Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: need endpoint to get details of connected FIDO devices registered to users #1465 #1466

Merged
merged 2 commits into from
May 30, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ private ApiConstants() {}
public static final String USER = "/user";
public static final String ORG = "/org";
public static final String SERVER_STAT = "/server-stat";
public static final String USERNAME_PATH = "{username}";

public static final String LIMIT = "limit";
public static final String START_INDEX = "startIndex";
Expand Down
105 changes: 105 additions & 0 deletions jans-config-api/docs/jans-config-api-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,30 @@ paths:
security:
- oauth2: [https://jans.io/oauth/config/fido2.write]
parameters: []
/jans-config-api/fido2/registration/entries/{username}:
get:
summary: Get details of connected FIDO2 devices registered to user.
description: Get details of connected FIDO2 devices registered to user.
operationId: get-registration-entries-fido2
tags:
- Fido2 - Configuration
responses:
'200':
description: OK
content:
application/json:
schema:
title: FIDO2 registered devices
description: List of all FIDO2 registered devices.
type: array
items:
$ref: '#/components/schemas/Fido2RegistrationEntry'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
security:
- oauth2: [ https://jans.io/oauth/config/fido2.readonly ]
/jans-config-api/api/v1/attributes:
get:
summary: Gets a list of Gluu attributes.
Expand Down Expand Up @@ -5752,6 +5776,87 @@ components:
description: Fido2Configuration.
$ref: '#/components/schemas/Fido2Configuration'

Fido2RegistrationEntry:
type: object
description: Fido2 registration entry
properties:
publicKeyId:
description: Public key id
type: string
displayName:
description: Dislay name
type: string
counter:
description: counter
type: integer
deviceNotificationConf:
description: Device notification configuration
type: string
challangeHash:
description: Challange hash
type: string
registrationData:
description: Fido2 registration data.
$ref: '#/components/schemas/Fido2RegistrationData'
registrationStatus:
description: registration status
type: string
enum:
- pending
- registered
- compromised

Fido2RegistrationData:
type: object
description: Fido2 registration data.
properties:
username:
description: Username
type: string
domain:
description: Domain
type: string
userId:
description: user id
type: string
challenge:
description: challenge
type: string
attenstationRequest:
description: Attenstation request
type: string
attenstationResponse:
description: Attenstation response
type: string
uncompressedECPoint:
description: uncompressed EC point
type: string
publicKeyId:
description: public key id
type: string
type:
description: type
type: string
counter:
description: counter
type: integer
attestationType:
description: attestation type
type: string
signatureAlgorithm:
description: signature algorithm
type: integer
applicationId:
description: application id
type: string
status:
description: status
type: string
enum:
- pending
- registered
- compromised

Fido2Configuration:
type: object
description: Fido2 configuration properties.
Expand Down
2 changes: 1 addition & 1 deletion jans-config-api/plugins/admin-ui-plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<!-- config api -->
<dependency>
<groupId>io.jans</groupId>
<artifactId>jans-config-api-server</artifactId>
<artifactId>jans-config-api-shared</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
Expand Down
5 changes: 5 additions & 0 deletions jans-config-api/plugins/fido2-plugin/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@
<artifactId>jans-config-api-shared</artifactId>
<version>${jans.version}</version>
</dependency>
<dependency>
<groupId>io.jans</groupId>
<artifactId>jans-fido2-model</artifactId>
<version>${jans.version}</version>
</dependency>
<dependency>
<groupId>io.jans</groupId>
<artifactId>jans-config-api-server</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,17 @@
<format>jar</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<dependencySets>
<dependencySet>
<unpack>true</unpack>
<outputDirectory>/</outputDirectory>
<useProjectArtifact>false</useProjectArtifact>
<includes>
<include>io.jans:jans-fido2-model</include>
</includes>
<scope>runtime</scope>
</dependencySet>
</dependencySets>
<fileSets>
<fileSet>
<directory>${project.build.directory}/classes</directory>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ public Set<Class<?>> getClasses() {
HashSet<Class<?>> classes = new HashSet<>();

classes.add(Fido2ConfigResource.class);
classes.add(Fido2RegistrationResource.class);

return classes;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package io.jans.configapi.plugin.fido2.rest;

import io.jans.configapi.core.rest.BaseResource;
import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.plugin.fido2.service.Fido2RegistrationService;
import io.jans.configapi.plugin.fido2.util.Constants;
import io.jans.configapi.util.ApiAccessConstants;
import io.jans.configapi.util.ApiConstants;
import io.jans.fido2.model.entry.Fido2RegistrationEntry;
import jakarta.inject.Inject;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import org.slf4j.Logger;

import java.util.List;

@Path(Constants.REGISTRATION)
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public class Fido2RegistrationResource extends BaseResource {

@Inject
Logger logger;

@Inject
Fido2RegistrationService fido2RegistrationService;

@GET
@Path(Constants.ENTRIES + ApiConstants.USERNAME_PATH)
@ProtectedApi(scopes = {ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS})
public Response findAllRegisteredByUsername(@PathParam("username") @NotNull String username) {
logger.debug("FIDO2 registration entries by username.");
List<Fido2RegistrationEntry> entries = fido2RegistrationService.findAllRegisteredByUsername(username);
return Response.ok(entries).build();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/*
* Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
*
* Copyright (c) 2020, Janssen Project
*/

package io.jans.configapi.plugin.fido2.service;

import io.jans.as.common.service.common.UserService;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.fido2.model.entry.Fido2RegistrationEntry;
import io.jans.fido2.model.entry.Fido2RegistrationStatus;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.model.base.SimpleBranch;
import io.jans.orm.search.filter.Filter;
import io.jans.util.StringHelper;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import org.slf4j.Logger;

import java.util.Collections;
import java.util.List;

/**
* @author Yuriy Movchan
* @version May 08, 2020
*/
@ApplicationScoped
public class Fido2RegistrationService {

@Inject
private Logger log;

@Inject
private StaticConfiguration staticConfiguration;

@Inject
private UserService userService;

@Inject
private PersistenceEntryManager persistenceEntryManager;

public List<Fido2RegistrationEntry> findAllByUsername(String username) {
String userInum = userService.getUserInum(username);
if (userInum == null) {
return Collections.emptyList();
}

String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
if (persistenceEntryManager.hasBranchesSupport(baseDn)) {
if (!containsBranch(baseDn)) {
return Collections.emptyList();
}
}

Filter userFilter = Filter.createEqualityFilter("personInum", userInum);

List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, userFilter);

return fido2RegistrationnEntries;
}

public List<Fido2RegistrationEntry> findAllRegisteredByUsername(String username) {
String userInum = userService.getUserInum(username);
if (userInum == null) {
return Collections.emptyList();
}

String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
if (persistenceEntryManager.hasBranchesSupport(baseDn)) {
if (!containsBranch(baseDn)) {
return Collections.emptyList();
}
}

Filter userInumFilter = Filter.createEqualityFilter("personInum", userInum);
Filter registeredFilter = Filter.createEqualityFilter("jansStatus", Fido2RegistrationStatus.registered.getValue());
Filter filter = Filter.createANDFilter(userInumFilter, registeredFilter);

List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, filter);

return fido2RegistrationnEntries;
}

public String getBaseDnForFido2RegistrationEntries(String userInum) {
final String userBaseDn = getDnForUser(userInum); // "ou=fido2_register,inum=1234,ou=people,o=jans"
if (StringHelper.isEmpty(userInum)) {
return userBaseDn;
}

return String.format("ou=fido2_register,%s", userBaseDn);
}

public String getDnForUser(String userInum) {
String peopleDn = staticConfiguration.getBaseDn().getPeople();
if (StringHelper.isEmpty(userInum)) {
return peopleDn;
}

return String.format("inum=%s,%s", userInum, peopleDn);
}

public boolean containsBranch(final String baseDn) {
return persistenceEntryManager.contains(baseDn, SimpleBranch.class);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,7 @@ public class Constants {

private Constants() {}

public static final String CONFIG = "/config";
public static final String CONFIG = "/config";
public static final String REGISTRATION = "/registration";
public static final String ENTRIES = "/entries";
}