Select Health Authority when issueing PIW Tan (#114)

* Rename TeleTAN Portal to CWA Tan Portal
Add Health Authority Selector for PIW TAN

* Add Server-Side Check of HA ID

src/main/java/app/coronawarn/verification/portal/VerificationPortalApplication.java

@@ -25,6 +25,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.cloud.openfeign.EnableFeignClients;
@@ -35,6 +36,7 @@
  */
 @SpringBootApplication
 @EnableFeignClients
+@EnableConfigurationProperties
 public class VerificationPortalApplication {
 
   public static void main(String[] args) {

src/main/java/app/coronawarn/verification/portal/SecurityConfig.java → src/main/java/app/coronawarn/verification/portal/config/SecurityConfig.java

@@ -19,8 +19,9 @@
  * under the License.
  */
 
-package app.coronawarn.verification.portal;
+package app.coronawarn.verification.portal.config;
 
+import app.coronawarn.verification.portal.VerificationPortalHttpFilter;
 import app.coronawarn.verification.portal.controller.VerificationPortalController;
 import java.util.Collection;
 import java.util.concurrent.ConcurrentHashMap;

src/main/java/app/coronawarn/verification/portal/config/VerificationPortalConfigurationProperties.java

@@ -0,0 +1,37 @@
+/*
+ * Corona-Warn-App / cwa-verification-portal
+ *
+ * (C) 2020, T-Systems International GmbH
+ *
+ * Deutsche Telekom AG and all other contributors /
+ * copyright owners license this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this
+ * file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package app.coronawarn.verification.portal.config;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@ConfigurationProperties(prefix = "cwa.verification-portal")
+@Getter
+@Setter
+@Configuration
+public class VerificationPortalConfigurationProperties {
+
+  private String healthAuthoritiesList;
+
+}

src/main/java/app/coronawarn/verification/portal/controller/VerificationPortalController.java

@@ -21,8 +21,10 @@
 
 package app.coronawarn.verification.portal.controller;
 
-import app.coronawarn.verification.portal.SecurityConfig;
 import app.coronawarn.verification.portal.client.TeleTan;
+import app.coronawarn.verification.portal.config.SecurityConfig;
+import app.coronawarn.verification.portal.config.VerificationPortalConfigurationProperties;
+import app.coronawarn.verification.portal.service.HealthAuthorityService;
 import app.coronawarn.verification.portal.service.TeleTanService;
 import feign.FeignException;
 import java.time.LocalDateTime;
@@ -31,6 +33,7 @@
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.keycloak.KeycloakPrincipal;
 import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
@@ -43,13 +46,15 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.server.ResponseStatusException;
 
 /**
  * This class represents the WEB UI controller for the verification portal. It implements a very
  * simple HTML interface with one submit button to get and show a newly generated TeleTAN.
  */
 @Slf4j
 @Controller
+@RequiredArgsConstructor
 public class VerificationPortalController {
 
   /**
@@ -92,10 +97,12 @@ public class VerificationPortalController {
    * The Thymeleaf attributes used for displaying the teletan and the current user.
    */
   private static final String ATTR_TELETAN = "teleTAN";
+  private static final String ATTR_TELETAN_TYPE = "teleTANType";
   private static final String ATTR_USER = "userName";
   private static final String ATTR_PW_RESET_URL = "pwResetUrl";
   private static final String ATTR_ROLE_TEST = "role_test";
   private static final String ATTR_ROLE_EVENT = "role_event";
+  private static final String ATTR_HA_RAW_DATA = "healthAuthorityRawData";
 
   private static final String TELETAN_TYPE_TEST = "TEST";
   private static final String TELETAN_TYPE_EVENT = "EVENT";
@@ -119,9 +126,9 @@ public class VerificationPortalController {
    */
   private final TeleTanService teleTanService;
 
-  public VerificationPortalController(TeleTanService teleTanService) {
-    this.teleTanService = teleTanService;
-  }
+  private final VerificationPortalConfigurationProperties configurationProperties;
+
+  private final HealthAuthorityService healthAuthorityService;
 
   /**
    * The Web GUI page request showing the index.html web page
@@ -149,6 +156,7 @@ public String start(HttpServletRequest request, Model model) {
     if (model != null) {
       model.addAttribute(ATTR_USER, user.replace("<", "").replace(">", ""));
       model.addAttribute(ATTR_PW_RESET_URL, pwResetUrl);
+      model.addAttribute(ATTR_HA_RAW_DATA, configurationProperties.getHealthAuthoritiesList());
       setRoleDependentAttributes(model, principal);
     }
 
@@ -173,15 +181,14 @@ public String teletan(
     HttpServletRequest request,
     Model model,
     @ModelAttribute("EVENT") String eventButton,
-    @ModelAttribute("TEST") String testButton) {
+    @ModelAttribute("TEST") String testButton,
+    @ModelAttribute("HAID") String healthAuthroityId) {
 
     TeleTan teleTan = new TeleTan("123456789");
     KeycloakAuthenticationToken principal = (KeycloakAuthenticationToken) request
       .getUserPrincipal();
     String user = ((KeycloakPrincipal) principal.getPrincipal()).getName();
 
-    String teleTanType = "";
-
     // initially the TEMPLATE_INDEX is used (without showing the teleTAN)
     String template = TEMPLATE_START;
     HttpSession session = request.getSession();
@@ -196,11 +203,21 @@ public String teletan(
 
         try {
           if (!eventButton.isEmpty()) {
+            model.addAttribute(ATTR_TELETAN_TYPE, "PIW Tan");
+
+            String healthAuthorityName = healthAuthorityService.checkHealthAuthority(healthAuthroityId);
+
+            if (healthAuthorityName == null) {
+              throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid Health Authority ID");
+            }
+
             teleTan = teleTanService.createTeleTan(token, TELETAN_TYPE_EVENT);
-            teleTanType = TELETAN_TYPE_EVENT;
+            log.info("PIW Tan successfully retrieved for user: {}, health authority: {}",
+              user, healthAuthorityName);
           } else if (!testButton.isEmpty()) {
+            model.addAttribute(ATTR_TELETAN_TYPE, "TeleTAN");
             teleTan = teleTanService.createTeleTan(token, TELETAN_TYPE_TEST);
-            teleTanType = TELETAN_TYPE_TEST;
+            log.info("TeleTan successfully retrieved for user: {}", user);
           }
         } catch (FeignException e) {
           if (e.status() == HttpStatus.TOO_MANY_REQUESTS.value()) {
@@ -209,11 +226,8 @@ public String teletan(
             throw e;
           }
         }
-
-        log.info("TeleTan Type {} successfully retrieved for user: {}", teleTanType,user);
         template = TEMPLATE_TELETAN;
       }
-      session.setAttribute(SESSION_ATTR_TELETAN, "TeleTAN");
     }
     if (model != null) {
       model.addAttribute(ATTR_TELETAN, teleTan.getValue().replace("<", "").replace(">", ""));

src/main/java/app/coronawarn/verification/portal/service/HealthAuthorityService.java

@@ -0,0 +1,76 @@
+/*
+ * Corona-Warn-App / cwa-verification-portal
+ *
+ * (C) 2020, T-Systems International GmbH
+ *
+ * Deutsche Telekom AG and all other contributors /
+ * copyright owners license this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this
+ * file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package app.coronawarn.verification.portal.service;
+
+import app.coronawarn.verification.portal.config.VerificationPortalConfigurationProperties;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.ArrayList;
+import java.util.List;
+import javax.annotation.PostConstruct;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class HealthAuthorityService {
+
+  private final VerificationPortalConfigurationProperties configurationProperties;
+
+  private final ObjectMapper objectMapper;
+
+  private List<HealthAuthority> healthAuthorities = new ArrayList<>();
+
+  @PostConstruct
+  private void loadData() throws JsonProcessingException {
+    healthAuthorities = objectMapper.readValue(
+      configurationProperties.getHealthAuthoritiesList(),
+      objectMapper.getTypeFactory().constructCollectionType(List.class, HealthAuthority.class));
+  }
+
+  /**
+   * Method to check whether a given Health-Authority ID is valid.
+   *
+   * @param haid ID (Nr) of the Health Authority
+   * @return The corresponding name or null if HAID is invalid.
+   */
+  public String checkHealthAuthority(String haid) {
+    return healthAuthorities.stream()
+      .filter(healthAuthority -> healthAuthority.nr.equals(haid))
+      .findFirst()
+      .map(HealthAuthority::getName)
+      .orElse(null);
+  }
+
+  @Getter
+  @Setter
+  public static class HealthAuthority {
+
+    private String name;
+
+    private String nr;
+  }
+
+
+}

src/main/resources/application-cloud.yml

@@ -9,3 +9,7 @@ server:
   ssl:
     key-store: ${SSL_PORTAL_KEYSTORE_PATH}
     key-store-password: ${SSL_PORTAL_KEYSTORE_PASSWORD}
+
+cwa:
+  verification-portal:
+    health-authorities-list: ${CWA_VERIFICATION_PORTAL_HEALTH_AUTHORITIES:'[]'}

src/main/resources/application.yml

@@ -22,6 +22,10 @@ keycloak:
 keycloak-pw:
   reset-url: http://localhost:8080/auth/realms/cwa/account/password
 
+cwa:
+  verification-portal:
+    health-authorities-list: '[]'
+
 server:
   error:
     whitelabel:

src/main/resources/static/tan.js

@@ -0,0 +1,32 @@
+(() => {
+  $(document).ready(() => {
+    const healthAuthorityInput = $("#health-authority");
+    const healthAuthorityIdInput = $("#health-authority-id");
+    const healthAuthorityDataList = $("#health-authorities");
+    const piwTanButton = $("#piw-tan-button");
+
+    piwTanButton.prop("disabled", true);
+
+    const healthAuthorities = JSON.parse(healthAuthorityRawData);
+    fillHealthAuthorityDataList(healthAuthorities, healthAuthorityDataList);
+
+    healthAuthorityInput.on("change keyup", () => {
+      const foundId = healthAuthorities.find(ha => ha.name ===  healthAuthorityInput.val());
+
+      if (foundId) {
+        piwTanButton.prop("disabled", false);
+        healthAuthorityIdInput.val(foundId.nr);
+      } else {
+        piwTanButton.prop("disabled", true);
+      }
+    })
+  })
+
+  function fillHealthAuthorityDataList(healthAuthorities, healthAuthorityDataList) {
+    healthAuthorities.forEach((healthAuthority => {
+      const newElement = $("<option></option>");
+      newElement.text(healthAuthority.name);
+      healthAuthorityDataList.append(newElement);
+    }));
+  }
+})();

src/main/resources/static/teletan.css

@@ -131,12 +131,32 @@
 	border-color: #E20074;
 }
 
+.button[disabled] {
+  color: gray;
+  background: lightgray;
+  border-color: transparent;
+}
+
+.dropdown {
+  position: fixed;
+  left: 50%;
+  width: 500px;
+  height: 40px;
+  margin-left: -250px;
+  font-family: "Telegrotesk Next Regular";
+  font-size: 18px;
+  color: #262626;
+  border-width: 1px;
+  border-radius: 4px;
+  border-color: #dddddd;
+}
+
 .input {
 	position: fixed;
 	left: 50%;
 	width: 485px;
-	height: 45px;
-	line-height: 45px;
+	height: 35px;
+	line-height: 17px;
 	margin-left: -250px;
 	padding-left: 10px;
 	font-family: "Telegrotesk Next Regular";

src/main/resources/templates/error.html

@@ -5,7 +5,7 @@
   <meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
   <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
   <link rel="stylesheet" type="text/css" href="/teletan.css"/>
-  <title>TeleTAN Portal</title>
+  <title>CWA TAN Portal</title>
   <link rel="icon" href="/c-19_logo.png"/>
 </head>
 <body>
@@ -22,7 +22,7 @@
 <table class="c19-logo">
   <tr>
     <td style="width: 1px;"><img src="/c-19_logo.png"/></td>
-    <td>TeleTAN Portal</td>
+    <td>CWA TAN Portal</td>
   </tr>
 </table>
 

src/main/resources/templates/index.html

@@ -5,7 +5,7 @@
   <meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
   <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
   <meta http-equiv="refresh" content="0; URL=/cwa/start">
-  <title>TeleTAN Portal</title>
+  <title>CWA TAN Portal</title>
   <link rel="icon" href="/c-19_logo.png"/>
 </head>
 <body>