jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

improved API key handling

Browse Source
This commit is contained in:
Joern Muehlencord
2019-03-06 01:55:33 +01:00
parent 7b315f6fd0
commit a7e845d514
14 changed files with 732 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyService.java
View File

@ -18,10 +18,10 @@ package de.muehlencord.shared.account.business.account.boundary;
import de.muehlencord.shared.account.business.account.control.AccountControl;
import de.muehlencord.shared.account.business.account.entity.AccountEntity;
import de.muehlencord.shared.account.business.account.entity.ApiKeyEntity;
import de.muehlencord.shared.account.business.account.entity.ApiKeyObject;
import de.muehlencord.shared.account.business.account.entity.JWTObject;
import de.muehlencord.shared.account.business.config.boundary.ConfigService;
import de.muehlencord.shared.account.business.config.entity.ConfigException;
import de.muehlencord.shared.account.dao.ApiKeyObject;
import de.muehlencord.shared.account.util.AccountPU;
import de.muehlencord.shared.jeeutil.jwt.JWTDecoder;
import de.muehlencord.shared.jeeutil.jwt.JWTEncoder;
@ -45,6 +45,11 @@ import javax.ejb.TransactionAttributeType;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import javax.transaction.Transactional;
import org.apache.commons.lang3.RandomStringUtils;
import org.slf4j.Logger;
@ -112,20 +117,37 @@ public class ApiKeyService implements Serializable {
return apiKeys.get(0);
}
public List<ApiKeyEntity> getUsersApiKeys(AccountEntity account) {
Query query = em.createNamedQuery("ApiKeyEntity.findByAccount");
query.setParameter("account", account);
List<ApiKeyEntity> keys = query.getResultList();
if (keys == null) {
public List<ApiKeyEntity> getUsersApiKeys(AccountEntity account, boolean onlyValid) {
Date now = DateUtil.getCurrentTimeInUTC();
CriteriaBuilder cb = em.getCriteriaBuilder();
CriteriaQuery<ApiKeyEntity> cq = cb.createQuery(ApiKeyEntity.class);
Root<ApiKeyEntity> root = cq.from(ApiKeyEntity.class);
Predicate accountPredicate = cb.equal(root.get("account"), account);
Predicate searchPredicate;
if (onlyValid) {
Predicate expiresOnPredicate = cb.greaterThanOrEqualTo(root.get("expiresOn"), now);
searchPredicate = cb.and(accountPredicate, expiresOnPredicate);
} else {
searchPredicate = accountPredicate;
}
cq.where(searchPredicate);
cq.orderBy(cb.desc(root.get("expiresOn")));
TypedQuery<ApiKeyEntity> query = em.createQuery(cq);
List<ApiKeyEntity> resultList = query.getResultList();
if (resultList == null) {
return new ArrayList<>();
} else {
return keys;
return resultList;
}
}
public List<ApiKeyEntity> getUsersApiKeys(String userName) {
return getUsersApiKeys(accountControl.getAccountEntity(userName, false));
return getUsersApiKeys(accountControl.getAccountEntity(userName, false), false);
}
public List<ApiKeyEntity> getValidUsersApiKeys(String userName) {
return getUsersApiKeys(accountControl.getAccountEntity(userName, false), true);
}
@Transactional
@ -142,28 +164,37 @@ public class ApiKeyService implements Serializable {
}
Date now = DateUtil.getCurrentTimeInUTC();
ZonedDateTime issuedOn = ZonedDateTime.ofInstant(now.toInstant(), ZoneId.of("UTC"));
ZonedDateTime expiresOn = issuedOn.plusMinutes(expirationInMinutes);
ZonedDateTime expiresOn = issuedOn.plusMinutes(expirationInMinutes);
Date expiresOnDate = Date.from(expiresOn.toInstant());
String apiKeyString = RandomStringUtils.randomAscii(50);
ApiKeyEntity apiKey = new ApiKeyEntity();
apiKey.setAccount(accountControl.getAccountEntity(userName, false));
apiKey.setApiKey(apiKeyString);
apiKey.setIssuedOn(now);
apiKey.setExpiresOn(expiresOnDate);
apiKey.setExpiration(expirationInMinutes);
return getApiKeyObject(apiKey);
}
public ApiKeyObject getApiKeyObject(ApiKeyEntity apiKey) throws ApiKeyException {
ZonedDateTime issuedOn = ZonedDateTime.ofInstant(apiKey.getIssuedOn().toInstant(), ZoneId.of("UTC"));
ZonedDateTime expiresOn = issuedOn.plusMinutes(expirationInMinutes);
String userName = apiKey.getAccount().getUsername();
try {
String jwtString = JWTEncoder.encode(password, issuer, issuedOn, apiKey.getAccount().getUsername(), apiKey.getApiKey(), apiKey.getExpiration());
String jwtString = JWTEncoder.encode(password, issuer, issuedOn, userName, apiKey.getApiKey(), apiKey.getExpiration());
em.persist(apiKey);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Created API key for {}, valid for {} minutes", userName, expirationInMinutes);
}
}
ApiKeyObject apiKeyObject = new ApiKeyObject();
apiKeyObject.setUserName(userName);
apiKeyObject.setIssuedOn(Date.from(apiKey.getIssuedOn().toInstant()));
apiKeyObject.setExpiresOn(Date.from(expiresOn.toInstant()));
apiKeyObject.setAuthToken(jwtString);
apiKeyObject.setAuthToken(jwtString);
return apiKeyObject;
} catch (JWTException ex) {
throw new ApiKeyException("Cannot create apiKey. Reason: " + ex.toString(), ex);
@ -189,7 +220,7 @@ public class ApiKeyService implements Serializable {
if (userAccount == null) {
throw new JWTException("AccountControl exception");
}
List<ApiKeyEntity> apiKeys = getUsersApiKeys(userAccount);
List<ApiKeyEntity> apiKeys = getUsersApiKeys(userAccount, true);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("Found {} keys for user {}", apiKeys.size(), userName);
}

27
account/src/main/java/de/muehlencord/shared/account/business/account/entity/ApiKeyEntity.java
View File

@ -48,13 +48,15 @@ import org.hibernate.annotations.Type;
@XmlRootElement
@NamedQueries({
@NamedQuery(name = "ApiKeyEntity.findAll", query = "SELECT a FROM ApiKeyEntity a"),
@NamedQuery(name = "ApiKeyEntity.findByApiKey", query = "SELECT a FROM ApiKeyEntity a WHERE a.apiKey = :apiKey", hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ApiKeyEntity.findByApiKey", query = "SELECT a FROM ApiKeyEntity a WHERE a.apiKey = :apiKey",
hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ApiKeyEntity.findByIssuedOn", query = "SELECT a FROM ApiKeyEntity a WHERE a.issuedOn = :issuedOn"),
@NamedQuery(name = "ApiKeyEntity.findByAccount", query = "SELECT a FROM ApiKeyEntity a WHERE a.account = :account", hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ApiKeyEntity.findByAccount", query = "SELECT a FROM ApiKeyEntity a WHERE a.account = :account ORDER BY a.issuedOn DESC",
hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ApiKeyEntity.findByExpiration", query = "SELECT a FROM ApiKeyEntity a WHERE a.expiration = :expiration")})
public class ApiKeyEntity implements Serializable {
@ -80,6 +82,11 @@ public class ApiKeyEntity implements Serializable {
private Date issuedOn;
@Column(name = "expiration")
private Short expiration;
@Basic(optional = false)
@NotNull
@Column(name = "expires_on")
@Temporal(TemporalType.TIMESTAMP)
private Date expiresOn;
@JoinColumn(name = "account", referencedColumnName = "id")
@ManyToOne(optional = false)
private AccountEntity account;
@ -120,6 +127,14 @@ public class ApiKeyEntity implements Serializable {
this.expiration = expiration;
}
public Date getExpiresOn() {
return expiresOn;
}
public void setExpiresOn(Date expiresOn) {
this.expiresOn = expiresOn;
}
public AccountEntity getAccount() {
return account;
}

71
account/src/main/java/de/muehlencord/shared/account/business/account/entity/ApiKeyObject.java
View File

@ -1,71 +0,0 @@
/*
* Copyright 2018 joern.muehlencord.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.muehlencord.shared.account.business.account.entity;
import com.fasterxml.jackson.annotation.JsonFormat;
import com.google.gson.annotations.Expose;
import java.util.Date;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public class ApiKeyObject {
@Expose
private String userName;
@Expose
@JsonFormat(shape = JsonFormat.Shape.STRING, pattern="yyyy-MM-dd'T'HH:mm'Z'")
private Date issuedOn;
@Expose
@JsonFormat(shape = JsonFormat.Shape.STRING, pattern="yyyy-MM-dd'T'HH:mm'Z'")
private Date expiresOn;
@Expose
private String authToken;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public Date getIssuedOn() {
return issuedOn;
}
public void setIssuedOn(Date issuedOn) {
this.issuedOn = issuedOn;
}
public Date getExpiresOn() {
return expiresOn;
}
public void setExpiresOn(Date expiresOn) {
this.expiresOn = expiresOn;
}
public String getAuthToken() {
return authToken;
}
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
}

53
account/src/main/java/de/muehlencord/shared/account/business/config/boundary/ConfigService.java
View File

@ -59,20 +59,17 @@ public class ConfigService implements Serializable {
ApplicationEntity application;
/**
* returns global config key which is not assigned to any. If more than one
* value is defined for the given key, the key assigned to system is
* returned. If more than one key is defined but system key is not defined,
* an exception is thrown.
* returns global config key which is not assigned to any. If more than one value is defined for the given key, the
* key assigned to system is returned. If more than one key is defined but system key is not defined, an exception
* is thrown.
*
* @param configKey the key to return
* @return the configValue belonging to the given configKey
* @throws
* de.muehlencord.shared.account.business.config.entity.ConfigException if
* more than one value is defined for the given key but none of the values
* is defined for the system user
* @throws de.muehlencord.shared.account.business.config.entity.ConfigException if more than one value is defined
* for the given key but none of the values is defined for the system user
*/
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public String getConfigValue(String configKey) throws ConfigException {
Query query = em.createNamedQuery("ConfigEntity.findByConfigKey");
query.setParameter("application", application);
@ -98,15 +95,25 @@ public class ConfigService implements Serializable {
}
}
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
// TODO replace with DAO?
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public List<ConfigEntity> getApplicationConfigItems() {
Query query = em.createNamedQuery("ConfigEntity.findByApplication");
query.setParameter("application", application);
List<ConfigEntity> configList = query.getResultList();
return configList;
}
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public String getConfigValue(String configKey, String defaultValue) throws ConfigException {
return getConfigValue(configKey, defaultValue, false);
}
@Transactional
@Lock(LockType.WRITE)
@TransactionAttribute(REQUIRES_NEW)
@TransactionAttribute(REQUIRES_NEW)
public String getConfigValue(String configKey, String defaultValue, boolean storeDefaultValue) throws ConfigException {
// get configValue as usual
String configValue = getConfigValue(configKey);
@ -127,10 +134,10 @@ public class ConfigService implements Serializable {
}
@Lock(LockType.READ)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public String getConfigValue(String configKey, Account account, boolean fallbackToSystem) throws ConfigException {
Query query = em.createNamedQuery("ConfigEntity.findByConfigKeyAndAccount");
query.setParameter("application", application);
query.setParameter("application", application);
query.setParameter("configKey", configKey);
query.setParameter("account", account);
List<ConfigEntity> configList = query.getResultList();
@ -152,7 +159,7 @@ public class ConfigService implements Serializable {
@Transactional
@Lock(LockType.WRITE)
@TransactionAttribute(REQUIRES_NEW)
@TransactionAttribute(REQUIRES_NEW)
public String getConfigValue(String configKey, String defaultValue, boolean storeDefaultValue, Account account, boolean fallbackToSystem) throws ConfigException {
String configValue = getConfigValue(configKey, account, fallbackToSystem);
@ -171,7 +178,7 @@ public class ConfigService implements Serializable {
@Transactional
@Lock(LockType.WRITE)
@TransactionAttribute(REQUIRES_NEW)
@TransactionAttribute(REQUIRES_NEW)
public boolean updateConfigValue(String configKey, String configValue) throws ConfigException {
Account account = getAccount("system");
return updateConfigValue(configKey, account, configValue);
@ -179,7 +186,7 @@ public class ConfigService implements Serializable {
@Transactional
@Lock(LockType.WRITE)
@TransactionAttribute(REQUIRES_NEW)
@TransactionAttribute(REQUIRES_NEW)
public boolean updateConfigValue(String configKey, String accountName, String configValue) {
Account account = getAccount(accountName);
if (accountName == null) {
@ -194,7 +201,7 @@ public class ConfigService implements Serializable {
@Transactional
@Lock(LockType.WRITE)
@TransactionAttribute(REQUIRES_NEW)
@TransactionAttribute(REQUIRES_NEW)
public boolean updateConfigValue(String configKey, Account account, String configValue) {
if ((configKey == null) || (configKey.equals(""))) {
// null or empty key
@ -218,9 +225,9 @@ public class ConfigService implements Serializable {
if ((currentEntity.getConfigValue() != null) && (currentEntity.getConfigValue().equals(configValue))) {
// value is the same - no update
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("configValue {} not changed, keeping {}", configKey, currentEntity.getConfigValue());
}
LOGGER.debug("configValue {} not changed, keeping {}", configKey, currentEntity.getConfigValue());
}
return false;
} else {
String oldValue = currentEntity.getConfigValue();
@ -228,7 +235,7 @@ public class ConfigService implements Serializable {
em.merge(currentEntity);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("configValue for {} updated from {} to {}", configKey, oldValue, configValue);
}
}
return true;
}
}

10
account/src/main/java/de/muehlencord/shared/account/business/config/entity/ConfigEntity.java
View File

@ -47,6 +47,10 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ConfigEntity.findByApplication", query = "SELECT c FROM ConfigEntity c WHERE c.configPK.application = :application",
hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@QueryHint(name = "org.hibernate.cacheRegion", value = "Queries")}),
@NamedQuery(name = "ConfigEntity.findByConfigKey", query = "SELECT c FROM ConfigEntity c WHERE c.configPK.application = :application AND c.configPK.configKey = :configKey",
hints = {
@QueryHint(name = "org.hibernate.cacheable", value = "true"),
@ -72,13 +76,13 @@ public class ConfigEntity implements Serializable {
private String configValue;
@Size(max = 200)
@Column(name = "config_key_group")
private String configKeyGroup;
private String configKeyGroup;
@JoinColumn(name = "config_key_account", referencedColumnName = "id", insertable = false, updatable = false)
@ManyToOne(optional = false)
private AccountEntity account;
@JoinColumn(name = "application", referencedColumnName = "id", insertable = false, updatable = false)
@ManyToOne(optional = false)
private ApplicationEntity application;
private ApplicationEntity application;
public ConfigEntity() {
}
@ -114,7 +118,7 @@ public class ConfigEntity implements Serializable {
public void setConfigKeyGroup(String configKeyGroup) {
this.configKeyGroup = configKeyGroup;
}
@Override
public int hashCode() {
int hash = 0;

29
account/src/main/java/de/muehlencord/shared/account/business/instance/boundary/StartupBean.java
View File

@ -42,20 +42,25 @@ public class StartupBean {
ApplicationEntity application;
public void init(@Observes @Initialized(ApplicationScoped.class) Object init) {
try {
LOGGER.info("Starting application {}", application.getApplicationName());
String instanceName = configService.getConfigValue("base.instance", "Development System", true);
LOGGER.info("instanceName={}", instanceName);
if (application == null) {
LOGGER.error("Application not initialized");
throw new RuntimeException ("Application not initilized, validate applicationUID mapping");
} else {
try {
LOGGER.info("Starting application {}", application.getApplicationName());
String instanceName = configService.getConfigValue("base.instance", "Development System", true);
LOGGER.info("instanceName={}", instanceName);
// ensure maxFailedLogins is available
configService.getConfigValue("account.maxFailedLogins", "5", true);
// ensure maxFailedLogins is available
configService.getConfigValue("account.maxFailedLogins", "5", true);
LOGGER.info("Application startup complete");
} catch (ConfigException ex) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug(ex.toString(), ex);
} else {
LOGGER.error(ex.toString());
LOGGER.info("Application startup complete");
} catch (ConfigException ex) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug(ex.toString(), ex);
} else {
LOGGER.error(ex.toString());
}
}
}
}

15
account/src/main/java/de/muehlencord/shared/account/business/instance/control/ApplicationController.java
View File

@ -26,6 +26,7 @@ import javax.ejb.EJB;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Named;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -65,7 +66,12 @@ public class ApplicationController {
version = props.getProperty("build.version");
buildDate = props.getProperty("build.timestamp");
uuid = UUID.fromString(props.getProperty("application.uuid"));
String uuidString = props.getProperty("application.uuid");
if (StringUtils.isEmpty(uuidString)) {
throw new RuntimeException("ApplicationId not defined, please check database setup");
} else {
uuid = UUID.fromString(uuidString);
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("buildInfo.properties parsed successfully");
@ -82,7 +88,7 @@ public class ApplicationController {
if (uuid != null) {
this.application = applicationService.findById(uuid);
if (application == null) {
throw new RuntimeException("ApplicationId "+uuid.toString()+" not readable, application will not be able to run. You need to setup application in account database first.");
throw new RuntimeException("ApplicationId " + uuid.toString() + " not readable, application will not be able to run. You need to setup application in account database first.");
} else {
LOGGER.info("Found application {} with id {}", application.getApplicationName(), uuid.toString());
}
@ -90,8 +96,9 @@ public class ApplicationController {
}
/**
* needs to return link to "Account UI" and not to current selected application
* TODO: ensure only Account UI can call functions where application can be handed in - all other applications need to call the function which use the injected application
* needs to return link to "Account UI" and not to current selected application TODO: ensure only Account UI can
* call functions where application can be handed in - all other applications need to call the function which use
* the injected application
*/
@Produces
public ApplicationEntity getApplication() {

28
account/src/test/java/de/muehlencord/shared/account/business/account/boundary/ApiKeyServiceTest.java Normal file
View File

@ -0,0 +1,28 @@
package de.muehlencord.shared.account.business.account.boundary;
import org.junit.Test;
import org.slf4j.LoggerFactory;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public class ApiKeyServiceTest {
private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(ApiKeyServiceTest.class);
@Test
public void testCreateApiKey() {
try {
ApiKeyService apiKeyService = new ApiKeyService();
apiKeyService.createNewApiKey("web", (short) 120);
} catch (ApiKeyException ex) {
LOGGER.error(ex.getMessage());
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Detailed stacktrace", new Object[]{ex});
}
}
}
}