Skip to content

Commit

Permalink
Merge pull request #1761 from /issues/1757-backport-1753
Browse files Browse the repository at this point in the history 
Fix #1757: Backport fix of #1753 to 1.6.x branch
  • Loading branch information
@romanstrobl
romanstrobl authored Oct 24, 2024
2 parents c2544b9 + af7ade4 commit fd5e9d3
Show file tree
Hide file tree
Showing 7 changed files with 110 additions and 13 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@

<groupId>io.getlime.security</groupId>
<artifactId>powerauth-server-parent</artifactId>
<version>1.6.5-SNAPSHOT</version>
<version>1.6.6</version>
<packaging>pom</packaging>

<parent>
Expand Down
2 changes: 1 addition & 1 deletion powerauth-admin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-server-parent</artifactId>
<version>1.6.5-SNAPSHOT</version>
<version>1.6.6</version>
</parent>

<dependencies>
Expand Down
2 changes: 1 addition & 1 deletion powerauth-client-model/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-server-parent</artifactId>
<version>1.6.5-SNAPSHOT</version>
<version>1.6.6</version>
</parent>

<dependencies>
Expand Down
2 changes: 1 addition & 1 deletion powerauth-java-server/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-server-parent</artifactId>
<version>1.6.5-SNAPSHOT</version>
<version>1.6.6</version>
</parent>

<dependencies>
Expand Down
6 changes: 2 additions & 4 deletions ...etlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ public OperationUserActionResponse attemptApproveOperation(OperationApproveReque
final ProximityCheckResult proximityCheckResult = fetchProximityCheckResult(operationEntity, request, currentInstant);
final boolean activationIdMatches = activationIdMatches(request, operationEntity.getActivationId());
final String expectedUserId = operationEntity.getUserId();
if (expectedUserId == null || expectedUserId.equals(userId) // correct user approved the operation
if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user approved the operation
&& operationEntity.getApplications().contains(application.get()) // operation is approved by the expected application
&& isDataEqual(operationEntity, data) // operation data matched the expected value
&& factorsAcceptable(operationEntity, factorEnum) // auth factors are acceptable
Expand Down Expand Up @@ -308,7 +308,6 @@ && proximityCheckPassed(proximityCheckResult)
final Long maxFailureCount = operationEntity.getMaxFailureCount();

if (failureCount < maxFailureCount) {
operationEntity.setUserId(userId);
operationEntity.setFailureCount(failureCount);
operationEntity.setAdditionalData(mapMerge(operationEntity.getAdditionalData(), additionalData));

Expand Down Expand Up @@ -339,7 +338,6 @@ && proximityCheckPassed(proximityCheckResult)
response.setOperation(operationDetailResponse);
return response;
} else {
operationEntity.setUserId(userId);
operationEntity.setStatus(OperationStatusDo.FAILED);
operationEntity.setTimestampFinalized(currentTimestamp);
operationEntity.setFailureCount(maxFailureCount); // just in case, set the failure count to max value
Expand Down Expand Up @@ -407,7 +405,7 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques
}

final String expectedUserId = operationEntity.getUserId();
if (expectedUserId == null || expectedUserId.equals(userId) // correct user rejects the operation
if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user rejects the operation
&& operationEntity.getApplications().contains(application.get())) { // operation is rejected by the expected application

// Reject the operation
Expand Down
107 changes: 103 additions & 4 deletions ...me/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,7 @@

import com.wultra.security.powerauth.client.model.enumeration.SignatureType;
import com.wultra.security.powerauth.client.model.enumeration.UserActionResult;
import com.wultra.security.powerauth.client.model.request.OperationApproveRequest;
import com.wultra.security.powerauth.client.model.request.OperationCreateRequest;
import com.wultra.security.powerauth.client.model.request.OperationDetailRequest;
import com.wultra.security.powerauth.client.model.request.OperationTemplateCreateRequest;
import com.wultra.security.powerauth.client.model.request.*;
import com.wultra.security.powerauth.client.model.response.OperationDetailResponse;
import com.wultra.security.powerauth.client.model.response.OperationListResponse;
import com.wultra.security.powerauth.client.model.response.OperationUserActionResponse;
Expand Down Expand Up @@ -472,6 +469,108 @@ void testOperationClaim() throws Exception {
assertEquals(userId, operationService.getOperation(detailRequest).getUserId());
}

@Test
void testAnonymousOperationApprovedUserChanged() throws GenericServiceException {
final OperationCreateRequest operationCreateRequest = new OperationCreateRequest();
operationCreateRequest.setApplications(List.of("PA_Tests"));
operationCreateRequest.setTemplateName("test-template");
final OperationDetailResponse operation = operationService.createOperation(operationCreateRequest);
final OperationApproveRequest approveRequest = new OperationApproveRequest();
approveRequest.setOperationId(operation.getId());
approveRequest.setUserId("test_user");
approveRequest.setData("A2");
approveRequest.setApplicationId("PA_Tests");
approveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE);
final OperationUserActionResponse response = operationService.attemptApproveOperation(approveRequest);
assertEquals(UserActionResult.APPROVED, response.getResult());
final OperationDetailRequest detailRequest = new OperationDetailRequest();
detailRequest.setOperationId(operation.getId());
final OperationDetailResponse operationDetail = operationService.getOperation(detailRequest);
assertEquals("test_user", operationDetail.getUserId());
}

@Test
void testAnonymousOperationFailedApproveUserNotChanged() throws GenericServiceException {
final OperationCreateRequest operationCreateRequest = new OperationCreateRequest();
operationCreateRequest.setApplications(List.of("PA_Tests"));
operationCreateRequest.setTemplateName("test-template");
final OperationDetailResponse operation = operationService.createOperation(operationCreateRequest);
final OperationApproveRequest approveRequest = new OperationApproveRequest();
approveRequest.setOperationId(operation.getId());
approveRequest.setUserId("invalid_user");
approveRequest.setData("invalid_data");
approveRequest.setApplicationId("PA_Tests");
approveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE);
final OperationUserActionResponse response = operationService.attemptApproveOperation(approveRequest);
assertEquals(UserActionResult.APPROVAL_FAILED, response.getResult());
final OperationDetailRequest detailRequest = new OperationDetailRequest();
detailRequest.setOperationId(operation.getId());
final OperationDetailResponse operationDetail = operationService.getOperation(detailRequest);
assertNull(operationDetail.getUserId());
}

@Test
void testAnonymousOperationFailedOperationUserNotChanged() throws GenericServiceException {
final OperationCreateRequest operationCreateRequest = new OperationCreateRequest();
operationCreateRequest.setApplications(List.of("PA_Tests"));
operationCreateRequest.setTemplateName("test-template");
final OperationDetailResponse operation = operationService.createOperation(operationCreateRequest);
for (int i = 0; i < 5; i++) {
final OperationApproveRequest approveRequest = new OperationApproveRequest();
approveRequest.setOperationId(operation.getId());
approveRequest.setUserId("invalid_user");
approveRequest.setData("invalid_data");
approveRequest.setApplicationId("PA_Tests");
approveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE);
final OperationUserActionResponse response = operationService.attemptApproveOperation(approveRequest);
if (i == 4) {
assertEquals(UserActionResult.OPERATION_FAILED, response.getResult());
} else {
assertEquals(UserActionResult.APPROVAL_FAILED, response.getResult());
}
}
final OperationDetailRequest detailRequest = new OperationDetailRequest();
detailRequest.setOperationId(operation.getId());
final OperationDetailResponse operationDetail = operationService.getOperation(detailRequest);
assertNull(operationDetail.getUserId());
}

@Test
void testAnonymousOperationRejectUserChanged() throws GenericServiceException {
final OperationCreateRequest operationCreateRequest = new OperationCreateRequest();
operationCreateRequest.setApplications(List.of("PA_Tests"));
operationCreateRequest.setTemplateName("test-template");
final OperationDetailResponse operation = operationService.createOperation(operationCreateRequest);
final OperationRejectRequest rejectRequest = new OperationRejectRequest();
rejectRequest.setOperationId(operation.getId());
rejectRequest.setUserId("test_user");
rejectRequest.setApplicationId("PA_Tests");
final OperationUserActionResponse response = operationService.rejectOperation(rejectRequest);
assertEquals(UserActionResult.REJECTED, response.getResult());
final OperationDetailRequest detailRequest = new OperationDetailRequest();
detailRequest.setOperationId(operation.getId());
final OperationDetailResponse operationDetail = operationService.getOperation(detailRequest);
assertEquals("test_user", operationDetail.getUserId());
}

@Test
void testAnonymousOperationRejectFailedUserNotChanged() throws GenericServiceException {
final OperationCreateRequest operationCreateRequest = new OperationCreateRequest();
operationCreateRequest.setApplications(List.of("PA_Tests"));
operationCreateRequest.setTemplateName("test-template");
final OperationDetailResponse operation = operationService.createOperation(operationCreateRequest);
final OperationRejectRequest rejectRequest = new OperationRejectRequest();
rejectRequest.setOperationId(operation.getId());
rejectRequest.setUserId("test_user");
rejectRequest.setApplicationId(APP_ID);
final OperationUserActionResponse response = operationService.rejectOperation(rejectRequest);
assertEquals(UserActionResult.REJECT_FAILED, response.getResult());
final OperationDetailRequest detailRequest = new OperationDetailRequest();
detailRequest.setOperationId(operation.getId());
final OperationDetailResponse operationDetail = operationService.getOperation(detailRequest);
assertNull(operationDetail.getUserId());
}

private void createApplication() throws GenericServiceException {
boolean appExists = applicationService.getApplicationList().getApplications().stream()
.anyMatch(app -> app.getApplicationId().equals(APP_ID));
Expand Down
2 changes: 1 addition & 1 deletion powerauth-rest-client-spring/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<parent>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-server-parent</artifactId>
<version>1.6.5-SNAPSHOT</version>
<version>1.6.6</version>
</parent>

<dependencies>
Expand Down

0 comments on commit fd5e9d3

Please sign in to comment.