Search in sources :

Example 1 with PendingAuthorisation

use of eu.cryptoeuro.accountmapper.domain.PendingAuthorisation in project account-identity by cryptofiat.

the class AccountMapperController method authorizeBankTransferAndCreateAccountIdentityMapping.

@ApiOperation(value = "[Bank Transfer based account registration] Validate signed authIdentifier, store new account-identity mapping and activate ethereum account [BASIC AUTH]")
@RequestMapping(method = PUT, value = "/accounts", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<AccountActivationResponse> authorizeBankTransferAndCreateAccountIdentityMapping(@Valid @RequestBody BankTransferBasedAccountRegistrationCommand cmd, @RequestHeader(value = "Authorization") String authorization) {
    AccountActivationResponse.AccountActivationResponseBuilder responseBuilder = AccountActivationResponse.getBuilderForAuthType(AuthorisationType.BANK_TRANSFER).ownerId(cmd.getOwnerId());
    if (!isAuthorized(authorization)) {
        log.error("Account registration via bank unauthorized");
        return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
    }
    PendingAuthorisation pendingAuthorisation = pendingAuthorisationService.findByPaymentReference(cmd.getPaymentReference());
    if (pendingAuthorisation == null) {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    EthereumAccount newAccount;
    String txHash = new String();
    try {
        newAccount = accountManagementService.storeNewAccount(pendingAuthorisation.getAddress(), cmd.getOwnerId(), AuthorisationType.BANK_TRANSFER);
        if (accountActivationEnabled) {
            txHash = ethereumService.activateEthereumAccount(newAccount.getAddress());
        }
    } catch (Exception e) {
        log.error("Login failure", e);
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    accountManagementService.markActivated(newAccount, txHash);
    pendingAuthorisationService.expire(pendingAuthorisation);
    return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_SUCCESS.name()).build(), HttpStatus.OK);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) AccountActivationResponse(eu.cryptoeuro.accountmapper.response.AccountActivationResponse) PendingAuthorisation(eu.cryptoeuro.accountmapper.domain.PendingAuthorisation) EthereumAccount(eu.cryptoeuro.accountmapper.domain.EthereumAccount) JSONException(org.json.JSONException) IOException(java.io.IOException) ApiOperation(io.swagger.annotations.ApiOperation)

Example 2 with PendingAuthorisation

use of eu.cryptoeuro.accountmapper.domain.PendingAuthorisation in project account-identity by cryptofiat.

the class AccountMapperController method authorizeMobileIdAndCreateAccountIdentityMapping.

@ApiOperation(value = "[Mobile ID polling endpoint] Validate authorisation, store new account-identity mapping and activate ethereum account")
@RequestMapping(method = POST, value = "/accounts", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<AccountActivationResponse> authorizeMobileIdAndCreateAccountIdentityMapping(@Valid @RequestBody PollCommand pollCommand) throws IOException, JSONException {
    PendingAuthorisation pendingAuthorisation = pendingAuthorisationService.findByAuthIdentifier(pollCommand.getAuthIdentifier());
    AccountActivationResponse.AccountActivationResponseBuilder responseBuilder = AccountActivationResponse.getBuilderForAuthType(AuthorisationType.MOBILE_ID);
    if (pendingAuthorisation == null) {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    MobileIDSession mobileIDSession = MobileIDSession.fromString(pendingAuthorisation.getSerialisedMobileIdSession());
    String accountAddress = pendingAuthorisation.getAddress();
    if (mobileIDSession == null || accountAddress == null) {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    responseBuilder.ownerId(mobileIDSession.personalCode);
    // TODO: Make a better API here, so that the client would not have to submit the signature every time.
    if (StringUtils.hasText(pollCommand.getSignature())) {
        // TODO: Remove this if-statement when client-side is finished (i.e., make signatures mandatory)
        if (!pendingAuthorisation.verifyChallengeSignedByEthereumAccountHolder(pollCommand.getSignatureParsedForm())) {
            return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_INVALID_SIGNATURE.name()).build(), HttpStatus.OK);
        }
    }
    // Check if authenticated
    if (mobileIdAuthService.isLoginComplete(mobileIDSession)) {
        pendingAuthorisationService.expire(pendingAuthorisation);
    } else {
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_PENDING.name()).build(), HttpStatus.OK);
    }
    EthereumAccount newAccount;
    String txHash = new String();
    try {
        newAccount = accountManagementService.storeNewAccount(accountAddress, mobileIDSession.personalCode, AuthorisationType.MOBILE_ID);
        if (accountActivationEnabled) {
            txHash = ethereumService.activateEthereumAccount(accountAddress);
        }
    } catch (Exception e) {
        log.error("Login failure", e);
        return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_EXPIRED.name()).build(), HttpStatus.OK);
    }
    accountManagementService.markActivated(newAccount, txHash);
    return new ResponseEntity<AccountActivationResponse>(responseBuilder.authenticationStatus(AuthenticationStatus.LOGIN_SUCCESS.name()).transactionHash(txHash).escrowTransfers(clearEscrow(newAccount)).build(), HttpStatus.OK);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) MobileIDSession(com.codeborne.security.mobileid.MobileIDSession) AccountActivationResponse(eu.cryptoeuro.accountmapper.response.AccountActivationResponse) PendingAuthorisation(eu.cryptoeuro.accountmapper.domain.PendingAuthorisation) EthereumAccount(eu.cryptoeuro.accountmapper.domain.EthereumAccount) JSONException(org.json.JSONException) IOException(java.io.IOException) ApiOperation(io.swagger.annotations.ApiOperation)

Example 3 with PendingAuthorisation

use of eu.cryptoeuro.accountmapper.domain.PendingAuthorisation in project account-identity by cryptofiat.

the class AccountMapperController method authenticate.

@ApiOperation(value = "Initiate authorisation")
@RequestMapping(method = POST, value = "/authorisations", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<AuthenticateResponse> authenticate(@Valid @RequestBody AuthenticateCommand authenticateCommand) {
    PendingAuthorisation pendingAuthorisation = null;
    // Mobile ID
    if (authenticateCommand.getPhoneNumber() != null) {
        MobileIDSession mobileIDSession = mobileIdAuthService.startLogin(authenticateCommand.getPhoneNumber());
        pendingAuthorisation = pendingAuthorisationService.store(// authenticateCommand.getAccountPublicKey(),
        Hex.toHexString(authenticateCommand.getAccountAddress()), mobileIDSession);
    } else // Bank transfer
    {
        pendingAuthorisation = pendingAuthorisationService.store(// authenticateCommand.getAccountPublicKey(),
        Hex.toHexString(authenticateCommand.getAccountAddress()));
    }
    return new ResponseEntity<AuthenticateResponse>(AuthenticateResponse.fromPendingAuthorisation(pendingAuthorisation), HttpStatus.OK);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) MobileIDSession(com.codeborne.security.mobileid.MobileIDSession) PendingAuthorisation(eu.cryptoeuro.accountmapper.domain.PendingAuthorisation) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

PendingAuthorisation (eu.cryptoeuro.accountmapper.domain.PendingAuthorisation)3 ApiOperation (io.swagger.annotations.ApiOperation)3 ResponseEntity (org.springframework.http.ResponseEntity)3 MobileIDSession (com.codeborne.security.mobileid.MobileIDSession)2 EthereumAccount (eu.cryptoeuro.accountmapper.domain.EthereumAccount)2 AccountActivationResponse (eu.cryptoeuro.accountmapper.response.AccountActivationResponse)2 IOException (java.io.IOException)2 JSONException (org.json.JSONException)2