wultra · romanstrobl · Jul 7, 2025 · Jun 19, 2025
diff --git a/...a/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthBiometryException.java b/...a/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthBiometryException.java
@@ -0,0 +1,55 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2025 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.security.powerauth.rest.api.spring.exception;
+
+/**
+ * Exception raised in case PowerAuth fails to set up the biometry.
+ *
+ * @author Roman Strobl, [email protected]
+ */
+public class PowerAuthBiometryException extends Exception {
+
+    private static final String DEFAULT_CODE = "ERR_BIOMETRY";
+    private static final String DEFAULT_ERROR = "POWER_AUTH_BIOMETRY_FAILURE";
+
+    /**
+     * Default constructor.
+     */
+    public PowerAuthBiometryException() {
+        super(DEFAULT_ERROR);
+    }
+
+    /**
+     * Get the default error code, used for example in REST response.
+     * @return Default error code.
+     */
+    public String getDefaultCode() {
+        return DEFAULT_CODE;
+    }
+
+    /**
+     * Get default error message, used for example in the REST response.
+     * @return Default error message.
+     */
+    public String getDefaultError() {
+        return DEFAULT_ERROR;
+    }
+
+}
diff --git a/...a/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthPasswordException.java b/...a/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthPasswordException.java
@@ -0,0 +1,55 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2025 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.security.powerauth.rest.api.spring.exception;
+
+/**
+ * Exception raised in case PowerAuth fails to change the password.
+ *
+ * @author Roman Strobl, [email protected]
+ */
+public class PowerAuthPasswordException extends Exception {
+
+    private static final String DEFAULT_CODE = "ERR_PASSWORD_CHANGE";
+    private static final String DEFAULT_ERROR = "POWER_AUTH_PASSWORD_CHANGE_FAILURE";
+
+    /**
+     * Default constructor.
+     */
+    public PowerAuthPasswordException() {
+        super(DEFAULT_ERROR);
+    }
+
+    /**
+     * Get the default error code, used for example in REST response.
+     * @return Default error code.
+     */
+    public String getDefaultCode() {
+        return DEFAULT_CODE;
+    }
+
+    /**
+     * Get default error message, used for example in the REST response.
+     * @return Default error message.
+     */
+    public String getDefaultError() {
+        return DEFAULT_ERROR;
+    }
+
+}
diff --git a/.../java/com/wultra/security/powerauth/rest/api/spring/controller/v4/BiometryController.java b/.../java/com/wultra/security/powerauth/rest/api/spring/controller/v4/BiometryController.java
@@ -0,0 +1,87 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2018 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.security.powerauth.rest.api.spring.controller.v4;
+
+import com.wultra.core.rest.model.base.response.Response;
+import com.wultra.security.powerauth.crypto.lib.enums.PowerAuthCodeType;
+import com.wultra.security.powerauth.crypto.lib.v4.encryptor.model.request.AeadEncryptedRequest;
+import com.wultra.security.powerauth.crypto.lib.v4.encryptor.model.response.AeadEncryptedResponse;
+import com.wultra.security.powerauth.rest.api.spring.annotation.PowerAuth;
+import com.wultra.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication;
+import com.wultra.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
+import com.wultra.security.powerauth.rest.api.spring.exception.PowerAuthBiometryException;
+import com.wultra.security.powerauth.rest.api.spring.service.v4.BiometryService;
+import com.wultra.security.powerauth.rest.api.spring.util.PowerAuthAuthenticationUtil;
+import com.wultra.security.powerauth.rest.api.spring.util.PowerAuthVersionUtil;
+import lombok.AllArgsConstructor;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Controller for biometry setup.
+ *
+ * <p><b>PowerAuth protocol versions:</b>
+ * <ul>
+ *     <li>4.0</li>
+ * </ul>
+ *
+ * @author Roman Strobl, [email protected]
+ *
+ */
+@RestController("biometryControllerV4")
+@RequestMapping("/pa/v4/biometry")
+@AllArgsConstructor
+public class BiometryController {
+
+    private final BiometryService biometryService;
+
+    /**
+     * Set up biometry.
+     * @param request Encrypted request.
+     * @param auth Automatically injected PowerAuth authentication object.
+     * @return Encrypted response.
+     * @throws PowerAuthAuthenticationException In case any error occurs, including authentication code validation errors.
+     */
+    @PostMapping(value = "add")
+    @PowerAuth(resourceId = "/pa/biometry/add", authenticationCodeType = PowerAuthCodeType.POSSESSION_KNOWLEDGE)
+    public AeadEncryptedResponse addBiometry(@RequestBody AeadEncryptedRequest request, PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthBiometryException {
+        PowerAuthAuthenticationUtil.checkAuthentication(auth);
+        PowerAuthVersionUtil.checkUnsupportedVersion(auth.getVersion());
+        PowerAuthVersionUtil.checkEncryptionParameters(auth.getVersion(), request);
+        return biometryService.addBiometry(request, auth);
+    }
+
+    /**
+     * Remove biometry.
+     * @param auth Automatically injected PowerAuth authentication object.
+     * @return Response.
+     * @throws PowerAuthAuthenticationException In case any error occurs, including authentication code validation errors.
+     */
+    @PostMapping(value = "remove")
+    @PowerAuth(resourceId = "/pa/biometry/remove", authenticationCodeType = PowerAuthCodeType.POSSESSION)
+    public Response removeBiometry(PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthBiometryException {
+        PowerAuthAuthenticationUtil.checkAuthentication(auth);
+        PowerAuthVersionUtil.checkUnsupportedVersion(auth.getVersion());
+        return biometryService.removeBiometry(auth.getActivationContext().getActivationId());
+    }
+
+}
diff --git a/.../java/com/wultra/security/powerauth/rest/api/spring/controller/v4/PasswordController.java b/.../java/com/wultra/security/powerauth/rest/api/spring/controller/v4/PasswordController.java
@@ -0,0 +1,72 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2018 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.security.powerauth.rest.api.spring.controller.v4;
+
+import com.wultra.security.powerauth.crypto.lib.enums.PowerAuthCodeType;
+import com.wultra.security.powerauth.crypto.lib.v4.encryptor.model.request.AeadEncryptedRequest;
+import com.wultra.security.powerauth.crypto.lib.v4.encryptor.model.response.AeadEncryptedResponse;
+import com.wultra.security.powerauth.rest.api.spring.annotation.PowerAuth;
+import com.wultra.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication;
+import com.wultra.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
+import com.wultra.security.powerauth.rest.api.spring.exception.PowerAuthPasswordException;
+import com.wultra.security.powerauth.rest.api.spring.service.v4.PasswordService;
+import com.wultra.security.powerauth.rest.api.spring.util.PowerAuthAuthenticationUtil;
+import com.wultra.security.powerauth.rest.api.spring.util.PowerAuthVersionUtil;
+import lombok.AllArgsConstructor;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Controller for password change.
+ *
+ * <p><b>PowerAuth protocol versions:</b>
+ * <ul>
+ *     <li>4.0</li>
+ * </ul>
+ *
+ * @author Roman Strobl, [email protected]
+ *
+ */
+@RestController("passwordControllerV4")
+@RequestMapping("/pa/v4/password")
+@AllArgsConstructor
+public class PasswordController {
+
+    private final PasswordService passwordService;
+
+    /**
+     * Change the password.
+     * @param request Encrypted request.
+     * @param auth Automatically injected PowerAuth authentication object.
+     * @return Encrypted response.
+     * @throws PowerAuthAuthenticationException In case any error occurs, including authentication code validation errors.
+     */
+    @PostMapping(value = "change")
+    @PowerAuth(resourceId = "/pa/password/change", authenticationCodeType = PowerAuthCodeType.POSSESSION_KNOWLEDGE)
+    public AeadEncryptedResponse changePassword(@RequestBody AeadEncryptedRequest request, PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthPasswordException {
+        PowerAuthAuthenticationUtil.checkAuthentication(auth);
+        PowerAuthVersionUtil.checkUnsupportedVersion(auth.getVersion());
+        PowerAuthVersionUtil.checkEncryptionParameters(auth.getVersion(), request);
+        return passwordService.changePassword(request, auth);
+    }
+
+}
diff --git a/...va/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java b/...va/com/wultra/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java
@@ -130,4 +130,28 @@ public class PowerAuthExceptionHandler {
         return new ErrorResponse(ex.getDefaultCode(), ex.getDefaultError());
     }
 
+    /**
+     * Handle PowerAuthPasswordException exceptions.
+     * @param ex Exception instance.
+     * @return Error response.
+     */
+    @ExceptionHandler(value = PowerAuthPasswordException.class)
+    @ResponseStatus(value = HttpStatus.BAD_REQUEST)
+    public @ResponseBody ErrorResponse handlePowerAuthPasswordException(PowerAuthPasswordException ex) {
+        logger.warn(ex.getMessage(), ex);
+        return new ErrorResponse(ex.getDefaultCode(), ex.getDefaultError());
+    }
+
+    /**
+     * Handle PowerAuthBiometryException exceptions.
+     * @param ex Exception instance.
+     * @return Error response.
+     */
+    @ExceptionHandler(value = PowerAuthBiometryException.class)
+    @ResponseStatus(value = HttpStatus.BAD_REQUEST)
+    public @ResponseBody ErrorResponse handlePowerAuthBiometryException(PowerAuthBiometryException ex) {
+        logger.warn(ex.getMessage(), ex);
+        return new ErrorResponse(ex.getDefaultCode(), ex.getDefaultError());
+    }
+
 }