Merge pull request #1173 from OpenConext/feature/567-service-name-in-push-notification

Fixes #567 service name in push notification

Author: oharsta

myconext-server/pom.xml

@@ -165,7 +165,7 @@
         <dependency>
             <groupId>org.openconext</groupId>
             <artifactId>tiqr-java-connector</artifactId>
-            <version>2.0.3</version>
+            <version>3.0.0</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>

myconext-server/src/main/java/myconext/tiqr/TiqrController.java

@@ -70,6 +70,7 @@ public class TiqrController implements UserAuthentication {
     private final RegistrationRepository registrationRepository;
     private final RateLimitEnforcer rateLimitEnforcer;
     private final CookieValueEncoder cookieValueEncoder;
+    private final String mijnEduIdServiceName;
 
     @Autowired
     public TiqrController(@Value("${tiqr_configuration}") Resource resource,
@@ -82,6 +83,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource,
                           SMSService smsService,
                           Environment environment,
                           @Value("${email.magic-link-url}") String magicLinkUrl,
+                          @Value("${mijn_eduid_service_name}") String mijnEduIdServiceName,
                           CookieValueEncoder cookieValueEncoder) throws IOException {
         this.tiqrConfiguration = new Yaml().loadAs(resource.getInputStream(), TiqrConfiguration.class);
         this.cookieValueEncoder = cookieValueEncoder;
@@ -112,6 +114,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource,
         this.serviceProviderResolver = serviceProviderResolver;
         this.smsService = smsService;
         this.magicLinkUrl = magicLinkUrl;
+        this.mijnEduIdServiceName = mijnEduIdServiceName;
         this.rateLimitEnforcer = new RateLimitEnforcer(userRepository, tiqrConfiguration);
     }
 
@@ -405,7 +408,7 @@ private ResponseEntity<VerifyPhoneCode> doVerifyPhoneCode(PhoneVerification phon
     public ResponseEntity<StartAuthentication> startAuthenticationForSP(HttpServletRequest request,
                                                                         org.springframework.security.core.Authentication authentication) throws IOException, WriterException, TiqrException {
         User user = userFromAuthentication(authentication);
-        ResponseEntity<StartAuthentication> startAuthenticationResponseEntity = doStartAuthentication(request, user);
+        ResponseEntity<StartAuthentication> startAuthenticationResponseEntity = doStartAuthentication(request, user, this.mijnEduIdServiceName);
         String sessionKey = startAuthenticationResponseEntity.getBody().getSessionKey();
         request.getSession().setAttribute(SESSION_KEY, sessionKey);
         return startAuthenticationResponseEntity;
@@ -415,16 +418,18 @@ public ResponseEntity<StartAuthentication> startAuthenticationForSP(HttpServletR
     @Hidden
     public ResponseEntity<StartAuthentication> startAuthentication(HttpServletRequest request,
                                                                    @Valid @RequestBody TiqrRequest tiqrRequest) throws IOException, WriterException, TiqrException {
-        authenticationRequestRepository.findByIdAndNotExpired(tiqrRequest.getAuthenticationRequestId())
+        SamlAuthenticationRequest samlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(tiqrRequest.getAuthenticationRequestId())
                 .orElseThrow(() -> new ExpiredAuthenticationException("Expired tiqrRequest:" + tiqrRequest.getEmail()));
+        String serviceName = samlAuthenticationRequest.getServiceName();
+
         String email = tiqrRequest.getEmail().trim();
         User user = userRepository.findUserByEmailAndRateLimitedFalse(email)
                 .orElseThrow(() -> new UserNotFoundException(String.format("User %s not found", email)));
 
-        return doStartAuthentication(request, user);
+        return doStartAuthentication(request, user, serviceName);
     }
 
-    private ResponseEntity<StartAuthentication> doStartAuthentication(HttpServletRequest request, User user) throws WriterException, IOException, TiqrException {
+    private ResponseEntity<StartAuthentication> doStartAuthentication(HttpServletRequest request, User user, String serviceName) throws WriterException, IOException, TiqrException {
         Optional<Cookie> optionalTiqrCookie = cookieByName(request, TIQR_COOKIE_NAME);
         AtomicBoolean tiqrCookieValid = new AtomicBoolean(false);
         optionalTiqrCookie.ifPresent(tiqrCookie -> tiqrCookieValid.set(this.cookieValueEncoder.matches(user.getUsername(), tiqrCookie.getValue())));
@@ -435,10 +440,13 @@ private ResponseEntity<StartAuthentication> doStartAuthentication(HttpServletReq
         // Reset any outstanding suspensions
         rateLimitEnforcer.unsuspendUserAfterTiqrSuccess(user);
         boolean sendPushNotification = tiqrCookieValid.get() && this.tiqrConfiguration.isPushNotificationsEnabled();
+
+        // Start Tiqr authentication -- pass the SP name?
         Authentication authentication = tiqrService.startAuthentication(
                 user.getId(),
                 String.format("%s %s", user.getGivenName(), user.getFamilyName()),
                 this.tiqrConfiguration.getEduIdAppBaseUrl(),
+                serviceName,
                 sendPushNotification);
         String authenticationUrl = authentication.getAuthenticationUrl();
 

myconext-server/src/main/resources/application.yml

@@ -94,6 +94,7 @@ guest_idp_entity_id: https://localhost.surf.id
 my_conext_url: https://my.test2.surfconext.nl
 domain: eduid.nl
 mijn_eduid_entity_id: http://mijn.localhost/shibboleth
+mijn_eduid_service_name: "Mijn eduID"
 mobile_app_redirect: eduid:///client/mobile
 mobile_app_rp_entity_id: mobile_app_rp_entity_id