100644 --- a/powerauth-tpp-engine/pom.xml +++ b/powerauth-tpp-engine/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-webflow-authentication-approval-sca/pom.xml b/powerauth-webflow-authentication-approval-sca/pom.xml index 521fa4143..862554c93 100644 --- a/powerauth-webflow-authentication-approval-sca/pom.xml +++ b/powerauth-webflow-authentication-approval-sca/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-approval-sca diff --git a/powerauth-webflow-authentication-consent/pom.xml b/powerauth-webflow-authentication-consent/pom.xml index af61cf3db..54bd360a1 100644 --- a/powerauth-webflow-authentication-consent/pom.xml +++ b/powerauth-webflow-authentication-consent/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-consent diff --git a/powerauth-webflow-authentication-form/pom.xml b/powerauth-webflow-authentication-form/pom.xml index 72bdf2274..df28c5799 100644 --- a/powerauth-webflow-authentication-form/pom.xml +++ b/powerauth-webflow-authentication-form/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-form diff --git a/powerauth-webflow-authentication-init/pom.xml b/powerauth-webflow-authentication-init/pom.xml index 8694e8f42..62755a3b7 100644 --- a/powerauth-webflow-authentication-init/pom.xml +++ b/powerauth-webflow-authentication-init/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-init diff --git a/powerauth-webflow-authentication-login-sca/pom.xml b/powerauth-webflow-authentication-login-sca/pom.xml index 478d7ee2f..701b8e12d 100644 --- a/powerauth-webflow-authentication-login-sca/pom.xml +++ b/powerauth-webflow-authentication-login-sca/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-login-sca diff --git a/powerauth-webflow-authentication-mtoken/pom.xml b/powerauth-webflow-authentication-mtoken/pom.xml index 336fe8941..88e072da6 100644 --- a/powerauth-webflow-authentication-mtoken/pom.xml +++ b/powerauth-webflow-authentication-mtoken/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-mtoken diff --git a/powerauth-webflow-authentication-operation-review/pom.xml b/powerauth-webflow-authentication-operation-review/pom.xml index 2c4e1fce1..d051bfa27 100644 --- a/powerauth-webflow-authentication-operation-review/pom.xml +++ b/powerauth-webflow-authentication-operation-review/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-operation-review diff --git a/powerauth-webflow-authentication-sms/pom.xml b/powerauth-webflow-authentication-sms/pom.xml index 8f6ebcf96..c0fd90771 100644 --- a/powerauth-webflow-authentication-sms/pom.xml +++ b/powerauth-webflow-authentication-sms/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow-authentication-sms diff --git a/powerauth-webflow-authentication/pom.xml b/powerauth-webflow-authentication/pom.xml index e3389213f..a9a5b43f5 100644 --- a/powerauth-webflow-authentication/pom.xml +++ b/powerauth-webflow-authentication/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 io.getlime.security diff --git a/powerauth-webflow-client/pom.xml b/powerauth-webflow-client/pom.xml index 7ef8a86e7..20bcc4a70 100644 --- a/powerauth-webflow-client/pom.xml +++ b/powerauth-webflow-client/pom.xml @@ -30,7 +30,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-webflow-i18n/pom.xml b/powerauth-webflow-i18n/pom.xml index b26562c11..7a4b16641 100644 --- a/powerauth-webflow-i18n/pom.xml +++ b/powerauth-webflow-i18n/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 diff --git a/powerauth-webflow-resources/pom.xml b/powerauth-webflow-resources/pom.xml index bcabecad5..b3692668b 100644 --- a/powerauth-webflow-resources/pom.xml +++ b/powerauth-webflow-resources/pom.xml @@ -25,7 +25,7 @@ powerauth-webflow-parent io.getlime.security - 1.9.0-SNAPSHOT + 1.9.0 io.getlime.security diff --git a/powerauth-webflow/pom.xml b/powerauth-webflow/pom.xml index 1fd860c7a..847fc2f69 100644 --- a/powerauth-webflow/pom.xml +++ b/powerauth-webflow/pom.xml @@ -24,7 +24,7 @@ io.getlime.security powerauth-webflow-parent - 1.9.0-SNAPSHOT + 1.9.0 powerauth-webflow From 06a54a60676e365c964b0351ca0cdccb2c62e009 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 01:48:57 +0000 Subject: [PATCH 17/22] Bump io.getlime.security:powerauth-java-crypto Bumps [io.getlime.security:powerauth-java-crypto](https://github.com/wultra/powerauth-crypto) from 1.9.0-SNAPSHOT to 1.9.0. - [Release notes](https://github.com/wultra/powerauth-crypto/releases) - [Changelog](https://github.com/wultra/powerauth-crypto/blob/develop/docs/Releases.md) - [Commits](https://github.com/wultra/powerauth-crypto/commits/1.9.0) --- updated-dependencies: - dependency-name: io.getlime.security:powerauth-java-crypto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0e5868f80..dfd65e804 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ 1.11.0 1.9.0-SNAPSHOT - 1.9.0-SNAPSHOT + 1.9.0 1.9.0-SNAPSHOT From 558f13f9f3cea993df8ad4e30ab476d8e6099dcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Fri, 18 Oct 2024 20:12:12 +0800 Subject: [PATCH 18/22] Fix #1717: Add support for bcrypt to store the password (#1718) --- .../entity/enumeration/HashAlgorithm.java | 34 +++---- .../service/CredentialProtectionService.java | 15 ++- .../CredentialProtectionServiceTest.java | 97 +++++++++++++++++++ 3 files changed, 127 insertions(+), 19 deletions(-) create mode 100644 powerauth-nextstep/src/test/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionServiceTest.java diff --git a/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/entity/enumeration/HashAlgorithm.java b/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/entity/enumeration/HashAlgorithm.java index 6a06a6636..c076fdc30 100644 --- a/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/entity/enumeration/HashAlgorithm.java +++ b/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/entity/enumeration/HashAlgorithm.java @@ -17,11 +17,14 @@ */ package io.getlime.security.powerauth.lib.nextstep.model.entity.enumeration; +import lombok.Getter; + /** * Enumeration representing hashing algorithms. * * @author Roman Strobl, roman.strobl@wultra.com */ +@Getter public enum HashAlgorithm { /** @@ -37,35 +40,30 @@ public enum HashAlgorithm { /** * Algorithm argon2id. */ - ARGON_2ID("argon2id", 2); + ARGON_2ID("argon2id", 2), + + BCRYPT("bcrypt"); private final String name; - private final int id; + private final Integer id; /** * Hash algorithm constructor. - * @param name Algorithm name for Modular Crypt Format. - * @param id Algorithm ID in Bouncy Castle library. + * @param name Algorithm name. */ - HashAlgorithm(String name, int id) { + HashAlgorithm(String name) { this.name = name; - this.id = id; + this.id = null; } /** - * Get algorithm name for Modular Crypt Format. - * @return Algorithm name. - */ - public String getName() { - return name; - } - - /** - * Get algorithm ID in Bouncy Castle library. - * @return Algorithm ID. + * Hash algorithm constructor for Argon family of algorithms. + * @param name Algorithm name for Modular Crypt Format. + * @param id Algorithm ID in Bouncy Castle library (Argon algorithms only). */ - public int getId() { - return id; + HashAlgorithm(String name, int id) { + this.name = name; + this.id = id; } } diff --git a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionService.java b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionService.java index 52b82e1f6..55ba2ff9c 100644 --- a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionService.java +++ b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionService.java @@ -37,6 +37,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.crypto.bcrypt.BCrypt; import org.springframework.stereotype.Service; import java.io.IOException; @@ -100,6 +101,10 @@ public CredentialValue protectCredential(String credentialValue, CredentialEntit final String hashedValue = argon2Hash.toString(); return credentialValueConverter.toDBValue(hashedValue, userId, credentialDefinition); } + case BCRYPT -> { + String hashedValue = BCrypt.hashpw(credentialValue, BCrypt.gensalt()); + return credentialValueConverter.toDBValue(hashedValue, userId, credentialDefinition); + } default -> throw new InvalidConfigurationException("Unsupported hashing algorithm: " + algorithm); } } @@ -132,6 +137,13 @@ public boolean verifyCredential(String credentialValue, CredentialEntity credent } return succeeded; } + case BCRYPT -> { + boolean succeeded = BCrypt.checkpw(credentialValue, decryptedCredentialValue); + if (succeeded) { + updateStoredCredentialValueIfRequired(credentialValue, credential); + } + return succeeded; + } default -> throw new InvalidConfigurationException("Unsupported hashing algorithm: " + algorithm); } } @@ -154,6 +166,7 @@ public boolean verifyCredentialHistory(String credentialValue, CredentialHistory final HashAlgorithm algorithm = hashingConfig.getAlgorithm(); return switch (algorithm) { case ARGON_2I, ARGON_2D, ARGON_2ID -> verifyCredentialUsingArgon2(credentialValue, algorithm, decryptedCredentialValue); + case BCRYPT -> BCrypt.checkpw(credentialValue, decryptedCredentialValue); }; } @@ -335,7 +348,7 @@ private void updateStoredCredentialValueIfRequired(String credentialValue, Crede updateRequired = true; } else { // Check actual argon2 parameters from the hash in the database and compare them with credential definition - updateRequired = updateRequired || !argon2ParamMatch(extractCredentialValue(credential), credentialDefinition.getHashingConfig().getAlgorithm(), credential.getHashingConfig().getParameters()); + updateRequired = updateRequired || (credentialDefinition.getHashingConfig().getAlgorithm() != HashAlgorithm.BCRYPT && !argon2ParamMatch(extractCredentialValue(credential), credentialDefinition.getHashingConfig().getAlgorithm(), credential.getHashingConfig().getParameters())); } } diff --git a/powerauth-nextstep/src/test/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionServiceTest.java b/powerauth-nextstep/src/test/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionServiceTest.java new file mode 100644 index 000000000..32fda9718 --- /dev/null +++ b/powerauth-nextstep/src/test/java/io/getlime/security/powerauth/app/nextstep/service/CredentialProtectionServiceTest.java @@ -0,0 +1,97 @@ +/* + * PowerAuth Web Flow and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.app.nextstep.service; + +import com.fasterxml.jackson.databind.ObjectMapper; +import io.getlime.security.powerauth.app.nextstep.NextStepTest; +import io.getlime.security.powerauth.app.nextstep.repository.model.entity.CredentialDefinitionEntity; +import io.getlime.security.powerauth.app.nextstep.repository.model.entity.CredentialEntity; +import io.getlime.security.powerauth.app.nextstep.repository.model.entity.HashConfigEntity; +import io.getlime.security.powerauth.app.nextstep.repository.model.entity.UserIdentityEntity; +import io.getlime.security.powerauth.lib.nextstep.model.entity.CredentialValue; +import io.getlime.security.powerauth.lib.nextstep.model.entity.enumeration.EncryptionAlgorithm; +import io.getlime.security.powerauth.lib.nextstep.model.entity.enumeration.HashAlgorithm; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.*; + +/** + * Tests for password hashing. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +class CredentialProtectionServiceTest extends NextStepTest { + + @Autowired + private CredentialProtectionService credentialProtectionService; + + @Test + void testBcrypt() throws Exception { + final CredentialEntity credentialEntity = new CredentialEntity(); + final UserIdentityEntity user = new UserIdentityEntity(); + final HashConfigEntity hashConfig = new HashConfigEntity(); + final CredentialDefinitionEntity credentialDefinition = new CredentialDefinitionEntity(); + credentialDefinition.setEncryptionAlgorithm(EncryptionAlgorithm.NO_ENCRYPTION); + credentialDefinition.setHashingConfig(hashConfig); + hashConfig.setAlgorithm(HashAlgorithm.BCRYPT); + hashConfig.setParameters("{}"); + user.setUserId("test"); + credentialEntity.setUser(user); + credentialEntity.setCredentialDefinition(credentialDefinition); + credentialEntity.setHashingConfig(hashConfig); + final CredentialValue hashed = credentialProtectionService.protectCredential("test", credentialEntity); + credentialEntity.setValue(hashed.getValue()); + assertEquals(EncryptionAlgorithm.NO_ENCRYPTION, hashed.getEncryptionAlgorithm()); + assertNotEquals("test", hashed.getValue()); + assertTrue(hashed.getValue().startsWith("$2a$10$")); + assertTrue(credentialProtectionService.verifyCredential("test", credentialEntity)); + } + + @Test + void testArgon2() throws Exception { + final CredentialEntity credentialEntity = new CredentialEntity(); + final UserIdentityEntity user = new UserIdentityEntity(); + final HashConfigEntity hashConfig = new HashConfigEntity(); + final CredentialDefinitionEntity credentialDefinition = new CredentialDefinitionEntity(); + credentialDefinition.setEncryptionAlgorithm(EncryptionAlgorithm.NO_ENCRYPTION); + credentialDefinition.setHashingConfig(hashConfig); + hashConfig.setAlgorithm(HashAlgorithm.ARGON_2I); + final Map params = Map.of( + "version", "19", + "iterations", "4", + "memory", "16", + "parallelism", "2", + "outputLength", "32" + ); + hashConfig.setParameters(new ObjectMapper().writeValueAsString(params)); + user.setUserId("test"); + credentialEntity.setUser(user); + credentialEntity.setCredentialDefinition(credentialDefinition); + credentialEntity.setHashingConfig(hashConfig); + final CredentialValue hashed = credentialProtectionService.protectCredential("test", credentialEntity); + credentialEntity.setValue(hashed.getValue()); + assertEquals(EncryptionAlgorithm.NO_ENCRYPTION, hashed.getEncryptionAlgorithm()); + assertNotEquals("test", hashed.getValue()); + assertTrue(hashed.getValue().startsWith("$argon2i$v=19$m=65536,t=4,p=2$")); + assertTrue(credentialProtectionService.verifyCredential("test", credentialEntity)); + } + +} \ No newline at end of file From f629fdfc432de68594a5adaad7957c85d8fd4b55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 01:23:44 +0000 Subject: [PATCH 19/22] Bump org.passay:passay from 1.6.5 to 1.6.6 Bumps [org.passay:passay](https://github.com/vt-middleware/passay) from 1.6.5 to 1.6.6. - [Release notes](https://github.com/vt-middleware/passay/releases) - [Changelog](https://github.com/vt-middleware/passay/blob/main/release) - [Commits](https://github.com/vt-middleware/passay/compare/v1.6.5...v1.6.6) --- updated-dependencies: - dependency-name: org.passay:passay dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dfd65e804..78d1b8f2a 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 17 1.78.1 3.5.3 - 1.6.5 + 1.6.6 2.6.0 From 87af1eb17081946b92ad5b1104bbd7223284e764 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 23 Oct 2024 14:37:56 +0800 Subject: [PATCH 20/22] Fix #1720: Update documentation for bcrypt --- docs/Basic-Definitions.md | 2 +- docs/Next-Step-Server-REST-API-Reference.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/Basic-Definitions.md b/docs/Basic-Definitions.md index c876e9d88..f867748cb 100644 --- a/docs/Basic-Definitions.md +++ b/docs/Basic-Definitions.md @@ -221,7 +221,7 @@ When the user identity is managed by the Next Step application, Next Step provid ### Next Step -- credential hashing -Next Step application hashes the user credentials using the Argon2 hashing algorithm. The credential verification is performed by comparing the hash of the credential with the stored hash. The hashing algorithm parameters can be changed and in this case the credential hash is recreated with new parameters during the next user authentication and stored in the database. +Next Step application hashes the user credentials using the Argon2 or Bcrypt hashing algorithms. The credential verification is performed by comparing the hash of the credential with the stored hash. For Argon2, the hashing algorithm parameters can be changed to provide strong hashing. In this case the credential hash is recreated with new parameters during the next user authentication and stored in the database. We recommend to use Argon2 instead of Bcrypt, which was added mainly for compatibility reasons and does not support hashing strength configuration. ### Next Step -- database record encryption diff --git a/docs/Next-Step-Server-REST-API-Reference.md b/docs/Next-Step-Server-REST-API-Reference.md index 006457ace..e71b63963 100644 --- a/docs/Next-Step-Server-REST-API-Reference.md +++ b/docs/Next-Step-Server-REST-API-Reference.md @@ -5701,6 +5701,8 @@ The list of expected status codes: } ``` +Possible algorithm names: `ARGON_2D`, `ARGON_2I`, `ARGON_2ID`, `BCRYPT`. For `BCRYPT` empty parameters should be used as this algorithm does not support hashing algorithm parameterization. + #### Response 200 - Headers: From c916175810d5eeb172f36a7318df2de303b53492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Wed, 23 Oct 2024 09:45:12 +0200 Subject: [PATCH 21/22] Fix scp-deploy (#1722) --- .github/workflows/scp-deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/scp-deploy.yml b/.github/workflows/scp-deploy.yml index e282af732..a923e51ae 100644 --- a/.github/workflows/scp-deploy.yml +++ b/.github/workflows/scp-deploy.yml @@ -32,16 +32,16 @@ jobs: - name: Deploy powerauth-webflow.war shell: bash run: | - scp -i ~/.ssh/id_rsa **/target/powerauth-webflow-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-webflow.war + scp -i ~/.ssh/id_rsa powerauth-webflow/target/powerauth-webflow-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-webflow.war - name: Deploy powerauth-nextstep.war shell: bash run: | - scp -i ~/.ssh/id_rsa **/target/powerauth-nextstep-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-nextstep.war + scp -i ~/.ssh/id_rsa powerauth-nextstep/target/powerauth-nextstep-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-nextstep.war - name: Deploy powerauth-webflow-client.war shell: bash run: | - scp -i ~/.ssh/id_rsa **/target/webflow-client-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/webflow-client.war + scp -i ~/.ssh/id_rsa powerauth-webflow-client/target/powerauth-webflow-client-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-webflow-client.war - name: Deploy powerauth-tpp-engine.war shell: bash run: | - scp -i ~/.ssh/id_rsa **/target/powerauth-tpp-engine-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-tpp-engine.war + scp -i ~/.ssh/id_rsa powerauth-tpp-engine/target/powerauth-tpp-engine-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-tpp-engine.war From 22f23cead375e1bc42f9c5ba655c4754c7406df8 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Fri, 11 Oct 2024 10:51:49 +0200 Subject: [PATCH 22/22] Fix #1714: Update Wultra dependencies --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 78d1b8f2a..29a87c6a4 100644 --- a/pom.xml +++ b/pom.xml @@ -105,9 +105,9 @@ 1.11.0 - 1.9.0-SNAPSHOT + 1.9.0 1.9.0 - 1.9.0-SNAPSHOT + 1.9.0