artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'UPSTREAM/develop' into develop-SOT

Browse Source
This commit is contained in:
tawoe 2023-02-06 07:58:44 +01:00
commit 48fa06260a
7 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
obp-api/src/main/resources/props/sample.props.template
View File

@ -1212,7 +1212,7 @@ user_account_is_validated = false
retain_archive_metrics_days = 1095
# Defines the number of days we keep rows in the table "Metric" former "MappedMetric"
retain_metrics_days = 60
retain_metrics_days = 200
#if same session used for different ip address, we can show this warning, default is false.
show_ip_address_change_warning=false

11
obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
View File

@ -1,5 +1,6 @@
package code.api.v3_1_0
import code.api.Constant
import code.api.Constant.localIdentityProvider
import java.text.SimpleDateFormat
@ -513,7 +514,10 @@ trait APIMethods310 {
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canReadUserLockedStatus, callContext)
badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) }
_ <- Users.users.vend.getUserByProviderAndUsernameFuture(Constant.localIdentityProvider, username) map {
x => unboxFullOrFail(x, callContext, UserNotFoundByProviderAndUsername, 404)
}
badLoginStatus <- Future { LoginAttempt.getOrCreateBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) }
} yield {
(createBadLoginStatusJson(badLoginStatus), HttpCode.`200`(callContext))
}
@ -547,10 +551,13 @@ trait APIMethods310 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
user <- Users.users.vend.getUserByProviderAndUsernameFuture(Constant.localIdentityProvider, username) map {
x => unboxFullOrFail(x, callContext, UserNotFoundByProviderAndUsername, 404)
}
_ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canUnlockUser, callContext)
_ <- Future { LoginAttempt.resetBadLoginAttempts(localIdentityProvider,username) }
_ <- Future { UserLocksProvider.unlockUser(localIdentityProvider,username) }
badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) }
badLoginStatus <- Future { LoginAttempt.getOrCreateBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) }
} yield {
(createBadLoginStatusJson(badLoginStatus), HttpCode.`200`(callContext))
}

10
obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala
View File

@ -265,8 +265,11 @@ trait APIMethods510 {
for {
(Full(u), callContext) <- SS.user
_ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canReadUserLockedStatus, callContext)
_ <- Users.users.vend.getUserByProviderAndUsernameFuture(provider, username) map {
x => unboxFullOrFail(x, callContext, UserNotFoundByProviderAndUsername, 404)
}
badLoginStatus <- Future {
LoginAttempt.getBadLoginStatus(provider, username)
LoginAttempt.getOrCreateBadLoginStatus(provider, username)
} map {
unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername provider($provider), username($username)", 404)
}
@ -303,6 +306,9 @@ trait APIMethods510 {
for {
(Full(u), callContext) <- SS.user
_ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canUnlockUser, callContext)
_ <- Users.users.vend.getUserByProviderAndUsernameFuture(provider, username) map {
x => unboxFullOrFail(x, callContext, UserNotFoundByProviderAndUsername, 404)
}
_ <- Future {
LoginAttempt.resetBadLoginAttempts(provider, username)
}
@ -310,7 +316,7 @@ trait APIMethods510 {
UserLocksProvider.unlockUser(provider, username)
}
badLoginStatus <- Future {
LoginAttempt.getBadLoginStatus(provider, username)
LoginAttempt.getOrCreateBadLoginStatus(provider, username)
} map {
unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername provider($provider), username($username)", 404)
}

10
obp-api/src/main/scala/code/loginattempts/LoginAttempts.scala
View File

@ -47,11 +47,17 @@ object LoginAttempt extends MdcLoggable {
}
}
def getBadLoginStatus(provider: String, username: String): Box[BadLoginAttempt] = {
def getOrCreateBadLoginStatus(provider: String, username: String): Box[BadLoginAttempt] = {
MappedBadLoginAttempt.find(
By(MappedBadLoginAttempt.Provider, provider),
By(MappedBadLoginAttempt.mUsername, username)
)
).or(Full(MappedBadLoginAttempt.create
.mUsername(username)
.Provider(provider)
.mLastFailureDate(now)
.mBadAttemptsSinceLastSuccessOrReset(0)
.saveMe()
))
}
/**

4
obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -472,7 +472,9 @@ import net.liftweb.util.Helpers._
resourceUser <- if (AuthUser.currentUser.isDefined){
//AuthUser.currentUser.get.user.foreign // this will be issue when the resource user is in remote side {
val user = AuthUser.currentUser.openOrThrowException(ErrorMessages.attemptedToOpenAnEmptyBox)
Users.users.vend.getUserByUserName(user.provider.get, user.username.get)
// In case that the provider is empty field we default to "local_identity_provider" or "hostname"
val provider = if(user.provider.get.isEmpty) Constant.localIdentityProvider else user.provider.get
Users.users.vend.getUserByUserName(provider, user.username.get)
}else if (directLogin.isDefined) // Direct Login
DirectLogin.getUser
else if (hasDirectLoginHeader(authorization)) // Direct Login Deprecated

8
obp-api/src/main/scala/code/scheduler/MetricsArchiveScheduler.scala
View File

@ -47,18 +47,18 @@ object MetricsArchiveScheduler extends MdcLoggable {
def conditionalDeleteMetricsRow() = {
val currentTime = new Date()
val days = APIUtil.getPropsAsLongValue("retain_metrics_days", 60) match {
val days = APIUtil.getPropsAsLongValue("retain_metrics_days", 200) match {
case days if days > 59 => days
case _ => 60
}
val someDaysAgo: Date = new Date(currentTime.getTime - (oneDayInMillis * days))
// Get the data from the table "Metric" older than specified by retain_metrics_days
val canditateMetricRowsToMove = APIMetrics.apiMetrics.vend.getAllMetrics(List(OBPToDate(someDaysAgo)))
canditateMetricRowsToMove map { i =>
val candidateMetricRowsToMove = APIMetrics.apiMetrics.vend.getAllMetrics(List(OBPToDate(someDaysAgo)))
candidateMetricRowsToMove map { i =>
// and copy it to the table "MetricsArchive"
copyRowToMetricsArchive(i)
}
val maybeDeletedRows: List[(Boolean, Long)] = canditateMetricRowsToMove map { i =>
val maybeDeletedRows: List[(Boolean, Long)] = candidateMetricRowsToMove map { i =>
// and delete it after successful coping
MetricArchive.find(By(MetricArchive.metricId, i.getMetricId())) match {
case Full(_) => (MappedMetric.bulkDelete_!!(By(MappedMetric.id, i.getMetricId())), i.getMetricId())

4
obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
View File

@ -410,6 +410,7 @@ class ConsumerRegistration extends MdcLoggable {
s"App name: ${registered.name.get} \n" +
s"App type: ${registered.appType.get} \n" +
s"App description: ${registered.description.get} \n" +
s"App Redirect Url : ${registered.redirectURL} \n" +
s"Consumer Key: ${consumerKeyOrMessage} \n" +
s"Consumer Secret : ${consumerSecretOrMessage} \n" +
s"OAuth Endpoint: ${oauthEndpointUrl} \n" +
@ -454,7 +455,8 @@ class ConsumerRegistration extends MdcLoggable {
s"Email: ${registered.developerEmail.get} \n" +
s"App name: ${registered.name.get} \n" +
s"App type: ${registered.appType.get} \n" +
s"App description: ${registered.description.get}"
s"App description: ${registered.description.get} \n" +
s"App Redirect Url : ${registered.redirectURL}"
//technically doesn't work for all valid email addresses so this will mess up if someone tries to send emails to "foo,bar"@example.com
val to = toAddressesString.split(",").toList