Merge pull request #1248 from /issues/1244-update-fido2-branch

Fix #1244: Upgrade FIDO2 branch to 1.6.x release
wultra · Jan 16, 2024 · 593b2f6 · 593b2f6
2 parents e1ae565 + 1a94809
commit 593b2f6
Show file tree

Hide file tree

Showing 69 changed files with 1,876 additions and 440 deletions.
diff --git a/docs-private/Developer-How-To-Start.md b/docs-private/Developer-How-To-Start.md
@@ -21,7 +21,13 @@ Others (like URL, username, password) depend on your environment.
 
 ```shell
 liquibase --changelog-file=./docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml --url=jdbc:postgresql://localhost:5432/powerauth --username=powerauth status
-``` 
+```
+
+To generate SQL script run this command.
+
+```shell
+liquibase --changeLogFile=./docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml --output-file=./docs/sql/oracle/generated-oracle-script.sql updateSQL --url=offline:oracle
+```
 
 
 ## PowerAuth Admin Server

diff --git a/docs/Configuration-Properties-Admin.md b/docs/Configuration-Properties-Admin.md
@@ -38,3 +38,9 @@ The PowerAuth Admin application uses the following public configuration properti
 | `powerauth.admin.security.ldap.ldif`               | `_empty_` | Specifies an ldif to load at startup for an embedded LDAP server.                                                                                                                                                                                                                   |
 | `powerauth.admin.security.ldap.managerDN`          | `_empty_` | Username (DN) of the "manager" user identity (i.e. "uid=admin,ou=system") which will be used to authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.                                                                                            |
 | `powerauth.admin.security.ldap.managerPassword`    | `_empty_` | The password for the manager DN. This is required if the `managerDN` property is set.                                                                                                                                                                                               |
+
+
+## Monitoring and Observability
+
+The WAR file includes the `micrometer-registry-prometheus` dependency.
+Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).
diff --git a/docs/Configuration-Properties.md b/docs/Configuration-Properties.md
@@ -37,7 +37,7 @@ The PowerAuth Server uses the following public configuration properties:
 | `powerauth.service.secureVault.enableBiometricAuthentication`      | `false`   | Whether biometric authentication is enabled when accessing Secure Vault                 |
 | `powerauth.server.db.master.encryption.key`                        | `_empty_` | Master DB encryption key for decryption of server private key in database               |
 | `powerauth.service.proximity-check.otp.length`                     | `8`       | Length of OTP generated for proximity check                                             |
-| `powerauth.service.pagination.default-page-size`                   | `100`     | The default number of records per page when paginated results are requested             |
+| `powerauth.service.pagination.default-page-size`                   | `500`     | The default number of records per page when paginated results are requested             |
 | `powerauth.service.pagination.default-page-number`                 | `0`       | The default page number when paginated results are requested. Page numbers start from 0 |
 
 ## HTTP Configuration
@@ -68,3 +68,9 @@ The PowerAuth Server uses the following public configuration properties:
 | `powerauth.service.correlation-header.name` | `X-Correlation-ID` | Correlation header name |
 | `powerauth.service.correlation-header.value.validation-regexp` | `[a-zA-Z0-9\\-]{8,1024}` | Regular expression for correlation header value validation |
 | `logging.pattern.console` | [See value in application.properties](https://github.com/wultra/powerauth-server/blob/develop/powerauth-java-server/src/main/resources/application.properties#docucheck-keep-link) | Logging pattern for console which includes the correlation header value |
+
+
+## Monitoring and Observability
+
+The WAR file includes the `micrometer-registry-prometheus` dependency.
+Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).
diff --git a/docs/PowerAuth-Server-1.6.0.md b/docs/PowerAuth-Server-1.6.0.md
@@ -4,10 +4,46 @@ This guide contains instructions for migration from PowerAuth Server version `1.
 
 ## Database Changes
 
+For convenience you can use liquibase for your database migration.
+
+For manual changes use SQL scripts:
+
+- [PostgreSQL script](./sql/postgresql/migration_1.5.3_1.6.0.sql)
+- [Oracle script](./sql/oracle/migration_1.5.3_1.6.0.sql)
+- [MSSQL script](./sql/mssql/migration_1.5.3_1.6.0.sql)
+
+### Allow Non-personalized Operations
+
+The column `user_id` in table `pa_operation` is nullable now.
+
 ### Forbid name duplication for operation templates.
 
 Add unique constraint to `templateName` column in `pa_operation_template` table.
 
+Applying this change may fail if there are duplicates in the `pa_operation_template` table. Please make sure there are
+no two records with the same name `templateName`. If necessary, remove any duplicities from the table manually. Consider
+creating a backup before this operation.
+
 ### Add foreign key constraints to operations and applications relation.
 
 Add foreign key constraints to relating table `pa_operation_application`.
+
+Applying this change may fail if there is an inconsistency between tables `pa_operation_application`
+and `pa_application` or `pa_operation`. Make sure that `pa_operation_application.application_id` contains references to
+existing `pa_application.id` and `pa_operation_application.operation_id` contains references to
+existing `pa_operation.id`. If necessary, manually remove orphaned records in `pa_operation_application`. Consider
+creating a backup before this operation.
+
+### Add activation_id Column
+
+Add a new column `activation_id` to the `pa_operation` table. This column is a foreign key that references
+the `activation_id` column in the `pa_activation` table. Storing the `activation_id` in the `pa_operation` table
+provides several enhancements:
+
+* It allows the creation of a new operation tied to a specific mobile device, identified by its activation ID.
+* It ensures that the operation can only be approved on that specific mobile device, again identified by its activation ID.
+
+### Add activation_name Column to pa_activation_history
+
+Add a new column `activation_name` to the `pa_activation_history` table.
+Since it is possible to change the activation name, it is recorded in the history.