org.cloudfoundry.identity.uaa.mfa.MfaProviderEndpoints Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of cloudfoundry-identity-server
Cloud Foundry User Account and Authentication
There is a newer version: 4.30.0
package org.cloudfoundry.identity.uaa.mfa;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
import org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaProviderException;
import org.cloudfoundry.identity.uaa.mfa.exception.MfaAlreadyExistsException;
import org.cloudfoundry.identity.uaa.mfa.exception.MfaProviderUpdateIsNotAllowed;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.cloudfoundry.identity.uaa.zone.MfaConfig;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

import static org.springframework.web.bind.annotation.RequestMethod.*;

@RequestMapping("/mfa-providers")
@RestController
public class MfaProviderEndpoints implements ApplicationEventPublisherAware{
    protected static Log logger = LogFactory.getLog(MfaProviderEndpoints.class);
    private ApplicationEventPublisher publisher;
    private MfaProviderProvisioning mfaProviderProvisioning;
    private MfaProviderValidator mfaProviderValidator;
    private IdentityZoneProvisioning identityZoneProvisioning;

    @Override
    public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
        this.publisher = publisher;
    }

    @RequestMapping(method = POST)
    public ResponseEntity createMfaProvider(@RequestBody MfaProvider body) {
        String zoneId = IdentityZoneHolder.get().getId();
        body.setIdentityZoneId(zoneId);
        mfaProviderValidator.validate(body);
        if(!StringUtils.hasText(body.getConfig().getIssuer())){
            body.getConfig().setIssuer(IdentityZoneHolder.get().getName());
        }
        MfaProvider created = mfaProviderProvisioning.create(body,zoneId);
        return new ResponseEntity<>(created, HttpStatus.CREATED);
    }

    @RequestMapping(value = "{id}", method = PUT)
    public ResponseEntity updateMfaProvider() throws MfaProviderUpdateIsNotAllowed {
        throw new MfaProviderUpdateIsNotAllowed();
    }

    @RequestMapping(method = GET)
    public ResponseEntity> retrieveMfaProviders() {
        String zoneId = IdentityZoneHolder.get().getId();
        List providers = mfaProviderProvisioning.retrieveAll(zoneId);
        return new ResponseEntity<>(providers, HttpStatus.OK);
    }

    @RequestMapping(value = "{id}", method = GET)
    public ResponseEntity retrieveMfaProviderById(@PathVariable String id) {
        String zoneId = IdentityZoneHolder.get().getId();
        MfaProvider provider = mfaProviderProvisioning.retrieve(id, zoneId);
        return new ResponseEntity<>(provider, HttpStatus.OK);
    }

    @RequestMapping(value = "{id}", method = DELETE)
    public ResponseEntity deleteMfaProviderById(@PathVariable String id) {
        MfaProvider existing = mfaProviderProvisioning.retrieve(id, IdentityZoneHolder.get().getId());
        MfaConfig currentMfaConfig = IdentityZoneHolder.get().getConfig().getMfaConfig();
        if(currentMfaConfig.isEnabled() && currentMfaConfig.getProviderName().equals(existing.getName())) {
            throw new MfaAlreadyExistsException("MFA provider is currently active on zone: " + IdentityZoneHolder.get().getId() + ". Please deactivate it from the zone or set another MFA provider");
        }
        publisher.publishEvent(new EntityDeletedEvent<>(existing, SecurityContextHolder.getContext().getAuthentication()));
        return new ResponseEntity<>(existing, HttpStatus.OK);
    }

    @ExceptionHandler(InvalidMfaProviderException.class)
    public ResponseEntity handleInvalidMfaProviderException(InvalidMfaProviderException e) {
        return new ResponseEntity<>(e, HttpStatus.UNPROCESSABLE_ENTITY);
    }

    @ExceptionHandler(MfaAlreadyExistsException.class)
    public ResponseEntity handleInvalidMfaProviderException(MfaAlreadyExistsException e) {
        return new ResponseEntity<>(new InvalidMfaProviderException(e.getMessage()), HttpStatus.CONFLICT);
    }


    @ExceptionHandler(EmptyResultDataAccessException.class)
    public ResponseEntity handleEmptyResultDataAccessException(EmptyResultDataAccessException e) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }

    @ExceptionHandler(MfaProviderUpdateIsNotAllowed.class)
    public ResponseEntity handleMfaUpdatingNameOfActiveProvider(MfaProviderUpdateIsNotAllowed e) {
        return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
    }

    public MfaProviderProvisioning getMfaProviderProvisioning() {
        return mfaProviderProvisioning;
    }

    public void setMfaProviderProvisioning(MfaProviderProvisioning mfaProviderProvisioning) {
        this.mfaProviderProvisioning = mfaProviderProvisioning;
    }

    public void setMfaProviderValidator(MfaProviderValidator mfaProviderValidator) {
        this.mfaProviderValidator = mfaProviderValidator;
    }

    public void setIdentityZoneProvisioning(IdentityZoneProvisioning identityZoneProvisioning) {
        this.identityZoneProvisioning = identityZoneProvisioning;
    }
}