diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/util/CaptchaHelper.java b/esignet-core/src/main/java/io/mosip/esignet/core/util/CaptchaHelper.java index 342c91f04..041df34c2 100644 --- a/esignet-core/src/main/java/io/mosip/esignet/core/util/CaptchaHelper.java +++ b/esignet-core/src/main/java/io/mosip/esignet/core/util/CaptchaHelper.java @@ -1,3 +1,8 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ package io.mosip.esignet.core.util; import io.mosip.esignet.core.constants.ErrorConstants; @@ -65,13 +70,12 @@ public boolean validateCaptcha(String captchaToken) { return true; } log.error("Errors received from CaptchaService: {}", responseWrapper.getErrors()); //NOSONAR responseWrapper is already evaluated to be not null - throw new EsignetException(ErrorConstants.INVALID_CAPTCHA); } log.error("Errors received from CaptchaService: {}", responseEntity.getStatusCode()); - throw new EsignetException(ErrorConstants.INVALID_CAPTCHA); } catch (Exception e) { - throw new EsignetException(ErrorConstants.INVALID_CAPTCHA); + log.error("Failed to validate captcha", e); } + throw new EsignetException(ErrorConstants.INVALID_CAPTCHA); } } \ No newline at end of file diff --git a/esignet-integration-api/src/main/java/io/mosip/esignet/api/spi/CaptchaValidator.java b/esignet-integration-api/src/main/java/io/mosip/esignet/api/spi/CaptchaValidator.java index d130ecfd5..423d49b6d 100644 --- a/esignet-integration-api/src/main/java/io/mosip/esignet/api/spi/CaptchaValidator.java +++ b/esignet-integration-api/src/main/java/io/mosip/esignet/api/spi/CaptchaValidator.java @@ -5,7 +5,9 @@ */ package io.mosip.esignet.api.spi; +@Deprecated public interface CaptchaValidator { + boolean validateCaptcha(String captchaToken); } diff --git a/esignet-service/src/main/resources/application-dev.properties b/esignet-service/src/main/resources/application-dev.properties deleted file mode 100644 index 545e259af..000000000 --- a/esignet-service/src/main/resources/application-dev.properties +++ /dev/null @@ -1,262 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at https://mozilla.org/MPL/2.0/. - -## ------------------------------------------------- e-Signet ---------------------------------------------------------- -mosip.esignet.misp.license.key=idp-dev-misp-lic-key -mosip.esignet.amr-acr-mapping-file-url=https://raw.githack.com/mosip/mosip-config/develop-v3/amr-acr-mapping.json - -mosip.esignet.supported-id-regex=\\S* -mosip.esignet.id-token-expire-seconds=3600 -mosip.esignet.access-token.expire.seconds=3600 -mosip.esignet.link-code-expire-in-secs=60 -mosip.esignet.authentication-expire-in-secs=60 - -mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ - '${server.servlet.path}/authorization/authenticate', \ - '${server.servlet.path}/authorization/auth-code'} - -#This property is used for captcha validation and allowed values are send-otp and pwd. -#captcha validation is enabled for send-otp and pwd. -mosip.esignet.captcha.required=send-otp,pwd -mosip.esignet.captcha.validator-url=${mosipbox.public.url}${server.servlet.path}/v1/captcha/validatecaptcha -mosip.esignet.captcha.module-name=esignet - -## ------------------------------------------ e-Signet binding --------------------------------------------------------- - -mosip.esignet.binding.salt-length=16 -mosip.esignet.binding.audience-id=esignet-binding -mosip.esignet.binding.key-expire-days=10 - -## -------------------------------------- Authentication & Authorization ----------------------------------------------- - -mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ - \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\ - \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \ - \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}} -mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } -mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } - -mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ - ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ - ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/** - -mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ - ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ - ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ - ${server.servlet.path}/v3/api-docs/** - -spring.security.oauth2.resourceserver.jwt.issuer-uri=https://iam.dev.mosip.net/auth/realms/mosip -spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://iam.dev.mosip.net/auth/realms/mosip/protocol/openid-connect/certs - -##------------------------------------------ Kafka configurations ------------------------------------------------------ -spring.kafka.bootstrap-servers=localhost:9092 -spring.kafka.consumer.group-id=runtime-kafka-registry -spring.kafka.consumer.enable-auto-commit=true -spring.kafka.listener.concurrency=1 - -mosip.esignet.kafka.linked-session.topic=idp-linked -mosip.esignet.kafka.linked-auth-code.topic=idp-consented - -## ------------------------------------------- Integrations ------------------------------------------------------------ - -#Comma separated list of third party packages to scan -mosip.esignet.integration.scan-base-package=io.mosip.esignet.mock.integration - -mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl -mosip.esignet.integration.authenticator=MockAuthenticationService -mosip.esignet.integration.key-binder=MockKeyBindingWrapperService -mosip.esignet.integration.audit-plugin=LoggerAuditService - -#Mock IDA integration props -mosip.esignet.mock.authenticator.get-identity-url=http://localhost:8082/v1/mock-identity-system/identity -mosip.esignet.mock.authenticator.kyc-auth-url=http://localhost:8082/v1/mock-identity-system/kyc-auth -mosip.esignet.mock.authenticator.kyc-exchange-url=http://localhost:8082/v1/mock-identity-system/kyc-exchange -mosip.esignet.mock.authenticator.send-otp=http://localhost:8082/v1/mock-identity-system/send-otp -mosip.esignet.mock.authenticator.ida.otp-channels=email,phone - -#Mock Key binding props -mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} - -## ------------------------------------------ oauth & openid supported values ------------------------------------------ - -## supported scopes -mosip.esignet.supported.authorize.scopes={'resident-service'} -mosip.esignet.supported.openid.scopes={'profile','email','phone'} -mosip.esignet.openid.scope.claims={'profile' : {'name','given_name','middle_name','preferred_username','picture','gender','birthdate','locale','nickname', 'family_name','zoneinfo', 'updated_at','address'},'email' : {'email','email_verified'}, 'phone' : {'phone_number','phone_number_verified'}} - -## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. -mosip.esignet.supported.response.types={'code'} - -## Form of Authorization Grant presented to token endpoint -mosip.esignet.supported.grant.types={'authorization_code'} - -## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User -# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. -# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. -# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. -# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. -mosip.esignet.supported.ui.displays={'page','popup','touch','wap'} - -## specifies whether the Authorization Server prompts the End-User for reauthentication and consent -# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. -# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent -# for the requested Claims or does not fulfill other conditions for processing the request. -# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. -# This can be used as a method to check for existing authentication and/or consent. -# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ -# it MUST return an error, typically login_required. -# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. -# If it cannot obtain consent, it MUST return an error, typically consent_required. -# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User -# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current -# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, -# typically account_selection_required. -mosip.esignet.supported.ui.prompts={'none','login','consent','select_account'} - -## Type of the client assertion -mosip.esignet.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} - -## Type of the client authentication methods for token endpoint -mosip.esignet.supported.client.auth.methods={'private_key_jwt'} - -## JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported -mosip.esignet.supported-pkce-methods={'S256'} - -## ---------------------------------------- Cache configuration -------------------------------------------------------- - -mosip.esignet.cache.secure.individual-id=true -mosip.esignet.cache.store.individual-id=true -mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE -mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding - -mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented - -#spring.cache.type=redis -#spring.cache.cache-names=${mosip.esignet.cache.names} -#spring.redis.host=localhost -#spring.redis.port=6379 - -spring.cache.type=simple -mosip.esignet.cache.key.hash.algorithm=SHA3-256 -mosip.esignet.cache.size={'clientdetails' : 200, 'preauth': 200, 'authenticated': 200, 'authcodegenerated': 200, 'userinfo': 200, \ - 'linkcodegenerated' : 500, 'linked': 200 , 'linkedcode': 200, 'linkedauth' : 200 , 'consented' :200 } -mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, 'preauth': 180, 'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ - 'authcodegenerated': 60, 'userinfo': ${mosip.esignet.access-token.expire.seconds}, 'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ - 'linked': 60 , 'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, 'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, 'consented': 120 } -## ------------------------------------------ Discovery openid-configuration ------------------------------------------- -mosipbox.public.url=http://localhost:8088 -mosip.esignet.discovery.issuer-id=${mosipbox.public.url}${server.servlet.path} - -mosip.esignet.oauth.key-values={'issuer': '${mosipbox.public.url}' ,\ - \ 'authorization_endpoint': '${mosipbox.public.url}${server.servlet.path}/authorize' , \ - \ 'token_endpoint': '${mosipbox.public.url}${server.servlet.path}/oauth/token' , \ - \ 'jwks_uri' : '${mosipbox.public.url}${server.servlet.path}/oauth/jwks.json' , \ - \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ - \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\ - \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ - \ 'response_modes_supported' : { 'query' }, \ - \ 'grant_types_supported' : ${mosip.esignet.supported.grant.types},\ - \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} - -mosip.esignet.discovery.key-values={'issuer': '${mosipbox.public.url}' ,\ - \ 'authorization_endpoint': '${mosipbox.public.url}${server.servlet.path}/authorize' , \ - \ 'token_endpoint': '${mosipbox.public.url}${server.servlet.path}/oauth/token' ,\ - \ 'userinfo_endpoint' : '${mosipbox.public.url}${server.servlet.path}/oidc/userinfo' ,\ - \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ - \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ - \ 'response_modes_supported' : { 'query' }, \ - \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ - \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ - \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ - \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ - \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ - \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ - \ 'claim_types_supported': {'normal'}, \ - \ 'claims_parameter_supported' : true, \ - \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ - \ 'subject_types_supported' : { 'pairwise' }, \ - \ 'claims_supported' : {'iss','sub','acr','name','given_name','middle_name','preferred_username','picture','gender','birthdate','locale','nickname', 'family_name','zoneinfo', 'updated_at','address', 'email','email_verified', 'phone_number','phone_number_verified'}, \ - \ 'acr_values_supported' : {},\ - \ 'request_parameter_supported' : false } - -##----------------------------------------- Database properties -------------------------------------------------------- - -spring.datasource.url=jdbc:postgresql://localhost:5455/mosip_esignet -spring.datasource.username=postgres -spring.datasource.password=mosip123 - -spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect -spring.jpa.show-sql=false -spring.jpa.hibernate.ddl-auto=none -spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true - -#------------------------------------ Key-manager specific properties -------------------------------------------------- -#Crypto asymmetric algorithm name -mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING -#Crypto symmetric algorithm name -mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding -#Keygenerator asymmetric algorithm name -mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA -#Keygenerator symmetric algorithm name -mosip.kernel.keygenerator.symmetric-algorithm-name=AES -#Asymmetric algorithm key length -mosip.kernel.keygenerator.asymmetric-key-length=2048 -#Symmetric algorithm key length -mosip.kernel.keygenerator.symmetric-key-length=256 -#Encrypted data and encrypted symmetric key separator -mosip.kernel.data-key-splitter=#KEY_SPLITTER# -#GCM tag length -mosip.kernel.crypto.gcm-tag-length=128 -#Hash algo name -mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 -#Symmtric key length used in hash -mosip.kernel.crypto.hash-symmetric-key-length=256 -#No of iterations in hash -mosip.kernel.crypto.hash-iteration=100000 -#Sign algo name -mosip.kernel.crypto.sign-algorithm-name=RS256 -#Certificate Sign algo name -mosip.kernel.certificate.sign.algorithm=SHA256withRSA - -mosip.kernel.keymanager.hsm.config-path=local.p12 -mosip.kernel.keymanager.hsm.keystore-type=PKCS12 -mosip.kernel.keymanager.hsm.keystore-pass=local - -mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io -mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER -mosip.kernel.keymanager.certificate.default.organization=IITB -mosip.kernel.keymanager.certificate.default.location=BANGALORE -mosip.kernel.keymanager.certificate.default.state=KA -mosip.kernel.keymanager.certificate.default.country=IN - -mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io -mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP -mosip.kernel.keymanager.softhsm.certificate.organization=IITB -mosip.kernel.keymanager.softhsm.certificate.country=IN - -# Application Id for PMS master key. -mosip.kernel.partner.sign.masterkey.application.id=PMS -mosip.kernel.partner.allowed.domains=DEVICE - -mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate -mosip.kernel.keymanager.jwtsign.validate.json=false -mosip.keymanager.dao.enabled=false -crypto.PrependThumbprint.enable=true - -## -------------------------------------------- IDP-UI config ---------------------------------------------------------- -# NOTE: -# 1. linked-transaction-expire-in-secs value should be a sum of mosip.esignet.authentication-expire-in-secs and linked cache expire in seconds under mosip.esignet.cache.expire-in-seconds property -# 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property - -mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ - 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} - -mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ - 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 2, \ - 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ - 'send.otp.channels':'email,phone', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ - 'consent.screen.timeout-buffer-in-secs': 5, 'sbi.port.range': 4501-4600, 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', \ - 'resend.otp.delay.secs': 120, 'captcha.enable': '', 'captcha.sitekey': '6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI', \ - 'linked-transaction-expire-in-secs': 120, 'wallet.qr-code-buffer-in-secs': 10, 'auth.txnid.length': 10, \ - 'otp.length': 6, 'password.regex': '', 'wallet.qr-code.auto-refresh-limit': 3, 'wallet.config': ${mosip.esignet.ui.wallet.config}} diff --git a/esignet-service/src/main/resources/application-local.properties b/esignet-service/src/main/resources/application-local.properties index dd6147cbf..1eff94338 100644 --- a/esignet-service/src/main/resources/application-local.properties +++ b/esignet-service/src/main/resources/application-local.properties @@ -54,7 +54,7 @@ mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authoriza #This property is used for captcha validation and allowed values are send-otp and pwd. # captcha validation is enabled for the auth-factors - otp, pwd, bio and pin. mosip.esignet.captcha.required=send-otp,pwd,bio,pin -mosip.esignet.captcha.validator-url=${mosipbox.public.url}${server.servlet.path}/v1/captcha/validatecaptcha +mosip.esignet.captcha.validator-url=https://api-internal.dev.mosip.net/v1/captcha/validatecaptcha mosip.esignet.captcha.module-name=esignet mosip.esignet.host=localhost diff --git a/esignet-service/src/test/resources/application-test.properties b/esignet-service/src/test/resources/application-test.properties index d53bd356f..dd133575a 100644 --- a/esignet-service/src/test/resources/application-test.properties +++ b/esignet-service/src/test/resources/application-test.properties @@ -43,7 +43,7 @@ mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authoriza #This property is used for captcha validation and allowed values are send-otp and pwd. #captcha validation is enabled for send-otp and pwd. mosip.esignet.captcha.required=pwd -mosip.esignet.captcha.validator-url=${mosipbox.public.url}${server.servlet.path}/v1/captcha/validatecaptcha +mosip.esignet.captcha.validator-url=https://api-internal.dev.mosip.net/v1/captcha/validatecaptcha mosip.esignet.captcha.module-name=esignet mosip.esignet.host=http://localhost:8088