Merge pull request #112 from wultra/develop

Prepare release 2020.11

.env

@@ -30,7 +30,7 @@ POWERAUTH_SERVER_JPA_DDL_AUTO=none
 POWERAUTH_SERVER_JPA_CHARSET=utf8mb4
 POWERAUTH_SERVER_JPA_CHARACTER_ENCODING=utf8
 POWERAUTH_SERVER_JPA_USE_UNICODE=true
-POWERAUTH_SERVER_JPA_DATABASE_PLATFORM=
+POWERAUTH_SERVER_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 POWERAUTH_SERVER_JPA_LOCK_TIMEOUT=10000
 POWERAUTH_SERVER_DATASOURCE_JNDI_NAME=false
 POWERAUTH_SERVER_SPRING_JMX_ENABLED=false
@@ -52,7 +52,7 @@ POWERAUTH_SERVER_APPLICATION_ENVIRONMENT=
 POWERAUTH_SERVER_LOGGING=
 
 # Configuration for PowerAuth Admin
-POWERAUTH_ADMIN_POWERAUTH_SERVICE_URL=http://powerauth-server:8080/powerauth-java-server/soap
+POWERAUTH_ADMIN_POWERAUTH_SERVICE_URL=http://powerauth-server:8080/powerauth-java-server/rest
 POWERAUTH_ADMIN_SECURITY_CLIENT_TOKEN=
 POWERAUTH_ADMIN_SECURITY_CLIENT_SECRET=
 POWERAUTH_ADMIN_ACCEPT_INVALID_SSL_CERTIFICATE=false
@@ -75,7 +75,7 @@ POWERAUTH_ADMIN_APPLICATION_ENVIRONMENT=
 POWERAUTH_ADMIN_LOGGING=
 
 # Configuration for Push Server
-PUSH_SERVER_POWERAUTH_SERVICE_URL=http://powerauth-server:8080/powerauth-java-server/soap
+PUSH_SERVER_POWERAUTH_SERVICE_URL=http://powerauth-server:8080/powerauth-java-server/rest
 PUSH_SERVER_PUSH_SERVICE_URL=http://powerauth-push-server:8080/powerauth-push-server
 PUSH_SERVER_SECURITY_CLIENT_TOKEN=
 PUSH_SERVER_SECURITY_CLIENT_SECRET=
@@ -88,7 +88,7 @@ PUSH_SERVER_JPA_DDL_AUTO=none
 PUSH_SERVER_JPA_CHARSET=utf8mb4
 PUSH_SERVER_JPA_CHARACTER_ENCODING=utf8
 PUSH_SERVER_JPA_USE_UNICODE=true
-PUSH_SERVER_JPA_DATABASE_PLATFORM=
+PUSH_SERVER_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 PUSH_SERVER_APNS_DEVELOPMENT=false
 PUSH_SERVER_APNS_PROXY_ENABLED=false
 PUSH_SERVER_APNS_PROXY_HOST=127.0.0.1
@@ -110,6 +110,8 @@ PUSH_SERVER_SPRING_JMX_ENABLED=false
 PUSH_SERVER_SPRING_JMX_DEFAULT_DOMAIN=powerauth-push-server
 PUSH_SERVER_FCM_CONNECT_TIMEOUT=5000
 PUSH_SERVER_APNS_CONNECT_TIMEOUT=5000
+PUSH_SERVER_APNS_IDLE_PING_INTERVAL=60000
+PUSH_SERVER_APNS_CONCURRENT_CONNECTIONS=1
 PUSH_SERVER_APPLICATION_NAME=powerauth-push-server
 PUSH_SERVER_APPLICATION_DISPLAY_NAME=PowerAuth Push Server
 PUSH_SERVER_APPLICATION_ENVIRONMENT=
@@ -124,7 +126,7 @@ NEXTSTEP_JPA_DDL_AUTO=none
 NEXTSTEP_JPA_CHARSET=utf8mb4
 NEXTSTEP_JPA_CHARACTER_ENCODING=utf8
 NEXTSTEP_JPA_USE_UNICODE=true
-NEXTSTEP_JPA_DATABASE_PLATFORM=
+NEXTSTEP_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 NEXTSTEP_OPERATION_EXPIRATION_TIME=300
 NEXTSTEP_DATASOURCE_JNDI_NAME=false
 NEXTSTEP_SPRING_JMX_ENABLED=false
@@ -137,7 +139,7 @@ NEXTSTEP_LOGGING=
 # Configuration for Web Flow
 WEBFLOW_DATA_ADAPTER_URL=http://powerauth-data-adapter:8080/powerauth-data-adapter
 WEBFLOW_NEXTSTEP_URL=http://powerauth-nextstep:8080/powerauth-nextstep
-WEBFLOW_POWERAUTH_SERVICE_URL=http://powerauth-java-server:8080/powerauth-java-server/soap
+WEBFLOW_POWERAUTH_SERVICE_URL=http://powerauth-java-server:8080/powerauth-java-server/rest
 WEBFLOW_POWERAUTH_SECURITY_TOKEN=
 WEBFLOW_POWERAUTH_SECURITY_SECRET=
 WEBFLOW_ACCEPT_INVALID_SSL_CERTIFICATE=false
@@ -150,7 +152,7 @@ WEBFLOW_JPA_DDL_AUTO=none
 WEBFLOW_JPA_CHARSET=utf8mb4
 WEBFLOW_JPA_CHARACTER_ENCODING=utf8
 WEBFLOW_JPA_USE_UNICODE=true
-WEBFLOW_JPA_DATABASE_PLATFORM=
+WEBFLOW_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 WEBFLOW_DATASOURCE_JNDI_NAME=false
 WEBFLOW_PAGE_TITLE=PowerAuth Web Flow
 WEBFLOW_PAGE_EXT_RESOURCES_LOCATION=classpath:/static/resources/
@@ -168,6 +170,8 @@ WEBFLOW_AFS_DETECT_IP_ADDRESS=false
 WEBFLOW_AFS_FORCE_IPV4=true
 WEBFLOW_AFS_TM_COOKIES_DEVICE_TAG=
 WEBFLOW_AFS_TM_COOKIES_SESSION_SID=
+WEBFLOW_SECURITY_CORS_ENABLED=false
+WEBFLOW_SECURITY_CORS_ALLOW_ORIGIN=
 WEBFLOW_SPRING_JMX_ENABLED=false
 WEBFLOW_SPRING_JMX_DEFAULT_DOMAIN=powerauth-webflow
 WEBFLOW_APPLICATION_NAME=powerauth-webflow
@@ -184,7 +188,7 @@ DATA_ADAPTER_JPA_DDL_AUTO=none
 DATA_ADAPTER_JPA_CHARSET=utf8mb4
 DATA_ADAPTER_JPA_CHARACTER_ENCODING=utf8
 DATA_ADAPTER_JPA_USE_UNICODE=true
-DATA_ADAPTER_JPA_DATABASE_PLATFORM=
+DATA_ADAPTER_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 DATA_ADAPTER_SMS_EXPIRATION=300
 DATA_ADAPTER_SMS_MAX_TRIES=5
 DATA_ADAPTER_DATASOURCE_JNDI_NAME=false
@@ -204,7 +208,7 @@ POWERAUTH_TPP_ENGINE_JPA_DDL_AUTO=none
 POWERAUTH_TPP_ENGINE_JPA_CHARSET=utf8mb4
 POWERAUTH_TPP_ENGINE_JPA_CHARACTER_ENCODING=utf8
 POWERAUTH_TPP_ENGINE_JPA_USE_UNICODE=true
-POWERAUTH_TPP_ENGINE_JPA_DATABASE_PLATFORM=
+POWERAUTH_TPP_ENGINE_JPA_DATABASE_PLATFORM=org.hibernate.dialect.MySQL5Dialect
 POWERAUTH_TPP_ENGINE_DATASOURCE_JNDI_NAME=false
 POWERAUTH_TPP_ENGINE_SPRING_JMX_ENABLED=false
 POWERAUTH_TPP_ENGINE_SPRING_JMX_DEFAULT_DOMAIN=powerauth-tpp-engine

build.sh

@@ -9,7 +9,7 @@ fi
 
 # Prepare Build Number
 if [ -z ${TAG+x} ]; then
-    export PRODUCT_VERSION="2019.11"
+    export PRODUCT_VERSION="2020.11"
     if [ -z ${BUILD+x} ]; then
         export BUILD=$(date +%s)
     fi

deploy/conf/powerauth-push-server.xml

@@ -66,6 +66,10 @@
     <Parameter name="powerauth.push.service.fcm.connect.timeout" value="${PUSH_SERVER_FCM_CONNECT_TIMEOUT}"/>
     <Parameter name="powerauth.push.service.apns.connect.timeout" value="${PUSH_SERVER_APNS_CONNECT_TIMEOUT}"/>
 
+    <!-- Advanced APNs Settings -->
+    <Parameter name="powerauth.push.service.apns.idlePingInterval" value="${PUSH_SERVER_APNS_IDLE_PING_INTERVAL}"/>
+    <Parameter name="powerauth.push.service.apns.concurrentConnections" value="${PUSH_SERVER_APNS_CONCURRENT_CONNECTIONS}"/>
+
     <!-- Application Configuration -->
     <Parameter name="powerauth.push.service.applicationName" value="${PUSH_SERVER_APPLICATION_NAME}"/>
     <Parameter name="powerauth.push.service.applicationDisplayName" value="${PUSH_SERVER_APPLICATION_DISPLAY_NAME}"/>

deploy/conf/powerauth-webflow.xml

@@ -66,6 +66,10 @@
     <Parameter name="powerauth.webflow.afs.tm.cookies.deviceTag" value="${WEBFLOW_AFS_TM_COOKIES_DEVICE_TAG}"/>
     <Parameter name="powerauth.webflow.afs.tm.cookies.sessionSid" value="${WEBFLOW_AFS_TM_COOKIES_SESSION_SID}"/>
 
+    <!-- Configuration of CORS security -->
+    <Parameter name="powerauth.webflow.security.cors.enabled" value="${WEBFLOW_SECURITY_CORS_ENABLED}"/>
+    <Parameter name="powerauth.webflow.security.cors.allowOrigin" value="${WEBFLOW_SECURITY_CORS_ALLOW_ORIGIN}"/>
+
     <!-- JMX Configuration -->
     <Parameter name="spring.jmx.enabled" value="${WEBFLOW_SPRING_JMX_ENABLED}"/>
     <Parameter name="spring.jmx.default-domain" value="${WEBFLOW_SPRING_JMX_DEFAULT_DOMAIN}"/>

deploy/data/ext-resources/css/base.css

@@ -5,7 +5,7 @@ body {
 }
 
 .background {
-    /* background: url('../images/background.png') 0 0 repeat-x;*/
+    /* background: url('../images/background.jpg') 0 0 repeat-x;*/
     position: fixed;
     top: 0;
     left: 0;
@@ -348,6 +348,10 @@ a:hover, a:active, a:focus {
     font-size: 12pt;
 }
 
+.consent-checkbox-wrapper {
+    z-index: 1;
+}
+
 .consent-checkbox {
     vertical-align: top;
     margin-top: 6px !important;
@@ -367,10 +371,6 @@ a:hover, a:active, a:focus {
     font-weight: normal;
 }
 
-.consent-nopadding {
-    padding: 0;
-}
-
 .consent-error {
     padding-top: 10px;
     color: #C0007F;
@@ -392,4 +392,21 @@ a:hover, a:active, a:focus {
 
 .sms-resend-disabled {
     color: #777777;
+}
+
+.client-certificate-active {
+    color: #7FC000;
+}
+
+.client-certificate-active:hover {
+    cursor: pointer;
+}
+
+.client-certificate-label {
+    text-align: left;
+    margin-top: 10px;
+}
+
+.spinner {
+    color: #000000;
 }

deploy/data/ext-resources/css/customization.css

@@ -3,7 +3,7 @@
 */
 
 html {
-    background-image: url(../images/background-wultra.png);
+    background-image: url(../images/background-wultra.jpg);
     background-position: center center;
     background-size: cover;
     height: 100%;
@@ -250,4 +250,8 @@ a:hover, a:active, a:focus {
 
 #login .form-group .form-control {
     border-radius: 6px;
+}
+
+.spinner {
+    color: #FFFFFF;
 }

deploy/data/ext-resources/messages_cs.properties

@@ -1,6 +1,6 @@
 error.authPage=Nelze zobrazit autentizační stránku.
 error.sessionExpired=Vaše relace byla ukončena z důvodu delší nečinnosti.
-error.sessionTerminated=Relace byla ukončena z důvodu delší nečinnosti.
+error.sessionTerminated=Relace byla ukončena.
 error.invalidRequest=Došlo k chybě při vykonávání požadavku.
 error.noAuthMethod=Nebyla nalezena žádná vhodná autentizační metoda.
 error.remote=Nastala chyba při komunikaci se vzdáleným systémem.
@@ -15,11 +15,15 @@ login.pleaseLogIn=Přihlaste se prosím
 login.authenticationFailed=Přihlášení se nezdařilo.
 login.authenticationBlocked=Byl překročen maximální počet pokusů pro přihlášení. Váš účet byl proto dočasně zablokován.
 login.username.empty=Vyplňte vaše přihlašovací číslo.
+login.username.invalidFormat=Zadané přihlašovací číslo není validní.
+login.organization.empty=Chybí název organizace.
+login.organization.invalidFormat=Název organizace není validní.
 login.userId.empty=Chybí identifikátor uživatele.
 login.password.empty=Vyplňte heslo.
 login.userId.empty\ login.password.empty=Chybí identifikátor uživatele. Vyplňte heslo.
 login.username.long=Přihlašovací číslo je příliš dlouhé.
 login.userId.long=Identifikátor uživatele je příliš dlouhý.
+login.organizationId.long=Identifikátor organizace je příliš dlouhý.
 login.password.long=Heslo je příliš dlouhé.
 login.userId.long\ login.password.long=Identifikátor uživatele je příliš dlouhý. Heslo je příliš dlouhé.
 login.password.empty\ login.userId.long=Identifikátor uživatele je příliš dlouhý. Vyplňte prosím heslo.
@@ -29,6 +33,7 @@ login.userNotFound=Uživatelský účet nebyl nalezen.
 loginSca.continue=Pokračovat
 loginSca.password=Zadejte Vaše heslo:
 loginSca.confirm=Přihlásit
+loginSca.confirmInit=Potvrdit
 operationContext.missing=Není dostupný kontext operace.
 operationConfig.missing=Chybí konfigurace operace.
 operationData.invalid=Operace obsahuje chybná data.
@@ -147,4 +152,10 @@ security.warning.android.text=Vaše Android zařízení nedosahuje dostatečné
 security.warning.android.override=Přesto pokračovat
 
 # Close browser window warning
-browser.close.warning=Opravdu si přejete zrušit tuto operaci?
+browser.close.warning=Opravdu si přejete zrušit tuto operaci?
+
+# Client certificate verification
+clientCertificate.login=Přihlásit se certifikátem
+clientCertificate.use=Vybrat certifikát
+clientCertificate.failed=Ověření klientského certifikátu selhalo.
+clientCertificate.approval=Pro ověření bude použit klientský certifikát.

deploy/data/ext-resources/messages_en.properties

@@ -1,6 +1,6 @@
 error.authPage=Unable to display authentication page.
 error.sessionExpired=Your session has expired due to inactivity.
-error.sessionTerminated=Session has been terminated due to inactivity.
+error.sessionTerminated=Session has been terminated.
 error.invalidRequest=Invalid request.
 error.noAuthMethod=No authentication method is available to serve the request.
 error.remote=Error occurred during communication with the remote system.
@@ -15,11 +15,15 @@ login.pleaseLogIn=Please sign in
 login.authenticationFailed=User authentication failed.
 login.authenticationBlocked=The maximum number of authentication attempts has been exceeded. Your account was blocked temporarily.
 login.username.empty=Fill in the login number.
+login.username.invalidFormat=The specified login number is invalid.
+login.organization.empty=Organization name is missing.
+login.organization.invalidFormat=Organization name is invalid.
 login.userId.empty=Missing user identification.
 login.password.empty=Fill in the password.
 login.userId.empty\ login.password.empty=Missing user identifier. Fill in the password.
 login.username.long=Supplied login number is too long.
 login.userId.long=User identifier is too long.
+login.organizationId.long=Organization identifier is too long.
 login.password.long=Supplied password is too long.
 login.userId.long\ login.password.long=User identifier and password are too long.
 login.password.empty\ login.userId.long=User identifier is too long. Fill in the password.
@@ -29,6 +33,7 @@ login.userNotFound=User account was not found.
 loginSca.continue=Continue
 loginSca.password=Enter your password:
 loginSca.confirm=Sign in
+loginSca.confirmInit=Confirm
 operationContext.missing=Operation context is not available.
 operationConfig.missing=Operation is not configured.
 operationData.invalid=Operation contains invalid data.
@@ -148,4 +153,10 @@ security.warning.android.text=Your Android device is not secure enough for confi
 security.warning.android.override=Continue anyway
 
 # Close browser window warning
-browser.close.warning=Are you sure you want to cancel current operation?
+browser.close.warning=Are you sure you want to cancel current operation?
+
+# Client certificate verification
+clientCertificate.login=Login with Certificate
+clientCertificate.use=Choose Certificate
+clientCertificate.failed=Client certificate verification failed.
+clientCertificate.approval=Client certificate will be used for authorization.

deploy/data/mysql/powerauth-server.sql

@@ -15,6 +15,7 @@ USE powerauth;
 CREATE TABLE `pa_application` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
   `name` varchar(255) NOT NULL,
+  `roles` varchar(255),
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
@@ -52,11 +53,16 @@ CREATE TABLE `pa_activation` (
   `activation_id` varchar(37) NOT NULL,
   `activation_code` varchar(255),
   `activation_status` int(11) NOT NULL,
+  `activation_otp` varchar(255),
+  `activation_otp_validation` int DEFAULT 0 NOT NULL,
   `blocked_reason` varchar(255) DEFAULT NULL,
   `activation_name` varchar(255) DEFAULT NULL,
   `application_id` bigint(20) NOT NULL,
   `user_id` varchar(255) NOT NULL,
   `extras` text,
+  `platform` varchar(255),
+  `device_info` varchar(255),
+  `flags` varchar(255),
   `counter` bigint(20) NOT NULL,
   `ctr_data` varchar(255),
   `device_public_key_base64` text,
@@ -120,6 +126,7 @@ CREATE TABLE `pa_application_callback` (
   `application_id` bigint(20) NOT NULL,
   `name` varchar(255) DEFAULT NULL,
   `callback_url` text NOT NULL,
+  `attributes` text NOT NULL,
   PRIMARY KEY (`id`),
   CONSTRAINT `FK_APPLICATION_CALLBACK` FOREIGN KEY (`application_id`) REFERENCES `pa_application` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
@@ -146,7 +153,7 @@ CREATE TABLE `pa_activation_history` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
   `activation_id` varchar(37) NOT NULL,
   `activation_status` int(11) NOT NULL,
-  `blocked_reason` varchar(255),
+  `event_reason` varchar(255),
   `external_user_id` varchar(255),
   `timestamp_created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
@@ -202,6 +209,7 @@ CREATE TABLE `pa_recovery_config` (
   `postcard_private_key_base64` varchar(255),
   `postcard_public_key_base64` varchar(255),
   `remote_public_key_base64` varchar(255),
+  `postcard_private_key_encryption` int(11) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   CONSTRAINT `FK_RECOVERY_CONFIG_APP` FOREIGN KEY (`application_id`) REFERENCES `pa_application` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
 ) ENGINE=InnoDB AUTO_INCREMENT=1 CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;