KB-2925 | New API for the OTP generation for email/phone verification (…

…#62) * KB-2925 | New API for the OTP generation for email/phone verification 1. OTP access token enhancements * KB-2925 | New API for the OTP generation for email/phone verification 1. Secret Key added to external resource properties file. * KB-2925 | New API for the OTP generation for email/phone verification 1. Secret key removed * KB-2925 | New API for the OTP generation for email/phone verification 1. Otp timeout is configured to 5mins. * KB-2925 | New API for the OTP generation for email/phone verification 1. Added the column names to the casssandraTablecolumn.properties. * KB-2925 | New API for the OTP generation for email/phone verification 1. Removed the comment line.
sunbird-cb · Mar 6, 2024 · e8c8bd8 · e8c8bd8
1 parent 93b9914
commit e8c8bd8
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 33 deletions.
diff --git a/core/cassandra-utils/src/main/resources/cassandratablecolumn.properties b/core/cassandra-utils/src/main/resources/cassandratablecolumn.properties
@@ -157,4 +157,6 @@ hashtagid=hashTagId
 associationtype=associationType
 profileusertypes=profileUserTypes
 organisationsubtype=organisationSubType
-profiledetails=profileDetails
+profiledetails=profileDetails
+contextattributes=contextAttributes
+contexttype=contextType
diff --git a/core/platform-common/src/main/java/org/sunbird/keys/JsonKey.java b/core/platform-common/src/main/java/org/sunbird/keys/JsonKey.java
@@ -649,5 +649,7 @@ public final class JsonKey {
   public static final String CONTEXT_TYPE = "contextType";
   public static final String CONTEXT_ATTRIBUTES = "contextAttributes";
   public static final String CONTEXT_TOKEN = "contextToken";
+  public static final String OTP_VALIDATION_SECRET_KEY = "otpValidationSecretKey";
+  public static final String OTP_EXPIRATION_TIME_TOKEN = "otpExpirationTimeToken";
   private JsonKey() {}
 }
diff --git a/core/platform-common/src/main/resources/externalresource.properties b/core/platform-common/src/main/resources/externalresource.properties
@@ -116,4 +116,6 @@ user_read_api_v2_non_mandatory_fields= profileDetails.verifiedKarmayogi,profileD
   profileDetails.professionalDetails[0].designation,profileDetails.professionalDetails[0].location,\
   profileDetails.professionalDetails[0].doj,profileDetails.professionalDetails[0].description,profileDetails.employmentDetails.departmentName
 kafka_user_first_login_event_topic= dev.user.first.login
+otpValidationSecretKey=secretKey
+otpExpirationTimeToken=300000
 
diff --git a/service/pom.xml b/service/pom.xml
@@ -123,6 +123,13 @@
             <artifactId>org.everit.json.schema</artifactId>
             <version>1.5.1</version>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+
     </dependencies>
     <build>
         <sourceDirectory>${basedir}/src/main/java</sourceDirectory>

diff --git a/service/src/main/java/org/sunbird/actor/otp/OTPActor.java b/service/src/main/java/org/sunbird/actor/otp/OTPActor.java
@@ -1,18 +1,11 @@
 package org.sunbird.actor.otp;
 
 import akka.actor.ActorRef;
-
-import java.security.SecureRandom;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import javax.inject.Inject;
-import javax.inject.Named;
-
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.sunbird.actor.core.BaseActor;
@@ -34,12 +27,20 @@
 import org.sunbird.util.ratelimit.OtpRateLimiter;
 import org.sunbird.util.ratelimit.RateLimiter;
 
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.text.MessageFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 public class OTPActor extends BaseActor {
 
   private final OTPService otpService = new OTPService();
   private final RateLimitService rateLimitService = new RateLimitServiceImpl();
   private static final String SUNBIRD_OTP_ALLOWED_ATTEMPT = "sunbird_otp_allowed_attempt";
-  private static final String CHARACTERS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  private final ObjectMapper mapper = new ObjectMapper();
 
   @Inject
   @Named("send_otp_actor")
@@ -334,7 +335,7 @@ private void generateOTPV3(Request request) {
    * otherwise, handles the mismatch or invalid OTP.
    * @param request The request containing OTP-related information.
    */
-  private void verifyOTPV3(Request request) {
+  private void verifyOTPV3(Request request) throws JsonProcessingException {
     // Extracting parameters from the request
     String type = (String) request.getRequest().get(JsonKey.TYPE);
     String key = (String) request.getRequest().get(JsonKey.KEY);
@@ -396,11 +397,13 @@ private void verifyOTPV3(Request request) {
               request.getRequestContext(),
               "OTP_VALIDATION_SUCCESS:OTPActor:verifyOTP: Verified successfully Key = "
                       + OTPUtil.maskId(key, type));
-      int length = 16;
       Map<String, Object> parametersMap = new HashMap<>();
       parametersMap.put(JsonKey.TYPE, type);
       parametersMap.put(JsonKey.KEY, key);
-      String contextToken = generateRandomString(length);
+      Map<String,String> contextDetailsMap =  new HashMap<>();
+      contextDetailsMap.put(JsonKey.CONTEXT_TYPE,(String) otpDetails.get(JsonKey.CONTEXT_TYPE));
+      contextDetailsMap.put(JsonKey.CONTEXT_ATTRIBUTES,(String)otpDetails.get(JsonKey.CONTEXT_ATTRIBUTES));
+      String contextToken = generateToken(mapper.writeValueAsString(contextDetailsMap));
       parametersMap.put(JsonKey.CONTEXT_TOKEN, contextToken);
       otpService.updateOTPDetailsV3(parametersMap, request.getRequestContext());
       Response response = new Response();
@@ -421,23 +424,13 @@ private void verifyOTPV3(Request request) {
   }
 
 
-  /**
-   * Generates a random string of the specified length using characters from a predefined set.
-   * @param length The length of the random string to generate.
-   * @return A randomly generated string.
-   */
-  public static String generateRandomString(int length) {
-    // Create a SecureRandom instance to generate random numbers securely
-    SecureRandom random = new SecureRandom();
-    // StringBuilder to build the random string
-    StringBuilder sb = new StringBuilder(length);
-    // Iterate 'length' times to generate random characters
-    for (int i = 0; i < length; i++) {
-      // Generate a random index within the range of the characters set
-      int randomIndex = random.nextInt(CHARACTERS.length());
-      // Append the character at the randomly generated index to the StringBuilder
-      sb.append(CHARACTERS.charAt(randomIndex));
-    }
-    return sb.toString();
+  public static String generateToken(String contextFields) {
+    long currentTimeMillis = System.currentTimeMillis();
+    long expirationTimeMillis = currentTimeMillis + Long.parseLong(ProjectUtil.getConfigValue(JsonKey.OTP_EXPIRATION_TIME_TOKEN)); 
+    return Jwts.builder()
+            .setSubject(contextFields)
+            .setExpiration(new Date(expirationTimeMillis))
+            .signWith(SignatureAlgorithm.HS256, ProjectUtil.getConfigValue(JsonKey.OTP_VALIDATION_SECRET_KEY))
+            .compact();
   }
 }