update 2fa m2m scopes

eisbilir · eisbilir · commit e1ea8052bf15 · 2022-08-03T09:58:35.000+03:00
diff --git a/buildtokenproperties.sh b/buildtokenproperties.sh
@@ -43,10 +43,9 @@ M2MAUTHCONFIG_USERPROFILES_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFIL
 M2MAUTHCONFIG_USERPROFILES_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_UPDATE")
 M2MAUTHCONFIG_USERPROFILES_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_READ")
 M2MAUTHCONFIG_USERPROFILES_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USERPROFILES_DELETE")
-M2MAUTHCONFIG_USER2FA_CREATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREATE")
-M2MAUTHCONFIG_USER2FA_UPDATE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_UPDATE")
-M2MAUTHCONFIG_USER2FA_READ=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_READ")
-M2MAUTHCONFIG_USER2FA_DELETE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_DELETE")
+M2MAUTHCONFIG_USER2FA_ENABLE=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_ENABLE")
+M2MAUTHCONFIG_USER2FA_VERIFY=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_VERIFY")
+M2MAUTHCONFIG_USER2FA_CREDENTIAL=$(eval "echo \$${ENV}_M2MAUTHCONFIG_USER2FA_CREDENTIAL")
 
 DOMAIN=$(eval "echo \$${ENV}_DOMAIN")
 SMTP=$(eval "echo \$${ENV}_SMTP")
@@ -135,10 +134,9 @@ perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_CREATE\}\}|$M2MAUTHCONFIG_USERPROF
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_UPDATE\}\}|$M2MAUTHCONFIG_USERPROFILES_UPDATE|g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_READ\}\}|$M2MAUTHCONFIG_USERPROFILES_READ|g" $CONFFILENAME
 perl -pi -e "s|\{\{M2MAUTHCONFIG_USERPROFILES_DELETE\}\}|$M2MAUTHCONFIG_USERPROFILES_DELETE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREATE\}\}|$M2MAUTHCONFIG_USER2FA_CREATE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_UPDATE\}\}|$M2MAUTHCONFIG_USER2FA_UPDATE|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_READ\}\}|$M2MAUTHCONFIG_USER2FA_READ|g" $CONFFILENAME
-perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_DELETE\}\}|$M2MAUTHCONFIG_USER2FA_DELETE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_ENABLE\}\}|$M2MAUTHCONFIG_USER2FA_ENABLE|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_VERIFY\}\}|$M2MAUTHCONFIG_USER2FA_VERIFY|g" $CONFFILENAME
+perl -pi -e "s|\{\{M2MAUTHCONFIG_USER2FA_CREDENTIAL\}\}|$M2MAUTHCONFIG_USER2FA_CREDENTIAL|g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_NEW_DOMAIN\}\}/$AUTH0_NEW_DOMAIN/g" $CONFFILENAME
 perl -pi -e "s/\{\{AUTH0_DOMAIN\}\}/$AUTH0_DOMAIN/g" $CONFFILENAME
 perl -pi -e "s/\{\{SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID\}\}/$SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID/g" $CONFFILENAME
diff --git a/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java b/src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java
@@ -1518,7 +1518,7 @@ public ApiResponse updateUser2fa(
             @Context HttpServletRequest request) {
 
         TCID id = new TCID(resourceId);
-        validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes());
+        validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getEnableScopes());
         // checking param
         checkParam(postRequest);
 
@@ -1576,7 +1576,7 @@ public ApiResponse issueCredentials(
             @Auth AuthUser authUser,
             @Valid PostPutRequest<CredentialRequest> postRequest,
             @Context HttpServletRequest request) {
-        Utils.checkAccess(authUser, user2faFactory.getCreateScopes(), Utils.AdminRoles);
+        Utils.checkAccess(authUser, user2faFactory.getCredentialIssuerScopes(), Utils.AdminRoles);
         checkParam(postRequest);
         CredentialRequest credential = postRequest.getParam();
 
@@ -1654,7 +1654,7 @@ public ApiResponse update2faVerification(
             @Valid PostPutRequest<User2fa> putRequest,
             @Context HttpServletRequest request) {
 
-        Utils.checkAccess(authUser, user2faFactory.getUpdateScopes(), Utils.AdminRoles);
+        Utils.checkAccess(authUser, user2faFactory.getVerifyScopes(), Utils.AdminRoles);
         checkParam(putRequest);
         User2fa credential = putRequest.getParam();
 
diff --git a/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java b/src/main/java/com/appirio/tech/core/service/identity/util/m2mscope/User2faFactory.java
@@ -12,131 +12,99 @@ public class User2faFactory {
     /**
      * Represents the create scopes for machine token validation.
      */
-    public static final String[] ReadScopes = { "all:user_2fa" };
+    public static final String[] EnableScopes = { "enable:user_2fa", "all:user_2fa" };
 
     /**
      * Represents the create scopes for machine token validation.
      */
-    public static final String[] CreateScopes = { "all:user_2fa" };
-
-    /**
-     * Represents the delete scopes for machine token validation.
-     */
-    public static final String[] DeleteScopes = { "all:user_2fa" };
+    public static final String[] VerifyScopes = { "verify:user_2fa", "all:user_2fa" };
 
     /**
      * Represents the update scopes for machine token validation.
      */
-    public static final String[] UpdateScopes = { "all:user_2fa" };
+    public static final String[] CredentialIssuerScopes = { "cred:user_2fa", "all:user_2fa" };
 
     /**
-     * Represents the read attribute
+     * Represents the enable attribute
      */
     @JsonProperty
-    private String read;
+    private String enable;
 
     /**
-     * Represents the create attribute
+     * Represents the verify attribute
      */
     @JsonProperty
-    private String create;
+    private String verify;
 
     /**
-     * Represents the update attribute
+     * Represents the credential attribute
      */
     @JsonProperty
-    private String update;
-
-    /**
-     * Represents the delete attribute
-     */
-    @JsonProperty
-    private String delete;
+    private String credential;
 
     public User2faFactory() {
     }
 
-    public String getRead() {
-        return read;
-    }
-
-    public void setRead(String read) {
-        this.read = read;
+    public String getEnable() {
+        return enable;
     }
 
-    public String getCreate() {
-        return create;
+    public void setEnable(String enable) {
+        this.enable = enable;
     }
 
-    public void setCreate(String create) {
-        this.create = create;
+    public String getVerify() {
+        return verify;
     }
 
-    public String getUpdate() {
-        return update;
+    public void SetVerify(String verify) {
+        this.verify = verify;
     }
 
-    public void setUpdate(String update) {
-        this.update = update;
+    public String getCredential() {
+        return credential;
     }
 
-    public String getDelete() {
-        return delete;
-    }
-
-    public void setDelete(String delete) {
-        this.delete = delete;
-    }
-
-    /**
-     * Gets the read scopes.
-     *
-     * @return the read scopes.
-     */
-    public String[] getReadScopes() {
-        if (read != null && read.trim().length() != 0) {
-            return read.split(SCOPE_DELIMITER);
-        }
-
-        return ReadScopes;
+    public void setCredential(String credential) {
+        this.credential = credential;
     }
 
     /**
-     * Gets the create scopes.
+     * Gets the enable scopes.
      *
-     * @return the create scopes.
+     * @return the enable scopes.
      */
-    public String[] getCreateScopes() {
-        if (create != null && create.trim().length() != 0) {
-            return create.split(SCOPE_DELIMITER);
+    public String[] getEnableScopes() {
+        if (enable != null && enable.trim().length() != 0) {
+            return enable.split(SCOPE_DELIMITER);
         }
 
-        return CreateScopes;
+        return EnableScopes;
     }
 
     /**
-     * Gets the update scopes.
+     * Gets the verify scopes.
      *
-     * @return the update scopes.
+     * @return the verify scopes.
      */
-    public String[] getUpdateScopes() {
-        if (update != null && update.trim().length() != 0) {
-            return update.split(SCOPE_DELIMITER);
+    public String[] getVerifyScopes() {
+        if (verify != null && verify.trim().length() != 0) {
+            return verify.split(SCOPE_DELIMITER);
         }
 
-        return UpdateScopes;
+        return VerifyScopes;
     }
 
     /**
-     * Gets the delete scopes.
+     * Gets the credential issuer scopes.
      *
-     * @return the delete scopes.
+     * @return the credential issuer scopes.
      */
-    public String[] getDeleteScopes() {
-        if (delete != null && delete.trim().length() != 0) {
-            return delete.split(SCOPE_DELIMITER);
+    public String[] getCredentialIssuerScopes() {
+        if (credential != null && credential.trim().length() != 0) {
+            return credential.split(SCOPE_DELIMITER);
         }
 
-        return DeleteScopes;
+        return CredentialIssuerScopes;
     }
 }
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
@@ -170,10 +170,9 @@ m2mAuthConfig:
     update: @m2mAuthConfig.userProfiles.update@
     delete: @m2mAuthConfig.userProfiles.delete@
   user2fa:
-    create: @m2mAuthConfig.user2fa.create@
-    read: @m2mAuthConfig.user2fa.read@
-    update: @m2mAuthConfig.user2fa.update@
-    delete: @m2mAuthConfig.user2fa.delete@
+    enable: @m2mAuthConfig.user2fa.enable@
+    verify: @m2mAuthConfig.user2fa.verify@
+    credential: @m2mAuthConfig.user2fa.credential@
   
 # Server settings
 server:
diff --git a/src/main/resources/config.yml.localdev b/src/main/resources/config.yml.localdev
@@ -169,10 +169,9 @@ m2mAuthConfig:
     update: update:user_profiles,all:user_profiles
     delete: delete:user_profiles,all:user_profiles
   user2fa:
-    create: all:user-2fa
-    read: all:user-2fa
-    update: all:user-2fa
-    delete: all:user-2fa
+    enable: enable:user-2fa,all:user-2fa
+    verify: verify:user-2fa,all:user-2fa
+    credential: cred:user-2fa,all:user-2fa
   
 # Server settings
 server:
diff --git a/token.properties.localdev b/token.properties.localdev
@@ -77,7 +77,6 @@
 @m2mAuthConfig.userProfiles.read@=read:user_profiles,all:user_profiles
 @m2mAuthConfig.userProfiles.update@=update:user_profiles,all:user_profiles
 @m2mAuthConfig.userProfiles.delete@=delete:user_profiles,all:user_profiles
-@m2mAuthConfig.user2fa.create@=create:user_2fa,all:user_2fa
-@m2mAuthConfig.user2fa.read@=read:user_2fa,all:user_2fa
-@m2mAuthConfig.user2fa.update@=update:user_2fa,all:user_2fa
-@m2mAuthConfig.user2fa.delete@=delete:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.enable@=enable:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.verify@=verify:user_2fa,all:user_2fa
+@m2mAuthConfig.user2fa.credential@=cred:user_2fa,all:user_2fa
diff --git a/token.properties.template b/token.properties.template
@@ -99,7 +99,6 @@
 @m2mAuthConfig.userProfiles.read@={{M2MAUTHCONFIG_USERPROFILES_READ}}
 @m2mAuthConfig.userProfiles.update@={{M2MAUTHCONFIG_USERPROFILES_UPDATE}}
 @m2mAuthConfig.userProfiles.delete@={{M2MAUTHCONFIG_USERPROFILES_DELETE}}
-@m2mAuthConfig.user2fa.create@={{M2MAUTHCONFIG_USER2FA_CREATE}}
-@m2mAuthConfig.user2fa.read@={{M2MAUTHCONFIG_USER2FA_READ}}
-@m2mAuthConfig.user2fa.update@={{M2MAUTHCONFIG_USER2FA_UPDATE}}
-@m2mAuthConfig.user2fa.delete@={{M2MAUTHCONFIG_USER2FA_DELETE}}
+@m2mAuthConfig.user2fa.enable@={{M2MAUTHCONFIG_USER2FA_ENABLE}}
+@m2mAuthConfig.user2fa.verify@={{M2MAUTHCONFIG_USER2FA_VERIFY}}
+@m2mAuthConfig.user2fa.credential@={{M2MAUTHCONFIG_USER2FA_CREDENTIAL}}
