service/src/main/java/io/mifos/provisioner/internal/service/AuthenticationService.java - fineract-cn-provisioner - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package io.mifos.provisioner.internal.service;

 import com.datastax.driver.core.BoundStatement;
 import com.datastax.driver.core.ResultSet;
 import com.datastax.driver.core.Row;
 import com.datastax.driver.core.Session;
 import com.datastax.driver.core.Statement;
 import com.datastax.driver.core.utils.Bytes;
 import com.datastax.driver.mapping.Mapper;
 import com.datastax.driver.mapping.MappingManager;
 import io.mifos.provisioner.api.v1.domain.AuthenticationResponse;
 import io.mifos.provisioner.api.v1.domain.PasswordPolicy;
 import io.mifos.provisioner.config.ProvisionerConstants;
 import io.mifos.provisioner.config.SystemProperties;
 import io.mifos.provisioner.internal.repository.ClientEntity;
 import io.mifos.provisioner.internal.repository.ConfigEntity;
 import io.mifos.provisioner.internal.repository.UserEntity;
 import io.mifos.provisioner.internal.util.TokenProvider;
 import java.nio.ByteBuffer;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nonnull;
 import org.apache.fineract.cn.anubis.token.TokenSerializationResult;
 import org.apache.fineract.cn.cassandra.core.CassandraSessionProvider;
 import org.apache.fineract.cn.crypto.HashGenerator;
 import org.apache.fineract.cn.lang.ServiceException;
 import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.crypto.util.EncodingUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.util.Base64Utils;

 @Service
 public class AuthenticationService {

   @Value("${spring.application.name}")
   private String applicationName;
   private final Integer ttl;
   private final Logger logger;
   private final CassandraSessionProvider cassandraSessionProvider;
   private final HashGenerator hashGenerator;
   private final TokenProvider tokenProvider;


   @Autowired
   public AuthenticationService(@Qualifier(ProvisionerConstants.LOGGER_NAME) final Logger logger,
                                final CassandraSessionProvider cassandraSessionProvider,
                                final HashGenerator hashGenerator,
                                final TokenProvider tokenProvider,
                                final SystemProperties systemProperties) {
     super();
     this.ttl = systemProperties.getToken().getTtl();
     this.logger = logger;
     this.cassandraSessionProvider = cassandraSessionProvider;
     this.hashGenerator = hashGenerator;
     this.tokenProvider = tokenProvider;
   }

   public AuthenticationResponse authenticate(
       final @Nonnull String clientId,
       final @Nonnull String username,
       final @Nonnull String password) {
     final Session session = this.cassandraSessionProvider.getAdminSession();
     final MappingManager mappingManager = new MappingManager(session);

     final Mapper<ClientEntity> clientEntityMapper = mappingManager.mapper(ClientEntity.class);
     if (clientEntityMapper.get(clientId) == null) {
       this.logger.warn("Authentication attempt with unknown client: " + clientId);
       throw ServiceException.notFound("Requested resource not found!");
     }

     final Mapper<UserEntity> userEntityMapper = mappingManager.mapper(UserEntity.class);
     final Statement userQuery = userEntityMapper.getQuery(username);
     final ResultSet userResult = session.execute(userQuery);
     final Row userRow = userResult.one();
     if (userRow == null) {
       this.logger.warn("Authentication attempt with unknown user: " + username);
       throw ServiceException.notFound("Requested resource not found!");
     }
     final byte[] storedPassword = Bytes.getArray(userRow.getBytes(1));
     final byte[] salt = Bytes.getArray(userRow.getBytes(2));
     final int iterationCount = userRow.getInt(3);
     final int expiresInDays = userRow.getInt(4);
     final Date passwordResetOn = userRow.getTimestamp(5);

     final Mapper<ConfigEntity> configEntityMapper = mappingManager.mapper(ConfigEntity.class);
     final Statement configQuery = configEntityMapper.getQuery(ProvisionerConstants.CONFIG_INTERNAL);
     final ResultSet configResult = session.execute(configQuery);
     final Row configRow = configResult.one();
     final byte[] secret = Bytes.getArray(configRow.getBytes(1));

     if (this.hashGenerator.isEqual(
         storedPassword,
         Base64Utils.decodeFromString(password),
         secret,
         salt,
         iterationCount,
         256)) {

       if (expiresInDays > 0) {
         final LocalDate ld = passwordResetOn.toInstant().atZone(ZoneId.systemDefault()).toLocalDate();
         final LocalDate expiresOn = ld.plusDays(expiresInDays);
         if (LocalDate.now().isAfter(expiresOn)) {
           throw ServiceException.badRequest("Password expired");
         }
       }

       final TokenSerializationResult authToken = this.tokenProvider.createToken(username, this.applicationName, this.ttl, TimeUnit.MINUTES);
       return new AuthenticationResponse(authToken.getToken(), dateTimeToString(authToken.getExpiration()));
     } else {
       throw ServiceException.notFound("Requested resource not found!");
     }
   }

   private String dateTimeToString(final LocalDateTime dateTime) {
     return dateTime.format(DateTimeFormatter.ISO_LOCAL_DATE_TIME);
   }

   public void updatePasswordPolicy(final String username, final PasswordPolicy passwordPolicy) {
     try {
       final Session session = this.cassandraSessionProvider.getAdminSession();
       final MappingManager mappingManager = new MappingManager(session);
       final Mapper<UserEntity> userEntityMapper = mappingManager.mapper(UserEntity.class);
       final Statement userQuery = userEntityMapper.getQuery(username);
       final ResultSet userResult = session.execute(userQuery);
       final Row userRow = userResult.one();
       if (userRow == null) {
         this.logger.warn("Authentication attempt with unknown user: " + username);
         throw ServiceException.notFound("Requested resource not found!");
       }
       final byte[] salt = Bytes.getArray(userRow.getBytes(2));
       final int iterationCount = userRow.getInt(3);

       final Mapper<ConfigEntity> configEntityMapper = mappingManager.mapper(ConfigEntity.class);
       final Statement configQuery = configEntityMapper.getQuery(ProvisionerConstants.CONFIG_INTERNAL);
       final ResultSet configResult = session.execute(configQuery);
       final Row configRow = configResult.one();
       final byte[] secret = Bytes.getArray(configRow.getBytes(1));

       if (passwordPolicy.getNewPassword() != null) {
         final byte[] newPasswordHash = this.hashGenerator.hash(passwordPolicy.getNewPassword(), EncodingUtils.concatenate(salt, secret), iterationCount, ProvisionerConstants.HASH_LENGTH);
         final BoundStatement updateStatement = session.prepare(
             "UPDATE users SET passwordWord = ?, password_reset_on = ? WHERE name = ?").bind();
         updateStatement.setBytes(0, ByteBuffer.wrap(newPasswordHash));
         updateStatement.setTimestamp(1, new Date());
         updateStatement.setString(2, username);
         session.execute(updateStatement);
       }

       if (passwordPolicy.getExpiresInDays() != null) {
         final BoundStatement updateStatement = session.prepare(
             "UPDATE users SET expires_in_days = ? WHERE name = ?").bind();
         updateStatement.setInt(0, passwordPolicy.getExpiresInDays());
         updateStatement.setString(1, username);
         session.execute(updateStatement);
       }
     } catch (final Exception ex) {
       this.logger.error("Error updating password policy!", ex);
       throw ServiceException.internalError(ex.getMessage());
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package io.mifos.provisioner.internal.service;

	import com.datastax.driver.core.BoundStatement;
	import com.datastax.driver.core.ResultSet;
	import com.datastax.driver.core.Row;
	import com.datastax.driver.core.Session;
	import com.datastax.driver.core.Statement;
	import com.datastax.driver.core.utils.Bytes;
	import com.datastax.driver.mapping.Mapper;
	import com.datastax.driver.mapping.MappingManager;
	import io.mifos.provisioner.api.v1.domain.AuthenticationResponse;
	import io.mifos.provisioner.api.v1.domain.PasswordPolicy;
	import io.mifos.provisioner.config.ProvisionerConstants;
	import io.mifos.provisioner.config.SystemProperties;
	import io.mifos.provisioner.internal.repository.ClientEntity;
	import io.mifos.provisioner.internal.repository.ConfigEntity;
	import io.mifos.provisioner.internal.repository.UserEntity;
	import io.mifos.provisioner.internal.util.TokenProvider;
	import java.nio.ByteBuffer;
	import java.time.LocalDate;
	import java.time.LocalDateTime;
	import java.time.ZoneId;
	import java.time.format.DateTimeFormatter;
	import java.util.Date;
	import java.util.concurrent.TimeUnit;
	import javax.annotation.Nonnull;
	import org.apache.fineract.cn.anubis.token.TokenSerializationResult;
	import org.apache.fineract.cn.cassandra.core.CassandraSessionProvider;
	import org.apache.fineract.cn.crypto.HashGenerator;
	import org.apache.fineract.cn.lang.ServiceException;
	import org.slf4j.Logger;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.beans.factory.annotation.Qualifier;
	import org.springframework.beans.factory.annotation.Value;
	import org.springframework.security.crypto.util.EncodingUtils;
	import org.springframework.stereotype.Service;
	import org.springframework.util.Base64Utils;

	@Service
	public class AuthenticationService {

	@Value("${spring.application.name}")
	private String applicationName;
	private final Integer ttl;
	private final Logger logger;
	private final CassandraSessionProvider cassandraSessionProvider;
	private final HashGenerator hashGenerator;
	private final TokenProvider tokenProvider;


	@Autowired
	public AuthenticationService(@Qualifier(ProvisionerConstants.LOGGER_NAME) final Logger logger,
	final CassandraSessionProvider cassandraSessionProvider,
	final HashGenerator hashGenerator,
	final TokenProvider tokenProvider,
	final SystemProperties systemProperties) {
	super();
	this.ttl = systemProperties.getToken().getTtl();
	this.logger = logger;
	this.cassandraSessionProvider = cassandraSessionProvider;
	this.hashGenerator = hashGenerator;
	this.tokenProvider = tokenProvider;
	}

	public AuthenticationResponse authenticate(
	final @Nonnull String clientId,
	final @Nonnull String username,
	final @Nonnull String password) {
	final Session session = this.cassandraSessionProvider.getAdminSession();
	final MappingManager mappingManager = new MappingManager(session);

	final Mapper<ClientEntity> clientEntityMapper = mappingManager.mapper(ClientEntity.class);
	if (clientEntityMapper.get(clientId) == null) {
	this.logger.warn("Authentication attempt with unknown client: " + clientId);
	throw ServiceException.notFound("Requested resource not found!");
	}

	final Mapper<UserEntity> userEntityMapper = mappingManager.mapper(UserEntity.class);
	final Statement userQuery = userEntityMapper.getQuery(username);
	final ResultSet userResult = session.execute(userQuery);
	final Row userRow = userResult.one();
	if (userRow == null) {
	this.logger.warn("Authentication attempt with unknown user: " + username);
	throw ServiceException.notFound("Requested resource not found!");
	}
	final byte[] storedPassword = Bytes.getArray(userRow.getBytes(1));
	final byte[] salt = Bytes.getArray(userRow.getBytes(2));
	final int iterationCount = userRow.getInt(3);
	final int expiresInDays = userRow.getInt(4);
	final Date passwordResetOn = userRow.getTimestamp(5);

	final Mapper<ConfigEntity> configEntityMapper = mappingManager.mapper(ConfigEntity.class);
	final Statement configQuery = configEntityMapper.getQuery(ProvisionerConstants.CONFIG_INTERNAL);
	final ResultSet configResult = session.execute(configQuery);
	final Row configRow = configResult.one();
	final byte[] secret = Bytes.getArray(configRow.getBytes(1));

	if (this.hashGenerator.isEqual(
	storedPassword,
	Base64Utils.decodeFromString(password),
	secret,
	salt,
	iterationCount,
	256)) {

	if (expiresInDays > 0) {
	final LocalDate ld = passwordResetOn.toInstant().atZone(ZoneId.systemDefault()).toLocalDate();
	final LocalDate expiresOn = ld.plusDays(expiresInDays);
	if (LocalDate.now().isAfter(expiresOn)) {
	throw ServiceException.badRequest("Password expired");
	}
	}

	final TokenSerializationResult authToken = this.tokenProvider.createToken(username, this.applicationName, this.ttl, TimeUnit.MINUTES);
	return new AuthenticationResponse(authToken.getToken(), dateTimeToString(authToken.getExpiration()));
	} else {
	throw ServiceException.notFound("Requested resource not found!");
	}
	}

	private String dateTimeToString(final LocalDateTime dateTime) {
	return dateTime.format(DateTimeFormatter.ISO_LOCAL_DATE_TIME);
	}

	public void updatePasswordPolicy(final String username, final PasswordPolicy passwordPolicy) {
	try {
	final Session session = this.cassandraSessionProvider.getAdminSession();
	final MappingManager mappingManager = new MappingManager(session);
	final Mapper<UserEntity> userEntityMapper = mappingManager.mapper(UserEntity.class);
	final Statement userQuery = userEntityMapper.getQuery(username);
	final ResultSet userResult = session.execute(userQuery);
	final Row userRow = userResult.one();
	if (userRow == null) {
	this.logger.warn("Authentication attempt with unknown user: " + username);
	throw ServiceException.notFound("Requested resource not found!");
	}
	final byte[] salt = Bytes.getArray(userRow.getBytes(2));
	final int iterationCount = userRow.getInt(3);

	final Mapper<ConfigEntity> configEntityMapper = mappingManager.mapper(ConfigEntity.class);
	final Statement configQuery = configEntityMapper.getQuery(ProvisionerConstants.CONFIG_INTERNAL);
	final ResultSet configResult = session.execute(configQuery);
	final Row configRow = configResult.one();
	final byte[] secret = Bytes.getArray(configRow.getBytes(1));

	if (passwordPolicy.getNewPassword() != null) {
	final byte[] newPasswordHash = this.hashGenerator.hash(passwordPolicy.getNewPassword(), EncodingUtils.concatenate(salt, secret), iterationCount, ProvisionerConstants.HASH_LENGTH);
	final BoundStatement updateStatement = session.prepare(
	"UPDATE users SET passwordWord = ?, password_reset_on = ? WHERE name = ?").bind();
	updateStatement.setBytes(0, ByteBuffer.wrap(newPasswordHash));
	updateStatement.setTimestamp(1, new Date());
	updateStatement.setString(2, username);
	session.execute(updateStatement);
	}

	if (passwordPolicy.getExpiresInDays() != null) {
	final BoundStatement updateStatement = session.prepare(
	"UPDATE users SET expires_in_days = ? WHERE name = ?").bind();
	updateStatement.setInt(0, passwordPolicy.getExpiresInDays());
	updateStatement.setString(1, username);
	session.execute(updateStatement);
	}
	} catch (final Exception ex) {
	this.logger.error("Error updating password policy!", ex);
	throw ServiceException.internalError(ex.getMessage());
	}
	}
	}