Examples with MobileIDSession com.codeborne.security.mobileid.MobileIDSession used on opensource projects

Example 1 with MobileIDSession

use of com.codeborne.security.mobileid.MobileIDSession in project account-identity by cryptofiat.

the class AccountMapperController method authorizeMobileIdAndCreateAccountIdentityMapping.

@ApiOperation(value = "[Mobile ID polling endpoint] Validate authorisation, store new account-identity mapping and activate ethereum account")
@RequestMapping(method = POST, value = "/accounts", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<AccountActivationResponse> authorizeMobileIdAndCreateAccountIdentityMapping(@Valid @RequestBody PollCommand pollCommand) throws IOException, JSONException {
    PendingAuthorisation pendingAuthorisation = pendingAuthorisationService.findByAuthIdentifier(pollCommand.getAuthIdentifier());
    AccountActivationResponse.AccountActivationResponseBuilder responseBuilder = AccountActivationResponse.getBuilderForAuthType(AuthorisationType.MOBILE_ID);
    if (pendingAuthorisation == null) {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    MobileIDSession mobileIDSession = MobileIDSession.fromString(pendingAuthorisation.getSerialisedMobileIdSession());
    String accountAddress = pendingAuthorisation.getAddress();
    if (mobileIDSession == null || accountAddress == null) {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    responseBuilder.ownerId(mobileIDSession.personalCode);
    // TODO: Make a better API here, so that the client would not have to submit the signature every time.
    if (StringUtils.hasText(pollCommand.getSignature())) {
        // TODO: Remove this if-statement when client-side is finished (i.e., make signatures mandatory)
        if (!pendingAuthorisation.verifyChallengeSignedByEthereumAccountHolder(pollCommand.getSignatureParsedForm())) {
            return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_INVALID_SIGNATURE.name()).build(), HttpStatus.OK);
        }
    }
    // Check if authenticated
    if (mobileIdAuthService.isLoginComplete(mobileIDSession)) {
        pendingAuthorisationService.expire(pendingAuthorisation);
    } else {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_PENDING.name()).build(), HttpStatus.OK);
    }
    EthereumAccount newAccount;
    String txHash = new String();
    try {
        newAccount = accountManagementService.storeNewAccount(accountAddress, mobileIDSession.personalCode, AuthorisationType.MOBILE_ID);
        if (accountActivationEnabled) {
            txHash = ethereumService.activateEthereumAccount(accountAddress);
        }
    } catch (Exception e) {
        log.error("Login failure", e);
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    accountManagementService.markActivated(newAccount, txHash);
    return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_SUCCESS.name()).transactionHash(txHash).escrowTransfers(clearEscrow(newAccount)).build(), HttpStatus.OK);
}

Example 2 with MobileIDSession

use of com.codeborne.security.mobileid.MobileIDSession in project account-identity by cryptofiat.

the class MobileIdAuthService method startLogin.

public MobileIDSession startLogin(String phoneNumber) {
    MobileIDSession mobileIDSession = mid.startLogin(phoneNumber);
    log.info("Mobile ID authentication with challenge " + mobileIDSession.challenge + " sent to " + phoneNumber);
    return mobileIDSession;
}

Example 3 with MobileIDSession

use of com.codeborne.security.mobileid.MobileIDSession in project account-identity by cryptofiat.

the class MobileIdAuthService method fullLogin.

public MobileIDSession fullLogin(String phoneNumber) {
    MobileIDSession mobileIDSession;
    try {
        mobileIDSession = startLogin(phoneNumber);
        waitForLogin(mobileIDSession);
    } catch (AuthenticationException e) {
        e.printStackTrace();
        log.info("Mobile ID authentication failed" + e.getMessage());
        return null;
    }
    return mobileIDSession;
}

Example 4 with MobileIDSession

use of com.codeborne.security.mobileid.MobileIDSession in project account-identity by cryptofiat.

the class AccountMapperController method authenticate.

@ApiOperation(value = "Initiate authorisation")
@RequestMapping(method = POST, value = "/authorisations", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<AuthenticateResponse> authenticate(@Valid @RequestBody AuthenticateCommand authenticateCommand) {
    PendingAuthorisation pendingAuthorisation = null;
    // Mobile ID
    if (authenticateCommand.getPhoneNumber() != null) {
        MobileIDSession mobileIDSession = mobileIdAuthService.startLogin(authenticateCommand.getPhoneNumber());
        pendingAuthorisation = pendingAuthorisationService.store(// authenticateCommand.getAccountPublicKey(),
        Hex.toHexString(authenticateCommand.getAccountAddress()), mobileIDSession);
    } else // Bank transfer
    {
        pendingAuthorisation = pendingAuthorisationService.store(// authenticateCommand.getAccountPublicKey(),
        Hex.toHexString(authenticateCommand.getAccountAddress()));
    }
    return new ResponseEntity<AuthenticateResponse>(AuthenticateResponse.fromPendingAuthorisation(pendingAuthorisation), HttpStatus.OK);
}