Skip to content

Commit

Permalink
DSD-4457 (#72)
Browse files Browse the repository at this point in the history
* fix cookie without secure code

Signed-off-by: mengleang-ngoun <[email protected]>

* fix code bug

Signed-off-by: mengleang-ngoun <[email protected]>

* update sonar ignore on getChache

Signed-off-by: mengleang-ngoun <[email protected]>

* fix null on message

Signed-off-by: mengleang-ngoun <[email protected]>

---------

Signed-off-by: mengleang-ngoun <[email protected]>
  • Loading branch information
mengleang-0090 authored Feb 16, 2024
1 parent 6ea119a commit 23bd920
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public class NotificationHelper {
environment.getProperty(templateKey + "." + locale) :
new String(Base64.getDecoder().decode(environment.getProperty(templateKey + "." + locale)));

if(params != null){
if(params != null && message != null){
for (Map.Entry<String, String> entry: params.entrySet()){
message = message.replace(entry.getKey(), entry.getValue());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.springframework.stereotype.Service;

import java.util.Locale;
import java.util.Objects;

@Slf4j
@Service
Expand Down Expand Up @@ -59,39 +60,39 @@ public String setActiveKeyAlias(String key, String alias) {

public RegistrationTransaction createUpdateChallengeGeneratedTransaction(String transactionId,
RegistrationTransaction registrationTransaction) {
cacheManager.getCache(SignUpConstants.CHALLENGE_GENERATED).put(transactionId, registrationTransaction);
cacheManager.getCache(SignUpConstants.CHALLENGE_GENERATED).put(transactionId, registrationTransaction); //NOSONAR getCache() will not be returning null here.
return registrationTransaction;
}

public void updateStatusCheckTransaction(String transactionId,
RegistrationTransaction registrationTransaction) {
cacheManager.getCache(SignUpConstants.STATUS_CHECK).put(transactionId, registrationTransaction);
cacheManager.getCache(SignUpConstants.STATUS_CHECK).put(transactionId, registrationTransaction); //NOSONAR getCache() will not be returning null here.
}

//---Getter---
public RegistrationTransaction getChallengeGeneratedTransaction(String transactionId) {
return cacheManager.getCache(SignUpConstants.CHALLENGE_GENERATED).get(transactionId, RegistrationTransaction.class);
return cacheManager.getCache(SignUpConstants.CHALLENGE_GENERATED).get(transactionId, RegistrationTransaction.class); //NOSONAR getCache() will not be returning null here.
}

public RegistrationTransaction getChallengeVerifiedTransaction(String transactionId) {
return cacheManager.getCache(SignUpConstants.CHALLENGE_VERIFIED).get(transactionId, RegistrationTransaction.class);
return cacheManager.getCache(SignUpConstants.CHALLENGE_VERIFIED).get(transactionId, RegistrationTransaction.class); //NOSONAR getCache() will not be returning null here.
}

public RegistrationTransaction getStatusCheckTransaction(String transactionId) {
return cacheManager.getCache(SignUpConstants.STATUS_CHECK).get(transactionId, RegistrationTransaction.class);
return cacheManager.getCache(SignUpConstants.STATUS_CHECK).get(transactionId, RegistrationTransaction.class); //NOSONAR getCache() will not be returning null here.
}

public boolean isIdentifierBlocked(String identifier) {
String identifierHash = IdentityProviderUtil.generateB64EncodedHash(IdentityProviderUtil.ALGO_SHA3_256,
identifier.toLowerCase(Locale.ROOT));
return cacheManager.getCache(SignUpConstants.BLOCKED_IDENTIFIER).get(identifierHash, String.class) != null;
return cacheManager.getCache(SignUpConstants.BLOCKED_IDENTIFIER).get(identifierHash, String.class) != null; //NOSONAR getCache() will not be returning null here.
}

public String getSecretKey(String keyAlias) {
return cacheManager.getCache(SignUpConstants.KEYSTORE).get(keyAlias, String.class);
return cacheManager.getCache(SignUpConstants.KEYSTORE).get(keyAlias, String.class); //NOSONAR getCache() will not be returning null here.
}

public String getActiveKeyAlias() {
return cacheManager.getCache(SignUpConstants.KEY_ALIAS).get(CryptoHelper.ALIAS_CACHE_KEY, String.class);
return cacheManager.getCache(SignUpConstants.KEY_ALIAS).get(CryptoHelper.ALIAS_CACHE_KEY, String.class); //NOSONAR getCache() will not be returning null here.
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@ public class ChallengeManagerService {


public String generateChallenge(RegistrationTransaction transaction) throws SignUpException {
switch (supportedGenerateChallengeType) {
case "OTP" :
return generateOTPChallenge(transaction.getChallengeTransactionId());
if (supportedGenerateChallengeType.equals("OTP")) {
return generateOTPChallenge(transaction.getChallengeTransactionId());
}
throw new SignUpException(ErrorConstants.UNSUPPORTED_CHALLENGE_TYPE);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Component;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ public class RegistrationService {
@Value("${mosip.signup.get-registration-status.endpoint}")
private String getRegistrationStatusEndpoint;

private final String notificationLogging = "Notification response -> {}";

/**
* Generate and regenerate challenge based on the "regenerate" flag in the request.
* if regenerate is false - always creates a new transaction and set-cookie header is sent in the response.
Expand All @@ -139,7 +141,7 @@ public GenerateChallengeResponse generateChallenge(GenerateChallengeRequest gene
if(cacheUtilService.isIdentifierBlocked(identifier))
throw new SignUpException(ErrorConstants.IDENTIFIER_BLOCKED);

if(generateChallengeRequest.isRegenerate() == false) {
if(!generateChallengeRequest.isRegenerate()) {
transactionId = IdentityProviderUtil.createTransactionId(null);
transaction = new RegistrationTransaction(identifier, generateChallengeRequest.getPurpose());
//Need to set cookie only when regenerate is false.
Expand All @@ -162,11 +164,13 @@ public GenerateChallengeResponse generateChallenge(GenerateChallengeRequest gene
if(transaction.getChallengeRetryAttempts() > resendAttempts)
cacheUtilService.blockIdentifier(transactionId, transaction.getIdentifier(), "blocked");

HashMap<String, String> hashMap = new LinkedHashMap<>();
hashMap.put("{challenge}", challenge);
notificationHelper.sendSMSNotificationAsync(generateChallengeRequest.getIdentifier(), transaction.getLocale(),
SEND_OTP_SMS_NOTIFICATION_TEMPLATE_KEY, new HashMap<>(){{put("{challenge}", challenge);}})
.thenAccept(notificationResponseRestResponseWrapper -> {
log.debug("Notification response -> {}", notificationResponseRestResponseWrapper);
});
SEND_OTP_SMS_NOTIFICATION_TEMPLATE_KEY, hashMap)
.thenAccept(notificationResponseRestResponseWrapper ->
log.debug(notificationLogging, notificationResponseRestResponseWrapper)
);
return new GenerateChallengeResponse(ActionStatus.SUCCESS);
}

Expand Down Expand Up @@ -245,9 +249,9 @@ public RegisterResponse register(RegisterRequest registerRequest, String transac

notificationHelper.sendSMSNotificationAsync(registerRequest.getUserInfo().getPhone(), transaction.getLocale(),
REGISTRATION_SMS_NOTIFICATION_TEMPLATE_KEY, null)
.thenAccept(notificationResponseRestResponseWrapper -> {
log.debug("Notification response -> {}", notificationResponseRestResponseWrapper);
});
.thenAccept(notificationResponseRestResponseWrapper ->
log.debug(notificationLogging, notificationResponseRestResponseWrapper)
);

RegisterResponse registration = new RegisterResponse();
registration.setStatus(ActionStatus.PENDING);
Expand Down Expand Up @@ -318,9 +322,9 @@ public RegistrationStatusResponse updatePassword(ResetPasswordRequest resetPassw

notificationHelper.sendSMSNotificationAsync(resetPasswordRequest.getIdentifier(), transaction.getLocale(),
FORGOT_PASSWORD_SMS_NOTIFICATION_TEMPLATE_KEY, null)
.thenAccept(notificationResponseRestResponseWrapper -> {
log.debug("Notification response -> {}", notificationResponseRestResponseWrapper);
});
.thenAccept(notificationResponseRestResponseWrapper ->
log.debug(notificationLogging, notificationResponseRestResponseWrapper)
);

RegistrationStatusResponse resetPassword = new RegistrationStatusResponse();
resetPassword.setStatus(RegistrationStatus.PENDING);
Expand Down Expand Up @@ -445,7 +449,7 @@ private void saveIdentityData(RegisterRequest registerRequest, String transactio
identity.setPassword(password);

//By default, phone is set as the selected handle.
identity.setSelectedHandles(Arrays.asList("phone"));
identity.setSelectedHandles(List.of("phone"));
transaction.getHandlesStatus().put(getHandleRequestId(transaction.getApplicationId(),
"phone", userInfoMap.getPhone()), RegistrationStatus.PENDING);

Expand Down Expand Up @@ -587,6 +591,8 @@ private void addVerifiedCookieInResponse(String transactionId, int maxAge) {

Cookie unsetCookie = new Cookie(SignUpConstants.TRANSACTION_ID, "");
unsetCookie.setMaxAge(0);
cookie.setHttpOnly(true);
cookie.setSecure(true);
response.addCookie(unsetCookie);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ public void initialize(Language constraintAnnotation) {
@Override
public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
if(value == null)
return this.required ? false : true;
return !this.required;

return supportedLanguages.contains(value);
}
Expand Down

0 comments on commit 23bd920

Please sign in to comment.