From 291caa8c0a3dc0209c284b565ba833a902b9d864 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Tue, 24 Sep 2024 22:31:55 +0200 Subject: [PATCH 1/7] add jdbc authorization service --- .../config/AuthorizationServerConfig.kt | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt index 482e5d05..03181178 100644 --- a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt @@ -23,15 +23,20 @@ import com.vauthenticator.server.oidc.token.IdTokenEnhancer import com.vauthenticator.server.oidc.userinfo.UserInfoEnhancer import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Profile import org.springframework.core.Ordered import org.springframework.core.annotation.Order import org.springframework.data.redis.core.RedisTemplate +import org.springframework.jdbc.core.JdbcTemplate +import org.springframework.jdbc.support.lob.DefaultLobHandler import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.oauth2.jwt.JwtDecoder import org.springframework.security.oauth2.jwt.JwtEncoder import org.springframework.security.oauth2.jwt.NimbusJwtEncoder +import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration @@ -93,11 +98,22 @@ class AuthorizationServerConfig { return ClientAppRegisteredClientRepository(storeClientApplication, clientRepository) } - @Bean - fun oAuth2AuthorizationService(redisTemplate: RedisTemplate): OAuth2AuthorizationService { + @Bean("oAuth2AuthorizationService") + @Profile("!experimental_database_persistence") + fun redisOAuth2AuthorizationService(redisTemplate: RedisTemplate): OAuth2AuthorizationService { return RedisOAuth2AuthorizationService(redisTemplate) } + + @Bean("oAuth2AuthorizationService") + @Profile("experimental_database_persistence") + fun jdbcOAuth2AuthorizationService( + jdbcTemplate : JdbcTemplate, + registeredClientRepository : RegisteredClientRepository + ): OAuth2AuthorizationService { + return JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository, DefaultLobHandler()) + } + @Bean fun providerSettings(): AuthorizationServerSettings = AuthorizationServerSettings.builder().issuer(oidcIss).build() From f47b320d12a2648df960bca967678e4784417e5b Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Wed, 25 Sep 2024 17:49:07 +0200 Subject: [PATCH 2/7] add docker compose volume add authorization service postgres tables add sms as new MFA feature --- README.md | 1 + local-environment/docker-compose.yml | 5 ++++ src/main/resources/data/schema.sql | 37 ++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/README.md b/README.md index 123dcfdd..e58ddd9a 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ Right now it is based, as said before to the latest version on spring oauth2/ope - access_token/id_token customization via lambda, see [here](docs/lambda.md) for more details - MFA - mail + - sms - see [here](docs/mfa.md) for more details - Post login flow - force to reset password diff --git a/local-environment/docker-compose.yml b/local-environment/docker-compose.yml index d8eb2117..0a008abc 100644 --- a/local-environment/docker-compose.yml +++ b/local-environment/docker-compose.yml @@ -3,6 +3,8 @@ version: "3.8" services: postgres: image: postgres:14-alpine + volumes: + - ./postgresql:/var/lib/postgresql ports: - "5432:5432" environment: @@ -15,7 +17,10 @@ services: - "4566-4599:4566-4599" - "${PORT_WEB_UI-8050}:${PORT_WEB_UI-8080}" environment: + - PERSISTENCE=1 - SERVICES=s3,kms,dynamodb,iam,sts,sns + volumes: + - ./localstack:/var/lib/localstack redis: image: redis ports: diff --git a/src/main/resources/data/schema.sql b/src/main/resources/data/schema.sql index 5b6144ce..f817a1f1 100644 --- a/src/main/resources/data/schema.sql +++ b/src/main/resources/data/schema.sql @@ -36,3 +36,40 @@ CREATE TABLE ACCOUNT_ROLE FOREIGN KEY (account_username) REFERENCES ACCOUNT(username) on delete cascade, FOREIGN KEY (role_name) REFERENCES ROLE (name) on delete cascade ); + +CREATE TABLE oauth2_authorization ( + id varchar(100) NOT NULL, + registered_client_id varchar(100) NOT NULL, + principal_name varchar(200) NOT NULL, + authorization_grant_type varchar(100) NOT NULL, + authorized_scopes varchar(1000) DEFAULT NULL, + attributes text DEFAULT NULL, + state varchar(500) DEFAULT NULL, + authorization_code_value text DEFAULT NULL, + authorization_code_issued_at timestamp DEFAULT NULL, + authorization_code_expires_at timestamp DEFAULT NULL, + authorization_code_metadata text DEFAULT NULL, + access_token_value text DEFAULT NULL, + access_token_issued_at timestamp DEFAULT NULL, + access_token_expires_at timestamp DEFAULT NULL, + access_token_metadata text DEFAULT NULL, + access_token_type varchar(100) DEFAULT NULL, + access_token_scopes varchar(1000) DEFAULT NULL, + oidc_id_token_value text DEFAULT NULL, + oidc_id_token_issued_at timestamp DEFAULT NULL, + oidc_id_token_expires_at timestamp DEFAULT NULL, + oidc_id_token_metadata text DEFAULT NULL, + refresh_token_value text DEFAULT NULL, + refresh_token_issued_at timestamp DEFAULT NULL, + refresh_token_expires_at timestamp DEFAULT NULL, + refresh_token_metadata text DEFAULT NULL, + user_code_value text DEFAULT NULL, + user_code_issued_at timestamp DEFAULT NULL, + user_code_expires_at timestamp DEFAULT NULL, + user_code_metadata text DEFAULT NULL, + device_code_value text DEFAULT NULL, + device_code_issued_at timestamp DEFAULT NULL, + device_code_expires_at timestamp DEFAULT NULL, + device_code_metadata text DEFAULT NULL, + PRIMARY KEY (id) +); From 91208a4c562fa91ee428523f9fecc870f961289f Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 28 Sep 2024 00:06:41 +0200 Subject: [PATCH 3/7] fix test setup --- .../kotlin/com/vauthenticator/server/support/JdbcUtils.kt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/test/kotlin/com/vauthenticator/server/support/JdbcUtils.kt b/src/test/kotlin/com/vauthenticator/server/support/JdbcUtils.kt index 15e85057..167e1e51 100644 --- a/src/test/kotlin/com/vauthenticator/server/support/JdbcUtils.kt +++ b/src/test/kotlin/com/vauthenticator/server/support/JdbcUtils.kt @@ -1,11 +1,14 @@ package com.vauthenticator.server.support import org.postgresql.Driver +import org.slf4j.Logger +import org.slf4j.LoggerFactory import org.springframework.jdbc.core.JdbcTemplate import org.springframework.jdbc.datasource.SimpleDriverDataSource import java.nio.file.Files import java.nio.file.Paths +val logger: Logger = LoggerFactory.getLogger(JdbcUtils::class.java) object JdbcUtils { @@ -24,9 +27,10 @@ object JdbcUtils { jdbcTemplate.execute("DROP TABLE IF EXISTS ROLE CASCADE;") jdbcTemplate.execute("DROP TABLE IF EXISTS ACCOUNT CASCADE;") jdbcTemplate.execute("DROP TABLE IF EXISTS ACCOUNT_ROLE;") + jdbcTemplate.execute("DROP TABLE IF EXISTS oauth2_authorization;") jdbcTemplate.execute(Files.readString(Paths.get("src/main/resources/data/schema.sql"))) } catch (e: java.lang.Exception) { - println(e) + logger.error(e.message) } } From 7bcc84f4fa1238771b4c2edaf923a06f1669cf95 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 6 Oct 2024 14:28:06 +0200 Subject: [PATCH 4/7] add local user access key in the init script --- local-environment/local-initializer/init.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/local-environment/local-initializer/init.sh b/local-environment/local-initializer/init.sh index 1e3b44e9..06ebd669 100755 --- a/local-environment/local-initializer/init.sh +++ b/local-environment/local-initializer/init.sh @@ -14,4 +14,8 @@ echo "DYNAMO_DB_ENDPOINT: $DYNAMO_DB_ENDPOINT" python3 key_setup.py $MASTER_KEY $TABLES_SUFFIX python3 setup.py admin@email.com $TABLES_SUFFIX -python3 database_setup.py admin@email.com host.docker.internal \ No newline at end of file +python3 database_setup.py admin@email.com host.docker.internal + +aws iam create-access-key --user-name vauthenticator-local-dev --endpoint http://localhost:4566 > user-access-key.json +echo "Local User IAM VAuthenticator AccessKeyId: "$(cat user-access-key.json | jq -r .AccessKey.AccessKeyId) +echo "Local User IAM VAuthenticator SecretAccessKey: "$(cat user-access-key.json | jq -r .AccessKey.SecretAccessKey) \ No newline at end of file From e545ecab930605f6bc4ce6262538dab51302e74d Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 6 Oct 2024 14:39:36 +0200 Subject: [PATCH 5/7] add jq in the tenant installer docker image --- tenant-installer.Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tenant-installer.Dockerfile b/tenant-installer.Dockerfile index a7e47f06..307603f9 100644 --- a/tenant-installer.Dockerfile +++ b/tenant-installer.Dockerfile @@ -4,7 +4,8 @@ RUN yum install -y yum-utils && \ yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo && \ yum -y install terraform && \ yum update && yum install -y python3-pip && \ - yum install -y unzip + yum install -y unzip && \ + yum install -y jq RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \ unzip awscliv2.zip && \ From 0d2e8aa32b366c9853471746cfb08f0cc8fabb88 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 6 Oct 2024 14:47:14 +0200 Subject: [PATCH 6/7] fix localhost with host.docker.internal --- local-environment/local-initializer/init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/local-environment/local-initializer/init.sh b/local-environment/local-initializer/init.sh index 06ebd669..883326e1 100755 --- a/local-environment/local-initializer/init.sh +++ b/local-environment/local-initializer/init.sh @@ -16,6 +16,6 @@ python3 key_setup.py $MASTER_KEY $TABLES_SUFFIX python3 setup.py admin@email.com $TABLES_SUFFIX python3 database_setup.py admin@email.com host.docker.internal -aws iam create-access-key --user-name vauthenticator-local-dev --endpoint http://localhost:4566 > user-access-key.json +aws iam create-access-key --user-name vauthenticator-local-dev --endpoint http://host.docker.internal:4566 > user-access-key.json echo "Local User IAM VAuthenticator AccessKeyId: "$(cat user-access-key.json | jq -r .AccessKey.AccessKeyId) echo "Local User IAM VAuthenticator SecretAccessKey: "$(cat user-access-key.json | jq -r .AccessKey.SecretAccessKey) \ No newline at end of file From 5c8343d6523c3a4646ae59bc1b66062bff38271e Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 6 Oct 2024 17:24:17 +0200 Subject: [PATCH 7/7] - doc update - launcher updates --- .run/VAuthenticatorApplication.run.xml | 5 +++++ local-environment/readme.md | 9 ++------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.run/VAuthenticatorApplication.run.xml b/.run/VAuthenticatorApplication.run.xml index b3c5f07b..c7e42a99 100644 --- a/.run/VAuthenticatorApplication.run.xml +++ b/.run/VAuthenticatorApplication.run.xml @@ -11,6 +11,11 @@