From 83fcd93d13b51a6790a056a9a46afe9e12e463ab Mon Sep 17 00:00:00 2001 From: Petr Dvorak Date: Tue, 29 Sep 2020 22:47:40 +0200 Subject: [PATCH] Fix #888: Backport configurable TPP app access token expiration and status endpoint --- .../model/response/ServiceStatusResponse.java | 130 ++++++++++++++++++ .../configuration/TppEngineConfiguration.java | 91 ++++++++++++ .../controller/ServiceController.java | 84 +++++++++++ .../app/tppengine/service/TppService.java | 9 +- .../src/main/resources/application.properties | 3 + 5 files changed, 313 insertions(+), 4 deletions(-) create mode 100644 powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/response/ServiceStatusResponse.java create mode 100644 powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/configuration/TppEngineConfiguration.java create mode 100644 powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/controller/ServiceController.java diff --git a/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/response/ServiceStatusResponse.java b/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/response/ServiceStatusResponse.java new file mode 100644 index 000000000..5076b8a10 --- /dev/null +++ b/powerauth-tpp-engine-model/src/main/java/io/getlime/security/powerauth/app/tppengine/model/response/ServiceStatusResponse.java @@ -0,0 +1,130 @@ +/* + * Copyright 2020 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.getlime.security.powerauth.app.tppengine.model.response; + +import java.util.Date; + +/** + * Response object for a system status call. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class ServiceStatusResponse { + + private String applicationName; + private String applicationDisplayName; + private String applicationEnvironment; + private String version; + private Date buildTime; + private Date timestamp; + + /** + * Get the application name. + * @return Application name. + */ + public String getApplicationName() { + return applicationName; + } + + /** + * Set the application name. + * @param applicationName Application name. + */ + public void setApplicationName(String applicationName) { + this.applicationName = applicationName; + } + + /** + * Get the application display name. + * @return Application display name. + */ + public String getApplicationDisplayName() { + return applicationDisplayName; + } + + /** + * Set the application display name. + * @param applicationDisplayName Application display name. + */ + public void setApplicationDisplayName(String applicationDisplayName) { + this.applicationDisplayName = applicationDisplayName; + } + + /** + * Get application environment name. + * @return Environment name. + */ + public String getApplicationEnvironment() { + return applicationEnvironment; + } + + /** + * Set application environment name. + * @param applicationEnvironment Environment name. + */ + public void setApplicationEnvironment(String applicationEnvironment) { + this.applicationEnvironment = applicationEnvironment; + } + + /** + * Get version. + * @return version. + */ + public String getVersion() { + return version; + } + + /** + * Set version. + * @param version Version. + */ + public void setVersion(String version) { + this.version = version; + } + + /** + * Get build time. + * @return Build time. + */ + public Date getBuildTime() { + return buildTime; + } + + /** + * Set build time. + * @param buildTime Build time. + */ + public void setBuildTime(Date buildTime) { + this.buildTime = buildTime; + } + + /** + * Get current timestamp. + * @return Timestamp. + */ + public Date getTimestamp() { + return timestamp; + } + + /** + * Set current timestamp. + * @param timestamp Timestamp. + */ + public void setTimestamp(Date timestamp) { + this.timestamp = timestamp; + } +} \ No newline at end of file diff --git a/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/configuration/TppEngineConfiguration.java b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/configuration/TppEngineConfiguration.java new file mode 100644 index 000000000..650d714d5 --- /dev/null +++ b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/configuration/TppEngineConfiguration.java @@ -0,0 +1,91 @@ +/* + * Copyright 2020 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.getlime.security.powerauth.app.tppengine.configuration; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Configuration; + +/** + * Configuration for the TPP Engine application. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Configuration +@ConfigurationProperties("ext") +@ComponentScan(basePackages = {"io.getlime.security.powerauth"}) +public class TppEngineConfiguration { + + /** + * Application name. + */ + @Value("${powerauth.tppEngine.service.applicationName}") + private String applicationName; + + /** + * Application display name. + */ + @Value("${powerauth.tppEngine.service.applicationDisplayName}") + private String applicationDisplayName; + + /** + * Application environment. + */ + @Value("${powerauth.tppEngine.service.applicationEnvironment}") + private String applicationEnvironment; + + /** + * When a new app is created in TPP engine, this value is set as the default + * access token validity in seconds. + */ + @Value("${powerauth.tppEngine.service.oauth2.defaultAccessTokenValidityInSeconds}") + private Long defaultAccessTokenValidityInSeconds; + + /** + * Get application name. + * @return Application name. + */ + public String getApplicationName() { + return applicationName; + } + + /** + * Get application display name. + * @return Application display name. + */ + public String getApplicationDisplayName() { + return applicationDisplayName; + } + + /** + * Get application environment. + * @return Application environment. + */ + public String getApplicationEnvironment() { + return applicationEnvironment; + } + + /** + * Get default app access token validity in seconds. + * @return Access token validity in seconds. + */ + public Long getDefaultAccessTokenValidityInSeconds() { + return defaultAccessTokenValidityInSeconds; + } + +} \ No newline at end of file diff --git a/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/controller/ServiceController.java b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/controller/ServiceController.java new file mode 100644 index 000000000..da90e14f9 --- /dev/null +++ b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/controller/ServiceController.java @@ -0,0 +1,84 @@ +/* + * Copyright 2020 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.getlime.security.powerauth.app.tppengine.controller; + +import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.getlime.security.powerauth.app.tppengine.configuration.TppEngineConfiguration; +import io.getlime.security.powerauth.app.tppengine.model.response.ServiceStatusResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.info.BuildProperties; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; + +import java.util.Date; + +/** + * Class representing controller used for service and maintenance purpose. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Controller +@RequestMapping(value = "/api/service") +public class ServiceController { + + private final Logger logger = LoggerFactory.getLogger(ServiceController.class); + + private final TppEngineConfiguration tppEngineConfiguration; + private BuildProperties buildProperties; + + /** + * Service constructor. + * @param tppEngineConfiguration Web Flow server configuration. + */ + @Autowired + public ServiceController(TppEngineConfiguration tppEngineConfiguration) { + this.tppEngineConfiguration = tppEngineConfiguration; + } + + /** + * Set build information. + * @param buildProperties Build properties. + */ + @Autowired(required = false) + public void setBuildProperties(BuildProperties buildProperties) { + this.buildProperties = buildProperties; + } + + /** + * Controller resource with system information. + * @return System status info. + */ + @RequestMapping(value = "status", method = RequestMethod.GET) + public @ResponseBody ObjectResponse getServiceStatus() { + logger.info("Received getServiceStatus request"); + ServiceStatusResponse response = new ServiceStatusResponse(); + response.setApplicationName(tppEngineConfiguration.getApplicationName()); + response.setApplicationDisplayName(tppEngineConfiguration.getApplicationDisplayName()); + response.setApplicationEnvironment(tppEngineConfiguration.getApplicationEnvironment()); + if (buildProperties != null) { + response.setVersion(buildProperties.getVersion()); + response.setBuildTime(Date.from(buildProperties.getTime())); + } + response.setTimestamp(new Date()); + logger.debug("The getServiceStatus request succeeded"); + return new ObjectResponse<>(response); + } +} \ No newline at end of file diff --git a/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/service/TppService.java b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/service/TppService.java index 441eb2e77..9f419012b 100644 --- a/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/service/TppService.java +++ b/powerauth-tpp-engine/src/main/java/io/getlime/security/powerauth/app/tppengine/service/TppService.java @@ -16,6 +16,7 @@ package io.getlime.security.powerauth.app.tppengine.service; +import io.getlime.security.powerauth.app.tppengine.configuration.TppEngineConfiguration; import io.getlime.security.powerauth.app.tppengine.converter.TppAppConverter; import io.getlime.security.powerauth.app.tppengine.errorhandling.exception.TppAppNotFoundException; import io.getlime.security.powerauth.app.tppengine.errorhandling.exception.TppNotFoundException; @@ -44,17 +45,17 @@ @Service public class TppService { - private static final Long OAUTH_ACCESS_TOKEN_VALIDITY = 15 * 60L; - private final TppRepository tppRepository; private final TppAppDetailRepository appDetailRepository; + private final TppEngineConfiguration tppEngineConfiguration; private final OAuthClientDetailsRepository clientDetailsRepository; private final OAuthAccessTokenRepository accessTokenRepository; @Autowired - public TppService(TppRepository tppRepository, TppAppDetailRepository appDetailRepository, OAuthClientDetailsRepository clientDetailsRepository, OAuthAccessTokenRepository accessTokenRepository) { + public TppService(TppRepository tppRepository, TppAppDetailRepository appDetailRepository, TppEngineConfiguration tppEngineConfiguration, OAuthClientDetailsRepository clientDetailsRepository, OAuthAccessTokenRepository accessTokenRepository) { this.tppRepository = tppRepository; this.appDetailRepository = appDetailRepository; + this.tppEngineConfiguration = tppEngineConfiguration; this.clientDetailsRepository = clientDetailsRepository; this.accessTokenRepository = accessTokenRepository; } @@ -198,7 +199,7 @@ public TppAppDetailResponse createApp(CreateTppAppRequest request) throws Unable oAuthClientDetailsEntity.setAuthorizedGrantTypes("authorization_code"); oAuthClientDetailsEntity.setWebServerRedirectUri(redirectUris); oAuthClientDetailsEntity.setScope(scopes); - oAuthClientDetailsEntity.setAccessTokenValidity(OAUTH_ACCESS_TOKEN_VALIDITY); + oAuthClientDetailsEntity.setAccessTokenValidity(tppEngineConfiguration.getDefaultAccessTokenValidityInSeconds()); oAuthClientDetailsEntity.setAdditionalInformation("{}"); oAuthClientDetailsEntity.setAutoapprove("true"); clientDetailsRepository.save(oAuthClientDetailsEntity); diff --git a/powerauth-tpp-engine/src/main/resources/application.properties b/powerauth-tpp-engine/src/main/resources/application.properties index 213acfdc8..f28f89bab 100644 --- a/powerauth-tpp-engine/src/main/resources/application.properties +++ b/powerauth-tpp-engine/src/main/resources/application.properties @@ -31,6 +31,9 @@ powerauth.tppEngine.service.applicationName=powerauth-tpp-engine powerauth.tppEngine.service.applicationDisplayName=PowerAuth Web Flow 3rd Party and Consent Engine powerauth.tppEngine.service.applicationEnvironment= +# TPP Engine Configuration +powerauth.tppEngine.service.oauth2.defaultAccessTokenValidityInSeconds=300 + # Disable new Hibernate ID generators spring.jpa.hibernate.use-new-id-generator-mappings=false