Merge from develop to release-1.2.x

Signed-off-by: ase-101 <[email protected]>
mosip · Jan 23, 2024 · 93d7fce · 93d7fce
2 parents 4f188c8 + f4a0e03
commit 93d7fce
Show file tree

Hide file tree

Showing 101 changed files with 13,302 additions and 22,440 deletions.
diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml
@@ -40,7 +40,7 @@ on:
       - MOSIP*
       - release*
     paths:
-      - 'helm/**'
+      - './helm/**'
 
 jobs:
   chart-lint-publish:

diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
@@ -43,7 +43,7 @@ jobs:
     secrets:
       OSSRH_USER: ${{ secrets.OSSRH_USER }}
       OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }}
-      OSSRH_URL: ${{ secrets.RELEASE_URL }}
+      OSSRH_URL: ${{ secrets.OSSRH_SNAPSHOT_URL }}
       OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
       GPG_SECRET: ${{ secrets.GPG_SECRET }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml
@@ -1,11 +1,15 @@
 name: Tagging of repos
 
+env:
+  tag: v1.2.3
+
 on:
   workflow_dispatch:
     inputs:
       TAG:
         description: 'Tag to be published'
         required: true
+        default: 'v1.2.3'
         type: string
       BODY:
         description: 'Release body message'
@@ -30,6 +34,7 @@ on:
       BRANCH:
         description: 'Branch name'
         required: true
+        default: False
         type: string
       LATEST:
         description: 'Latest release'

diff --git a/db_scripts/init_values.yaml b/db_scripts/init_values.yaml
@@ -64,7 +64,7 @@ databases:
       user: postgres
       secret:
         name: postgres-postgresql
-        key: postgresql-password
+        key: postgres-password
     dml: 1
     repoUrl: https://github.com/mosip/esignet.git
     branch: release-1.2.x
diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/dto/AuthRequestV2.java b/esignet-core/src/main/java/io/mosip/esignet/core/dto/AuthRequestV2.java
@@ -0,0 +1,9 @@
+package io.mosip.esignet.core.dto;
+
+import lombok.Data;
+
+@Data
+public class AuthRequestV2 extends AuthRequest {
+
+    private String captchaToken;
+}
diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/dto/ProofKeyCodeExchange.java b/esignet-core/src/main/java/io/mosip/esignet/core/dto/ProofKeyCodeExchange.java
@@ -2,13 +2,12 @@
 
 import io.mosip.esignet.core.constants.ErrorConstants;
 import io.mosip.esignet.core.exception.EsignetException;
-import io.mosip.esignet.core.util.IdentityProviderUtil;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.util.StringUtils;
 
-import java.nio.charset.Charset;
+import java.io.Serializable;
 
 import static io.mosip.esignet.core.constants.Constants.S256;
 
@@ -19,7 +18,7 @@
 @Slf4j
 @Getter
 @Setter
-public class ProofKeyCodeExchange {
+public class ProofKeyCodeExchange implements Serializable {
 
     private String codeChallenge;
     private String codeChallengeMethod;

diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/spi/AuthorizationService.java b/esignet-core/src/main/java/io/mosip/esignet/core/spi/AuthorizationService.java
@@ -46,12 +46,22 @@ public interface AuthorizationService {
     AuthResponse authenticateUser(AuthRequest authRequest) throws EsignetException;
 
     /**
-     * Authentication request for the required auth-factors
+     * Authentication request for the required auth-factors,
+     * Handles check on consent registry to decide whether user can proceed with stored consent or re-consent required.
      * @param authRequest
      * @return
      */
     AuthResponseV2 authenticateUserV2(AuthRequest authRequest) throws EsignetException;
 
+    /**
+     * Authentication request for the required auth-factors,
+     * Handles check on consent registry to decide whether user can proceed with stored consent or re-consent required.
+     * Adds captcha token check only for configured auth-factors.
+     * @param authRequest
+     * @return
+     */
+    AuthResponseV2 authenticateUserV3(AuthRequestV2 authRequest) throws EsignetException;
+
     /**
      * Accepted claims are verified and KYC exchange is performed
      * Redirects to requested redirect_uri

diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/spi/OAuthService.java b/esignet-core/src/main/java/io/mosip/esignet/core/spi/OAuthService.java
@@ -31,7 +31,7 @@ public interface OAuthService {
      * @return
      * @throws EsignetException
      */
-    TokenResponse getTokens(@Valid TokenRequest tokenRequest) throws EsignetException;
+    TokenResponse getTokens(@Valid TokenRequest tokenRequest,boolean isV2) throws EsignetException;
 
     /**
      * API to get list of IdP public keys

diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/spi/TokenService.java b/esignet-core/src/main/java/io/mosip/esignet/core/spi/TokenService.java
@@ -107,7 +107,7 @@ public interface TokenService {
      * exp : Expiration time on or after which the ID Token MUST NOT be accepted for processing.
      * iat : OPTIONAL. Time at which the JWT was issued.
      */
-     void verifyClientAssertionToken(String clientId, String jwk, String clientAssertion) throws EsignetException;
+     void verifyClientAssertionToken(String clientId, String jwk, String clientAssertion,String audience) throws EsignetException;
 
     /**
      * Verifies access token signature and also the claims with expected values

diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java b/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java
@@ -16,12 +16,18 @@ public class AuditHelper {
     public static AuditDTO buildAuditDto(String clientId) {
         AuditDTO auditDTO = new AuditDTO();
         auditDTO.setClientId(clientId);
+        auditDTO.setIdType("ClientId");
         return auditDTO;
     }
 
     public static AuditDTO buildAuditDto(String transactionId, OIDCTransaction transaction) {
+        return buildAuditDto(transactionId, "transaction", transaction);
+    }
+
+    public static AuditDTO buildAuditDto(String transactionId, String idType, OIDCTransaction transaction) {
         AuditDTO auditDTO = new AuditDTO();
         auditDTO.setTransactionId(transactionId);
+        auditDTO.setIdType(idType);
         if(transaction != null) {
             auditDTO.setRelyingPartyId(transaction.getRelyingPartyId());
             auditDTO.setClientId(transaction.getClientId());

diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/validator/RedirectURL.java b/esignet-core/src/main/java/io/mosip/esignet/core/validator/RedirectURL.java
@@ -12,7 +12,7 @@
 import static java.lang.annotation.ElementType.TYPE_USE;
 import static java.lang.annotation.RetentionPolicy.RUNTIME;
 
-@Target({ FIELD,TYPE_USE })
+@Target({ FIELD,TYPE_USE  })
 @Retention(RUNTIME)
 @Constraint(validatedBy = RedirectURLValidator.class)
 @Documented

diff --git a/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/AuditDTO.java b/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/AuditDTO.java
@@ -31,4 +31,6 @@ public class AuditDTO {
     String linkedTransactionId;
     String nonce;
     String state;
+
+    String idType;
 }
diff --git a/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java b/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java
@@ -1,31 +1,43 @@
 package io.mosip.esignet.api.util;
 
 public enum Action {
-    OIDC_CLIENT_CREATE,
-    OIDC_CLIENT_UPDATE,
-    OAUTH_CLIENT_CREATE,
-    OAUTH_CLIENT_UPDATE,
-    GET_OAUTH_DETAILS,
-    TRANSACTION_STARTED,
-    SEND_OTP,
-    AUTHENTICATE,
-    GET_AUTH_CODE,
-    GENERATE_TOKEN,
-    GET_USERINFO,
-    DO_KYC_AUTH,
-    DO_KYC_EXCHANGE,
-    GET_CERTIFICATE,
-    UPLOAD_CERTIFICATE,
-    LINK_CODE,
-    LINK_TRANSACTION,
-    LINK_STATUS,
-    LINK_AUTHENTICATE,
-    SAVE_CONSENT,
-    LINK_SEND_OTP,
-    LINK_AUTH_CODE,
-    GET_USER_CONSENT,
-    SAVE_USER_CONSENT,
-    UPDATE_USER_CONSENT,
-    DELETE_USER_CONSENT,
-    VC_ISSUANCE
+    OIDC_CLIENT_CREATE("client-mgmt-service"),
+    OIDC_CLIENT_UPDATE("client-mgmt-service"),
+    OAUTH_CLIENT_CREATE("client-mgmt-service"),
+    OAUTH_CLIENT_UPDATE("client-mgmt-service"),
+    GET_OAUTH_DETAILS("esignet-service"),
+    TRANSACTION_STARTED("esignet-service"),
+    SEND_OTP("esignet-service"),
+    AUTHENTICATE("esignet-service"),
+    GET_AUTH_CODE("esignet-service"),
+    GENERATE_TOKEN("esignet-service"),
+    GET_USERINFO("esignet-service"),
+    DO_KYC_AUTH("esignet-service"),
+    DO_KYC_EXCHANGE("esignet-service"),
+    GET_CERTIFICATE("keymanager"),
+    UPLOAD_CERTIFICATE("keymanager"),
+    LINK_CODE("esignet-service"),
+    LINK_TRANSACTION("esignet-service"),
+    LINK_STATUS("esignet-service"),
+    LINK_AUTHENTICATE("esignet-service"),
+    SAVE_CONSENT("consent-service"),
+    LINK_SEND_OTP("esignet-service"),
+    LINK_AUTH_CODE("esignet-service"),
+    GET_USER_CONSENT("consent-service"),
+    SAVE_USER_CONSENT("consent-service"),
+    UPDATE_USER_CONSENT("consent-service"),
+    DELETE_USER_CONSENT("consent-service"),
+    SEND_BINDING_OTP("key-binding"),
+    KEY_BINDING("key-binding"),
+    VC_ISSUANCE("vci-service");
+
+    String module;
+
+    Action(String module) {
+        this.module = module;
+    }
+
+    public String getModule() {
+        return this.module;
+    }
 }
diff --git a/esignet-service/src/main/java/io/mosip/esignet/controllers/AuthorizationController.java b/esignet-service/src/main/java/io/mosip/esignet/controllers/AuthorizationController.java
@@ -44,9 +44,9 @@ public class AuthorizationController {
     public ResponseWrapper<OAuthDetailResponse> getOauthDetails(@Valid @RequestBody RequestWrapper<OAuthDetailRequest>
                                                                             requestWrapper) throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             responseWrapper.setResponse(authorizationService.getOauthDetails(requestWrapper.getRequest()));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.GET_OAUTH_DETAILS, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getClientId()), ex);
             throw ex;
@@ -58,9 +58,9 @@ public ResponseWrapper<OAuthDetailResponse> getOauthDetails(@Valid @RequestBody
     public ResponseWrapper<OAuthDetailResponseV2> getOauthDetailsV2(@Valid @RequestBody RequestWrapper<OAuthDetailRequestV2>
                                                                         requestWrapper) throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             responseWrapper.setResponse(authorizationService.getOauthDetailsV2(requestWrapper.getRequest()));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.GET_OAUTH_DETAILS, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getClientId()), ex);
             throw ex;
@@ -72,9 +72,9 @@ public ResponseWrapper<OAuthDetailResponseV2> getOauthDetailsV2(@Valid @RequestB
     public ResponseWrapper<OtpResponse> sendOtp(@Valid @RequestBody RequestWrapper<OtpRequest> requestWrapper)
             throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             responseWrapper.setResponse(authorizationService.sendOtp(requestWrapper.getRequest()));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.SEND_OTP, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getTransactionId(), null), ex);
             throw ex;
@@ -86,9 +86,9 @@ public ResponseWrapper<OtpResponse> sendOtp(@Valid @RequestBody RequestWrapper<O
     public ResponseWrapper<AuthResponse> authenticateEndUser(@Valid @RequestBody RequestWrapper<AuthRequest>
                                                                         requestWrapper) throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             responseWrapper.setResponse(authorizationService.authenticateUser(requestWrapper.getRequest()));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.AUTHENTICATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getTransactionId(), null), ex);
             throw ex;
@@ -100,9 +100,9 @@ public ResponseWrapper<AuthResponse> authenticateEndUser(@Valid @RequestBody Req
     public ResponseWrapper<AuthCodeResponse> getAuthorizationCode(@Valid @RequestBody RequestWrapper<AuthCodeRequest>
                                                                               requestWrapper) throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             responseWrapper.setResponse(authorizationService.getAuthCode(requestWrapper.getRequest()));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.GET_AUTH_CODE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getTransactionId(), null), ex);
             throw ex;
@@ -114,10 +114,25 @@ public ResponseWrapper<AuthCodeResponse> getAuthorizationCode(@Valid @RequestBod
     public ResponseWrapper<AuthResponseV2> authenticateEndUserV2(@Valid @RequestBody RequestWrapper<AuthRequest>
                                                                        requestWrapper) throws EsignetException {
         ResponseWrapper<AuthResponseV2> responseWrapper = new ResponseWrapper<>();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         try {
             AuthResponseV2 authResponse = authorizationService.authenticateUserV2(requestWrapper.getRequest());
             responseWrapper.setResponse(authResponse);
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
+        } catch (EsignetException ex) {
+            auditWrapper.logAudit(Action.AUTHENTICATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getTransactionId(), null), ex);
+            throw ex;
+        }
+        return responseWrapper;
+    }
+
+    @PostMapping("/v3/authenticate")
+    public ResponseWrapper<AuthResponseV2> authenticateEndUserV3(@Valid @RequestBody RequestWrapper<AuthRequestV2>
+                                                                         requestWrapper) throws EsignetException {
+        ResponseWrapper<AuthResponseV2> responseWrapper = new ResponseWrapper<>();
+        try {
+            AuthResponseV2 authResponse = authorizationService.authenticateUserV3(requestWrapper.getRequest());
+            responseWrapper.setResponse(authResponse);
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
         } catch (EsignetException ex) {
             auditWrapper.logAudit(Action.AUTHENTICATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getTransactionId(), null), ex);
             throw ex;

diff --git a/esignet-service/src/main/java/io/mosip/esignet/controllers/KeyBindingController.java b/esignet-service/src/main/java/io/mosip/esignet/controllers/KeyBindingController.java
@@ -5,9 +5,13 @@
  */
 package io.mosip.esignet.controllers;
 
+import io.mosip.esignet.api.spi.AuditPlugin;
+import io.mosip.esignet.api.util.Action;
+import io.mosip.esignet.api.util.ActionStatus;
 import io.mosip.esignet.core.dto.*;
 import io.mosip.esignet.core.exception.EsignetException;
 import io.mosip.esignet.core.spi.KeyBindingService;
+import io.mosip.esignet.core.util.AuditHelper;
 import io.mosip.esignet.core.util.IdentityProviderUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -24,15 +28,26 @@ public class KeyBindingController {
 
     @Autowired
     private KeyBindingService keyBindingService;
+
+    @Autowired
+    private AuditPlugin auditPlugin;
 
     @PostMapping(value = "binding-otp", consumes = {MediaType.APPLICATION_JSON_VALUE},
             produces = {MediaType.APPLICATION_JSON_VALUE})
     public ResponseWrapper<OtpResponse> sendBindingOtp(@Valid @RequestBody RequestWrapper<BindingOtpRequest> requestWrapper,
                                                        @RequestHeader Map<String, String> headers)
             throws EsignetException {
         ResponseWrapper responseWrapper = new ResponseWrapper();
-        responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
-        responseWrapper.setResponse(keyBindingService.sendBindingOtp(requestWrapper.getRequest(), headers));
+        try {
+            responseWrapper.setResponse(keyBindingService.sendBindingOtp(requestWrapper.getRequest(), headers));
+            responseWrapper.setResponseTime(IdentityProviderUtil.getUTCDateTime());
+            auditPlugin.logAudit(Action.SEND_BINDING_OTP, ActionStatus.SUCCESS,
+                    AuditHelper.buildAuditDto("individualId", null), null);
+        } catch (EsignetException ex) {
+            auditPlugin.logAudit(Action.SEND_BINDING_OTP, ActionStatus.ERROR,
+                    AuditHelper.buildAuditDto("individualId", null), ex);
+            throw ex;
+        }
         return responseWrapper;
     }
 
@@ -41,9 +56,16 @@ public ResponseWrapper<OtpResponse> sendBindingOtp(@Valid @RequestBody RequestWr
     public ResponseWrapper<WalletBindingResponse> bindWallet(@Valid @RequestBody RequestWrapper<WalletBindingRequest> requestWrapper,
                                                              @RequestHeader Map<String, String> headers) throws EsignetException {
         ResponseWrapper response = new ResponseWrapper<WalletBindingResponse>();
-        response.setResponse(keyBindingService.bindWallet(requestWrapper.getRequest(), headers));
-        response.setResponseTime(IdentityProviderUtil.getUTCDateTime());
+        try {
+            response.setResponse(keyBindingService.bindWallet(requestWrapper.getRequest(), headers));
+            auditPlugin.logAudit(Action.KEY_BINDING, ActionStatus.SUCCESS,
+                    AuditHelper.buildAuditDto("individualId", null), null);
+            response.setResponseTime(IdentityProviderUtil.getUTCDateTime());
+        } catch (EsignetException ex) {
+            auditPlugin.logAudit(Action.KEY_BINDING, ActionStatus.ERROR,
+                    AuditHelper.buildAuditDto("individualId", null), ex);
+            throw ex;
+        }
         return response;
-
     }
 }