TrustedDevicesController.java

package org.apereo.cas.web.report;

import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord;
import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage;
import org.apereo.cas.util.DateTimeUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.LocalDate;
import java.util.Set;

/**
 * This is {@link TrustedDevicesController}.
 *
 * @author Misagh Moayyed
 * @since 5.0.0
 */
@ConditionalOnClass(value = MultifactorAuthenticationTrustStorage.class)
public class TrustedDevicesController extends BaseCasMvcEndpoint {

    private final MultifactorAuthenticationTrustStorage mfaTrustEngine;
    private final CasConfigurationProperties casProperties;

    public TrustedDevicesController(final MultifactorAuthenticationTrustStorage mfaTrustEngine,
                                    final CasConfigurationProperties casProperties) {
        super("trustedDevs", "/trustedDevs", casProperties.getMonitor().getEndpoints().getTrustedDevices(), casProperties);
        this.mfaTrustEngine = mfaTrustEngine;
        this.casProperties = casProperties;
    }

    /**
     * Handle request.
     *
     * @param request  the request
     * @param response the response
     * @return the model and view
     * @throws Exception the exception
     */
    @GetMapping
    protected ModelAndView handleRequestInternal(final HttpServletRequest request,
                                                 final HttpServletResponse response) throws Exception {
        ensureEndpointAccessIsAuthorized(request, response);

        return new ModelAndView("monitoring/viewTrustedDevices");
    }

    /**
     * Gets records.
     *
     * @param request  the request
     * @param response the response
     * @return the records
     * @throws Exception the exception
     */
    @GetMapping(value = "/getRecords")
    @ResponseBody
    public Set<MultifactorAuthenticationTrustRecord> getRecords(final HttpServletRequest request,
                                                                final HttpServletResponse response) throws Exception {
        ensureEndpointAccessIsAuthorized(request, response);

        final MultifactorAuthenticationProperties.Trusted trusted = casProperties.getAuthn().getMfa().getTrusted();
        final LocalDate onOrAfter = LocalDate.now().minus(trusted.getExpiration(), DateTimeUtils.toChronoUnit(trusted.getTimeUnit()));

        this.mfaTrustEngine.expire(onOrAfter);
        return this.mfaTrustEngine.get(onOrAfter);
    }

    /**
     * Revoke record.
     *
     * @param key      the key
     * @param request  the request
     * @param response the response
     * @return the integer
     * @throws Exception the exception
     */
    @PostMapping(value = "/revokeRecord")
    @ResponseBody
    public Integer revokeRecord(@RequestParam final String key, final HttpServletRequest request,
                                final HttpServletResponse response) throws Exception {
        ensureEndpointAccessIsAuthorized(request, response);

        this.mfaTrustEngine.expire(key);
        return HttpStatus.OK.value();
    }
}