Merge pull request #937 from wultra/develop

Prepare release 1.0.0

docs/Compilation,-Packaging-and-Deployment.md

@@ -8,7 +8,7 @@ Web Flow can be deployed to any Java web container (such as Tomcat) using war ar
 
 In order to build Web Flow using Maven, following PowerAuth dependencies need to be satisfied:
 
-* [powerauth-server](https://github.com/wultra/powerauth-server) - dependency **powerauth-java-client-spring**
+* [powerauth-server](https://github.com/wultra/powerauth-server) - dependency **powerauth-rest-client-spring**
 * [powerauth-push-server](https://github.com/wultra/powerauth-push-server) - dependency **powerauth-push-client**
 * [powerauth-restful-integration](https://github.com/wultra/powerauth-restful-integration) - dependency **powerauth-restful-security-spring**
 * [powerauth-crypto](https://github.com/wultra/powerauth-crypto) - dependency **powerauth-java-crypto**

docs/Deploying-Wildfly.md

@@ -45,6 +45,24 @@ Similarly, Next Step contains the following configuration in `jboss-deployment-s
 </jboss-deployment-structure>
 ```
 
+Optionally, TPP engine contains the following configuration in `jboss-deployment-structure.xml` file for JBoss / Wildfly:
+```
+<?xml version="1.0"?>
+<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">
+	<deployment>
+		<exclude-subsystems>
+			<!-- disable the logging subsystem because the application manages its own logging independently -->
+			<subsystem name="logging" />
+		</exclude-subsystems>
+
+		<dependencies>
+			<module name="com.wultra.powerauth.tpp-engine.conf" />
+		</dependencies>
+		<local-last value="true" />
+	</deployment>
+</jboss-deployment-structure>
+```
+
 Optionally, Web Flow Client contains the following configuration in `jboss-deployment-structure.xml` file for JBoss / Wildfly:
 
 ```
@@ -67,7 +85,7 @@ Optionally, Web Flow Client contains the following configuration in `jboss-deplo
 ```
 
 The deployment descriptor requires configuration of the `com.wultra.powerauth.webflow.conf` and `com.wultra.powerauth.nextstep.conf` modules.
-Optionally configure also the `com.wultra.powerauth.webflow-client.conf`.
+Optionally configure also the `com.wultra.powerauth.tpp-engine.conf` and `com.wultra.powerauth.webflow-client.conf` modules.
 
 ## JBoss Module for Web Flow Configuration
 
@@ -151,7 +169,7 @@ For Next Step you can use the same configuration, just change the variable `LOG_
 The `application-ext.properties` file is used to override default configuration properties, for example:
 ```
 # PowerAuth 2.0 Client configuration
-powerauth.service.url=http://[host]:[port]/powerauth-java-server/soap
+powerauth.service.url=http://[host]:[port]/powerauth-java-server/rest
 ```
 
 Web Flow Spring application uses the `ext` Spring profile which activates overriding of default properties by `application-ext.properties`.

docs/Migration-Instructions.md

@@ -2,6 +2,7 @@
 
 This page contains PowerAuth Web Flow migration instructions.
 
+- [PowerAuth Web Flow 1.0.0](./Web-Flow-1.0.0.md)
 - [PowerAuth Web Flow 0.24.0](./Web-Flow-0.24.0.md)
 - [PowerAuth Web Flow 0.23.0](./Web-Flow-0.23.0.md)
 - [PowerAuth Web Flow 0.22.0](./Web-Flow-0.22.0.md)

docs/Off-line-Signatures-QR-Code.md

@@ -170,14 +170,14 @@ The meaning of individual fields is explained in chapter [Operation Attributes](
 
 #### 1.2. Fetch Data For Offline Signatures
 
-Now, you need to prepare the data for the QR code display. Call the PowerAuth SOAP method to create a personalized offline signature payload. The SOAP method `createPersonalizedOfflineSignaturePayload` requires two parameters:
+Now, you need to prepare the data for the QR code display. Call the PowerAuth REST method to create a personalized offline signature payload. The REST method `createPersonalizedOfflineSignaturePayload` requires two parameters:
 
 - `activationId` - ID of the activation of mobile device
 - `data` - data constructed in step 1
 
-The SOAP method is documented in the [PowerAuth documentation](https://github.com/wultra/powerauth-server/blob/develop/docs/SOAP-Service-Methods.md#method-createpersonalizedofflinesignaturepayload).
+The REST method is documented in the [PowerAuth documentation](https://github.com/wultra/powerauth-server/blob/develop/docs/SOAP-Service-Methods.md#method-createpersonalizedofflinesignaturepayload).
 
-In the response from the SOAP method `createPersonalizedOfflineSignaturePayload`, you will receive:
+In the response from the REST method `createPersonalizedOfflineSignaturePayload`, you will receive:
 
 - `offlineData` - The exact data to be displayed inside the QR code.
 - `nonce` - A random cryptographic nonce.
@@ -190,7 +190,7 @@ Note: The format of the `offlineData` is the following:
 {DATA}\n{NONCE_B64}\n{KEY_SERVER_PRIVATE_INDICATOR}{ECDSA_QRDATA_SIGNATURE_BASE64}
 ```
 
-As you can see, the `offlineData` already contain `nonce` value (in Base64 format) since the mobile app needs to scan the `nonce` value to compute the signature. However, the SOAP service still returns the value separately - since `nonce` must be used later on the back-end side, we wanted to avoid the necessity to parse the `offlineData` and hence we return `nonce` as a standalone response attribute.
+As you can see, the `offlineData` already contain `nonce` value (in Base64 format) since the mobile app needs to scan the `nonce` value to compute the signature. However, the REST service still returns the value separately - since `nonce` must be used later on the back-end side, we wanted to avoid the necessity to parse the `offlineData` and hence we return `nonce` as a standalone response attribute.
 
 #### 1.3. Display Data To The User
 
@@ -260,12 +260,12 @@ String signatureBaseString
 
 #### 3.4. Verifying Signature
 
-To verify signature, you need to call the SOAP method [`verifyOfflineSignature`](https://developers.wultra.com/docs/develop/powerauth-server/SOAP-Service-Methods#method-verifyofflinesignature) providing:
+To verify signature, you need to call the REST method [`verifyOfflineSignature`](https://developers.wultra.com/docs/develop/powerauth-server/SOAP-Service-Methods#method-verifyofflinesignature) providing:
 
 - `activationId` - identifier of the activation (to know which device is responsible for verification)
 - `data` (represented by `signatureBaseString` as obtained in 3.2.) - as data for verification
 - `signature` - value of the signature entered by the user (as obtained in 3.1., 2x8 digits)
-- `signatureType` - type of the signature (`POSSESSION_KNOWLEDGE`).
+- `biometryAllowed` - whether biometry signature factor is allowed
 
 The method returns information about signature verification:
 
@@ -278,4 +278,4 @@ The method returns information about signature verification:
 - `signatureType` - Signature type that was used to compute the signature value.
 - `remainingAttempts` - How many attempts are remaining for the signature validation (single, activation related counter).
 
-See the SOAP method documentation for details.
+See the REST method documentation for details.

docs/Used-Push-Message-Extras.md

@@ -2,16 +2,16 @@
 
 During the Mobile Token authentication and authorization, PowerAuth Web Flow may send following push messages to the Mobile Token app:
 
-- `messageType` - message type, one of the following values:
+- `messageType` (required) - message type, one of the following values:
     - `mtoken.operationInit` - in case new operation was triggerred
     - `mtoken.operationFinished` - in case operation was finished, successfully or non-successfully
-- `mtokenOperationResult` - this key arrives only in case of a finished operation (`messageType` = `mtoken.operationFinished`) and it contains more information about the operation finish result, namely one of the following values:
+- `mtokenOperationResult` (required only in case of a finished operation, `messageType` = `mtoken.operationFinished`, otherwise ignored) - this key contains more information about the operation finish result, namely one of the following values:
     - `authentication.success` - operation was successfully confirmed
     - `authentication.fail` - operation failed to confirm
     - `operation.timeout` - operation expired
     - `operation.canceled` - operation was cancelled by the user
     - `operation.methodNotAvailable` - (rare) mToken authentication method was removed from the user
-- `operationId` - operation ID, in UUID format
-- `operationName` - operation name, for example "login" or "authorize_payment"
+- `operationId` (required) - operation ID, in UUID format
+- `operationName` (required) - operation name, for example "login" or "authorize_payment"
 
 Please note that push notifications work on "best effort" principle and therefore, application must not rely on them. It can use the notification for example to deliver more prompt response on events in desktop web browser.

docs/Web-Flow-1.0.0.md

@@ -0,0 +1,30 @@
+# Migration from 0.23.0 to 0.24.0
+
+## Database Changes
+
+Following database changes were introduced in version `1.0.0`:
+
+- Allowed nullability of column `external_id` in table `tpp_user_consent` 
+
+DDL update script for Oracle:
+```sql
+ALTER TABLE tpp_user_consent MODIFY external_id VARCHAR(256);
+```
+
+DDL update script for MySQL:
+```sql
+ALTER TABLE tpp_user_consent MODIFY external_id VARCHAR(256);
+```
+
+DDL update script for PostgreSQL:
+```sql
+ALTER TABLE tpp_user_consent ALTER COLUMN external_id DROP NOT NULL;
+```
+
+## Upgrade to React 16
+
+The Web application has been migrated to React version 16. 
+
+As part of the migration, the following definition needs to be changed in `customization.css`:
+- The `panel-body` class is no longer used in React 16. Replace all occurrences of `panel-body` with `panel-default`.
+- It is possible that no such customization is done, in this case skip this upgrade step.

docs/Web-Flow-Configuration.md

@@ -23,7 +23,7 @@ powerauth.dataAdapter.service.url=http://localhost:8080/powerauth-data-adapter
 powerauth.nextstep.service.url=http://localhost:8080/powerauth-nextstep
 
 # PowerAuth Server URL
-powerauth.service.url=http://localhost:8080/powerauth-java-server/soap
+powerauth.service.url=http://localhost:8080/powerauth-java-server/rest
 powerauth.service.security.clientToken=
 powerauth.service.security.clientSecret=
 # Whether invalid SSL certificates should be accepted

docs/Web-Flow-Installation-Manual.md

@@ -124,7 +124,7 @@ Note that the JDBC settings differ based on used database vendor and JDBC driver
     <Parameter name="powerauth.nextstep.service.url" value="http://10.x.x.x:8080/powerauth-nextstep"/>
 
     <!-- PowerAuth Server Service URL -->
-    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/soap"/>
+    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/rest"/>
 
     <!-- PowerAuthServer Service Security Settings -->
     <Parameter name="powerauth.service.security.clientToken" value=""/>
@@ -183,7 +183,7 @@ Note that the JDBC settings differ based on used database vendor and JDBC driver
 <Context>
 
     <!-- PowerAuth Server Service URL -->
-    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/soap"/>
+    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/rest"/>
 
 </Context>
 ```
@@ -212,7 +212,7 @@ Note that the JDBC settings differ based on used database vendor and JDBC driver
 <Context>
 
     <!-- PowerAuth Server Service URL -->
-    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/soap"/>
+    <Parameter name="powerauth.service.url" value="http://10.x.x.x:8080/powerauth-java-server/rest"/>
 
     <!-- PowerAuth Server Service Security Settings -->
     <Parameter name="powerauth.service.security.clientToken" value=""/>

docs/sql/oracle/create_schema.sql

@@ -257,7 +257,7 @@ CREATE TABLE tpp_user_consent (
     user_id             VARCHAR(256) NOT NULL,                      -- User ID.
     client_id           VARCHAR(256) NOT NULL,                      -- OAuth 2.0 client ID.
     consent_id          VARCHAR(64) NOT NULL,                       -- Consent ID.
-    external_id         VARCHAR(256) NOT NULL,                      -- External ID associated with the consent approval, usually the operation ID.
+    external_id         VARCHAR(256),                               -- External ID associated with the consent approval, usually the operation ID.
     consent_parameters  CLOB NOT NULL,                              -- Specific parameters that were filled in into the user consent template.
     timestamp_created   TIMESTAMP,                                  -- Timestamp the consent with given ID was first created.
     timestamp_updated   TIMESTAMP                                   -- Timestamp the consent with given ID was given again before it was revoked (updated, prolonged).
@@ -270,7 +270,7 @@ CREATE TABLE tpp_user_consent_history (
     client_id           VARCHAR(256) NOT NULL,                      -- Client ID.
     consent_id          VARCHAR(64) NOT NULL,                       -- Consent ID.
     consent_change      VARCHAR(16) NOT NULL,                       -- Type of the consent change: APPROVE, PROLONG, REJECT
-    external_id         VARCHAR(256) NOT NULL,                      -- External ID that was responsible for this specific consent change, usually the operation ID.
+    external_id         VARCHAR(256),                               -- External ID that was responsible for this specific consent change, usually the operation ID.
     consent_parameters  CLOB NOT NULL,                              -- Specific parameters that were filled in into the user consent template in this consent change.
     timestamp_created   TIMESTAMP                                   -- Timestamp of the consent change.
 );

docs/sql/postgresql/create_schema.sql

@@ -257,7 +257,7 @@ CREATE TABLE tpp_user_consent (
   user_id               VARCHAR(256) NOT NULL,
   client_id             VARCHAR(256) NOT NULL,
   consent_id            VARCHAR(64) NOT NULL,
-  external_id           VARCHAR(256) NOT NULL,
+  external_id           VARCHAR(256),
   consent_parameters    TEXT NOT NULL,
   timestamp_created     TIMESTAMP,
   timestamp_updated     TIMESTAMP
@@ -270,7 +270,7 @@ CREATE TABLE tpp_user_consent_history (
   client_id             VARCHAR(256) NOT NULL,
   consent_id            VARCHAR(64) NOT NULL,
   consent_change        VARCHAR(16) NOT NULL,
-  external_id           VARCHAR(256) NOT NULL,
+  external_id           VARCHAR(256),
   consent_parameters    TEXT NOT NULL,
   timestamp_created     TIMESTAMP
 );

pom.xml

@@ -8,13 +8,13 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-webflow-parent</artifactId>
-    <version>0.24.0</version>
+    <version>1.0.0</version>
     <packaging>pom</packaging>
 
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.2.6.RELEASE</version>
+        <version>2.3.7.RELEASE</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -96,10 +96,6 @@
         <maven-war-plugin.version>3.2.2</maven-war-plugin.version>
         <jaxb.version>2.3.1</jaxb.version>
         <javax.annotation.version>1.3.2</javax.annotation.version>
-        <javax.activation.version>1.2.0</javax.activation.version>
-        <javax.soap.version>1.4.0</javax.soap.version>
-        <javax.saaj-api.version>1.3.5</javax.saaj-api.version>
-        <javax.saaj-impl.version>1.3.28</javax.saaj-impl.version>
     </properties>
 
     <build>
@@ -177,13 +173,26 @@
         </profile>
     </profiles>
 
+    <repositories>
+        <repository>
+            <id>ossrh-snapshots</id>
+            <url>http://oss.sonatype.org/content/repositories/snapshots/</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+
     <distributionManagement>
         <snapshotRepository>
-            <id>ossrh</id>
+            <id>ossrh-snapshots-distribution</id>
             <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
         </snapshotRepository>
         <repository>
-            <id>ossrh</id>
+            <id>ossrh-staging-distribution</id>
             <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
         </repository>
     </distributionManagement>

powerauth-data-adapter-client/pom.xml

@@ -7,13 +7,13 @@
 
     <name>powerauth-data-adapter-client</name>
     <artifactId>powerauth-data-adapter-client</artifactId>
-    <version>0.24.0</version>
+    <version>1.0.0</version>
     <packaging>jar</packaging>
 
     <parent>
         <artifactId>powerauth-webflow-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>0.24.0</version>
+        <version>1.0.0</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -29,19 +29,19 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.12</version>
+            <version>4.5.13</version>
         </dependency>
 
         <!-- PowerAuth 2.0 Web Flow Dependencies -->
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-data-adapter-model</artifactId>
-            <version>0.24.0</version>
+            <version>1.0.0</version>
         </dependency>
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-nextstep-model</artifactId>
-            <version>0.24.0</version>
+            <version>1.0.0</version>
         </dependency>
     </dependencies>
 

powerauth-data-adapter-model/pom.xml

@@ -8,26 +8,26 @@
     <name>powerauth-data-adapter-model</name>
     <artifactId>powerauth-data-adapter-model</artifactId>
     <groupId>io.getlime.security</groupId>
-    <version>0.24.0</version>
+    <version>1.0.0</version>
     <packaging>jar</packaging>
 
     <parent>
         <artifactId>powerauth-webflow-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>0.24.0</version>
+        <version>1.0.0</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>io.getlime.core</groupId>
             <artifactId>rest-model-base</artifactId>
-            <version>1.1.0</version>
+            <version>1.2.0</version>
         </dependency>
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-nextstep-model</artifactId>
-            <version>0.24.0</version>
+            <version>1.0.0</version>
         </dependency>
     </dependencies>
 

powerauth-mtoken-model/pom.xml

@@ -6,25 +6,25 @@
     <modelVersion>4.0.0</modelVersion>
     <artifactId>powerauth-mtoken-model</artifactId>
     <groupId>io.getlime.security</groupId>
-    <version>0.24.0</version>
+    <version>1.0.0</version>
 
     <parent>
         <artifactId>powerauth-webflow-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>0.24.0</version>
+        <version>1.0.0</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>io.getlime.core</groupId>
             <artifactId>rest-model-base</artifactId>
-            <version>1.1.0</version>
+            <version>1.2.0</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>2.10.3</version>
+            <version>2.11.3</version>
         </dependency>
     </dependencies>