Implement qr mobile flow Created /codeStatus endpoint as expected by mobile apps to report their status to the server
Change /accessnumber to /access and implement the new flow of reporting statuses to the MPin-pad Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/commit/2dfaec0f Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/tree/2dfaec0f Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/diff/2dfaec0f Branch: refs/heads/master Commit: 2dfaec0fc9b112ed1d6d0581c6bbb48ec0336b06 Parents: 89ec87d Author: Pavlin Angelov <[email protected]> Authored: Tue Jun 7 14:15:32 2016 +0300 Committer: Pavlin Angelov <[email protected]> Committed: Wed Jun 8 17:45:40 2016 +0300 ---------------------------------------------------------------------- servers/rps/mobile_flow.py | 52 ++++++++++++++++++++++++++++++++++++ servers/rps/rps.py | 59 ++++++++++++++++++++++++++--------------- 2 files changed, 89 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/2dfaec0f/servers/rps/mobile_flow.py ---------------------------------------------------------------------- diff --git a/servers/rps/mobile_flow.py b/servers/rps/mobile_flow.py index 638b115..27db65e 100644 --- a/servers/rps/mobile_flow.py +++ b/servers/rps/mobile_flow.py @@ -52,3 +52,55 @@ class MobileFlow: } return params + + def update_app_status(self, data): + mobile_status = data.get('status') + params = { + 'Status': 'OK' + } + + # Keyfind + keyAuth = self.storage.find(stage="auth", wid=data.get('wid')) + if not keyAuth: + return params + + userId = data.get('userId') + + keyAuth.update(mobile_status=mobile_status, userId=userId) + + if mobile_status == "wid": + params = { + 'PrerollId': "", # We don't use it at the moment + 'AppName': options.serviceName, + 'AppLogoUrl': options.serviceIconUrl, + } + + return params + + def get_app_status(self, webOTT): + params = { + 'status': "new", + 'statusCode': 0, + 'userId': "", + 'redirectURL': "", + 'authOTT': "" + } + + I = self.storage.find(stage="auth", webOTT=webOTT) + if not I: + log.debug("Cannot find webOTT: {0}".format(webOTT)) + params['status'] = 'expired' + return params + + if I.mobile_status: + params['status'] = I.mobile_status + + if I.mobile_status == 'user' and I.userId: + params['userId'] = I.userId + + authOTT = I.authOTT + if authOTT and (str(I.status) == "200"): + params['status'] = 'authenticate' + params['authOTT'] = authOTT + + return params http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-server/blob/2dfaec0f/servers/rps/rps.py ---------------------------------------------------------------------- diff --git a/servers/rps/rps.py b/servers/rps/rps.py index 12986dd..81aace9 100755 --- a/servers/rps/rps.py +++ b/servers/rps/rps.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/en python # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file @@ -317,11 +317,12 @@ class ClientSettingsHandler(BaseHandler): } if not options.requestOTP: - params["accessNumberURL"] = "{0}/accessnumber".format(baseURL) + params["accessNumberURL"] = "{0}/access".format(baseURL) params["getAccessNumberURL"] = "{0}/getAccessNumber".format(baseURL) if options.mobileUseNative: params["getQrUrl"] = "{0}/getQrUrl".format(baseURL) + params["codeStatusURL"] = "{0}/codeStatus".format(baseURL) self.write(params) self.finish() @@ -722,7 +723,7 @@ class RPSGetQrUrlHandler(BaseHandler): self.finish() -class RPSAccessNumberHandler(BaseHandler): +class RPSAccessHanler(BaseHandler): @tornado.web.asynchronous @tornado.gen.engine def post(self): @@ -736,25 +737,10 @@ class RPSAccessNumberHandler(BaseHandler): self.finish() return - I = self.storage.find(stage="auth", webOTT=webOTT) - if not I: - log.debug("Cannot find webOTT: {0}".format(webOTT)) - - self.set_status(404) - self.finish() - return + params = MobileFlow(self.application, self.storage).get_app_status(webOTT) - authOTT = I.authOTT - if authOTT and (str(I.status) == "200"): - self.write({"authOTT": authOTT}) - self.finish() - else: - if not authOTT: - log.debug("authOTT not set for webOTT: {0}".format(webOTT)) - else: - log.debug("Auth status for webOTT: {0}: {1}".format(webOTT, I.status)) - self.set_status(401) - self.finish() + self.write(params) + self.finish() class RPSAuthenticateHandler(BaseHandler): @@ -1528,6 +1514,34 @@ class MobileConfigHandler(BaseHandler): self.write(json.dumps(options.mobileConfig)) +class RPSCodeStatusHandler(BaseHandler): + @tornado.web.asynchronous + @tornado.gen.engine + def post(self): + try: + data = json.loads(self.request.body) + data['status'] + except ValueError: + log.error("Cannot decode body as JSON.") + log.debug(self.request.body) + self.set_status(400, reason="BAD REQUEST. INVALID JSON") + self.finish() + return + except KeyError: + log.error("Invalid JSON data structure") + log.debug(data) + self.set_status(400, reason="BAD REQUEST. INVALID DATA") + self.finish() + return + + mobileFlow = MobileFlow(self.application, self.storage) + params = mobileFlow.update_app_status(data) + + self.set_status(200, 'OK') + self.write(params) + self.finish() + + # MAIN class Application(tornado.web.Application): def __init__(self): @@ -1538,9 +1552,10 @@ class Application(tornado.web.Application): (r"/{0}/signature/([0-9A-Fa-f]+)".format(rpsPrefix), RPSSignatureHandler), # GET (r"/{0}/timePermit/([0-9A-Fa-f]+)".format(rpsPrefix), RPSTimePermitHandler), # GET (r"/{0}/setupDone/([0-9A-Fa-f]+)".format(rpsPrefix), RPSSetupDoneHandler), # POST - (r"/{0}/accessnumber".format(rpsPrefix), RPSAccessNumberHandler), # POST + (r"/{0}/access".format(rpsPrefix), RPSAccessHanler), # POST (r"/{0}/getAccessNumber".format(rpsPrefix), RPSGetAccessNumberHandler), # POST (r"/{0}/getQrUrl".format(rpsPrefix), RPSGetQrUrlHandler), # POST + (r"/{0}/codeStatus".format(rpsPrefix), RPSCodeStatusHandler), # POST (r"/{0}/clientSettings".format(rpsPrefix), ClientSettingsHandler), (r"/{0}/authenticate".format(rpsPrefix), RPSAuthenticateHandler), # POST, for mobile login # Authentication
