Package com.skava.web

Class AuthController

java.lang.Object

com.skava.web.AuthController

@RestController
@RequestMapping("/users/auth")
public class AuthController
extends Object

This controller class which contains service end-points that are used to perform user authentication, sending notification to user and validating user notification requests.

Author:

Infosys Equinox

Constructor Summary

Constructors

Constructor	Description
AuthController()	Default Constructor

Method Summary

Modifier and Type	Method	Description
org.springframework.http.ResponseEntity<UserAuthResponse>	authUser(UserAuthRequest authRequest, String authToken, long collectionId, String locale, String version, long storeId)	This service end point is used to authenticate the user.
org.springframework.http.ResponseEntity<Object>	sendNotificationService(long collectionId, String authToken, long userId, UserNotificationRequest notificationRequest, String locale, String version, long storeId)	This service endpoint is used to send notification to user
org.springframework.http.ResponseEntity<MfaAuthenticator>	updateMfaAuthenticator(long userId, MfaAuthenticator mfaAuthenticator, String locale, Long collectionId, String authToken, String version, Long businessId, long storeId)	This service is used to update the MFA authenticator.
org.springframework.http.ResponseEntity<Object>	validateNotificationService(long collectionId, String authToken, long userId, UserNotificationRequest notificationRequest, String locale, String version, long storeId)	This service endpoint authenticates the user with notification params

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthController

public AuthController()

Default Constructor

Method Details

authUser

@PostMapping
@ResponseStatus(ACCEPTED)
@Audit(action="loginUser")
public org.springframework.http.ResponseEntity<UserAuthResponse> authUser(@RequestBody @AuditField(field="AUTH_REQUEST")
 UserAuthRequest authRequest,
 @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @RequestHeader(value="x-collection-id",required=true) @AuditField(field="COLLECTION_ID")
 long collectionId,
 @RequestParam(value="locale",required=false,defaultValue="en_US") @AuditField(field="LOCALE")
 String locale,
 @RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId)

This service end point is used to authenticate the user.

Parameters:

authRequest - Holds UserAuthRequest Holds the credentials to validate the user. It accepts the email or phone number with the password. It is given in the form of JSON object. An incorrect JSON would throw Bad request error.

authToken - This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the user to perform the action on the subjected resource

collectionId - This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

locale - API Response and error messages will be responded in the locale mentioned in this parameter.

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - It Holds a valid unique identifier of the store.

Returns:

The ResponseEntity of UserAuthResponse object. Returns a user's auth responses.

sendNotificationService

@PostMapping("/{userId}/notification")
@Audit(action="sendNotification")
public org.springframework.http.ResponseEntity<Object> sendNotificationService(@RequestHeader(value="x-collection-id",required=true) @AuditField(field="COLLECTION_ID")
 long collectionId,
 @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @PathVariable @AuditField(field="USER_ID")
 long userId,
 @RequestBody @AuditField(field="NOTIFICATION")
 UserNotificationRequest notificationRequest,
 @RequestParam(value="locale",required=false,defaultValue="en_US") @AuditField(field="LOCALE")
 String locale,
 @RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId)

This service endpoint is used to send notification to user

Parameters:

collectionId - This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

authToken - This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the user to perform the action on the subjected resource

userId - Indicates the identifier of a user for which user the notification will send. Holds long value.

notificationRequest - Holds UserNotificationRequest. Holds User notification request. It contains the user data of which user needs to be receive notification param. It is given in the form of JSON object. An incorrect JSON would throw Bad request error.

locale - API Response and error messages will be responded in the locale mentioned in this parameter.

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - It Holds a valid unique identifier of the store.

Returns:

The ResponseEntity of Object.

validateNotificationService

@PatchMapping("/{userId}/notification")
@Audit(action="validateNotification")
public org.springframework.http.ResponseEntity<Object> validateNotificationService(@RequestHeader(value="x-collection-id",required=true) @AuditField(field="COLLECTION_ID")
 long collectionId,
 @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @PathVariable @AuditField(field="USER_ID")
 long userId,
 @RequestBody @AuditField(field="NOTIFICATION")
 UserNotificationRequest notificationRequest,
 @RequestParam(value="locale",required=false,defaultValue="en_US") @AuditField(field="LOCALE")
 String locale,
 @RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId)

This service endpoint authenticates the user with notification params

Parameters:

collectionId - This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

authToken - This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the user to perform the action on the subjected resource

userId - Indicates the identifier of a user for which user the notification param gets validated. Holds long value.

notificationRequest - Holds UserNotificationRequest. Indicates User notification request. It contains the user data of which user needs to be receive notification param. It is given in the form of JSON object. An incorrect JSON would throw Bad request error.

locale - API Response and error messages will be responded in the locale mentioned in this parameter.

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - It Holds a valid unique identifier of the store.

Returns:

The ResponseEntity of Object.

updateMfaAuthenticator

@PatchMapping("/{userId}/mfaauthenticator")
@Audit(action="updateMfaAuthenticator")
@PreAuthorize("hasPrivilegeForBusinessById(\'user/validate/auth\',#businessId) or hasValidSessionForUserId(#userId)")
public org.springframework.http.ResponseEntity<MfaAuthenticator> updateMfaAuthenticator(@PathVariable @AuditField(field="USER_ID")
 long userId,
 @RequestBody @AuditField(field="MfaAuthenticator")
 MfaAuthenticator mfaAuthenticator,
 @RequestParam(value="locale",required=false,defaultValue="en_US") @AuditField(field="LOCALE")
 String locale,
 @RequestHeader(value="x-collection-id",required=true) @AuditField(field="COLLECTION_ID")
 Long collectionId,
 @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN")
 String authToken,
 @RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION")
 String version,
 @RequestParam(value="businessId",required=false,defaultValue="0") @AuditField(field="BUSINESS_ID")
 Long businessId,
 @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID")
 long storeId)

This service is used to update the MFA authenticator.

Parameters:

userId - Indicates User Id which user to be loaded. Holds long value.

mfaAuthenticator - Indicates the MFA authenticator request object which contains status. The field status is mandatory. The MFA authenticator request is given in the form of a JSON object. The possible status values are ACTIVE and INACTIVE.

locale - API Response and error messages will be responded in the locale mentioned in this parameter.

collectionId - This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.

authToken - This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:

• Token validation against the secret key
• Expiry time should be in the future
• Necessary privileges are available for the user to perform the action on the subjected resource

version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.

storeId - It Holds a valid unique identifier of the store.

Returns:

The ResponseEntity of MfaAuthenticator.