Merge pull request #16 from lime-company/develop

Prepare release 2018.03
wultra · Apr 3, 2018 · b2f8612 · b2f8612
2 parents e370b74 + cc87994
commit b2f8612
Show file tree

Hide file tree

Showing 7 changed files with 129 additions and 43 deletions.
diff --git a/build.sh b/build.sh
@@ -7,13 +7,22 @@ if ! type "docker" > /dev/null; then
     exit
 fi
 
+# Prepare Build Number
+if [ -z ${TAG+x} ]; then
+    export PRODUCT_VERSION="2018.3"
+    if [ -z ${BUILD+x} ]; then
+        export BUILD=$(date +%s)
+    fi
+    export TAG=$PRODUCT_VERSION.$BUILD
+fi
+
 ## Build Database Images
-docker build -t powerauth-server-mysql -f docker-powerauth-server-mysql/Dockerfile .
-docker build -t powerauth-push-mysql -f docker-powerauth-push-mysql/Dockerfile .
-docker build -t powerauth-webflow-mysql -f docker-powerauth-webflow-mysql/Dockerfile .
+docker build -t powerauth-server-mysql:$TAG -t powerauth-server-mysql:latest -f docker-powerauth-server-mysql/Dockerfile .
+docker build -t powerauth-push-mysql:$TAG -t powerauth-push-mysql:latest -f docker-powerauth-push-mysql/Dockerfile .
+docker build -t powerauth-webflow-mysql:$TAG -t powerauth-webflow-mysql:latest -f docker-powerauth-webflow-mysql/Dockerfile .
 
 ## Build Application Images
-docker build -t powerauth-server -f docker-powerauth-server/Dockerfile .
-docker build -t powerauth-push-server -f docker-powerauth-push-server/Dockerfile .
-docker build -t powerauth-nextstep -f docker-powerauth-nextstep/Dockerfile .
-docker build -t powerauth-webflow -f docker-powerauth-webflow/Dockerfile .
+docker build -t powerauth-server:$TAG -t powerauth-server:latest -f docker-powerauth-server/Dockerfile .
+docker build -t powerauth-push-server:$TAG -t powerauth-push-server:latest -f docker-powerauth-push-server/Dockerfile .
+docker build -t powerauth-nextstep:$TAG -t powerauth-nextstep:latest -f docker-powerauth-nextstep/Dockerfile .
+docker build -t powerauth-webflow:$TAG -t powerauth-webflow:latest -f docker-powerauth-webflow/Dockerfile .
diff --git a/deploy/data/mysql/powerauth-server.sql b/deploy/data/mysql/powerauth-server.sql
@@ -56,6 +56,7 @@ CREATE TABLE `pa_activation` (
   `activation_id_short` varchar(255) NOT NULL,
   `activation_otp` varchar(255) NOT NULL,
   `activation_status` int(11) NOT NULL,
+  `blocked_reason` varchar(255) DEFAULT NULL,
   `activation_name` varchar(255) DEFAULT NULL,
   `application_id` bigint(20) NOT NULL,
   `user_id` varchar(255) NOT NULL,
@@ -84,6 +85,7 @@ CREATE TABLE `pa_signature_audit` (
   `activation_id` varchar(37) NOT NULL,
   `activation_counter` bigint(20) NOT NULL,
   `activation_status` int(11) NOT NULL,
+  `additional_info` varchar(255) DEFAULT NULL,
   `data_base64` text,
   `signature_type` varchar(255) NOT NULL,
   `signature` varchar(255) NOT NULL,
@@ -118,3 +120,32 @@ CREATE TABLE `pa_application_callback` (
   `callback_url` text NOT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Create a table for tokens
+--
+
+CREATE TABLE pa_token (
+  `token_id` VARCHAR(37) NOT NULL,
+  `token_secret` VARCHAR(255) NOT NULL,
+  `activation_id` VARCHAR(37) NOT NULL,
+  `signature_type` VARCHAR(255) NOT NULL,
+  `timestamp_created` DATETIME NOT NULL,
+  PRIMARY KEY (`token_id`),
+  KEY `K_TOKEN_ACTIVATION_ID` (`activation_id`),
+  CONSTRAINT `FK_TOKEN_ACTIVATION_ID` FOREIGN KEY (`activation_id`) REFERENCES `pa_activation` (`activation_id`) ON DELETE CASCADE ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Create table for activation changes
+--
+
+CREATE TABLE `pa_activation_history` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `activation_id` varchar(37) NOT NULL,
+  `activation_status` int(11) NOT NULL,
+  `timestamp_created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  KEY `K_HISTORY_ACTIVATION_ID` (`activation_id`),
+  CONSTRAINT `FK_HISTORY_ACTIVATION_ID` FOREIGN KEY (`activation_id`) REFERENCES `pa_activation` (`activation_id`) ON DELETE CASCADE ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/deploy/data/mysql/powerauth-webflow.sql b/deploy/data/mysql/powerauth-webflow.sql
@@ -77,14 +77,19 @@ CREATE TABLE ns_auth_method (
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Table ns_user_prefs stores user preferences.
--- Status of authentication methods is stored in this able per user (methods can be enabled or disabled).
+-- Status of authentication methods is stored in this table per user (methods can be enabled or disabled).
 CREATE TABLE ns_user_prefs (
   user_id       VARCHAR(256) PRIMARY KEY,
   auth_method_1 BOOLEAN,
   auth_method_2 BOOLEAN,
   auth_method_3 BOOLEAN,
   auth_method_4 BOOLEAN,
-  auth_method_5 BOOLEAN
+  auth_method_5 BOOLEAN,
+  auth_method_1_config VARCHAR(256),
+  auth_method_2_config VARCHAR(256),
+  auth_method_3_config VARCHAR(256),
+  auth_method_4_config VARCHAR(256),
+  auth_method_5_config VARCHAR(256)
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Table ns_operation stores details of Web Flow operations.
@@ -101,7 +106,6 @@ CREATE TABLE ns_operation (
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Table ns_operation_history stores all changes of operations.
--- Data in this table needs to be loaded before Web Flow is started.
 CREATE TABLE ns_operation_history (
   operation_id                VARCHAR(256),
   result_id                   INTEGER,
@@ -113,6 +117,7 @@ CREATE TABLE ns_operation_history (
   response_steps              VARCHAR(4096),
   response_timestamp_created  TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
   response_timestamp_expires  TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  chosen_auth_method          VARCHAR(32),
   PRIMARY KEY (operation_id, result_id),
   FOREIGN KEY operation_fk (operation_id) REFERENCES ns_operation (operation_id),
   FOREIGN KEY auth_method_fk (request_auth_method) REFERENCES ns_auth_method (auth_method)
@@ -133,6 +138,15 @@ CREATE TABLE ns_step_definition (
   FOREIGN KEY response_auth_method_fk (response_auth_method) REFERENCES ns_auth_method (auth_method)
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
+-- Table wf_operation_session maps operations to HTTP sessions.
+-- Table is needed for handling of concurrent operations.
+CREATE TABLE wf_operation_session (
+  operation_id              VARCHAR(256) PRIMARY KEY,
+  http_session_id           VARCHAR(256),
+  result                    VARCHAR(32),
+  timestamp_created         TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+
 -- Table da_sms_authorization stores data for SMS OTP authorization.
 CREATE TABLE da_sms_authorization (
   message_id           VARCHAR(256) PRIMARY KEY,
@@ -149,6 +163,25 @@ CREATE TABLE da_sms_authorization (
   timestamp_expires    TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
+-- Table UserConnection is required only for the demo client application which is based on Spring Social.
+-- See: https://github.com/spring-projects/spring-social
+/*
+CREATE TABLE UserConnection (
+  userId VARCHAR(255) NOT NULL,
+  providerId VARCHAR(255) NOT NULL,
+  providerUserId VARCHAR(255),
+  rank INTEGER NOT NULL,
+  displayName VARCHAR(255),
+  profileUrl VARCHAR(512),
+  imageUrl VARCHAR(512),
+  accessToken VARCHAR(512) not null,
+  secret VARCHAR(512),
+  refreshToken VARCHAR(512),
+  expireTime BIGINT,
+PRIMARY KEY (userId, providerId, providerUserId));
+CREATE UNIQUE INDEX UserConnectionRank on UserConnection(userId, providerId, rank);
+*/
+
 -- INSERT INITIAL DATA
 
 INSERT INTO oauth_client_details (client_id, client_secret, scope, authorized_grant_types, additional_information, autoapprove)
@@ -160,11 +193,11 @@ VALUES ('INIT', 1, FALSE, NULL, NULL, FALSE, NULL, FALSE, NULL);
 INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key)
 VALUES ('USER_ID_ASSIGN', 2, FALSE, NULL, NULL, FALSE, NULL, FALSE, NULL);
 INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key)
-VALUES ('USERNAME_PASSWORD_AUTH', 3, TRUE, 1, TRUE, TRUE, 5, TRUE, 'method.usernamePassword');
+VALUES ('USERNAME_PASSWORD_AUTH', 3, FALSE, NULL, TRUE, TRUE, 5, TRUE, 'method.usernamePassword');
 INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key)
 VALUES ('SHOW_OPERATION_DETAIL', 4, FALSE, NULL, NULL, FALSE, NULL, TRUE, 'method.showOperationDetail');
 INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key)
-VALUES ('POWERAUTH_TOKEN', 4, TRUE, 5, FALSE, TRUE, 5, TRUE, 'method.powerauthToken');
+VALUES ('POWERAUTH_TOKEN', 5, TRUE, 1, FALSE, TRUE, 5, TRUE, 'method.powerauthToken');
 INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key)
 VALUES ('SMS_KEY', 6, FALSE, NULL, NULL, TRUE, 5, TRUE, 'method.smsKey');
 
@@ -267,8 +300,3 @@ VALUES (29, 'authorize_payment', 'UPDATE', 'SMS_KEY', 'AUTH_METHOD_FAILED', 1, N
 -- authorize_payment - update operation (authorize using sms key) - AUTH_FAILED -> CONTINUE
 INSERT INTO ns_step_definition (step_definition_id, operation_name, operation_type, request_auth_method, request_auth_step_result, response_priority, response_auth_method, response_result)
 VALUES (30, 'authorize_payment', 'UPDATE', 'SMS_KEY', 'AUTH_FAILED', 1, 'SMS_KEY', 'CONTINUE');
-
--- INSERT NEW USER CONFIGURATIONS FOR DUMMY USERS
-INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('roman', 1, 1, 1, 1, 1);
-INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('petr', 1, 1, 1, 1, 1);
-INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('juraj', 1, 1, 1, 1, 1);
diff --git a/docker-powerauth-nextstep/Dockerfile b/docker-powerauth-nextstep/Dockerfile
@@ -1,15 +1,19 @@
 FROM tomcat:8.5
 LABEL maintainer "[email protected]"
 
+# Prepare environment variables
+ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
+ENV TOMCAT_HOME /usr/local/tomcat
+
 # Clear root context
-RUN rm -rf /usr/local/tomcat/webapps/*
+RUN rm -rf $TOMCAT_HOME/webapps/*
 
 # Copy libraries
-ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/
-ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/
+ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/
+ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/
 
 # Deploy and run applications
-ADD deploy/conf/powerauth-nextstep.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-nextstep.war /usr/local/tomcat/webapps/
+ADD deploy/conf/powerauth-nextstep.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-nextstep.war $TOMCAT_HOME/webapps/
 
 CMD ["catalina.sh", "run"]
diff --git a/docker-powerauth-push-server/Dockerfile b/docker-powerauth-push-server/Dockerfile
@@ -1,20 +1,24 @@
 FROM tomcat:8.5
 LABEL maintainer "[email protected]"
 
+# Prepare environment variables
+ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
+ENV TOMCAT_HOME /usr/local/tomcat
+
 # Clear root context
-RUN rm -rf /usr/local/tomcat/webapps/*
+RUN rm -rf $TOMCAT_HOME/webapps/*
 
 # Copy libraries
-ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/
-ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/
+ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/
+ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/
 
 # Add Bouncy Castle to JRE
 ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
 ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext
 RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security
 
 # Deploy and run applications
-ADD deploy/conf/powerauth-push-server.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-push-server.war /usr/local/tomcat/webapps/
+ADD deploy/conf/powerauth-push-server.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-push-server.war $TOMCAT_HOME/webapps/
 
 CMD ["catalina.sh", "run"]
diff --git a/docker-powerauth-server/Dockerfile b/docker-powerauth-server/Dockerfile
@@ -1,24 +1,28 @@
 FROM tomcat:8.5
 LABEL maintainer "[email protected]"
 
+# Prepare environment variables
+ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
+ENV TOMCAT_HOME /usr/local/tomcat
+
 # Clear root context
-RUN rm -rf /usr/local/tomcat/webapps/*
+RUN rm -rf $TOMCAT_HOME/webapps/*
 
 # Copy libraries
-ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/
-ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/
+ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/
+ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/
 
 # Add Bouncy Castle to JRE
 ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
 ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext
 RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security
 
 # Deploy and run applications
-ADD deploy/conf/powerauth-java-server.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-java-server.war /usr/local/tomcat/webapps/
+ADD deploy/conf/powerauth-java-server.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-java-server.war $TOMCAT_HOME/webapps/
 
-ADD deploy/data/ldap/ldap-local.ldif /usr/local/tomcat/conf/ldap/
-ADD deploy/conf/powerauth-admin.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-admin.war /usr/local/tomcat/webapps/
+ADD deploy/data/ldap/ldap-local.ldif $TOMCAT_HOME/conf/ldap/
+ADD deploy/conf/powerauth-admin.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-admin.war $TOMCAT_HOME/webapps/
 
 CMD ["catalina.sh", "run"]
diff --git a/docker-powerauth-webflow/Dockerfile b/docker-powerauth-webflow/Dockerfile
@@ -1,23 +1,29 @@
 FROM tomcat:8.5
 LABEL maintainer "[email protected]"
 
+# Prepare environment variables
+ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
+ENV TOMCAT_HOME /usr/local/tomcat
+
 # Clear root context
-RUN rm -rf /usr/local/tomcat/webapps/*
+RUN rm -rf $TOMCAT_HOME/webapps/*
 
 # Copy libraries
-ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/
-ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/
+ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/
+ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/
 
 # Add Bouncy Castle to JRE
-ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
 ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext
 RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security
 
+# Add valve for proxy with SSL termination
+RUN sed -i 's/<\/Host>/<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"\/><\/Host>/' $TOMCAT_HOME/conf/server.xml
+
 # Deploy and run applications
-ADD deploy/conf/powerauth-webflow.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-webflow.war /usr/local/tomcat/webapps/
+ADD deploy/conf/powerauth-webflow.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-webflow.war $TOMCAT_HOME/webapps/
 
-ADD deploy/conf/powerauth-data-adapter.xml /usr/local/tomcat/conf/Catalina/localhost/
-ADD deploy/images/powerauth-data-adapter.war /usr/local/tomcat/webapps/
+ADD deploy/conf/powerauth-data-adapter.xml $TOMCAT_HOME/conf/Catalina/localhost/
+ADD deploy/images/powerauth-data-adapter.war $TOMCAT_HOME/webapps/
 
 CMD ["catalina.sh", "run"]