display two-factor authentication activation in admin area

This commit is contained in:
bgamard 2017-11-17 15:18:16 +01:00
parent 642a3e10ce
commit 590bf74e98
7 changed files with 41 additions and 23 deletions

View File

@ -256,7 +256,7 @@ public class UserDao {
Map<String, Object> parameterMap = new HashMap<>(); Map<String, Object> parameterMap = new HashMap<>();
List<String> criteriaList = new ArrayList<>(); List<String> criteriaList = new ArrayList<>();
StringBuilder sb = new StringBuilder("select u.USE_ID_C as c0, u.USE_USERNAME_C as c1, u.USE_EMAIL_C as c2, u.USE_CREATEDATE_D as c3, u.USE_STORAGECURRENT_N as c4, u.USE_STORAGEQUOTA_N as c5"); StringBuilder sb = new StringBuilder("select u.USE_ID_C as c0, u.USE_USERNAME_C as c1, u.USE_EMAIL_C as c2, u.USE_CREATEDATE_D as c3, u.USE_STORAGECURRENT_N as c4, u.USE_STORAGEQUOTA_N as c5, u.USE_TOTPKEY_C as c6");
sb.append(" from T_USER u "); sb.append(" from T_USER u ");
// Add search criterias // Add search criterias
@ -292,7 +292,8 @@ public class UserDao {
userDto.setEmail((String) o[i++]); userDto.setEmail((String) o[i++]);
userDto.setCreateTimestamp(((Timestamp) o[i++]).getTime()); userDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
userDto.setStorageCurrent(((Number) o[i++]).longValue()); userDto.setStorageCurrent(((Number) o[i++]).longValue());
userDto.setStorageQuota(((Number) o[i]).longValue()); userDto.setStorageQuota(((Number) o[i++]).longValue());
userDto.setTotpKey((String) o[i]);
userDtoList.add(userDto); userDtoList.add(userDto);
} }
return userDtoList; return userDtoList;

View File

@ -36,6 +36,11 @@ public class UserDto {
*/ */
private Long storageCurrent; private Long storageCurrent;
/**
* TOTP key.
*/
private String totpKey;
public String getId() { public String getId() {
return id; return id;
} }
@ -83,4 +88,12 @@ public class UserDto {
public void setStorageCurrent(Long storageCurrent) { public void setStorageCurrent(Long storageCurrent) {
this.storageCurrent = storageCurrent; this.storageCurrent = storageCurrent;
} }
public String getTotpKey() {
return totpKey;
}
public void setTotpKey(String totpKey) {
this.totpKey = totpKey;
}
} }

View File

@ -90,8 +90,8 @@ public abstract class SecurityFilter implements Filter {
// Add base functions // Add base functions
groupRoleIdSet.add(user.getRoleId()); groupRoleIdSet.add(user.getRoleId());
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao(); RoleBaseFunctionDao userBaseFunction = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(groupRoleIdSet); Set<String> baseFunctionSet = userBaseFunction.findByRoleId(groupRoleIdSet);
userPrincipal.setBaseFunctionSet(baseFunctionSet); userPrincipal.setBaseFunctionSet(baseFunctionSet);
// Add email // Add email

View File

@ -724,6 +724,7 @@ public class UserResource extends BaseResource {
users.add(Json.createObjectBuilder() users.add(Json.createObjectBuilder()
.add("id", userDto.getId()) .add("id", userDto.getId())
.add("username", userDto.getUsername()) .add("username", userDto.getUsername())
.add("totp_enabled", userDto.getTotpKey() != null)
.add("email", userDto.getEmail()) .add("email", userDto.getEmail())
.add("storage_quota", userDto.getStorageQuota()) .add("storage_quota", userDto.getStorageQuota())
.add("storage_current", userDto.getStorageCurrent()) .add("storage_current", userDto.getStorageCurrent())

View File

@ -216,6 +216,7 @@
"add_user": "Add a user", "add_user": "Add a user",
"username": "Username", "username": "Username",
"create_date": "Create date", "create_date": "Create date",
"totp_enabled": "Two-factor authentication enabled for this account",
"edit": { "edit": {
"delete_user_title": "Delete user", "delete_user_title": "Delete user",
"delete_user_message": "Do you really want to delete this user? All associated documents, files and tags will be deleted", "delete_user_message": "Do you really want to delete this user? All associated documents, files and tags will be deleted",

View File

@ -15,7 +15,10 @@
<tbody> <tbody>
<tr ng-repeat="user in users | orderBy: 'username'" ng-click="editUser(user)" <tr ng-repeat="user in users | orderBy: 'username'" ng-click="editUser(user)"
ng-class="{ active: $stateParams.username == user.username }"> ng-class="{ active: $stateParams.username == user.username }">
<td>{{ user.username }}</td> <td>
{{ user.username }}
<span class="glyphicon glyphicon-lock" ng-show="user.totp_enabled" uib-tooltip="{{ 'settings.user.totp_enabled' | translate }}"></span>
</td>
<td>{{ user.create_date | date: dateFormat }}</td> <td>{{ user.create_date | date: dateFormat }}</td>
</tr> </tr>
</tbody> </tbody>

View File

@ -1,7 +1,9 @@
package com.sismics.docs.rest; package com.sismics.docs.rest;
import java.util.Date; import com.sismics.util.filter.TokenBasedSecurityFilter;
import java.util.Locale; import com.sismics.util.totp.GoogleAuthenticator;
import org.junit.Assert;
import org.junit.Test;
import javax.json.JsonArray; import javax.json.JsonArray;
import javax.json.JsonObject; import javax.json.JsonObject;
@ -9,12 +11,8 @@ import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form; import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.Response.Status;
import java.util.Date;
import org.junit.Assert; import java.util.Locale;
import org.junit.Test;
import com.sismics.util.filter.TokenBasedSecurityFilter;
import com.sismics.util.totp.GoogleAuthenticator;
/** /**
* Exhaustive test of the user resource. * Exhaustive test of the user resource.
@ -55,6 +53,7 @@ public class TestUserResource extends BaseJerseyTest {
Assert.assertNotNull(user.getJsonNumber("storage_quota")); Assert.assertNotNull(user.getJsonNumber("storage_quota"));
Assert.assertNotNull(user.getJsonNumber("storage_current")); Assert.assertNotNull(user.getJsonNumber("storage_current"));
Assert.assertNotNull(user.getJsonNumber("create_date")); Assert.assertNotNull(user.getJsonNumber("create_date"));
Assert.assertFalse(user.getBoolean("totp_enabled"));
// Create a user KO (login length validation) // Create a user KO (login length validation)
Response response = target().path("/user").request() Response response = target().path("/user").request()
@ -114,7 +113,7 @@ public class TestUserResource extends BaseJerseyTest {
.param("email", " bob@docs.com ") .param("email", " bob@docs.com ")
.param("password", " 12345678 ") .param("password", " 12345678 ")
.param("storage_quota", "10"); .param("storage_quota", "10");
json = target().path("/user").request() target().path("/user").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
.put(Entity.form(form), JsonObject.class); .put(Entity.form(form), JsonObject.class);
@ -178,8 +177,8 @@ public class TestUserResource extends BaseJerseyTest {
.get(JsonObject.class); .get(JsonObject.class);
Assert.assertEquals("alice@docs.com", json.getString("email")); Assert.assertEquals("alice@docs.com", json.getString("email"));
Assert.assertFalse(json.getBoolean("is_default_password")); Assert.assertFalse(json.getBoolean("is_default_password"));
Assert.assertEquals(0l, json.getJsonNumber("storage_current").longValue()); Assert.assertEquals(0L, json.getJsonNumber("storage_current").longValue());
Assert.assertEquals(1000000l, json.getJsonNumber("storage_quota").longValue()); Assert.assertEquals(1000000L, json.getJsonNumber("storage_quota").longValue());
// Check bob user information // Check bob user information
json = target().path("/user").request() json = target().path("/user").request()
@ -243,8 +242,8 @@ public class TestUserResource extends BaseJerseyTest {
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
.get(JsonObject.class); .get(JsonObject.class);
Assert.assertTrue(json.getBoolean("is_default_password")); Assert.assertTrue(json.getBoolean("is_default_password"));
Assert.assertEquals(0l, json.getJsonNumber("storage_current").longValue()); Assert.assertEquals(0L, json.getJsonNumber("storage_current").longValue());
Assert.assertEquals(10000000000l, json.getJsonNumber("storage_quota").longValue()); Assert.assertEquals(10000000000L, json.getJsonNumber("storage_quota").longValue());
// User admin updates his information // User admin updates his information
json = target().path("/user").request() json = target().path("/user").request()
@ -323,7 +322,7 @@ public class TestUserResource extends BaseJerseyTest {
int validationCode = googleAuthenticator.calculateCode(secret, new Date().getTime() / 30000); int validationCode = googleAuthenticator.calculateCode(secret, new Date().getTime() / 30000);
// Login with totp1 with a validation code // Login with totp1 with a validation code
json = target().path("/user/login").request() target().path("/user/login").request()
.post(Entity.form(new Form() .post(Entity.form(new Form()
.param("username", "totp1") .param("username", "totp1")
.param("password", "12345678") .param("password", "12345678")
@ -337,13 +336,13 @@ public class TestUserResource extends BaseJerseyTest {
Assert.assertTrue(json.getBoolean("totp_enabled")); Assert.assertTrue(json.getBoolean("totp_enabled"));
// Disable TOTP for totp1 // Disable TOTP for totp1
json = target().path("/user/disable_totp").request() target().path("/user/disable_totp").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token) .cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token)
.post(Entity.form(new Form() .post(Entity.form(new Form()
.param("password", "12345678")), JsonObject.class); .param("password", "12345678")), JsonObject.class);
// Login with totp1 without a validation code // Login with totp1 without a validation code
json = target().path("/user/login").request() target().path("/user/login").request()
.post(Entity.form(new Form() .post(Entity.form(new Form()
.param("username", "totp1") .param("username", "totp1")
.param("password", "12345678") .param("password", "12345678")