1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.logic.wa;
20
21 import java.util.List;
22 import java.util.stream.Collectors;
23 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
24 import org.apache.syncope.common.lib.wa.WebAuthnAccount;
25 import org.apache.syncope.common.lib.wa.WebAuthnDeviceCredential;
26 import org.apache.syncope.core.logic.AbstractAuthProfileLogic;
27 import org.apache.syncope.core.persistence.api.dao.AuthProfileDAO;
28 import org.apache.syncope.core.persistence.api.dao.NotFoundException;
29 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
30 import org.apache.syncope.core.persistence.api.entity.am.AuthProfile;
31 import org.apache.syncope.core.provisioning.api.data.AuthProfileDataBinder;
32 import org.springframework.security.access.prepost.PreAuthorize;
33 import org.springframework.transaction.annotation.Transactional;
34
35 public class WebAuthnRegistrationLogic extends AbstractAuthProfileLogic {
36
37 protected final EntityFactory entityFactory;
38
39 public WebAuthnRegistrationLogic(
40 final EntityFactory entityFactory,
41 final AuthProfileDAO authProfileDAO,
42 final AuthProfileDataBinder binder) {
43
44 super(authProfileDAO, binder);
45 this.entityFactory = entityFactory;
46 }
47
48 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
49 @Transactional(readOnly = true)
50 public List<WebAuthnAccount> list() {
51 return authProfileDAO.findAll(-1, -1).stream().
52 map(profile -> new WebAuthnAccount.Builder().
53 credentials(profile.getWebAuthnDeviceCredentials()).build()).
54 collect(Collectors.toList());
55 }
56
57 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
58 @Transactional(readOnly = true)
59 public WebAuthnAccount read(final String owner) {
60 return authProfileDAO.findByOwner(owner).stream().
61 findFirst().
62 map(profile -> new WebAuthnAccount.Builder().
63 credentials(profile.getWebAuthnDeviceCredentials()).build()).
64 orElseThrow(() -> new NotFoundException("Could not find account for Owner " + owner));
65 }
66
67 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
68 public void delete(final String owner) {
69 authProfileDAO.findByOwner(owner).ifPresent(profile -> {
70 profile.setWebAuthnDeviceCredentials(List.of());
71 authProfileDAO.save(profile);
72 });
73 }
74
75 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
76 public void delete(final String owner, final String credentialId) {
77 authProfileDAO.findByOwner(owner).stream().findFirst().
78 ifPresent(profile -> {
79 List<WebAuthnDeviceCredential> credentials = profile.getWebAuthnDeviceCredentials();
80 if (credentials.removeIf(acct -> acct.getIdentifier().equals(credentialId))) {
81 profile.setWebAuthnDeviceCredentials(credentials);
82 authProfileDAO.save(profile);
83 }
84 });
85 }
86
87 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
88 public void create(final String owner, final WebAuthnAccount account) {
89 AuthProfile profile = authProfileDAO.findByOwner(owner).orElseGet(() -> {
90 AuthProfile authProfile = entityFactory.newEntity(AuthProfile.class);
91 authProfile.setOwner(owner);
92 return authProfile;
93 });
94 profile.setWebAuthnDeviceCredentials(account.getCredentials());
95 authProfileDAO.save(profile);
96 }
97
98 @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
99 public void update(final String owner, final WebAuthnAccount account) {
100 authProfileDAO.findByOwner(owner).ifPresent(profile -> {
101 profile.setWebAuthnDeviceCredentials(account.getCredentials());
102 authProfileDAO.save(profile);
103 });
104 }
105 }