AMM-2344 : extend Expiry timing.

src/main/environment/common_ci.properties

@@ -190,10 +190,19 @@ captcha.enable-captcha=@env.ENABLE_CAPTCHA@
 
 cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@
 
-video-call-url=@env.VIDEO_CALL_URL@
-jibri.output.path=@env.JIBRI_OUTPUT_PATH@
+# Jitsi configuration
+videocall.url=@env.VIDEO_CALL_URL@
 video.recording.path=@env.VIDEO_RECORDING_PATH@
 
+# Jitsi JWT (prosody token-auth)
+jitsi.app.id=@env.JITSI_APP_ID@
+jitsi.app.secret=@env.JITSI_APP_SECRET@
+jitsi.domain=@env.JITSI_DOMAIN@
+jitsi.sub=@env.JITSI_SUB@
+jitsi.token.ttl.seconds=@env.JITSI_TOKEN_TTL_SECONDS@
+jitsi.room.prefix=@env.JITSI_ROOM_PREFIX@
+jitsi.default.user.email=@env.JITSI_DEFAULT_USER_EMAIL@
+
 platform.feedback.ratelimit.enabled=@env.PLATFORM_FEEDBACK_RATELIMIT_ENABLED@
 platform.feedback.ratelimit.pepper=@env.PLATFORM_FEEDBACK_RATELIMIT_PEPPER@
 platform.feedback.ratelimit.trust-forwarded-for=@env.PLATFORM_FEEDBACK_RATELIMIT_TRUST_FORWARDED_FOR@

src/main/environment/common_docker.properties

@@ -192,10 +192,18 @@ firebase.enabled=${FIREBASE_ENABLE}
 firebase.credential-file=${FIREBASE_CREDENTIAL}
 
 
-video-call-url=${VIDEO_CALL_URL}
-jibri.output.path={JIBRI_OUTPUT_PATH}
+videocall.url=${VIDEO_CALL_URL}
 video.recording.path={VIDEO_RECORDING_PATH}
 
+# Jitsi JWT (prosody token-auth)
+jitsi.app.id=${JITSI_APP_ID}
+jitsi.app.secret=${JITSI_APP_SECRET}
+jitsi.domain=${JITSI_DOMAIN}
+jitsi.sub=${JITSI_SUB}
+jitsi.token.ttl.seconds=${JITSI_TOKEN_TTL_SECONDS}
+jitsi.room.prefix=${JITSI_ROOM_PREFIX}
+jitsi.default.user.email=${JITSI_DEFAULT_USER_EMAIL}
+
 # Platform Feedback module
 platform.feedback.ratelimit.enabled=${PLATFORM_FEEDBACK_RATELIMIT_ENABLED}
 platform.feedback.ratelimit.pepper=${PLATFORM_FEEDBACK_RATELIMIT_PEPPER}

src/main/environment/common_example.properties

@@ -25,7 +25,7 @@ km-root-path=/okm:personal/users/
 km-guest-user=guest
 km-guest-password=guest
 
-tempFilePath=/opt/openkm
+tempFilePath=/tmp
 
 # CTI Config
 cti-server-ip=10.208.122.99
@@ -200,9 +200,9 @@ grievanceAllocationRetryConfiguration=3
 logging.path=logs/
 logging.file.name=logs/common-api.log
 
-video-call-url=https://vc.piramalswasthya.org/?
-jibri.output.path=/srv/jibri/recordings
-video.recording.path=/srv/recordings
+# Jitsi configuration
+videocall.url=https://vc.piramalswasthya.org/?
+video.recording.path=/opt/recordings
 
 captcha.secret-key= <Enter Cloudflare Secret Key>
 captcha.verify-url= https://challenges.cloudflare.com/turnstile/v0/siteverify
@@ -233,3 +233,11 @@ otp.ratelimit.day-limit=20
 
 ### generate Beneficiary IDs URL
 generateBeneficiaryIDs-api-url=/generateBeneficiaryController/generateBeneficiaryIDs
+
+JITSI_APP_ID=piramal_vc
+JITSI_APP_SECRET=5b9883418be6f228ffe3ceaa74dd3d3b91737733a4a85c5e82fc584ad449850b                                                                                                                          
+JITSI_DOMAIN=vc.piramalswasthya.org                                                                                                                                                                        
+JITSI_SUB=meet.jitsi                                                                                                                                                                                       
+JITSI_TOKEN_TTL_SECONDS=3600                                                                                                                                                                               
+JITSI_ROOM_PREFIX=piramal-meeting-                                                                                                                                                                         
+JITSI_DEFAULT_USER_EMAIL=admin@piramalswasthya.org

src/main/java/com/iemr/common/CommonApplication.java

@@ -29,6 +29,7 @@
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.web.client.RestTemplate;
 
@@ -40,6 +41,7 @@
 
 @SpringBootApplication
 @EnableScheduling
+@EnableAsync(proxyTargetClass = true)
 public class CommonApplication extends SpringBootServletInitializer {
 
 	@Bean

src/main/java/com/iemr/common/config/InterceptorConfig.java

@@ -36,7 +36,8 @@ public class InterceptorConfig implements WebMvcConfigurer {
 
 	@Override
 	public void addInterceptors(InterceptorRegistry registry) {
-		registry.addInterceptor(requestInterceptor);
+		registry.addInterceptor(requestInterceptor)
+				.excludePathPatterns("/video-consultation/resolve", "**/video-consultation/resolve");
 	}
 
 }

src/main/java/com/iemr/common/config/encryption/SecurePassword.java

@@ -26,10 +26,8 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
-
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
-
 import org.springframework.stereotype.Service;
 
 @Service

src/main/java/com/iemr/common/controller/beneficiary/BeneficiaryRegistrationController.java

@@ -37,6 +37,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
@@ -74,6 +75,8 @@
 import com.iemr.common.service.userbeneficiarydata.TitleService;
 import com.iemr.common.utils.CookieUtil;
 import com.iemr.common.utils.JwtUtil;
+import com.iemr.common.utils.CookieUtil;
+import com.iemr.common.utils.JwtUtil;
 import com.iemr.common.utils.mapper.InputMapper;
 import com.iemr.common.utils.mapper.OutputMapper;
 import com.iemr.common.utils.response.OutputResponse;

src/main/java/com/iemr/common/controller/dynamicForm/DynamicFormController.java

@@ -97,4 +97,6 @@ public ResponseEntity<ApiResponse<?>> getStructuredForm(@PathVariable String for
     }
 
 
+
+
 }

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java

@@ -81,6 +81,7 @@
 public class IEMRAdminController {
 	private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
 	private InputMapper inputMapper = new InputMapper();
+	private static final Set<String> CONCURRENT_SESSION_EXEMPT_ROLES = Set.of("provideradmin", "superadmin");
 
 //	@Value("${captcha.enable-captcha}")
 	private boolean enableCaptcha =false;
@@ -180,11 +181,22 @@ public String userAuthenticate(
 			if (m_User.getUserName() != null
 					    && (m_User.getDoLogout() == null || !m_User.getDoLogout())
 					    && (m_User.getWithCredentials() != null && m_User.getWithCredentials())) {
-				String tokenFromRedis = getConcurrentCheckSessionObjectAgainstUser(
-						m_User.getUserName().trim().toLowerCase());
-				if (tokenFromRedis != null) {
-					throw new IEMRException(
-							"You are already logged in,please confirm to logout from other device and login again");
+				String userRole = "";
+				if (mUser.size() == 1 && mUser.get(0).getM_UserServiceRoleMapping() != null) {
+					for (UserServiceRoleMapping usrm : mUser.get(0).getM_UserServiceRoleMapping()) {
+						if (usrm.getM_Role() != null && usrm.getM_Role().getRoleName() != null) {
+							userRole = usrm.getM_Role().getRoleName();
+							break;
+						}
+					}
+				}
+				if (!CONCURRENT_SESSION_EXEMPT_ROLES.contains(userRole.trim().toLowerCase())) {
+					String tokenFromRedis = getConcurrentCheckSessionObjectAgainstUser(
+							m_User.getUserName().trim().toLowerCase());
+					if (tokenFromRedis != null) {
+						throw new IEMRException(
+								"You are already logged in,please confirm to logout from other device and login again");
+					}
 				}
 			} else if (m_User.getUserName() != null && m_User.getDoLogout() != null && m_User.getDoLogout() == true) {
 				deleteSessionObject(m_User.getUserName().trim().toLowerCase());
@@ -337,6 +349,16 @@ public ResponseEntity<?> refreshToken(@RequestBody Map<String, String> request)
 			String userId = claims.get("userId", String.class);
 			User user = iemrAdminUserServiceImpl.getUserById(Long.parseLong(userId));
 
+			// validate if user account is locked or de-activated
+			if(user.getDeleted()){
+				logger.warn("Your account is locked or de-activated. Please contact administrator");
+				return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Your account is locked or de-activated. Please contact administrator.");
+			}
+			if(user.getStatusID()>2){
+				logger.warn("Your account is not active. Please contact administrator");
+				return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Your account is not active. Please contact administrator.");
+			}
+
 			// Validate that the user still exists and is active
 			if (user == null) {
 				logger.warn("Token validation failed: user not found for userId in token.");
@@ -402,16 +424,28 @@ public String logOutUserFromConcurrentSession(
 						deleteSessionObjectByGettingSessionDetails(previousTokenFromRedis);
 						sessionObject.deleteSessionObject(previousTokenFromRedis);
 
-						// Denylist the active JWT so System 1's requests are immediately rejected
-						String usernameKey = mUsers.get(0).getUserName().trim().toLowerCase();
-						String jtiData = stringRedisTemplate.opsForValue().get("jti:" + usernameKey);
-						if (jtiData != null) {
-							String[] parts = jtiData.split("\\|", 2);
-							tokenDenylist.addTokenToDenylist(parts[0], jwtUtil.getAccessTokenExpiration());
-							if (parts.length > 1) {
-								redisTemplate.delete("user_" + parts[1]);
+						String userRole = "";
+						if (mUsers.get(0).getM_UserServiceRoleMapping() != null) {
+							for (UserServiceRoleMapping usrm : mUsers.get(0).getM_UserServiceRoleMapping()) {
+								if (usrm.getM_Role() != null && usrm.getM_Role().getRoleName() != null) {
+									userRole = usrm.getM_Role().getRoleName();
+									break;
+								}
+							}
+						}
+						if (!CONCURRENT_SESSION_EXEMPT_ROLES.contains(userRole.trim().toLowerCase())) {
+							// Denylist the active JWT so the first system's requests are immediately rejected
+							String usernameKey = mUsers.get(0).getUserName().trim().toLowerCase();
+							String jtiData = stringRedisTemplate.opsForValue().get("jti:" + usernameKey);
+							if (jtiData != null) {
+								String[] parts = jtiData.split("\\|", 2);
+								String jti = parts[0];
+								tokenDenylist.addTokenToDenylist(jti, jwtUtil.getAccessTokenExpiration());
+								if (parts.length > 1) {
+									redisTemplate.delete("user_" + parts[1]);
+								}
+								stringRedisTemplate.delete("jti:" + usernameKey);
 							}
-							stringRedisTemplate.delete("jti:" + usernameKey);
 						}
 
 						response.setResponse("User successfully logged out");
@@ -526,11 +560,13 @@ public String superUserAuthenticate(
 			String refreshToken = null;
 			boolean isMobile = false;
 			if (m_User.getUserName() != null && (m_User.getDoLogout() == null || m_User.getDoLogout() == false)) {
-				String tokenFromRedis = getConcurrentCheckSessionObjectAgainstUser(
-						m_User.getUserName().trim().toLowerCase());
-				if (tokenFromRedis != null) {
-					throw new IEMRException(
-							"You are already logged in,please confirm to logout from other device and login again");
+				if (!CONCURRENT_SESSION_EXEMPT_ROLES.contains(m_User.getUserName().trim().toLowerCase())) {
+					String tokenFromRedis = getConcurrentCheckSessionObjectAgainstUser(
+							m_User.getUserName().trim().toLowerCase());
+					if (tokenFromRedis != null) {
+						throw new IEMRException(
+								"You are already logged in,please confirm to logout from other device and login again");
+					}
 				}
 			} else if (m_User.getUserName() != null && m_User.getDoLogout() != null && m_User.getDoLogout() == true) {
 				deleteSessionObject(m_User.getUserName().trim().toLowerCase());

src/main/java/com/iemr/common/controller/version/VersionController.java

@@ -75,6 +75,8 @@ public ResponseEntity<Map<String, String>> versionInformation() {
 		return ResponseEntity.ok(response);
 	}
 
+
+
 	private Properties loadGitProperties() throws IOException {
 		Properties properties = new Properties();
 		try (InputStream input = getClass().getClassLoader()