Changeset 7815


Ignore:
Timestamp:
Jun 5, 2020, 10:40:35 AM (17 months ago)
Author:
Nicklas Nordborg
Message:

References #2213: Extend registration of devices

A device is now registered without verification.

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/core/net/sf/basedb/core/SessionControl.java

    r7738 r7815  
    6363import java.util.Locale;
    6464import java.util.Set;
    65 import java.util.UUID;
    6665import java.util.Map;
    6766import java.util.HashMap;
     
    467466     
    468467      // A null value means that either device verification is disabled
    469       // An existing device means that it is already verified
     468      // An existing device means that it is already registered (TODO - check if verification is needed!!)
    470469      LoginInfo li = null;
    471470      if (device == null || device.getId() != 0)
     
    819818  private UserDeviceData verifyDevice(org.hibernate.Session session, LoginRequest loginRequest, AuthenticatedUser authUser)
    820819  {
    821     // No email = no device verification
    822     if (!EmailUtil.isEnabled()) return null;
    823 
     820    // Check the submitted deviceToken
     821    String deviceToken = loginRequest.getDeviceToken();
     822    if (deviceToken == null) return null;
     823   
    824824    // Check if the client application supports device verification
    825825    ClientData client = getClientId() != 0 ? HibernateUtil.loadData(session, ClientData.class, getClientId()) : null;
    826826    if (client == null || !client.getSupportsDeviceVerification()) return null;
    827827   
    828     // Check if the user has enabled device verification
     828    // Get the current user
    829829    UserData user = HibernateUtil.loadData(session, UserData.class, authUser.getInternalId());
    830     if (!user.getUseDeviceVerification()) return null;
    831    
    832     // Check the submitted deviceToken
    833     String deviceToken = loginRequest.getDeviceToken();
     830   
    834831    String userAgent = loginRequest.getAttribute("user-agent");
    835832    String userAgentSummary = userAgent == null ? null : HttpUtil.getSummaryOfUserAgent(userAgent);
    836833    UserDeviceData device = null;
    837    
    838     if (deviceToken != null)
    839     {
    840       org.hibernate.query.Query<UserDeviceData> query = HibernateUtil.getPredefinedQuery(session,
    841         "GET_USER_DEVICE", UserDeviceData.class);
    842       /*
    843         SELECT dev
    844         FROM UserDeviceData dev
    845         WHERE dev.user = :userId
    846         AND dev.client = :clientId
    847         AND dev.token = :token
    848       */
    849       query.setParameter("userId", authUser.getInternalId(), TypeWrapper.H_INTEGER);
    850       query.setParameter("clientId", clientId, TypeWrapper.H_INTEGER);
    851       query.setParameter("token", deviceToken, TypeWrapper.H_STRING);
    852       device = HibernateUtil.loadData(query);
     834    Date now = new Date();
     835
     836    // Check if the device is already registered
     837    org.hibernate.query.Query<UserDeviceData> query = HibernateUtil.getPredefinedQuery(session,
     838      "GET_USER_DEVICE", UserDeviceData.class);
     839    /*
     840      SELECT dev
     841      FROM UserDeviceData dev
     842      WHERE dev.user = :userId
     843      AND dev.client = :clientId
     844      AND dev.token = :token
     845    */
     846    query.setParameter("userId", authUser.getInternalId(), TypeWrapper.H_INTEGER);
     847    query.setParameter("clientId", clientId, TypeWrapper.H_INTEGER);
     848    query.setParameter("token", deviceToken, TypeWrapper.H_STRING);
     849    device = HibernateUtil.loadData(query);
    853850     
    854       if (device != null)
    855       {
    856         // This device is already verified
    857         // We update the user agent string since it may be different due to version upgrade
    858         String oldUserAgent = device.getUserAgent();
    859         if (userAgent != null && !userAgent.equals(oldUserAgent))
     851    if (device != null)
     852    {
     853      // This device is already known
     854      // We update the user agent string since it may be different due to version upgrade
     855      String oldUserAgent = device.getUserAgent();
     856      if (userAgent != null && !userAgent.equals(oldUserAgent))
     857      {
     858        device.setUserAgent(userAgent);
     859        // If the current name was auto-generated from the old "User-Agent" we update the name as well!
     860        if (device.getName().equals(HttpUtil.getSummaryOfUserAgent(oldUserAgent)))
    860861        {
    861           device.setUserAgent(userAgent);
    862           // If the current name was auto-generated from the old "User-Agent" we update the name as well!
    863           if (device.getName().equals(HttpUtil.getSummaryOfUserAgent(oldUserAgent)))
    864           {
    865             device.setName(userAgentSummary);
    866           }
     862          device.setName(userAgentSummary);
    867863        }
    868864      }
    869865    }
    870     Date now = new Date();
    871      
    872     if (device == null)
    873     {
    874       // The user is using an unverified device
    875       if (deviceToken != null)
    876       {
    877         // If the submitted deviceToken is already stored in the database (for any other user/client)
    878         // we accept it as a possible valid device (that still needs to be verified for this
    879         // particular user)
    880         org.hibernate.query.Query<Long> query = HibernateUtil.createQuery(session,
    881           "SELECT count(*) FROM UserDeviceData dev WHERE dev.token = :token", Long.class);
    882         query.setParameter("token", deviceToken, TypeWrapper.H_STRING);
    883         if (HibernateUtil.loadData(query) == 0)
    884         {
    885           // Not found, so we generate a new deviceToken
    886           deviceToken = null;
    887         }
    888       }
    889       if (deviceToken == null) deviceToken = UUID.randomUUID().toString();
    890 
    891       // Create the new device (but we do not save it until it has been verified!)
     866    else
     867    {
     868      // This is a new device
    892869      device = new UserDeviceData();
    893870      device.setName(userAgentSummary == null ? "New device" : userAgentSummary);
     
    898875      device.setUserAgent(userAgent);
    899876    }
    900    
    901     // And information about current usage
     877
     878    // Update information about current usage
    902879    device.setLastUsed(now);
    903880    device.setLastRemoteId(getRemoteId());
     
    907884    device.setLocationLatitude(loc.getLatitude());
    908885    device.setLocationLongitude(loc.getLongitude());
     886
     887    // If this is a new or unverified device we check if it needs to be verified
     888    if (device.getId() == 0)
     889    {
     890      if (user.getUseDeviceVerification() && EmailUtil.isEnabled())
     891      {
     892        // The device need verification so we do not save it
     893        // TODO -- will not work correctly if we add device.isVerified() flag
     894      }
     895      else
     896      {
     897        HibernateUtil.saveData(session, device);
     898      }
     899    }
     900
    909901    return device;
    910902  }
  • trunk/www/include/menu.jsp

    r7605 r7815  
    673673        url="<%=root+"views/devices/index.jsp?ID="+ID%>"
    674674        tooltip="<%=menu.getString("devices.tooltip", hasDevices)%>"
    675         enabled="<%=hasDevices%>"
    676         visible="<%=supportsDeviceVerification %>"
     675        enabled="<%=hasDevices%>"       
    677676      />
    678677      <m:menuitem
  • trunk/www/login.js

    r7604 r7815  
    295295    {
    296296      var deviceToken = App.getLocal('deviceToken');
    297       if (deviceToken) frm.deviceToken.value = deviceToken;
     297      if (deviceToken)
     298      {
     299        frm.deviceToken.value = deviceToken;
     300      }
     301      else
     302      {
     303        // Otherwise we save the auto-generated value
     304        App.setLocal('deviceToken', frm.deviceToken.value);
     305      }
    298306    }
    299307    if (!pUseLastLogin)
  • trunk/www/main.jsp

    r7605 r7815  
    5656  import="java.util.Map"
    5757  import="java.util.TreeMap"
     58  import="java.util.UUID"
    5859%>
    5960<%@ taglib prefix="base" uri="/WEB-INF/base.tld" %>
     
    131132    <input type="hidden" name="again" value="<%=again?1:0%>">
    132133    <input type="hidden" name="useAutoStartPage" value="1">
    133     <input type="hidden" name="deviceToken" value="">
     134    <input type="hidden" name="deviceToken" value="<%=UUID.randomUUID().toString()%>">
    134135   
    135136    <table style="margin: auto; max-width: 700px; display: none;" id="the-login-form">
  • trunk/www/views/sessions/index.jsp

    r7604 r7815  
    6161<%@ taglib prefix="base" uri="/WEB-INF/base.tld" %>
    6262<%!
    63   private static final ItemContext defaultContext = Base.createDefaultContext("loginTime", "loginTime,logoutTime,client,authenticationMethod,remoteId,comment");
     63  private static final ItemContext defaultContext = Base.createDefaultContext("loginTime", "loginTime,logoutTime,client,device,authenticationMethod,remoteId,comment");
    6464  static
    6565  {
  • trunk/www/views/sessions/list_sessions.jsp

    r7604 r7815  
    8686{
    8787  final User user = User.getById(dc, sc.getLoggedInUserId());
    88   final boolean supportsDeviceVerification = EmailUtil.isEnabled() &&
    89       (user.getUseDeviceVerification() || sc.hasPermission(Permission.READ, Item.USERDEVICE));
    9088
    9189  Map<Plugin.MainType, Integer> pluginCount = PluginDefinition.countPlugins(dc, guiContext);
     
    182180        exportable="true"
    183181      />
    184       <%
    185       if (supportsDeviceVerification)
    186       {
    187         %>
    188         <tbl:columndef
    189           id="device"
    190           property="device.name"
    191           datatype="string"
    192           title="Device"
    193           sortable="true"
    194           filterable="true"
    195           exportable="true"
    196         />
    197         <%
    198       }
    199       %>
     182      <tbl:columndef
     183        id="device"
     184        property="device.name"
     185        datatype="string"
     186        title="Device"
     187        sortable="true"
     188        filterable="true"
     189        exportable="true"
     190      />
    200191      <tbl:columndef
    201192        id="authenticationMethod"
Note: See TracChangeset for help on using the changeset viewer.