View Javadoc
1   /*
2    * Copyright 2010 James Pether Sörling
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   *	$Id$
17   *  $HeadURL$
18  */
19  package com.hack23.cia.service.impl.action.user;
20  
21  import org.slf4j.Logger;
22  import org.slf4j.LoggerFactory;
23  import org.springframework.beans.factory.annotation.Autowired;
24  import org.springframework.security.access.annotation.Secured;
25  import org.springframework.stereotype.Service;
26  import org.springframework.transaction.annotation.Propagation;
27  import org.springframework.transaction.annotation.Transactional;
28  
29  import com.hack23.cia.model.internal.application.system.impl.ApplicationEventGroup;
30  import com.hack23.cia.model.internal.application.system.impl.ApplicationOperationType;
31  import com.hack23.cia.model.internal.application.user.impl.UserAccount;
32  import com.hack23.cia.service.api.action.application.CreateApplicationEventRequest;
33  import com.hack23.cia.service.api.action.application.CreateApplicationEventResponse;
34  import com.hack23.cia.service.api.action.common.ServiceResponse.ServiceResult;
35  import com.hack23.cia.service.api.action.user.SetGoogleAuthenticatorCredentialRequest;
36  import com.hack23.cia.service.api.action.user.SetGoogleAuthenticatorCredentialResponse;
37  import com.hack23.cia.service.data.api.AgencyDAO;
38  import com.hack23.cia.service.data.api.UserDAO;
39  import com.hack23.cia.service.impl.action.common.AbstractBusinessServiceImpl;
40  import com.hack23.cia.service.impl.action.common.BusinessService;
41  import com.warrenstrange.googleauth.GoogleAuthenticator;
42  import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
43  import com.warrenstrange.googleauth.GoogleAuthenticatorQRGenerator;
44  
45  /**
46   * The Class SetGoogleAuthenticatorCredentialService.
47   */
48  @Service
49  @Transactional(propagation = Propagation.REQUIRED,timeout=600)
50  public final class SetGoogleAuthenticatorCredentialService extends
51  		AbstractBusinessServiceImpl<SetGoogleAuthenticatorCredentialRequest, SetGoogleAuthenticatorCredentialResponse>
52  		implements BusinessService<SetGoogleAuthenticatorCredentialRequest, SetGoogleAuthenticatorCredentialResponse> {
53  
54  	/** The Constant LOGGER. */
55  	private static final Logger LOGGER = LoggerFactory
56  			.getLogger(SetGoogleAuthenticatorCredentialService.class);
57  
58  	/** The create application event service. */
59  	@Autowired
60  	private BusinessService<CreateApplicationEventRequest, CreateApplicationEventResponse> createApplicationEventService;
61  
62  	/** The user dao. */
63  	@Autowired
64  	private UserDAO userDAO;
65  
66  	@Autowired
67  	private AgencyDAO agencyDAO;
68  
69  	/**
70  	 * Instantiates a new sets the google authenticator credential service.
71  	 */
72  	public SetGoogleAuthenticatorCredentialService() {
73  		super(SetGoogleAuthenticatorCredentialRequest.class);
74  	}
75  
76  
77  	@Secured({ "ROLE_USER", "ROLE_ADMIN"})
78  	@Override
79  	public SetGoogleAuthenticatorCredentialResponse processService(
80  			final SetGoogleAuthenticatorCredentialRequest serviceRequest) {
81  
82  		LOGGER.info("{}:{}",serviceRequest.getClass().getSimpleName(),serviceRequest.getSessionId());
83  
84  
85  		final CreateApplicationEventRequest eventRequest = new CreateApplicationEventRequest();
86  		eventRequest.setEventGroup(ApplicationEventGroup.USER);
87  		eventRequest.setApplicationOperation(ApplicationOperationType.CREATE);
88  		eventRequest.setActionName(SetGoogleAuthenticatorCredentialRequest.class.getSimpleName());
89  		eventRequest.setSessionId(serviceRequest.getSessionId());
90  
91  		final UserAccount userAccount = getUserAccountFromSecurityContext();
92  
93  		final SetGoogleAuthenticatorCredentialResponse response = new SetGoogleAuthenticatorCredentialResponse(ServiceResult.SUCCESS);
94  		if (userAccount != null) {
95  
96  			eventRequest.setUserId(userAccount.getUserId());
97  
98  			final GoogleAuthenticator gAuth = new GoogleAuthenticator();
99  			final GoogleAuthenticatorKey gKey = gAuth.createCredentials();
100 
101 			final UserAccount updateUserAccount = userDAO.load(userAccount.getHjid());
102 
103 			updateUserAccount.setGoogleAuthKey(gKey.getKey());
104 			updateUserAccount.setGoogleAuthVerificationCode(gKey.getVerificationCode());
105 			updateUserAccount.setGoogleAuthScratchCodes(gKey.getScratchCodes());
106 			userDAO.merge(updateUserAccount);
107 
108 			final String otpAuthTotpURL = GoogleAuthenticatorQRGenerator.getOtpAuthTotpURL(agencyDAO.getAll().get(0).getAgencyName(), updateUserAccount.getEmail(), gKey);
109 
110 			response.setOtpAuthTotpURL(otpAuthTotpURL);
111 			response.setGoogleAuthKey(gKey.getKey());
112 			response.setGoogleAuthVerificationCode(gKey.getVerificationCode());
113 			response.setGoogleAuthScratchCodes(gKey.getScratchCodes());
114 		}
115 
116 		eventRequest.setApplicationMessage(response.getResult().toString());
117 		createApplicationEventService.processService(eventRequest);
118 
119 		return response;
120 	}
121 
122 
123 
124 }