From 31a5c252509bec97761756631a488feb59ab274f Mon Sep 17 00:00:00 2001 From: Michael Mroz Date: Thu, 16 Mar 2017 15:21:58 +1100 Subject: [PATCH 1/3] Exposed transaction properties, added a new enrollment confirmation method --- .../java/com/auth0/guardian/Guardian.java | 33 +++++++++++++++++++ .../java/com/auth0/guardian/Transaction.java | 4 +-- .../java/com/auth0/guardian/GuardianTest.java | 2 +- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/auth0/guardian/Guardian.java b/src/main/java/com/auth0/guardian/Guardian.java index ce3fee0..42f67e9 100644 --- a/src/main/java/com/auth0/guardian/Guardian.java +++ b/src/main/java/com/auth0/guardian/Guardian.java @@ -86,6 +86,9 @@ public Transaction requestEnroll(String ticket, EnrollmentType type) * transaction initiated with {@link EnrollmentType#TOTP()}) or when the user received the OTP code delivered to his * phone number by SMS (for a transaction initiated with {@link EnrollmentType#SMS(String)}). * + * This method can be used in stateful applications where a {@link Transaction} is preserved in memory between user + * interactions. + * * @param transaction the enrollment transaction * @param otp the code obtained from the TOTP app or delivered to the phone number by SMS * @return extra information about the enrollment, like the recovery code @@ -108,4 +111,34 @@ public Enrollment confirmEnroll(Transaction transaction, String otp) return new Enrollment(transaction.getRecoveryCode()); } + + /** + * Confirms an enrollment started with {@link Guardian#requestEnroll(String, EnrollmentType)}. + *

+ * Use this method to confirm an enrollment transaction once the user scanned the QR code with a TOTP app (for a + * transaction initiated with {@link EnrollmentType#TOTP()}) or when the user received the OTP code delivered to his + * phone number by SMS (for a transaction initiated with {@link EnrollmentType#SMS(String)}). + * + * This method can be used in stateless applications where {@link Transaction} may not be preserved between user + * interactions. + * + * @param transactionToken the token associated with the transaction to confirm. + * @param otp the code obtained from the TOTP app or delivered to the phone number by SMS + * @throws IOException when there's a connection issue + * @throws IllegalArgumentException when the transaction is not valid + * @throws GuardianException when there's a Guardian specific issue (invalid otp for example) + */ + public void confirmEnrollStateless(String transactionToken, String otp) + throws IOException, IllegalArgumentException, GuardianException { + if (transactionToken == null) { + throw new IllegalArgumentException("Invalid enrollment transaction"); + } + if (otp == null) { + throw new IllegalArgumentException("Invalid OTP"); + } + + apiClient + .verifyOTP(transactionToken, otp) + .execute(); + } } diff --git a/src/main/java/com/auth0/guardian/Transaction.java b/src/main/java/com/auth0/guardian/Transaction.java index bf942c4..d22e0fd 100644 --- a/src/main/java/com/auth0/guardian/Transaction.java +++ b/src/main/java/com/auth0/guardian/Transaction.java @@ -48,11 +48,11 @@ public class Transaction implements Serializable { this.otpSecret = otpSecret; } - String getTransactionToken() { + public String getTransactionToken() { return transactionToken; } - String getRecoveryCode() { + public String getRecoveryCode() { return recoveryCode; } diff --git a/src/test/java/com/auth0/guardian/GuardianTest.java b/src/test/java/com/auth0/guardian/GuardianTest.java index 4ddfcc0..7a87b79 100644 --- a/src/test/java/com/auth0/guardian/GuardianTest.java +++ b/src/test/java/com/auth0/guardian/GuardianTest.java @@ -240,7 +240,7 @@ public void shouldFailConfirmationWhenTransationIsNull() throws Exception { server.emptyResponse(); guardian - .confirmEnroll(null, OTP_CODE); + .confirmEnroll((Transaction)null, OTP_CODE); } @Test From ac2abdf40a8e568a54821a44335864003299de4d Mon Sep 17 00:00:00 2001 From: Michael Mroz Date: Mon, 20 Mar 2017 09:57:58 +1100 Subject: [PATCH 2/3] Revised comments and name for confirmation overload, added tests --- .../java/com/auth0/guardian/Guardian.java | 9 ++-- .../java/com/auth0/guardian/GuardianTest.java | 53 +++++++++++++++++++ 2 files changed, 56 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/auth0/guardian/Guardian.java b/src/main/java/com/auth0/guardian/Guardian.java index 42f67e9..fb3055f 100644 --- a/src/main/java/com/auth0/guardian/Guardian.java +++ b/src/main/java/com/auth0/guardian/Guardian.java @@ -86,9 +86,6 @@ public Transaction requestEnroll(String ticket, EnrollmentType type) * transaction initiated with {@link EnrollmentType#TOTP()}) or when the user received the OTP code delivered to his * phone number by SMS (for a transaction initiated with {@link EnrollmentType#SMS(String)}). * - * This method can be used in stateful applications where a {@link Transaction} is preserved in memory between user - * interactions. - * * @param transaction the enrollment transaction * @param otp the code obtained from the TOTP app or delivered to the phone number by SMS * @return extra information about the enrollment, like the recovery code @@ -119,8 +116,8 @@ public Enrollment confirmEnroll(Transaction transaction, String otp) * transaction initiated with {@link EnrollmentType#TOTP()}) or when the user received the OTP code delivered to his * phone number by SMS (for a transaction initiated with {@link EnrollmentType#SMS(String)}). * - * This method can be used in stateless applications where {@link Transaction} may not be preserved between user - * interactions. + * This overload is intended for stateless applications where {@link java.io.Serializable} is not acceptable, + * avoiding the necessity of utilising poor practises to preserve {@link Transaction} between user actions. * * @param transactionToken the token associated with the transaction to confirm. * @param otp the code obtained from the TOTP app or delivered to the phone number by SMS @@ -128,7 +125,7 @@ public Enrollment confirmEnroll(Transaction transaction, String otp) * @throws IllegalArgumentException when the transaction is not valid * @throws GuardianException when there's a Guardian specific issue (invalid otp for example) */ - public void confirmEnrollStateless(String transactionToken, String otp) + public void confirmEnroll(String transactionToken, String otp) throws IOException, IllegalArgumentException, GuardianException { if (transactionToken == null) { throw new IllegalArgumentException("Invalid enrollment transaction"); diff --git a/src/test/java/com/auth0/guardian/GuardianTest.java b/src/test/java/com/auth0/guardian/GuardianTest.java index 7a87b79..0835b01 100644 --- a/src/test/java/com/auth0/guardian/GuardianTest.java +++ b/src/test/java/com/auth0/guardian/GuardianTest.java @@ -264,4 +264,57 @@ public void shouldFailConfirmationWhenOtpIsNull() throws Exception { guardian .confirmEnroll(new Transaction("TRANSACTION_TOKEN", null, null), null); } + + @Test + public void shouldConfirmEnrollOverload() throws Exception { + server.jsonResponse(MockServer.START_FLOW_VALID, 201); + server.emptyResponse(); + + Transaction transaction = guardian + .requestEnroll(ENROLLMENT_TICKET, EnrollmentType.TOTP()); + + guardian + .confirmEnroll(transaction.getTransactionToken(), OTP_CODE); + + RecordedRequest startFlowRequest = server.takeRequest(); + + assertThat(startFlowRequest, hasMethodAndPath("POST", "/api/start-flow")); + assertThat(startFlowRequest, hasHeader("Content-Type", "application/json; charset=utf-8")); + assertThat(startFlowRequest, hasHeader("Authorization", "Ticket id=\"ENROLLMENT_TICKET\"")); + + Map startFlowBody = bodyFromRequest(startFlowRequest); + assertThat(startFlowBody, hasEntry("state_transport", (Object) "polling")); + + RecordedRequest verifyOtpRequest = server.takeRequest(); + + assertThat(verifyOtpRequest, hasMethodAndPath("POST", "/api/verify-otp")); + assertThat(verifyOtpRequest, hasHeader("Content-Type", "application/json; charset=utf-8")); + assertThat(verifyOtpRequest, hasHeader("Authorization", "Bearer THE_TRANSACTION_TOKEN")); + + Map verifyOtpBody = bodyFromRequest(verifyOtpRequest); + assertThat(verifyOtpBody, hasEntry("type", (Object) "manual_input")); + assertThat(verifyOtpBody, hasEntry("code", (Object) "OTP_CODE")); + } + + @Test + public void shouldFailConfirmationOverloadWhenNoTokenIsProvided() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("Invalid enrollment transaction"); + + server.emptyResponse(); + + guardian + .confirmEnroll((String)null, OTP_CODE); + } + + @Test + public void shouldFailConfirmationOverloadWhenOtpIsNull() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("Invalid OTP"); + + server.emptyResponse(); + + guardian + .confirmEnroll("TRANSACTION_TOKEN", null); + } } \ No newline at end of file From 434ea3ba0edcfb703f032c489c192f27ebf46abf Mon Sep 17 00:00:00 2001 From: Hernan Zalazar Date: Fri, 24 Mar 2017 19:17:26 -0300 Subject: [PATCH 3/3] Release 0.1.0 --- CHANGELOG.md | 8 +++++++- README.md | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b28f36c..97d3ab5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## [0.1.0](https://github.com/auth0/Guardian.java/tree/0.1.0) (2017-03-24) +[Full Changelog](https://github.com/auth0/Guardian.java/compare/0.0.1...0.1.0) + +**Changed** +- Exposed `protected` Transaction data [\#3](https://github.com/auth0/Guardian.java/pull/3) ([mirichan](https://github.com/mirichan)) + ## [0.0.1](https://github.com/auth0/Guardian.java/tree/0.0.1) (2017-03-10) First release of Guardian for Java @@ -103,4 +109,4 @@ try { // some other guardian error, check the message } } -``` \ No newline at end of file +``` diff --git a/README.md b/README.md index 0ea02c2..b554290 100644 --- a/README.md +++ b/README.md @@ -16,14 +16,14 @@ Get Guardian Java via Maven: com.auth0 guardian - 0.0.1 + 0.1.0 ``` or Gradle: ```gradle -compile 'com.auth0:guardian:0.0.1' +compile 'com.auth0:guardian:0.1.0' ``` ## Usage