[APIM] Send emails to users upon self-sign up aproval

When using the self sign up of WSO2 API manager, the user needs to wait for the admin to approve their signup request. However when the admin approves/rejects the request, users may like to receive an email with the status of the approval. This can be achieved by the extension points provided by APIM. In this article we will consider how this can be achieved,

First step is to set up the user sign up work flow as described in the documentation[1]. After following the documentation, you should be able to self sign up and attach a workflow to the to the self sign up process. After self signup, you can login to the admin portal of APIM and approve or reject a request to sign up.
This portal can be address through https://HOSTNAME:PORT/admin for example https://10.100.9.174:9443/admin
Next we need to extend from UserSignUpWSWorkflowExecutor of APIM and write your own logic to send out an email. In this case, we have overriden the complete method of UserSignUpWSWorkflowExecutor. In the default implementation, when admin approves or rejects the request and the comple method is called to either delete the user or grant him permission to login. Since this logic is still needed, super.comple() method is first called. Afterwards, the using javax.mail, the mail is constructed as bellow,
@Override
public WorkflowResponse complete(WorkflowDTO workflowDTO) throws WorkflowException {
super.complete(workflowDTO);
Properties props = new Properties();
props.put(MAIL_SMTP_AUTH, "true");
props.put(MAIL_SMTP_STAR_TTLS_ENABLE, "true");
props.put(MAIL_SMTP_HOST, "smtp.gmail.com");
props.put(MAIL_SMTP_PORT, "587");
Session session = Session.getInstance(props, new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(emailAddress, emailPassword);
}
});
try {
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(emailAddress));
String email = getUserEmail(workflowDTO);
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(email));
message.setSubject("My Company User Sign-up Service");
if (WorkflowStatus.APPROVED.equals(workflowDTO.getStatus())) {
message.setText("Your request to sign-up with <Company name> has been approved by the admin. Your " +
"username is "+ MultitenantUtils.getTenantAwareUsername(workflowDTO.getWorkflowReference()) +
". You can now login with your credentials provided to the API store.");
} else {
message.setText("Your request to sign-up with <Company name> has been declined by the admin. " +
"Please contact the admin for more details.");
}
Transport.send(message);
} catch (AddressException e) {
String msg = "Error while converting the email address.";
log.error(msg);
throw new WorkflowException(e.getMessage());
} catch (MessagingException e) {
String msg = "Error while sending the sign-up update mail to user: " + workflowDTO.getWorkflowReference();
log.error(msg);
throw new WorkflowException(e.getMessage());
}
return new GeneralWorkflowResponse();
}
view raw CustomUserSignUpWSWorkflowExecutor.java hosted with ❤ by GitHub


Next step is to find the email of the user that this message needs to be delivered to and for this, it is possible use UserStoreManager class as bellow,
private String getUserEmail(WorkflowDTO workflowDTO) throws WorkflowException {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
ctx.setUsername(workflowDTO.getWorkflowReference());
RealmService realmService = (RealmService) ctx.getOSGiService(RealmService.class, null);
if (realmService == null) {
String msg = "RealmService is not initialized";
log.error(msg);
throw new WorkflowException(msg);
}
String tenantAwareUserName = MultitenantUtils.getTenantAwareUsername(workflowDTO.getWorkflowReference());
try {
UserRealm userRealm = realmService.getTenantUserRealm(workflowDTO.getTenantId());
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
return userStoreManager.getUserClaimValue(tenantAwareUserName, EMAIL_CLAIM, null);
} catch (UserStoreException e) {
String msg = "Error while getting email address of user: " + workflowDTO.getWorkflowReference();
log.error(msg);
throw new WorkflowException(e.getMessage());
}
}
view raw CustomUserSignUpWSWorkflowExecutor.java hosted with ❤ by GitHub


You can find the complete code, in github[2] and clone this and compile the code. After compiling, copy the file /target/custom-usersignup-workflow-executor-1.0.0.jar to /repository/components/lib directory

Startup the APIM server and go to the management console(https://:9443/carbon)
Click on browse under resource and go to the following resource/_system/governance/apimgt/applicationdata/workflow-extensions.xml
Add the following section[3] to the workflow-extensions.xml
<UserSignUp executor="com.wso2.custom.workflow.CustomUserSignUpWSWorkflowExecutor">
<property name="serviceEndpoint">http://localhost:9765/services/UserSignupProcess/</property>
<property name="username">admin</property>
<property name="password">admin</property>
<property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</property>
<property name="emailAddress">senders_email_address_here</property>
<property name="emailPassword">senders_email_password_here</property>
</UserSignUp>
view raw workflow-extensions.xml hosted with ❤ by GitHub


Comment out org.wso2.carbon.apimgt.impl.workflow.UserSignUpSimpleWorkflowExecutor tag in workflow-extensions.xml.
Now when you sign up and approve, an email should come to the email address of the newly signed up user's provided email.

[1]. https://docs.wso2.com/display/AM210/Adding+a+User+Signup+Workflow
[2]. https://github.com/inoshperera/workflow-executor
[3]. https://github.com/inoshperera/workflow-executor/blob/master/wf.xml#L36-L43

Comments

  1. donnaj edwardsMay 8, 2021 at 1:56 AM

    Interesting Article. Hoping that you will continue posting an article having a useful information. IOS Development

    ReplyDelete

Post a Comment

Popular posts from this blog

MDM vendor singing and MDM APNS certificate generation for WSO2 Iot server

Image
When we look at how Apple has created the device management protocol for iOS devices, one thing that we notice is they have tried to make the process as secure as possible. In this article, we will look at what is the MDM APNS certificate and how we can generate and use them. When managing iOS devices, the device management commands are typically executed by a native client available in the iOS operating system itself. When a device management server needs to send a command to this client, the command has to be sent though Apple APNS server. However, since these commands are executed by the operating system it self, using a general APNS certificate, does not make sense. Therefore Apple has made it mandatory that the device management servers use a special MDM APNS certificate when sending commands to a device. These certificates expire annually and the admins have to renew then annually. MDM APNS certificate generation is bit of a complex process and to make things simpler, I ha...
Read more

Android device owner concepts

Image
With Android 5.0, Google has introduced Device owner and device profile concepts to make android enterprise ready. Device owner app is an application with special privileges to perform task such as monitor and manage settings and other privileged tasks. This means in a literal sense,the devices ownership is given to the organization managing it making the device owner concept ideal for COPE scenario. Once the device ownership is assigned to an app, in order to remove it, the device needs to be factory reseted, for example in a situation where the device needs to be given to a different user.  When the device ownership is given to a specific app, the app gets access to a set of Android APIs that are only available to device owner app. These APIs are not available to regular Android apps. At a given time there can only be one device owner app in a device, which prevents another device owner app overriding the policies enforced by the first device owner app.  The service...
Read more

iOS device policies in WSO2 Device cloud

Image
Today, many organizations allow employees to bring their devices to work and this introduces new risks to corporate data as people typically use their devices for work purposes. To minimise the risk of exposing corporate data to unintended parties, organization may want to manage the devices of their employees and enforce rules or policies on what each user can do with their devices. WSO2 device cloud is capable of managing devices and enforcing strict policies on devices to increase the information security of an organization. Let's take a look at the policies [1] that are available for iOS devices in WSO2 device cloud. Passcode Policy This is one of the most common policies that provides an OS level security to a device. With the passcode policy, administrators can make sure that every user has a strong passcode for their devices and make the user adhere to the the rules defined by the administrator when setting up a password. When a passcode policy is set on a device...
Read more