vmario/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2024-11-22 14:07:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

#84: Generate TOTP secret key

Browse Source
This commit is contained in:
jendib 2016-03-22 01:18:18 +01:00
parent 5de77e35dc
commit 718728a672
15 changed files with 69 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs-parent/pom.xml
View File

@ -40,6 +40,7 @@
<com.twelvemonkeys.imageio.version>3.2.1</com.twelvemonkeys.imageio.version> <com.twelvemonkeys.imageio.version>3.2.1</com.twelvemonkeys.imageio.version>
<com.levigo.jbig2.levigo-jbig2-imageio.version>1.6.5</com.levigo.jbig2.levigo-jbig2-imageio.version> <com.levigo.jbig2.levigo-jbig2-imageio.version>1.6.5</com.levigo.jbig2.levigo-jbig2-imageio.version>
<com.github.jai-imageio.jai-imageio-core.version>1.3.1</com.github.jai-imageio.jai-imageio-core.version> <com.github.jai-imageio.jai-imageio-core.version>1.3.1</com.github.jai-imageio.jai-imageio-core.version>
<com.warrenstrange.googleauth>0.6.0</com.warrenstrange.googleauth>
<org.eclipse.jetty.jetty-server.version>9.2.13.v20150730</org.eclipse.jetty.jetty-server.version> <org.eclipse.jetty.jetty-server.version>9.2.13.v20150730</org.eclipse.jetty.jetty-server.version>
<org.eclipse.jetty.jetty-webapp.version>9.2.13.v20150730</org.eclipse.jetty.jetty-webapp.version> <org.eclipse.jetty.jetty-webapp.version>9.2.13.v20150730</org.eclipse.jetty.jetty-webapp.version>
@ -395,18 +396,27 @@
<version>${com.twelvemonkeys.imageio.version}</version> <version>${com.twelvemonkeys.imageio.version}</version>
</dependency> </dependency>
<dependency><!-- Only JBIG2 --> <!-- Only JBIG2 -->
<dependency>
<groupId>com.levigo.jbig2</groupId> <groupId>com.levigo.jbig2</groupId>
<artifactId>levigo-jbig2-imageio</artifactId> <artifactId>levigo-jbig2-imageio</artifactId>
<version>${com.levigo.jbig2.levigo-jbig2-imageio.version}</version> <version>${com.levigo.jbig2.levigo-jbig2-imageio.version}</version>
</dependency> </dependency>
<dependency><!-- Essentially TIFF (for OCR) --> <!-- Essentially TIFF (for OCR) -->
<dependency>
<groupId>com.github.jai-imageio</groupId> <groupId>com.github.jai-imageio</groupId>
<artifactId>jai-imageio-core</artifactId> <artifactId>jai-imageio-core</artifactId>
<version>${com.github.jai-imageio.jai-imageio-core.version}</version> <version>${com.github.jai-imageio.jai-imageio-core.version}</version>
</dependency> </dependency>
<!-- TOTP Authentication -->
<dependency>
<groupId>com.warrenstrange</groupId>
<artifactId>googleauth</artifactId>
<version>${com.warrenstrange.googleauth}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>

5
docs-web/pom.xml
View File

@ -89,6 +89,11 @@
<artifactId>servlet</artifactId> <artifactId>servlet</artifactId>
</dependency> </dependency>
<dependency>
<groupId>com.warrenstrange</groupId>
<artifactId>googleauth</artifactId>
</dependency>
<!-- Test dependencies --> <!-- Test dependencies -->
<dependency> <dependency>
<groupId>com.sismics.docs</groupId> <groupId>com.sismics.docs</groupId>

25
docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
View File

@ -55,6 +55,8 @@ import com.sismics.rest.util.JsonUtil;
import com.sismics.rest.util.ValidationUtil; import com.sismics.rest.util.ValidationUtil;
import com.sismics.security.UserPrincipal; import com.sismics.security.UserPrincipal;
import com.sismics.util.filter.TokenBasedSecurityFilter; import com.sismics.util.filter.TokenBasedSecurityFilter;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
/** /**
* User REST resources. * User REST resources.
@ -639,6 +641,29 @@ public class UserResource extends BaseResource {
return Response.ok().entity(response.build()).build(); return Response.ok().entity(response.build()).build();
} }
@POST
@Path("enable_totp")
public Response enableTotp() {
if (!authenticate()) {
throw new ForbiddenClientException();
}
// Create a new TOTP key and scratch codes
// TODO Copy library sources here to scrap useless dependencies and make verification code generation public for testing
GoogleAuthenticator gAuth = new GoogleAuthenticator();
final GoogleAuthenticatorKey key = gAuth.createCredentials();
JsonArrayBuilder scratchCodes = Json.createArrayBuilder();
for (int scratchCode : key.getScratchCodes()) {
scratchCodes.add(scratchCode);
}
JsonObjectBuilder response = Json.createObjectBuilder()
.add("secret", key.getKey())
.add("scratch_codes", scratchCodes);
return Response.ok().entity(response.build()).build();
}
/** /**
* Returns the authentication token value. * Returns the authentication token value.
* *

2
docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
View File

@ -23,8 +23,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestAclResource extends BaseJerseyTest { public class TestAclResource extends BaseJerseyTest {
/** /**
* Test the ACL resource. * Test the ACL resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testAclResource() { public void testAclResource() {

4
docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
View File

@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestAppResource extends BaseJerseyTest { public class TestAppResource extends BaseJerseyTest {
/** /**
* Test the API resource. * Test the API resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testAppResource() { public void testAppResource() {
@ -63,8 +61,6 @@ public class TestAppResource extends BaseJerseyTest {
/** /**
* Test the log resource. * Test the log resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testLogResource() { public void testLogResource() {

2
docs-web/src/test/java/com/sismics/docs/rest/TestAuditLogResource.java
View File

@ -20,8 +20,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestAuditLogResource extends BaseJerseyTest { public class TestAuditLogResource extends BaseJerseyTest {
/** /**
* Test the audit log resource. * Test the audit log resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testAuditLogResource() { public void testAuditLogResource() {

4
docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
View File

@ -21,11 +21,9 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestCommentResource extends BaseJerseyTest { public class TestCommentResource extends BaseJerseyTest {
/** /**
* Test the comment resource. * Test the comment resource.
*
* @throws Exception
*/ */
@Test @Test
public void testCommentResource() throws Exception { public void testCommentResource() {
// Login comment1 // Login comment1
clientUtil.createUser("comment1"); clientUtil.createUser("comment1");
String comment1Token = clientUtil.login("comment1"); String comment1Token = clientUtil.login("comment1");

3
docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
View File

@ -359,9 +359,8 @@ public class TestDocumentResource extends BaseJerseyTest {
* @param query Search query * @param query Search query
* @param token Authentication token * @param token Authentication token
* @return Number of documents found * @return Number of documents found
* @throws Exception
*/ */
private int searchDocuments(String query, String token) throws Exception { private int searchDocuments(String query, String token) {
JsonObject json = target().path("/document/list") JsonObject json = target().path("/document/list")
.queryParam("search", query) .queryParam("search", query)
.request() .request()

10
docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
View File

@ -198,6 +198,11 @@ public class TestFileResource extends BaseJerseyTest {
Assert.assertEquals(1, files.size()); Assert.assertEquals(1, files.size());
} }
/**
* Test orphan files (without linked document).
*
* @throws Exception
*/
@Test @Test
public void testOrphanFile() throws Exception { public void testOrphanFile() throws Exception {
// Login file2 // Login file2
@ -283,6 +288,11 @@ public class TestFileResource extends BaseJerseyTest {
Assert.assertEquals("ok", json.getString("status")); Assert.assertEquals("ok", json.getString("status"));
} }
/**
* Test user quota.
*
* @throws Exception
*/
@Test @Test
public void testQuota() throws Exception { public void testQuota() throws Exception {
// Login file_quota // Login file_quota

2
docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
View File

@ -22,8 +22,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestGroupResource extends BaseJerseyTest { public class TestGroupResource extends BaseJerseyTest {
/** /**
* Test the group resource. * Test the group resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testGroupResource() { public void testGroupResource() {

2
docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
View File

@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestSecurity extends BaseJerseyTest { public class TestSecurity extends BaseJerseyTest {
/** /**
* Test of the security layer. * Test of the security layer.
*
* @throws JSONException
*/ */
@Test @Test
public void testSecurity() { public void testSecurity() {

1
docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
View File

@ -28,7 +28,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestShareResource extends BaseJerseyTest { public class TestShareResource extends BaseJerseyTest {
/** /**
* Test the share resource. * Test the share resource.
* @throws Exception
* *
* @throws Exception * @throws Exception
*/ */

2
docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
View File

@ -21,8 +21,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestTagResource extends BaseJerseyTest { public class TestTagResource extends BaseJerseyTest {
/** /**
* Test the tag resource. * Test the tag resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testTagResource() { public void testTagResource() {

18
docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
View File

@ -22,8 +22,6 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestUserResource extends BaseJerseyTest { public class TestUserResource extends BaseJerseyTest {
/** /**
* Test the user resource. * Test the user resource.
*
* @throws JSONException
*/ */
@Test @Test
public void testUserResource() { public void testUserResource() {
@ -229,8 +227,6 @@ public class TestUserResource extends BaseJerseyTest {
/** /**
* Test the user resource admin functions. * Test the user resource admin functions.
*
* @throws JSONException
*/ */
@Test @Test
public void testUserResourceAdmin() { public void testUserResourceAdmin() {
@ -290,4 +286,18 @@ public class TestUserResource extends BaseJerseyTest {
json = response.readEntity(JsonObject.class); json = response.readEntity(JsonObject.class);
Assert.assertEquals("UserNotFound", json.getString("type")); Assert.assertEquals("UserNotFound", json.getString("type"));
} }
@Test
public void testTotp() {
// Create totp1 user
clientUtil.createUser("totp1");
String totp1Token = clientUtil.login("totp1");
// Enable TOTP for totp1
JsonObject json = target().path("/user/enable_totp").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, totp1Token)
.post(Entity.form(new Form()), JsonObject.class);
String secret = json.getString("secret");
Assert.assertNotNull(secret);
}
} }

4
docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
View File

@ -19,11 +19,9 @@ import com.sismics.util.filter.TokenBasedSecurityFilter;
public class TestVocabularyResource extends BaseJerseyTest { public class TestVocabularyResource extends BaseJerseyTest {
/** /**
* Test the vocabulary resource. * Test the vocabulary resource.
*
* @throws Exception
*/ */
@Test @Test
public void testVocabularyResource() throws Exception { public void testVocabularyResource() {
// Login vocabulary1 // Login vocabulary1
clientUtil.createUser("vocabulary1"); clientUtil.createUser("vocabulary1");
String vocabulary1Token = clientUtil.login("vocabulary1"); String vocabulary1Token = clientUtil.login("vocabulary1");