Added Saptcha inmplementation

Author: tal-mi

app/src/main/java/com/sap/cdc/bitsnbytes/cdc/IdentityServiceRepository.kt

@@ -264,6 +264,10 @@ class IdentityServiceRepository private constructor(context: Context) {
             .clearPasskey(passkeysAuthenticationProvider)
     }
 
+    suspend fun getSaptchaToken(): IAuthResponse {
+        return authenticationService.authenticate().getSaptchaToken()
+    }
+
     //endregion
 
     //region PUSH

app/src/main/java/com/sap/cdc/bitsnbytes/ui/view/screens/EmailSignIn.kt

@@ -2,6 +2,7 @@
 
 package com.sap.cdc.bitsnbytes.ui.view.screens
 
+import android.widget.Toast
 import androidx.compose.foundation.layout.Box
 import androidx.compose.foundation.layout.Column
 import androidx.compose.foundation.layout.fillMaxWidth
@@ -19,6 +20,7 @@ import androidx.compose.ui.Alignment
 import androidx.compose.ui.ExperimentalComposeUiApi
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.autofill.AutofillType
+import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.platform.LocalFocusManager
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.tooling.preview.Preview
@@ -62,6 +64,11 @@ fun EmailSignInView(viewModel: IEmailSignInViewModel) {
     var passwordVisible: Boolean by remember { mutableStateOf(false) }
     val focusManager = LocalFocusManager.current
 
+    val context = LocalContext.current
+
+    var captchaRequired by remember { mutableStateOf(false) }
+    var isSwitchChecked by remember { mutableStateOf(false) }
+    
     //UI elements
     LoadingStateColumn(
         loading
@@ -167,11 +174,38 @@ fun EmailSignInView(viewModel: IEmailSignInViewModel) {
                                         authResponse?.resolvable()?.toJson()
                                     }"
                                 )
+                        },
+                        onCaptchaRequired = {
+                            loading = false
+                            captchaRequired = true
+                            signInError = "Captcha required"
                         }
                     )
                 }
             )
 
+            if (captchaRequired) {
+                SmallVerticalSpacer()
+                androidx.compose.material3.Switch(
+                    checked = isSwitchChecked,
+                    onCheckedChange = { isChecked ->
+                        isSwitchChecked = isChecked
+                        if (isChecked) {
+                            viewModel.getSaptchaToken(
+                                token = { token ->
+                                    loading = false
+                                    Toast.makeText(context, token, Toast.LENGTH_SHORT).show()
+                                },
+                                onFailedWith = { error ->
+                                    loading = false
+                                    signInError = error?.errorDescription!!
+                                }
+                            )
+                        }
+                    }
+                )
+            }
+
             if (signInError.isNotEmpty()) {
                 SimpleErrorMessages(
                     text = signInError

app/src/main/java/com/sap/cdc/bitsnbytes/ui/viewmodel/EmailRegisterViewModel.kt

@@ -69,11 +69,11 @@ class EmailRegisterViewModel(context: Context) : BaseViewModel(context), IEmailR
 
                 AuthState.INTERRUPTED -> {
                     when (authResponse.cdcResponse().errorCode()) {
-                        ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION -> {
+                        ResolvableContext.ERR_PENDING_TWO_FACTOR_REGISTRATION -> {
                             onPendingTwoFactorRegistration(authResponse)
                         }
 
-                        ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_VERIFICATION -> {
+                        ResolvableContext.ERR_PENDING_TWO_FACTOR_VERIFICATION -> {
                             onPendingTwoFactorVerification(authResponse)
                         }
                     }

app/src/main/java/com/sap/cdc/bitsnbytes/ui/viewmodel/EmailSignInViewModel.kt

@@ -22,10 +22,18 @@ interface IEmailSignInViewModel {
         onLoginIdentifierExists: () -> Unit,
         onPendingTwoFactorRegistration: (IAuthResponse?) -> Unit,
         onPendingTwoFactorVerification: (IAuthResponse?) -> Unit,
+        onCaptchaRequired: () -> Unit,
         onFailedWith: (CDCError?) -> Unit
     ) {
         //Stub
     }
+
+    fun getSaptchaToken(
+        token: (String) -> Unit,
+        onFailedWith: (CDCError?) -> Unit,
+    ) {
+        //Stub
+    }
 }
 
 // Mock preview class for the EmailSignInViewModel
@@ -45,6 +53,7 @@ class EmailSignInViewModel(context: Context) : BaseViewModel(context),
         onLoginIdentifierExists: () -> Unit,
         onPendingTwoFactorRegistration: (IAuthResponse?) -> Unit,
         onPendingTwoFactorVerification: (IAuthResponse?) -> Unit,
+        onCaptchaRequired: () -> Unit,
         onFailedWith: (CDCError?) -> Unit
     ) {
         viewModelScope.launch {
@@ -64,16 +73,36 @@ class EmailSignInViewModel(context: Context) : BaseViewModel(context),
                             onLoginIdentifierExists()
                         }
 
-                        ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION -> {
+                        ResolvableContext.ERR_PENDING_TWO_FACTOR_REGISTRATION -> {
                             onPendingTwoFactorRegistration(authResponse)
                         }
 
-                        ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_VERIFICATION -> {
+                        ResolvableContext.ERR_PENDING_TWO_FACTOR_VERIFICATION -> {
                             onPendingTwoFactorVerification(authResponse)
                         }
+
+                        ResolvableContext.ERR_CAPTCHA_REQUIRED -> {
+                            onCaptchaRequired()
+                        }
                     }
                 }
             }
         }
     }
+
+    override fun getSaptchaToken(token: (String) -> Unit,
+                                 onFailedWith: (CDCError?) -> Unit) {
+        viewModelScope.launch {
+            val authResponse = identityService.getSaptchaToken()
+            when (authResponse.state()) {
+                AuthState.SUCCESS -> {
+                    token(authResponse.cdcResponse().stringField("saptchaToken") as String)
+                }
+
+                else -> {
+                    onFailedWith(authResponse.toDisplayError())
+                }
+            }
+        }
+    }
 }

library/src/main/java/com/sap/cdc/android/sdk/auth/Auth.kt

@@ -2,6 +2,7 @@ package com.sap.cdc.android.sdk.auth
 
 import androidx.activity.ComponentActivity
 import com.sap.cdc.android.sdk.auth.flow.AccountAuthFlow
+import com.sap.cdc.android.sdk.auth.flow.CaptchaAuthFlow
 import com.sap.cdc.android.sdk.auth.flow.LoginAuthFlow
 import com.sap.cdc.android.sdk.auth.flow.LogoutAuthFlow
 import com.sap.cdc.android.sdk.auth.flow.PasskeysAuthFlow
@@ -209,6 +210,9 @@ interface IAuthApis {
     suspend fun registerForAuthPushNotifications(): IAuthResponse
 
     suspend fun verifyAuthPushNotification(vToken: String): IAuthResponse
+
+
+    suspend fun getSaptchaToken(): IAuthResponse
 }
 
 /**
@@ -311,6 +315,11 @@ internal class AuthApis(
         return flow.verifyAuthPush(vToken)
     }
 
+    override suspend fun getSaptchaToken(): IAuthResponse {
+        val flow = CaptchaAuthFlow(coreClient, sessionService)
+        return flow.getSaptchaToken()
+    }
+
 }
 
 //endregion

library/src/main/java/com/sap/cdc/android/sdk/auth/AuthEndpoints.kt

@@ -58,6 +58,9 @@ class AuthEndpoints {
         const val EP_TFA_TOTP_REGISTER = "accounts.tfa.totp.register"
         const val EP_TFA_TOTP_VERIFY = "accounts.tfa.totp.verify"
 
+        const val EP_RISK_SAPTCHA_GET_CHALLENGE = "accounts.risk.saptcha.getChallenge"
+        const val EP_RISK_SAPTCHA_VERIFY = "accounts.risk.saptcha.verify"
+
         // May be redundant cause connection can be done using notifySocialLogin with
         // loginMode = connect.
         const val EP_SOCIALIZE_ADD_CONNECTION = "socialize.addConnection"

library/src/main/java/com/sap/cdc/android/sdk/auth/ResolvableContext.kt

@@ -31,14 +31,16 @@ class ResolvableContext(
         const val ERR_ACCOUNT_PENDING_REGISTRATION = 206001
         const val ERR_ACCOUNT_PENDING_VERIFICATION = 206002
         const val ERR_ENTITY_EXIST_CONFLICT = 403043
-        const val ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION = 403102
-        const val ERR_ERROR_PENDING_TWO_FACTOR_VERIFICATION = 403101
+        const val ERR_PENDING_TWO_FACTOR_REGISTRATION = 403102
+        const val ERR_PENDING_TWO_FACTOR_VERIFICATION = 403101
+        const val ERR_CAPTCHA_REQUIRED = 401020
 
         val resolvables = mapOf(
             ERR_ACCOUNT_PENDING_REGISTRATION to "Account pending registration",
             ERR_ENTITY_EXIST_CONFLICT to "Entity exist conflict",
-            ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION to "Pending two factor registration",
-            ERR_ERROR_PENDING_TWO_FACTOR_VERIFICATION to "Pending two factor verification",
+            ERR_PENDING_TWO_FACTOR_REGISTRATION to "Pending two factor registration",
+            ERR_PENDING_TWO_FACTOR_VERIFICATION to "Pending two factor verification",
+            ERR_CAPTCHA_REQUIRED to "Captcha required"
         )
     }
 

library/src/main/java/com/sap/cdc/android/sdk/auth/flow/AuthFlow.kt

@@ -77,6 +77,11 @@ open class AuthFlow(val coreClient: CoreClient, val sessionService: SessionServi
                         ResolvableOtp(cdcResponse.stringField("vToken"))
                 }
 
+
+                ResolvableContext.ERR_CAPTCHA_REQUIRED -> {
+                    CDCDebuggable.log(LOG_TAG, "ERR_SAPTCHA_REQUIRED")
+                }
+
                 // REGISTRATION
                 ResolvableContext.ERR_ACCOUNT_PENDING_REGISTRATION -> {
                     CDCDebuggable.log(LOG_TAG, "ERR_ACCOUNT_PENDING_REGISTRATION")
@@ -104,8 +109,8 @@ open class AuthFlow(val coreClient: CoreClient, val sessionService: SessionServi
                 }
 
                 // TFA
-                ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION,
-                ResolvableContext.ERR_ERROR_PENDING_TWO_FACTOR_VERIFICATION -> {
+                ResolvableContext.ERR_PENDING_TWO_FACTOR_REGISTRATION,
+                ResolvableContext.ERR_PENDING_TWO_FACTOR_VERIFICATION -> {
                     CDCDebuggable.log(LOG_TAG, "ERR_ERROR_PENDING_TWO_FACTOR_REGISTRATION")
                     // Get providers
                     val tfaResolve = AuthTFA(coreClient, sessionService)

library/src/main/java/com/sap/cdc/android/sdk/auth/flow/AuthFlowCaptcha.kt

@@ -0,0 +1,67 @@
+package com.sap.cdc.android.sdk.auth.flow
+
+import com.sap.cdc.android.sdk.CDCDebuggable
+import com.sap.cdc.android.sdk.auth.AuthEndpoints.Companion.EP_RISK_SAPTCHA_GET_CHALLENGE
+import com.sap.cdc.android.sdk.auth.AuthEndpoints.Companion.EP_RISK_SAPTCHA_VERIFY
+import com.sap.cdc.android.sdk.auth.AuthResponse
+import com.sap.cdc.android.sdk.auth.AuthenticationApi
+import com.sap.cdc.android.sdk.auth.IAuthResponse
+import com.sap.cdc.android.sdk.auth.session.SessionService
+import com.sap.cdc.android.sdk.core.CoreClient
+import com.sap.cdc.android.sdk.extensions.encodeWith
+import com.sap.cdc.android.sdk.extensions.jwtDecode
+
+class CaptchaAuthFlow(coreClient: CoreClient, sessionService: SessionService) :
+    AuthFlow(coreClient, sessionService) {
+
+    companion object {
+        const val LOG_TAG = "AuthFlowCaptcha"
+    }
+
+    suspend fun getSaptchaToken(): IAuthResponse {
+        CDCDebuggable.log(TFAAuthFlow.LOG_TAG, "startChallenge")
+        val getJwt =
+            AuthenticationApi(coreClient, sessionService).genericSend(
+                EP_RISK_SAPTCHA_GET_CHALLENGE,
+                parameters = mutableMapOf()
+            )
+        val authResponse = AuthResponse(getJwt)
+        if (authResponse.isError()) {
+            // Flow ends with error.
+            return authResponse
+        }
+
+        val token = getJwt.stringField("saptchaToken") as String
+        CDCDebuggable.log(TFAAuthFlow.LOG_TAG, "token: $token")
+
+        val jwtObject = token.jwtDecode()
+        val jti = jwtObject.getString("jti")
+        val pattern = jwtObject.getString("pattern")
+
+        // Verify challenge
+        var i = 0
+        var isFinished = false
+        while (!isFinished) {
+            i += 1
+            isFinished = verifyChallenge(jti, pattern, i)
+        }
+
+        // Verify token
+        val params = mutableMapOf("token" to "$token|$i")
+        val verifyJwt =
+            AuthenticationApi(coreClient, sessionService).genericSend(
+                EP_RISK_SAPTCHA_VERIFY,
+                parameters = params
+            )
+
+        val verifyResponse = AuthResponse(verifyJwt)
+        return verifyResponse
+    }
+
+    private fun verifyChallenge(challengeId: String, pattern: String, i: Int): Boolean {
+        val value = "$challengeId.$i".encodeWith("SHA-512")
+        val regex = pattern.toRegex()
+        return regex.containsMatchIn(value)
+    }
+
+}

library/src/main/java/com/sap/cdc/android/sdk/extensions/StringExt.kt

@@ -2,7 +2,11 @@ package com.sap.cdc.android.sdk.extensions
 
 import android.util.Base64
 import com.sap.cdc.android.sdk.core.SiteConfig
+import org.json.JSONObject
+import java.math.BigInteger
 import java.net.URLDecoder
+import java.nio.charset.StandardCharsets
+import java.security.MessageDigest
 import java.security.SecureRandom
 import java.util.Locale
 
@@ -66,4 +70,26 @@ fun String.parseQueryStringParams(): Map<String, String> =
                 value.isNotBlank()
             }
         }
-        .toMap()
+        .toMap()
+
+fun String.jwtDecode(): JSONObject {
+    val parts = this.split(".")
+    val base64EncodedData = parts[1]
+    val data = Base64.decode(
+        base64EncodedData.toByteArray(charset = StandardCharsets.UTF_8),
+        Base64.DEFAULT
+    )
+    return JSONObject(String(data, StandardCharsets.UTF_8))
+}
+
+fun String.encodeWith(algorithm: String): String {
+    val md: MessageDigest = MessageDigest.getInstance(algorithm)
+    val messageDigest = md.digest(this.toByteArray())
+    val no = BigInteger(1, messageDigest)
+    var hash: String = no.toString(16)
+    // Add preceding 0s to make it 128 chars long
+    while (hash.length < 128) {
+        hash = "0$hash"
+    }
+    return hash
+}