You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ha...@apache.org on 2022/11/03 09:10:17 UTC
[cloudstack] 02/03: Static Pin changes
This is an automated email from the ASF dual-hosted git repository.
harikrishna pushed a commit to branch 2FA
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit b1be581f967a1a240715614fe9ac301df800f85c
Author: Harikrishna Patnala <ha...@gmail.com>
AuthorDate: Tue Nov 1 14:46:11 2022 +0530
Static Pin changes
---
.../java/com/cloud/utils/db/GenericDaoBase.java | 3 ---
.../auth/StaticPinUserTwoFactorAuthenticator.java | 2 +-
.../auth/SetupUserTwoFactorAuthenticationCmd.java | 2 +-
.../java/com/cloud/user/AccountManagerImpl.java | 5 +++++
ui/public/locales/en.json | 4 ++--
ui/src/views/iam/RegisterTwoFactorAuth.vue | 25 ++++++++++++++++------
6 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java b/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
index 456c9a83c36..208e8463e72 100644
--- a/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
+++ b/framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
@@ -838,9 +838,6 @@ public abstract class GenericDaoBase<T, ID extends Serializable> extends Compone
}
int result = pstmt.executeUpdate();
- if (sql.toString().contains("user")) {
- s_logger.debug("HARI " + pstmt.toString());
- }
txn.commit();
ub.clear();
return result;
diff --git a/plugins/user-two-factor-authenticators/static-pin/src/main/java/org/apache/cloudstack/auth/StaticPinUserTwoFactorAuthenticator.java b/plugins/user-two-factor-authenticators/static-pin/src/main/java/org/apache/cloudstack/auth/StaticPinUserTwoFactorAuthenticator.java
index 3e32e2f5b1f..99bd404ebc8 100644
--- a/plugins/user-two-factor-authenticators/static-pin/src/main/java/org/apache/cloudstack/auth/StaticPinUserTwoFactorAuthenticator.java
+++ b/plugins/user-two-factor-authenticators/static-pin/src/main/java/org/apache/cloudstack/auth/StaticPinUserTwoFactorAuthenticator.java
@@ -65,7 +65,7 @@ public class StaticPinUserTwoFactorAuthenticator extends AdapterBase implements
}
long seed = System.currentTimeMillis();
Random rng = new Random(seed);
- long number = (rng.nextLong() % 900000) + 100000;
+ long number = (rng.nextLong() % 90000) + 100000;
String key = Long.toString(number);
userAccount.setKeyFor2fa(key);
diff --git a/server/src/main/java/com/cloud/api/auth/SetupUserTwoFactorAuthenticationCmd.java b/server/src/main/java/com/cloud/api/auth/SetupUserTwoFactorAuthenticationCmd.java
index acce2cf3dfd..5ef0341662c 100644
--- a/server/src/main/java/com/cloud/api/auth/SetupUserTwoFactorAuthenticationCmd.java
+++ b/server/src/main/java/com/cloud/api/auth/SetupUserTwoFactorAuthenticationCmd.java
@@ -42,7 +42,7 @@ public class SetupUserTwoFactorAuthenticationCmd extends BaseCmd {
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
- @Parameter(name = ApiConstants.PROVIDER, type = CommandType.STRING, description = "two factor authentication code", required = true)
+ @Parameter(name = ApiConstants.PROVIDER, type = CommandType.STRING, description = "two factor authentication code")
private String provider;
@Parameter(name = ApiConstants.ENABLE, type = CommandType.BOOLEAN, description = "Enabled by default, provide false to disable 2FA")
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index 1813be8d0c7..3c2fbe50a2a 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -3201,6 +3201,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
UserTwoFactorAuthenticationSetupResponse response = new UserTwoFactorAuthenticationSetupResponse();
if (cmd.getEnable()) {
+ if (StringUtils.isEmpty(providerName)) {
+ throw new InvalidParameterValueException("Provider name is mandatory to setup 2FA");
+ }
UserTwoFactorAuthenticator provider = getUserTwoFactorAuthenticationProvider(providerName);
UserAccountVO userAccount = _userAccountDao.findById(owner.getId());
String code = provider.setup2FAKey(userAccount);
@@ -3212,6 +3215,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
_userDao.update(owner.getId(), user);
response.setId(owner.getUuid());
+ response.setUsername(owner.getName());
response.setSecretCode(code);
return response;
@@ -3224,6 +3228,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
_userDao.update(owner.getId(), user);
response.setId(owner.getUuid());
+ response.setUsername(owner.getName());
return response;
}
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 013391290c0..508c6f93098 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -676,7 +676,7 @@
"label.endipv6": "IPv6 end IP",
"label.endpoint": "Endpoint",
"label.endport": "End port",
-"label.enter.code": "Enter Authentication code to verify",
+"label.enter.code": "Enter authentication code to verify",
"label.enter.token": "Enter token",
"label.error": "Error",
"label.error.caught": "Error caught",
@@ -2585,7 +2585,7 @@
"message.two.fa.auth": "Open the two-factor authentication app on your mobile device to view your authentication code",
"message.two.fa.auth.register.account": "Open the two-factor authentication application and scan the QR code add the user account",
"message.two.fa.static.pin.part1": "If you can't scan the QR code, ",
-"message.two.fa.static.pin.part2": "enter this text code",
+"message.two.fa.static.pin.part2": "Click here to view the secret code",
"message.update.ipaddress.processing": "Updating IP Address...",
"message.update.resource.count": "Please confirm that you want to update resource counts for this account.",
"message.update.resource.count.domain": "Please confirm that you want to update resource counts for this domain.",
diff --git a/ui/src/views/iam/RegisterTwoFactorAuth.vue b/ui/src/views/iam/RegisterTwoFactorAuth.vue
index 3ffb9f5b391..1c1db3e28cf 100644
--- a/ui/src/views/iam/RegisterTwoFactorAuth.vue
+++ b/ui/src/views/iam/RegisterTwoFactorAuth.vue
@@ -43,7 +43,7 @@
<div> {{ $t('message.two.fa.auth.register.account') }} </div>
<vue-qrious
class="center-align"
- :value="pin"
+ :value="googleUrl"
@change="onDataUrlChange"
/>
</div>
@@ -57,7 +57,7 @@
<br />
<h3> {{ $t('label.enter.code') }} </h3>
<a-form @finish="submitPin" v-ctrl-enter="submitPin" class="container">
- <a-input v-model:value="pin" />
+ <a-input v-model:value="code" />
<div :span="24">
<a-button ref="submit" type="primary" @click="submitPin">{{ $t('label.ok') }}</a-button>
</div>
@@ -95,8 +95,10 @@ export default {
},
data () {
return {
+ googleUrl: '',
dataUrl: '',
pin: '',
+ code: '',
showPin: false,
providers: [],
selectedProvider: null
@@ -117,6 +119,10 @@ export default {
api('setupUserTwoFactorAuthentication', { provider: this.selectedProvider }).then(response => {
console.log(response)
this.pin = response.setupusertwofactorauthenticationresponse.setup2fa.secretcode
+ if (this.selectedProvider === 'google') {
+ this.username = response.setupusertwofactorauthenticationresponse.setup2fa.username
+ this.googleUrl = 'otpauth://totp/CloudStack:' + this.username + '?secret=' + this.pin + '&issuer=CloudStack'
+ }
this.showPin = true
}).catch(error => {
this.$notification.error({
@@ -131,11 +137,18 @@ export default {
})
},
submitPin () {
- // call api
+ api('validateUserTwoFactorAuthenticationCode', { '2facode': this.code }).then(response => {
+ console.log(response)
+ }).catch(error => {
+ this.$notification.error({
+ message: this.$t('message.request.failed'),
+ description: (error.response && error.response.headers && error.response.headers['x-description']) || error.message
+ })
+ })
+ this.closeAction()
},
- generateStaticPin () {
- this.pin = Math.floor(100000 + Math.random() * 900000)
- this.showPin = true
+ closeAction () {
+ this.$emit('close-action')
},
onCloseModal () {
this.showPin = false