From 11a9e040923925d2a3009bfc208321c9ea7ad33c Mon Sep 17 00:00:00 2001 From: Devrim Date: Sat, 23 Jul 2022 20:05:28 +0300 Subject: [PATCH] feat: jans-linux-setup Script for Keystroke Authentication (#1853) --- .../extension/update_token/UpdateToken.py | 2 +- .../extension/update_token/UpdateToken.py | 116 ++++++++++++++++++ .../jans_setup/templates/scripts.ldif | 16 +++ 3 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 jans-linux-setup/jans_setup/static/extension/update_token/UpdateToken.py diff --git a/jans-linux-setup/jans_setup/scan/static/extension/update_token/UpdateToken.py b/jans-linux-setup/jans_setup/scan/static/extension/update_token/UpdateToken.py index 6b082c4986e..73833503453 100644 --- a/jans-linux-setup/jans_setup/scan/static/extension/update_token/UpdateToken.py +++ b/jans-linux-setup/jans_setup/scan/static/extension/update_token/UpdateToken.py @@ -91,7 +91,7 @@ def balanceAvailable(self, org_id): http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() - url = self.BILLING_API_URL + "organization_balance?organization_id"+org_id + url = self.BILLING_API_URL + "organization_balance?organization_id="+org_id try: http_service_response = httpService.executeGet(http_client, url) diff --git a/jans-linux-setup/jans_setup/static/extension/update_token/UpdateToken.py b/jans-linux-setup/jans_setup/static/extension/update_token/UpdateToken.py new file mode 100644 index 00000000000..73833503453 --- /dev/null +++ b/jans-linux-setup/jans_setup/static/extension/update_token/UpdateToken.py @@ -0,0 +1,116 @@ +from io.jans.service.cdi.util import CdiUtil +from io.jans.model.custom.script.type.token import UpdateTokenType +from io.jans.as.server.service import SessionIdService +from io.jans.as.server.model.config import ConfigurationFactory +from io.jans.as.server.service import ClientService +from io.jans.as.server.service.net import HttpService +from java.nio.charset import Charset +from org.json import JSONObject +from jakarta.faces.context import FacesContext + +import java +import sys +import os + +class UpdateToken(UpdateTokenType): + def __init__(self, currentTimeMillis): + self.currentTimeMillis = currentTimeMillis + + def init(self, customScript, configurationAttributes): + print "Update token script. Initializing ..." + if (not configurationAttributes.containsKey("BILLING_API_URL")): + print "Update token script. Initialization. Property BILLING_API_URL is not specified" + return False + else: + self.BILLING_API_URL = configurationAttributes.get("BILLING_API_URL").getValue2() + + print "Update token script. Initialized successfully" + + return True + + def destroy(self, configurationAttributes): + print "Update token script. Destroying ..." + print "Update token script. Destroyed successfully" + return True + + def getApiVersion(self): + return 11 + + # Returns boolean, true - indicates that script applied changes + # This method is called after adding headers and claims. Hence script can override them + # Note : + # jsonWebResponse - is JwtHeader, you can use any method to manipulate JWT + # context is reference of io.jans.oxauth.service.external.context.ExternalUpdateTokenContext (in https://github.com/GluuFederation/oxauth project, ) + def modifyIdToken(self, jsonWebResponse, context): + return True + + # Returns boolean, true - indicates that script applied changes. If false is returned token will not be created. + # refreshToken is reference of io.jans.as.server.model.common.RefreshToken (note authorization grant can be taken as context.getGrant()) + # context is reference of io.jans.as.server.service.external.context.ExternalUpdateTokenContext (in https://github.com/JanssenProject/jans-auth-server project, ) + def modifyRefreshToken(self, refreshToken, context): + return True + + # Returns boolean, true - indicates that script applied changes. If false is returned token will not be created. + # accessToken is reference of io.jans.as.server.model.common.AccessToken (note authorization grant can be taken as context.getGrant()) + # context is reference of io.jans.as.server.service.external.context.ExternalUpdateTokenContext (in https://github.com/JanssenProject/jans-auth-server project, ) + def modifyAccessToken(self, accessToken, context): + print "Update token script. Modify AT: " + sessionIdService = CdiUtil.bean(SessionIdService) + sessionId = sessionIdService.getSessionByDn(context.getGrant().getSessionDn()) # fetch from persistence + client_id = sessionId.getSessionAttributes().get("client_id") + + # get org_id from client_id + clientService = CdiUtil.bean(ClientService) + client = clientService.getClient(client_id) + org_id = client.getOrganization() + + # the aud claim is mandatory in the auth header request (by Google API gateway) + facesContext = CdiUtil.bean(FacesContext) + request = facesContext.getExternalContext().getRequest() + accessToken.getHeader().setClaim("aud", request) + + + # query Billing API + return self.balanceAvailable(org_id) + + # context is reference of io.jans.as.server.service.external.context.ExternalUpdateTokenContext (in https://github.com/JanssenProject/jans-auth-server project, ) + def getRefreshTokenLifetimeInSeconds(self, context): + return 0 + + # context is reference of io.jans.as.server.service.external.context.ExternalUpdateTokenContext (in https://github.com/JanssenProject/jans-auth-server project, ) + def getIdTokenLifetimeInSeconds(self, context): + return 0 + + # context is reference of io.jans.as.server.service.external.context.ExternalUpdateTokenContext (in https://github.com/JanssenProject/jans-auth-server project, ) + def getAccessTokenLifetimeInSeconds(self, context): + return 0 + + def balanceAvailable(self, org_id): + httpService = CdiUtil.bean(HttpService) + + http_client = httpService.getHttpsClient() + http_client_params = http_client.getParams() + + url = self.BILLING_API_URL + "organization_balance?organization_id="+org_id + + try: + http_service_response = httpService.executeGet(http_client, url) + http_response = http_service_response.getHttpResponse() + response_bytes = httpService.getResponseContent(http_response) + response_string = httpService.convertEntityToString(response_bytes, Charset.forName("UTF-8")) + json_response = JSONObject(response_string) + httpService.consume(http_response) + print json_response.get("status") + if json_response.get("status") == "true": + return True + else: + print "AT will not be created because balance is negative : %s " % json_response.get("status") + return False + + except: + print "Failed to invoke BILLING_API: ", sys.exc_info()[1] + return False + + + finally: + http_service_response.closeConnection() diff --git a/jans-linux-setup/jans_setup/templates/scripts.ldif b/jans-linux-setup/jans_setup/templates/scripts.ldif index 44c6197303c..bb767f52478 100644 --- a/jans-linux-setup/jans_setup/templates/scripts.ldif +++ b/jans-linux-setup/jans_setup/templates/scripts.ldif @@ -561,3 +561,19 @@ jansProgLng: python jansRevision: 1 jansScr::%(person_authentication_other_forgot_password_forgot_password)s jansScrTyp: person_authentication + +dn: inum=CACD-5902,ou=scripts,o=jans +objectClass: top +objectClass: jansCustomScr +description: Scan Token Update Script +displayName: scan_update_token +inum: CACD-5902 +jansEnabled: false +jansLevel: 100 +jansModuleProperty: {"value1":"v1","value2":"v2","description":""} +jansConfProperty: {"value1":"BILLING_API_URL", "value2":"https://my.billing.api.com/", "hide":false, "description":"URL to billing API"} +jansRevision: 1 +jansScr::%(update_token_updatetoken)s +jansScrTyp: update_token +jansProgLng: python +