Implementing 2FA using Google Authenticator

bitscoder-dotcom · bitscoder-dotcom · commit 08508c125e8b · 2024-05-10T07:53:01.000+01:00
diff --git a/pom.xml b/pom.xml
@@ -113,6 +113,21 @@
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.warrenstrange</groupId>
+            <artifactId>googleauth</artifactId>
+            <version>1.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>core</artifactId>
+            <version>3.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>javase</artifactId>
+            <version>3.3.0</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/config/CustomGoogleAuthenticatorConfig.java b/src/main/java/com/bitscoderdotcom/link_generator_system/config/CustomGoogleAuthenticatorConfig.java
@@ -0,0 +1,25 @@
+package com.bitscoderdotcom.link_generator_system.config;
+
+import com.warrenstrange.googleauth.GoogleAuthenticator;
+import com.warrenstrange.googleauth.ICredentialRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@RequiredArgsConstructor
+public class CustomGoogleAuthenticatorConfig {
+
+    private final ICredentialRepository credentialRepository;
+
+    @Bean
+    public GoogleAuthenticator gAuth() {
+
+        GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator();
+
+        googleAuthenticator.setCredentialRepository(credentialRepository);
+
+        return googleAuthenticator;
+
+    }
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/controller/AuthController.java b/src/main/java/com/bitscoderdotcom/link_generator_system/controller/AuthController.java
@@ -3,6 +3,8 @@
 import com.bitscoderdotcom.link_generator_system.dto.ApiResponse;
 import com.bitscoderdotcom.link_generator_system.dto.SignInRequest;
 import com.bitscoderdotcom.link_generator_system.dto.UserRegistrationRequest;
+import com.bitscoderdotcom.link_generator_system.dto.ValidateCodeDto;
+import com.bitscoderdotcom.link_generator_system.entities.Validation;
 import com.bitscoderdotcom.link_generator_system.security.service.AuthService;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
@@ -57,8 +59,26 @@ public String signIn(@ModelAttribute SignInRequest request, HttpServletResponse
             cookie.setHttpOnly(true);
             // Add the cookie to the response
             response.addCookie(cookie);
-            // Redirect to the generateInvoice page
-            return "redirect:/lgsApp/v1/invoice/generateInvoice";
+            // Redirect to the 2FA page
+            return "redirect:/lgsApp/v1/auth/2fa";
+        } else {
+            redirectAttributes.addFlashAttribute("error", Objects.requireNonNull(apiResponse.getBody()).getMessage());
+            return "redirect:/error";
+        }
+    }
+
+    @GetMapping("/2fa")
+    public String show2FAForm(Model model) {
+        model.addAttribute("validateCodeDto", new ValidateCodeDto());
+        return "2fa";
+    }
+
+    @PostMapping("/validate2FA")
+    public String validate2FA(@ModelAttribute ValidateCodeDto body, RedirectAttributes redirectAttributes) {
+        ResponseEntity<ApiResponse<SignInRequest.Response>> apiResponse = authService.validate2FA(body);
+        if (apiResponse.getStatusCode() == HttpStatus.OK) {
+            // Redirect to the Userpage
+            return "redirect:/lgsApp/v1/userPage";
         } else {
             redirectAttributes.addFlashAttribute("error", Objects.requireNonNull(apiResponse.getBody()).getMessage());
             return "redirect:/error";
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/controller/HomeController.java b/src/main/java/com/bitscoderdotcom/link_generator_system/controller/HomeController.java
@@ -8,6 +8,6 @@ public class HomeController {
 
     @GetMapping("/")
     public String home() {
-        return "home";
+        return "index";
     }
 }
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/dto/EmailDetails.java b/src/main/java/com/bitscoderdotcom/link_generator_system/dto/EmailDetails.java
@@ -5,6 +5,8 @@
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import java.io.File;
+
 @AllArgsConstructor
 @NoArgsConstructor
 @Builder
@@ -14,4 +16,5 @@ public class EmailDetails {
     private String recipient;
     private String subject;
     private String messageBody;
+    private File attachment;
 }
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/dto/SignInRequest.java b/src/main/java/com/bitscoderdotcom/link_generator_system/dto/SignInRequest.java
@@ -15,6 +15,8 @@ public class SignInRequest {
     private String email;
     @NotBlank(message = "password should not be blank")
     private String password;
+    @NotBlank(message = "authCode should not be blank")
+    private String authCode;
 
     @AllArgsConstructor
     @Getter
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/dto/ValidateCodeDto.java b/src/main/java/com/bitscoderdotcom/link_generator_system/dto/ValidateCodeDto.java
@@ -0,0 +1,12 @@
+package com.bitscoderdotcom.link_generator_system.dto;
+
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+public class ValidateCodeDto {
+
+    private String username;
+    private int verificationCode;
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/entities/Company.java b/src/main/java/com/bitscoderdotcom/link_generator_system/entities/Company.java
@@ -23,6 +23,9 @@ public class Company {
     private String companyName;
     @OneToMany(mappedBy = "company", cascade = CascadeType.ALL)
     private List<Invoice> invoices;
+    @OneToOne(cascade = CascadeType.ALL)
+    @JoinColumn(name = "totp_id", referencedColumnName = "username")
+    private UserTOTP userTOTP;
 
     public Company() {
         this.setId(generateCustomUUID());
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/entities/UserTOTP.java b/src/main/java/com/bitscoderdotcom/link_generator_system/entities/UserTOTP.java
@@ -0,0 +1,25 @@
+package com.bitscoderdotcom.link_generator_system.entities;
+
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+@Entity
+@Table(name = "user_totp")
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserTOTP {
+
+    @Id
+    private String username;
+
+    private String secretKey;
+
+    private int validationCode;
+
+    private List<Integer> scratchCodes;
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/entities/Validation.java b/src/main/java/com/bitscoderdotcom/link_generator_system/entities/Validation.java
@@ -0,0 +1,13 @@
+package com.bitscoderdotcom.link_generator_system.entities;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class Validation {
+
+    private boolean isCodeValid;
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/repository/CredentialRepository.java b/src/main/java/com/bitscoderdotcom/link_generator_system/repository/CredentialRepository.java
@@ -0,0 +1,30 @@
+package com.bitscoderdotcom.link_generator_system.repository;
+
+import com.bitscoderdotcom.link_generator_system.entities.UserTOTP;
+import com.warrenstrange.googleauth.ICredentialRepository;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Component
+public class CredentialRepository implements ICredentialRepository {
+
+    private final Map<String, UserTOTP> usersKeys = new HashMap<String, UserTOTP>();
+
+    @Override
+    public String getSecretKey(String userName) {
+        return usersKeys.get(userName).getSecretKey();
+    }
+
+    @Override
+    public void saveUserCredentials(String userName, String secretKey, int validationCode, List<Integer> scratchCodes) {
+
+        usersKeys.put(userName, new UserTOTP(userName, secretKey, validationCode, scratchCodes));
+    }
+
+    public UserTOTP getUser(String username) {
+        return usersKeys.get(username);
+    }
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/repository/UserTOTPRepository.java b/src/main/java/com/bitscoderdotcom/link_generator_system/repository/UserTOTPRepository.java
@@ -0,0 +1,9 @@
+package com.bitscoderdotcom.link_generator_system.repository;
+
+import com.bitscoderdotcom.link_generator_system.entities.UserTOTP;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface UserTOTPRepository extends JpaRepository<UserTOTP, String> {
+
+    UserTOTP findByUsername(String username);
+}
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/security/service/AuthService.java b/src/main/java/com/bitscoderdotcom/link_generator_system/security/service/AuthService.java
@@ -1,14 +1,24 @@
 package com.bitscoderdotcom.link_generator_system.security.service;
 
-import com.bitscoderdotcom.link_generator_system.dto.ApiResponse;
-import com.bitscoderdotcom.link_generator_system.dto.EmailDetails;
-import com.bitscoderdotcom.link_generator_system.dto.SignInRequest;
-import com.bitscoderdotcom.link_generator_system.dto.UserRegistrationRequest;
+import com.bitscoderdotcom.link_generator_system.dto.*;
 import com.bitscoderdotcom.link_generator_system.entities.Company;
+import com.bitscoderdotcom.link_generator_system.entities.UserTOTP;
+import com.bitscoderdotcom.link_generator_system.entities.Validation;
 import com.bitscoderdotcom.link_generator_system.repository.CompanyRepository;
+import com.bitscoderdotcom.link_generator_system.repository.UserTOTPRepository;
 import com.bitscoderdotcom.link_generator_system.security.jwt.JwtUtils;
 import com.bitscoderdotcom.link_generator_system.service.EmailService;
+import com.google.zxing.BarcodeFormat;
+import com.google.zxing.client.j2se.MatrixToImageWriter;
+import com.google.zxing.common.BitMatrix;
+import com.google.zxing.qrcode.QRCodeWriter;
+import com.warrenstrange.googleauth.GoogleAuthenticator;
+import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
+import com.warrenstrange.googleauth.GoogleAuthenticatorQRGenerator;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.AllArgsConstructor;
+import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -22,7 +32,11 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.server.ResponseStatusException;
 
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
 import java.time.LocalDateTime;
+import java.util.Base64;
 import java.util.UUID;
 
 @Service
@@ -32,10 +46,12 @@ public class AuthService {
 
     private AuthenticationManager authenticationManager;
     private CompanyRepository companyRepository;
+    private UserTOTPRepository userTOTPRepository;
     private PasswordEncoder passwordEncoder;
     private JwtUtils jwtUtils;
     private UserDetailsServiceImpl userDetailsService;
     private EmailService emailService;
+    private final GoogleAuthenticator gAuth;
 
     @Transactional
     public String register(UserRegistrationRequest request) {
@@ -58,19 +74,31 @@ public String register(UserRegistrationRequest request) {
             return "Email Address already in use!";
         }
 
+
+        log.info("Company registered successfully with username: {}", username);
+
+        GoogleAuthenticatorKey key = generate2faKey(username);
+
+        UserTOTP userTOTP = new UserTOTP();
+        userTOTP.setUsername(username);
+        userTOTP.setSecretKey(key.getKey());
+        userTOTPRepository.save(userTOTP);
+
         Company company = new Company();
         company.setUserName(request.getName());
         company.setCompanyName(request.getCompanyName());
         company.setCompanyEmail(request.getEmail());
         company.setPassword(passwordEncoder.encode(request.getPassword()));
+        company.setUserTOTP(userTOTP);
         companyRepository.save(company);
 
-        log.info("Company registered successfully with username: {}", username);
-
         EmailDetails emailDetails = new EmailDetails();
         emailDetails.setRecipient(company.getCompanyEmail());
         emailDetails.setSubject("Account Registration Confirmation");
-        emailDetails.setMessageBody("Your account has been registered on our platform");
+        emailDetails.setMessageBody("Your account has been registered on our platform.\n" +
+                "Please scan the following QR code with your Google Authenticator app to enable 2FA.\n" +
+                "Key: " + key.getKey());
+        emailDetails.setAttachment(generateQRCode(username, key));
         emailService.sendEmail(emailDetails);
 
         return "Company registered successfully";
@@ -98,13 +126,64 @@ public ResponseEntity<ApiResponse<SignInRequest.Response>> signIn(SignInRequest
                     jwtUtils.getJwtExpirationDate()
             );
 
-            return createSuccessResponse("Company signed in successfully", response);
+            return createSuccessResponse("2FA required", response);
         } catch (BadCredentialsException e) {
             log.info("Invalid email or password for email: {}", request.getEmail());
             return createBadRequestResponse("Invalid email or password", null);
         }
     }
 
+//    @SneakyThrows
+//    public File generate2fa(String username) {
+//        final GoogleAuthenticatorKey key = gAuth.createCredentials(username);
+//
+//        UserTOTP userTOTP = new UserTOTP();
+//        userTOTP.setUsername(username);
+//        userTOTP.setSecretKey(key.getKey());
+//        userTOTPRepository.save(userTOTP);
+//
+//        QRCodeWriter qrCodeWriter = new QRCodeWriter();
+//        String otpAuthURL = GoogleAuthenticatorQRGenerator.getOtpAuthTotpURL("Link Generation App", username, key);
+//        BitMatrix bitMatrix = qrCodeWriter.encode(otpAuthURL, BarcodeFormat.QR_CODE, 200, 200);
+//
+//        File qrFile = File.createTempFile("qrcode", ".png");
+//        FileOutputStream pngOutputStream = new FileOutputStream(qrFile);
+//        MatrixToImageWriter.writeToStream(bitMatrix, "PNG", pngOutputStream);
+//        pngOutputStream.close();
+//
+//        return qrFile;
+//    }
+    @SneakyThrows
+    public GoogleAuthenticatorKey generate2faKey(String username) {
+        return gAuth.createCredentials(username);
+    }
+
+    @SneakyThrows
+    public File generateQRCode(String username, GoogleAuthenticatorKey key) {
+        String otpAuthURL = GoogleAuthenticatorQRGenerator.getOtpAuthTotpURL("Link Generation App", username, key);
+        BitMatrix bitMatrix = new QRCodeWriter().encode(otpAuthURL, BarcodeFormat.QR_CODE, 200, 200);
+
+        File qrFile = File.createTempFile("qrcode", ".png");
+        try (FileOutputStream pngOutputStream = new FileOutputStream(qrFile)) {
+            MatrixToImageWriter.writeToStream(bitMatrix, "PNG", pngOutputStream);
+        }
+
+        return qrFile;
+    }
+
+    public ResponseEntity<ApiResponse<SignInRequest.Response>> validate2FA(ValidateCodeDto body) {
+        log.info("validate2FA method called with username: {}", body.getUsername());
+
+        UserTOTP userTOTP = userTOTPRepository.findByUsername(body.getUsername());
+
+        if (userTOTP == null || !gAuth.authorizeUser(body.getUsername(), body.getVerificationCode())) {
+            log.info("Invalid 2FA code for username: {}", body.getUsername());
+            return createBadRequestResponse("Invalid 2FA code", null);
+        }
+
+        return createSuccessResponse("User authenticated successfully", null);
+    }
+
     public <T> ResponseEntity<ApiResponse<T>> createSuccessResponse(String message, T data) {
         return ResponseEntity.ok(new ApiResponse<>(
                 LocalDateTime.now(),
diff --git a/src/main/java/com/bitscoderdotcom/link_generator_system/service/EmailService.java b/src/main/java/com/bitscoderdotcom/link_generator_system/service/EmailService.java
@@ -23,13 +23,17 @@ public class EmailService {
     public void sendEmail (EmailDetails emailDetails) {
         try {
             MimeMessage mimeMessage = mailSender.createMimeMessage();
-            MimeMessageHelper helper = new MimeMessageHelper(mimeMessage, "utf-8");
+            MimeMessageHelper helper = new MimeMessageHelper(mimeMessage, true, "utf-8");
 
             helper.setFrom(emailSender);
             helper.setTo(emailDetails.getRecipient());
             helper.setSubject(emailDetails.getSubject());
             helper.setText(emailDetails.getMessageBody(), true);
 
+            if (emailDetails.getAttachment() != null) {
+                helper.addAttachment("QRCode.png", emailDetails.getAttachment());
+            }
+
             mailSender.send(mimeMessage);
             log.info("Message sent to: {}", emailDetails.getRecipient());
             log.info("Message sender: {}", emailSender);
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
diff --git a/src/main/resources/templates/2fa.html b/src/main/resources/templates/2fa.html
diff --git a/src/main/resources/templates/home.html b/src/main/resources/templates/home.html
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
diff --git a/src/main/resources/templates/signIn.html b/src/main/resources/templates/signIn.html
diff --git a/src/main/resources/templates/static/styles.css b/src/main/resources/templates/static/styles.css
diff --git a/src/main/resources/templates/userPage.html b/src/main/resources/templates/userPage.html

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@ public class HomeController {`
`8`	`8`
`9`	`9`	`@GetMapping("/")`
`10`	`10`	`public String home() {`
`11`		`- return "home";`
	`11`	`+ return "index";`
`12`	`12`	`}`
`13`	`13`	`}`