Merge pull request #20 from privacyidea/formatting

custom headers, webauthn pinchange

Author: plettich

src/main/java/org/privacyidea/Endpoint.java

@@ -27,6 +27,7 @@
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -60,7 +61,7 @@
 class Endpoint {
 
     private final PrivacyIDEA privacyIDEA;
-    private List<String> logExcludedEndpointPrints = Collections.emptyList(); //Arrays.asList(PIConstants.ENDPOINT_AUTH, PIConstants.ENDPOINT_POLLTRANSACTION); //
+    private List<String> logExcludedEndpointPrints = Arrays.asList(PIConstants.ENDPOINT_AUTH, PIConstants.ENDPOINT_POLLTRANSACTION); //Collections.emptyList(); //
     private final PIConfig piconfig;
     private final OkHttpClient client;
 
@@ -117,9 +118,9 @@ String sendRequest(String endpoint, Map<String, String> params, Map<String, Stri
             params.forEach((key, value) -> {
                 //privacyIDEA.log("" + key + "=" + value);
                 try {
-                    String enc_value = value;
-                    enc_value = URLEncoder.encode(value, StandardCharsets.UTF_8.toString());
-                    urlBuilder.addQueryParameter(key, enc_value);
+                    String encValue = value;
+                    encValue = URLEncoder.encode(value, StandardCharsets.UTF_8.toString());
+                    urlBuilder.addQueryParameter(key, encValue);
                 } catch (UnsupportedEncodingException e) {
                     e.printStackTrace();
                 }
@@ -150,17 +151,17 @@ String sendRequest(String endpoint, Map<String, String> params, Map<String, Stri
             FormBody.Builder formBodyBuilder = new FormBody.Builder();
             params.forEach((key, value) -> {
                 if (key != null && value != null) {
-                    String enc_value = value;
+                    String encValue = value;
                     // WebAuthn params are excluded from url encoded, they are already in the correct format for the server
                     if (!WEBAUTHN_PARAMETERS.contains(key)) {
                         try {
-                            enc_value = URLEncoder.encode(value, StandardCharsets.UTF_8.toString());
+                            encValue = URLEncoder.encode(value, StandardCharsets.UTF_8.toString());
                         } catch (UnsupportedEncodingException e) {
                             privacyIDEA.error(e);
                         }
                     }
-                    //privacyIDEA.log("" + key + "=" + enc_value);
-                    formBodyBuilder.add(key, enc_value);
+                    //privacyIDEA.log("" + key + "=" + encValue);
+                    formBodyBuilder.add(key, encValue);
                 }
             });
             // This switches okhttp to make a post request
@@ -174,7 +175,9 @@ String sendRequest(String endpoint, Map<String, String> params, Map<String, Stri
             Response response = client.newCall(request).execute();
             if (response.body() != null) {
                 String ret = response.body().string();
-                endpointLog(endpoint, ret);
+                if (!logExcludedEndpointPrints.contains(endpoint)) {
+                    privacyIDEA.log(prettyFormatJson(ret));
+                }
                 return ret;
             } else {
                 privacyIDEA.log("Response body is null.");
@@ -188,7 +191,7 @@ String sendRequest(String endpoint, Map<String, String> params, Map<String, Stri
 
     String getAuthTokenFromServer() {
         if (!privacyIDEA.checkServiceAccountAvailable()) {
-            privacyIDEA.log("Service account information not set, cannot retrieve auth token");
+            privacyIDEA.error("Cannot retrieve auth token from server without service account!");
             return "";
         }
 
@@ -206,11 +209,11 @@ String getAuthTokenFromServer() {
         if (response != null && !response.isEmpty()) {
             JsonElement root = JsonParser.parseString(response);
             if (root != null) {
-                JsonObject obj = root.getAsJsonObject();
-                if (obj != null) {
+                try {
+                    JsonObject obj = root.getAsJsonObject();
                     return obj.getAsJsonObject(RESULT).getAsJsonObject(VALUE).getAsJsonPrimitive(TOKEN).getAsString();
-                } else {
-                    privacyIDEA.log("Response did not contain an authorization token: " + prettyFormatJson(response));
+                } catch (Exception e) {
+                    privacyIDEA.error("Response did not contain an authorization token: " + prettyFormatJson(response));
                 }
             }
         } else {
@@ -235,12 +238,6 @@ public static String prettyFormatJson(String json) {
         return gson.toJson(obj);
     }
 
-    private void endpointLog(String endpoint, String response) {
-        if (!logExcludedEndpointPrints.contains(endpoint)) {
-            privacyIDEA.log(prettyFormatJson(response));
-        }
-    }
-
     public List<String> getLogExcludedEndpoints() {
         return logExcludedEndpointPrints;
     }

src/main/java/org/privacyidea/PIResponse.java

@@ -24,6 +24,7 @@
 import com.google.gson.JsonSyntaxException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 import static org.privacyidea.PIConstants.ATTRIBUTES;
@@ -40,6 +41,7 @@
 import static org.privacyidea.PIConstants.SERIAL;
 import static org.privacyidea.PIConstants.SIGNATURE;
 import static org.privacyidea.PIConstants.STATUS;
+import static org.privacyidea.PIConstants.TOKEN_TYPE_PUSH;
 import static org.privacyidea.PIConstants.TOKEN_TYPE_WEBAUTHN;
 import static org.privacyidea.PIConstants.TRANSACTION_ID;
 import static org.privacyidea.PIConstants.TYPE;
@@ -130,16 +132,20 @@ public PIResponse(String json) {
                 for (int i = 0; i < arrChallenges.size(); i++) {
                     JsonObject challenge = arrChallenges.get(i).getAsJsonObject();
                     if (TOKEN_TYPE_WEBAUTHN.equals(getString(challenge, TYPE))) {
-                        JsonObject attrObj = challenge.getAsJsonObject(ATTRIBUTES);
-                        if (attrObj != null && !attrObj.isJsonNull()) {
-                            JsonObject webauthnObj = attrObj.getAsJsonObject(WEBAUTHN_SIGN_REQUEST);
-                            multichallenge.add(new WebAuthn(
-                                    getString(challenge, SERIAL),
-                                    getString(challenge, MESSAGE),
-                                    getString(challenge, TRANSACTION_ID),
-                                    webauthnObj.toString()
-                            ));
+                        String webAuthnSignRequest = "";
+                        JsonElement attrElem = challenge.get(ATTRIBUTES);
+                        if (attrElem != null && !attrElem.isJsonNull()) {
+                            JsonElement webauthnElem = attrElem.getAsJsonObject().get(WEBAUTHN_SIGN_REQUEST);
+                            if (webauthnElem != null && !webauthnElem.isJsonNull()) {
+                                webAuthnSignRequest = webauthnElem.toString();
+                            }
                         }
+                        multichallenge.add(new WebAuthn(
+                                getString(challenge, SERIAL),
+                                getString(challenge, MESSAGE),
+                                getString(challenge, TRANSACTION_ID),
+                                webAuthnSignRequest
+                        ));
                     } else {
                         multichallenge.add(new Challenge(
                                 getString(challenge, SERIAL),
@@ -150,7 +156,6 @@ public PIResponse(String json) {
                     }
                 }
             }
-
         }
     }
 
@@ -190,6 +195,45 @@ public String getMessage() {
         return message;
     }
 
+    public boolean isPushAvailable() {
+        return multichallenge.stream().anyMatch(c -> TOKEN_TYPE_PUSH.equals(c.getType()));
+    }
+
+    /**
+     * Get the messages of all triggered push challenges reduced to a string to show on the push UI.
+     *
+     * @return messages of all push challenges combined
+     */
+    public String getPushMessage() {
+        return reduceChallengeMessagesWhere(c -> TOKEN_TYPE_PUSH.equals(c.getType()));
+    }
+
+    /**
+     * Get the messages of all token that require an input field (HOTP, TOTP, SMS, Email...) reduced to a single string
+     * to show with the input field.
+     *
+     * @return message string
+     */
+    public String getOTPMessage() {
+        // Any challenge that is not WebAuthn or Push is considered OTP
+        return reduceChallengeMessagesWhere(c -> !(TOKEN_TYPE_WEBAUTHN.equals(c.getType())) && !(TOKEN_TYPE_PUSH.equals(c.getType())));
+    }
+
+    private String reduceChallengeMessagesWhere(Predicate<Challenge> predicate) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(multichallenge
+                .stream()
+                .filter(predicate)
+                .map(Challenge::getMessage)
+                .reduce("", (a, s) -> a + s + ", ").trim());
+
+        if (sb.length() > 0) {
+            sb.deleteCharAt(sb.length() - 1);
+        }
+
+        return sb.toString();
+    }
+
     /**
      * @return list of token types that were triggered or an empty list
      */
@@ -211,6 +255,21 @@ public List<Challenge> getMultiChallenge() {
         return multichallenge;
     }
 
+    /**
+     * Get all WebAuthn challenges from the multi_challenge.
+     *
+     * @return List of WebAuthn objects or empty list
+     */
+    public List<WebAuthn> getWebAuthnSignRequests() {
+        List<WebAuthn> ret = new ArrayList<>();
+        multichallenge.stream().filter(c -> TOKEN_TYPE_WEBAUTHN.equals(c.getType())).collect(Collectors.toList()).forEach(c -> {
+            if (c instanceof WebAuthn) {
+                ret.add((WebAuthn) c);
+            }
+        });
+        return ret;
+    }
+
     /**
      * @return the transaction id that was triggered or an empty string if nothing was triggered
      */
@@ -265,7 +324,7 @@ public String getType() {
         return type;
     }
 
-    public int getOTPlength() {
+    public int getOTPLength() {
         return otplen;
     }