From 072c8e22099b8b997c66e07ccf376215e831a05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Fri, 1 Dec 2017 13:09:00 +0100 Subject: [PATCH 1/3] Fix #9: Prepare support for tagging in build script (#10) --- build.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/build.sh b/build.sh index 6199c41..92041b2 100644 --- a/build.sh +++ b/build.sh @@ -7,13 +7,22 @@ if ! type "docker" > /dev/null; then exit fi +# Prepare Build Number +if [ -z ${TAG+x} ]; then + export PRODUCT_VERSION="2017.12" + if [ -z ${BUILD+x} ]; then + export BUILD=$(date +%s) + fi + export TAG=$PRODUCT_VERSION.$BUILD +fi + ## Build Database Images -docker build -t powerauth-server-mysql -f docker-powerauth-server-mysql/Dockerfile . -docker build -t powerauth-push-mysql -f docker-powerauth-push-mysql/Dockerfile . -docker build -t powerauth-webflow-mysql -f docker-powerauth-webflow-mysql/Dockerfile . +docker build -t powerauth-server-mysql:$TAG -t powerauth-server-mysql:latest -f docker-powerauth-server-mysql/Dockerfile . +docker build -t powerauth-push-mysql:$TAG -t powerauth-push-mysql:latest -f docker-powerauth-push-mysql/Dockerfile . +docker build -t powerauth-webflow-mysql:$TAG -t powerauth-webflow-mysql:latest -f docker-powerauth-webflow-mysql/Dockerfile . ## Build Application Images -docker build -t powerauth-server -f docker-powerauth-server/Dockerfile . -docker build -t powerauth-push-server -f docker-powerauth-push-server/Dockerfile . -docker build -t powerauth-nextstep -f docker-powerauth-nextstep/Dockerfile . -docker build -t powerauth-webflow -f docker-powerauth-webflow/Dockerfile . +docker build -t powerauth-server:$TAG -t powerauth-server:latest -f docker-powerauth-server/Dockerfile . +docker build -t powerauth-push-server:$TAG -t powerauth-push-server:latest -f docker-powerauth-push-server/Dockerfile . +docker build -t powerauth-nextstep:$TAG -t powerauth-nextstep:latest -f docker-powerauth-nextstep/Dockerfile . +docker build -t powerauth-webflow:$TAG -t powerauth-webflow:latest -f docker-powerauth-webflow/Dockerfile . From 8feca5f161f5ad063e6d5754f35ed7fe0a18a7bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Tue, 30 Jan 2018 17:39:51 +0100 Subject: [PATCH 2/3] Fix #11: Add configuration to enable running behind proxy (#12) * Fix #11: Add configuration to enable running behind proxy * Update SQL init scripts to match new applications --- build.sh | 2 +- deploy/data/mysql/powerauth-server.sql | 15 ++++++++ deploy/data/mysql/powerauth-webflow.sql | 48 +++++++++++++++++++------ docker-powerauth-nextstep/Dockerfile | 14 +++++--- docker-powerauth-push-server/Dockerfile | 14 +++++--- docker-powerauth-server/Dockerfile | 20 ++++++----- docker-powerauth-webflow/Dockerfile | 22 +++++++----- 7 files changed, 98 insertions(+), 37 deletions(-) diff --git a/build.sh b/build.sh index 92041b2..92d33e4 100644 --- a/build.sh +++ b/build.sh @@ -9,7 +9,7 @@ fi # Prepare Build Number if [ -z ${TAG+x} ]; then - export PRODUCT_VERSION="2017.12" + export PRODUCT_VERSION="2018.3" if [ -z ${BUILD+x} ]; then export BUILD=$(date +%s) fi diff --git a/deploy/data/mysql/powerauth-server.sql b/deploy/data/mysql/powerauth-server.sql index cefae5a..5600867 100644 --- a/deploy/data/mysql/powerauth-server.sql +++ b/deploy/data/mysql/powerauth-server.sql @@ -118,3 +118,18 @@ CREATE TABLE `pa_application_callback` ( `callback_url` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Create a table for tokens +-- + +CREATE TABLE pa_token ( + `token_id` VARCHAR(37) NOT NULL, + `token_secret` VARCHAR(255) NOT NULL, + `activation_id` VARCHAR(37) NOT NULL, + `signature_type` VARCHAR(255) NOT NULL, + `timestamp_created` DATETIME NOT NULL + PRIMARY KEY (`token_id`), + KEY `K_TOKEN_ACTIVATION_ID` (`activation_id`), + CONSTRAINT `FK_TOKEN_ACTIVATION_ID` FOREIGN KEY (`activation_id`) REFERENCES `pa_activation` (`activation_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8 diff --git a/deploy/data/mysql/powerauth-webflow.sql b/deploy/data/mysql/powerauth-webflow.sql index 79fadd7..3896443 100644 --- a/deploy/data/mysql/powerauth-webflow.sql +++ b/deploy/data/mysql/powerauth-webflow.sql @@ -77,14 +77,19 @@ CREATE TABLE ns_auth_method ( ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -- Table ns_user_prefs stores user preferences. --- Status of authentication methods is stored in this able per user (methods can be enabled or disabled). +-- Status of authentication methods is stored in this table per user (methods can be enabled or disabled). CREATE TABLE ns_user_prefs ( user_id VARCHAR(256) PRIMARY KEY, auth_method_1 BOOLEAN, auth_method_2 BOOLEAN, auth_method_3 BOOLEAN, auth_method_4 BOOLEAN, - auth_method_5 BOOLEAN + auth_method_5 BOOLEAN, + auth_method_1_config VARCHAR(256), + auth_method_2_config VARCHAR(256), + auth_method_3_config VARCHAR(256), + auth_method_4_config VARCHAR(256), + auth_method_5_config VARCHAR(256) ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -- Table ns_operation stores details of Web Flow operations. @@ -101,7 +106,6 @@ CREATE TABLE ns_operation ( ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -- Table ns_operation_history stores all changes of operations. --- Data in this table needs to be loaded before Web Flow is started. CREATE TABLE ns_operation_history ( operation_id VARCHAR(256), result_id INTEGER, @@ -113,6 +117,7 @@ CREATE TABLE ns_operation_history ( response_steps VARCHAR(4096), response_timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, response_timestamp_expires TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + chosen_auth_method VARCHAR(32), PRIMARY KEY (operation_id, result_id), FOREIGN KEY operation_fk (operation_id) REFERENCES ns_operation (operation_id), FOREIGN KEY auth_method_fk (request_auth_method) REFERENCES ns_auth_method (auth_method) @@ -133,6 +138,15 @@ CREATE TABLE ns_step_definition ( FOREIGN KEY response_auth_method_fk (response_auth_method) REFERENCES ns_auth_method (auth_method) ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; +-- Table wf_operation_session maps operations to HTTP sessions. +-- Table is needed for handling of concurrent operations. +CREATE TABLE wf_operation_session ( + operation_id VARCHAR(256) PRIMARY KEY, + http_session_id VARCHAR(256), + result VARCHAR(32), + timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP +) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; + -- Table da_sms_authorization stores data for SMS OTP authorization. CREATE TABLE da_sms_authorization ( message_id VARCHAR(256) PRIMARY KEY, @@ -149,6 +163,25 @@ CREATE TABLE da_sms_authorization ( timestamp_expires TIMESTAMP DEFAULT CURRENT_TIMESTAMP ) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; +-- Table UserConnection is required only for the demo client application which is based on Spring Social. +-- See: https://github.com/spring-projects/spring-social +/* +CREATE TABLE UserConnection ( + userId VARCHAR(255) NOT NULL, + providerId VARCHAR(255) NOT NULL, + providerUserId VARCHAR(255), + rank INTEGER NOT NULL, + displayName VARCHAR(255), + profileUrl VARCHAR(512), + imageUrl VARCHAR(512), + accessToken VARCHAR(512) not null, + secret VARCHAR(512), + refreshToken VARCHAR(512), + expireTime BIGINT, +PRIMARY KEY (userId, providerId, providerUserId)); +CREATE UNIQUE INDEX UserConnectionRank on UserConnection(userId, providerId, rank); +*/ + -- INSERT INITIAL DATA INSERT INTO oauth_client_details (client_id, client_secret, scope, authorized_grant_types, additional_information, autoapprove) @@ -160,11 +193,11 @@ VALUES ('INIT', 1, FALSE, NULL, NULL, FALSE, NULL, FALSE, NULL); INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key) VALUES ('USER_ID_ASSIGN', 2, FALSE, NULL, NULL, FALSE, NULL, FALSE, NULL); INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key) -VALUES ('USERNAME_PASSWORD_AUTH', 3, TRUE, 1, TRUE, TRUE, 5, TRUE, 'method.usernamePassword'); +VALUES ('USERNAME_PASSWORD_AUTH', 3, FALSE, NULL, TRUE, TRUE, 5, TRUE, 'method.usernamePassword'); INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key) VALUES ('SHOW_OPERATION_DETAIL', 4, FALSE, NULL, NULL, FALSE, NULL, TRUE, 'method.showOperationDetail'); INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key) -VALUES ('POWERAUTH_TOKEN', 4, TRUE, 5, FALSE, TRUE, 5, TRUE, 'method.powerauthToken'); +VALUES ('POWERAUTH_TOKEN', 5, TRUE, 1, FALSE, TRUE, 5, TRUE, 'method.powerauthToken'); INSERT INTO ns_auth_method (auth_method, order_number, check_user_prefs, user_prefs_column, user_prefs_default, check_auth_fails, max_auth_fails, has_user_interface, display_name_key) VALUES ('SMS_KEY', 6, FALSE, NULL, NULL, TRUE, 5, TRUE, 'method.smsKey'); @@ -267,8 +300,3 @@ VALUES (29, 'authorize_payment', 'UPDATE', 'SMS_KEY', 'AUTH_METHOD_FAILED', 1, N -- authorize_payment - update operation (authorize using sms key) - AUTH_FAILED -> CONTINUE INSERT INTO ns_step_definition (step_definition_id, operation_name, operation_type, request_auth_method, request_auth_step_result, response_priority, response_auth_method, response_result) VALUES (30, 'authorize_payment', 'UPDATE', 'SMS_KEY', 'AUTH_FAILED', 1, 'SMS_KEY', 'CONTINUE'); - --- INSERT NEW USER CONFIGURATIONS FOR DUMMY USERS -INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('roman', 1, 1, 1, 1, 1); -INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('petr', 1, 1, 1, 1, 1); -INSERT INTO ns_user_prefs (user_id, auth_method_1, auth_method_2, auth_method_3, auth_method_4, auth_method_5) VALUES ('juraj', 1, 1, 1, 1, 1); diff --git a/docker-powerauth-nextstep/Dockerfile b/docker-powerauth-nextstep/Dockerfile index 6fec174..80f92f0 100644 --- a/docker-powerauth-nextstep/Dockerfile +++ b/docker-powerauth-nextstep/Dockerfile @@ -1,15 +1,19 @@ FROM tomcat:8.5 LABEL maintainer "petr@lime-company.eu" +# Prepare environment variables +ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre +ENV TOMCAT_HOME /usr/local/tomcat + # Clear root context -RUN rm -rf /usr/local/tomcat/webapps/* +RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/ -ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/ +ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ # Deploy and run applications -ADD deploy/conf/powerauth-nextstep.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-nextstep.war /usr/local/tomcat/webapps/ +ADD deploy/conf/powerauth-nextstep.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-nextstep.war $TOMCAT_HOME/webapps/ CMD ["catalina.sh", "run"] diff --git a/docker-powerauth-push-server/Dockerfile b/docker-powerauth-push-server/Dockerfile index 767ec0a..59257e5 100644 --- a/docker-powerauth-push-server/Dockerfile +++ b/docker-powerauth-push-server/Dockerfile @@ -1,12 +1,16 @@ FROM tomcat:8.5 LABEL maintainer "petr@lime-company.eu" +# Prepare environment variables +ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre +ENV TOMCAT_HOME /usr/local/tomcat + # Clear root context -RUN rm -rf /usr/local/tomcat/webapps/* +RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/ -ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/ +ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ # Add Bouncy Castle to JRE ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre @@ -14,7 +18,7 @@ ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security # Deploy and run applications -ADD deploy/conf/powerauth-push-server.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-push-server.war /usr/local/tomcat/webapps/ +ADD deploy/conf/powerauth-push-server.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-push-server.war $TOMCAT_HOME/webapps/ CMD ["catalina.sh", "run"] diff --git a/docker-powerauth-server/Dockerfile b/docker-powerauth-server/Dockerfile index a69c781..870ace1 100644 --- a/docker-powerauth-server/Dockerfile +++ b/docker-powerauth-server/Dockerfile @@ -1,12 +1,16 @@ FROM tomcat:8.5 LABEL maintainer "petr@lime-company.eu" +# Prepare environment variables +ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre +ENV TOMCAT_HOME /usr/local/tomcat + # Clear root context -RUN rm -rf /usr/local/tomcat/webapps/* +RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/ -ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/ +ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ # Add Bouncy Castle to JRE ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre @@ -14,11 +18,11 @@ ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security # Deploy and run applications -ADD deploy/conf/powerauth-java-server.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-java-server.war /usr/local/tomcat/webapps/ +ADD deploy/conf/powerauth-java-server.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-java-server.war $TOMCAT_HOME/webapps/ -ADD deploy/data/ldap/ldap-local.ldif /usr/local/tomcat/conf/ldap/ -ADD deploy/conf/powerauth-admin.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-admin.war /usr/local/tomcat/webapps/ +ADD deploy/data/ldap/ldap-local.ldif $TOMCAT_HOME/conf/ldap/ +ADD deploy/conf/powerauth-admin.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-admin.war $TOMCAT_HOME/webapps/ CMD ["catalina.sh", "run"] diff --git a/docker-powerauth-webflow/Dockerfile b/docker-powerauth-webflow/Dockerfile index 41fe9e9..ad99aba 100644 --- a/docker-powerauth-webflow/Dockerfile +++ b/docker-powerauth-webflow/Dockerfile @@ -1,23 +1,29 @@ FROM tomcat:8.5 LABEL maintainer "petr@lime-company.eu" +# Prepare environment variables +ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre +ENV TOMCAT_HOME /usr/local/tomcat + # Clear root context -RUN rm -rf /usr/local/tomcat/webapps/* +RUN rm -rf $TOMCAT_HOME/webapps/* # Copy libraries -ADD deploy/lib/mysql-connector-java.jar /usr/local/tomcat/lib/ -ADD deploy/lib/ojdbc6.jar /usr/local/tomcat/lib/ +ADD deploy/lib/mysql-connector-java.jar $TOMCAT_HOME/lib/ +ADD deploy/lib/ojdbc6.jar $TOMCAT_HOME/lib/ # Add Bouncy Castle to JRE -ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre ADD deploy/lib/bcprov-jdk15on-158.jar $JAVA_HOME/lib/ext RUN echo 'security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider' >> $JAVA_HOME/lib/security/java.security +# Add valve for proxy with SSL termination +RUN sed -i 's/<\/Host>/<\/Host>/' $TOMCAT_HOME/conf/server.xml + # Deploy and run applications -ADD deploy/conf/powerauth-webflow.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-webflow.war /usr/local/tomcat/webapps/ +ADD deploy/conf/powerauth-webflow.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-webflow.war $TOMCAT_HOME/webapps/ -ADD deploy/conf/powerauth-data-adapter.xml /usr/local/tomcat/conf/Catalina/localhost/ -ADD deploy/images/powerauth-data-adapter.war /usr/local/tomcat/webapps/ +ADD deploy/conf/powerauth-data-adapter.xml $TOMCAT_HOME/conf/Catalina/localhost/ +ADD deploy/images/powerauth-data-adapter.war $TOMCAT_HOME/webapps/ CMD ["catalina.sh", "run"] From cc87994dc1755064525e937bc91a3fa7e8033813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 28 Mar 2018 13:22:39 +0200 Subject: [PATCH 3/3] Fix #14: Fix create DB scripts to reflect changes made in 0.18.0 (#15) --- deploy/data/mysql/powerauth-server.sql | 28 ++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/deploy/data/mysql/powerauth-server.sql b/deploy/data/mysql/powerauth-server.sql index 5600867..5abf495 100644 --- a/deploy/data/mysql/powerauth-server.sql +++ b/deploy/data/mysql/powerauth-server.sql @@ -56,6 +56,7 @@ CREATE TABLE `pa_activation` ( `activation_id_short` varchar(255) NOT NULL, `activation_otp` varchar(255) NOT NULL, `activation_status` int(11) NOT NULL, + `blocked_reason` varchar(255) DEFAULT NULL, `activation_name` varchar(255) DEFAULT NULL, `application_id` bigint(20) NOT NULL, `user_id` varchar(255) NOT NULL, @@ -84,6 +85,7 @@ CREATE TABLE `pa_signature_audit` ( `activation_id` varchar(37) NOT NULL, `activation_counter` bigint(20) NOT NULL, `activation_status` int(11) NOT NULL, + `additional_info` varchar(255) DEFAULT NULL, `data_base64` text, `signature_type` varchar(255) NOT NULL, `signature` varchar(255) NOT NULL, @@ -124,12 +126,26 @@ CREATE TABLE `pa_application_callback` ( -- CREATE TABLE pa_token ( - `token_id` VARCHAR(37) NOT NULL, - `token_secret` VARCHAR(255) NOT NULL, - `activation_id` VARCHAR(37) NOT NULL, - `signature_type` VARCHAR(255) NOT NULL, - `timestamp_created` DATETIME NOT NULL + `token_id` VARCHAR(37) NOT NULL, + `token_secret` VARCHAR(255) NOT NULL, + `activation_id` VARCHAR(37) NOT NULL, + `signature_type` VARCHAR(255) NOT NULL, + `timestamp_created` DATETIME NOT NULL, PRIMARY KEY (`token_id`), KEY `K_TOKEN_ACTIVATION_ID` (`activation_id`), CONSTRAINT `FK_TOKEN_ACTIVATION_ID` FOREIGN KEY (`activation_id`) REFERENCES `pa_activation` (`activation_id`) ON DELETE CASCADE ON UPDATE NO ACTION -) ENGINE=InnoDB DEFAULT CHARSET=utf8 +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Create table for activation changes +-- + +CREATE TABLE `pa_activation_history` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `activation_id` varchar(37) NOT NULL, + `activation_status` int(11) NOT NULL, + `timestamp_created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + KEY `K_HISTORY_ACTIVATION_ID` (`activation_id`), + CONSTRAINT `FK_HISTORY_ACTIVATION_ID` FOREIGN KEY (`activation_id`) REFERENCES `pa_activation` (`activation_id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB DEFAULT CHARSET=utf8;