Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MOSIP-31314 otp validation security fix #1190

Merged
merged 28 commits into from
Feb 9, 2024
Merged

MOSIP-31314 otp validation security fix #1190

Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
a72c124
WIP added OTP freezing logic
Feb 5, 2024
393a2c3
Added test cases
Feb 6, 2024
b07d219
Added sendotp test cases
Feb 7, 2024
6b9c13b
Merge remote-tracking branch 'upstream/develop' into MOSIP-31314-otp-…
Feb 7, 2024
03d93bf
Updated db scripts to index refid but not otphash
Feb 7, 2024
4a1d1db
Minor refectoring
Feb 7, 2024
5a3db6c
Corrected otp freezing property names
Feb 7, 2024
054dc6d
Correction to the OTP frozen message
Feb 7, 2024
bd45eca
Correction to the OTP frozen message
Feb 7, 2024
3a5a593
Correction to the OTP frozen message
Feb 7, 2024
671490c
Added validation on frozen error message
Feb 7, 2024
9c2af4c
Minor refactoring
Feb 7, 2024
40979b7
Added javadocs
Feb 7, 2024
a0bec18
Fixed test failure
Feb 7, 2024
0cda197
Merge branch 'develop' of https://github.com/mosip/id-authentication …
Feb 7, 2024
a0a73c1
Avoided nested if elses for exceptions in else block
Feb 8, 2024
ea47be4
Fixed otp error message
Feb 8, 2024
770cd5a
Applied review comments
Feb 8, 2024
60211ae
Minor jdoc update
Feb 8, 2024
60ababe
Fix to saving entity
Feb 9, 2024
0d035d4
Merge remote-tracking branch 'upstream/develop' into MOSIP-31314-otp-…
Feb 9, 2024
fa78e20
Fix for the JPA query method
Feb 9, 2024
30efaf3
Fix for the JPA query method
Feb 9, 2024
5ea55ac
Fix for the JPA query method
Feb 9, 2024
89f76bb
Minor fix to OTP generation time setting
Feb 9, 2024
f1f4583
Merge remote-tracking branch 'upstream/develop' into MOSIP-31314-otp-…
Feb 9, 2024
b4991ec
Merge remote-tracking branch 'upstream/develop' into MOSIP-31314-otp-…
Feb 9, 2024
06bcf96
Fix to updating generated dtimes
Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 22 additions & 11 deletions ...n-common/src/main/java/io/mosip/authentication/common/service/integration/OTPManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,17 +118,28 @@ public boolean sendOtp(OtpRequestDTO otpRequestDTO, String idvid, String idvidTy
+ EnvUtil.getKeySplitter() + otpRequestDTO.getTransactionID()
+ EnvUtil.getKeySplitter() + otp).getBytes());

OtpTransaction txn = new OtpTransaction();
txn.setId(UUID.randomUUID().toString());
txn.setRefId(securityManager.hash(otpRequestDTO.getIndividualId()));
txn.setOtpHash(otpHash);
txn.setCrBy(securityManager.getUser());
txn.setGeneratedDtimes(otpGenerationTime);
txn.setCrDtimes(otpGenerationTime);
txn.setExpiryDtimes(otpGenerationTime.plusSeconds(
EnvUtil.getOtpExpiryTime()));
txn.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
otpRepo.save(txn);
OtpTransaction otpTxn;
if (otpEntityOpt.isPresent()
&& (otpTxn = otpEntityOpt.get()).getStatusCode().equals(IdAuthCommonConstants.ACTIVE_STATUS)) {
otpTxn.setOtpHash(otpHash);
otpTxn.setUpdBy(securityManager.getUser());
otpTxn.setUpdDTimes(otpGenerationTime);
otpTxn.setGeneratedDtimes(otpGenerationTime);
otpTxn.setExpiryDtimes(otpGenerationTime.plusSeconds(EnvUtil.getOtpExpiryTime()));
otpRepo.save(otpTxn);
} else {
OtpTransaction txn = new OtpTransaction();
txn.setId(UUID.randomUUID().toString());
txn.setRefId(securityManager.hash(otpRequestDTO.getIndividualId()));
txn.setOtpHash(otpHash);
txn.setCrBy(securityManager.getUser());
txn.setCrDtimes(otpGenerationTime);
txn.setGeneratedDtimes(otpGenerationTime);
txn.setExpiryDtimes(otpGenerationTime.plusSeconds(
EnvUtil.getOtpExpiryTime()));
txn.setStatusCode(IdAuthCommonConstants.ACTIVE_STATUS);
otpRepo.save(txn);
}

String notificationProperty = null;
notificationProperty = otpRequestDTO
Expand Down
Loading