From d14534fdd48022dd55079102f4aea69bb9934ffe Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Thu, 19 Dec 2019 19:33:26 -0500 Subject: [PATCH] start adding frontend MFA login support --- .../auth/AuthenticatorAuthFieldHandler.java | 18 +++++++++++++++--- .../bubble/model/account/AccountPolicy.java | 1 + .../bubble/notify/storage/StorageResult.java | 4 ++-- .../post_auth/ResourceMessages.properties | 4 +++- bubble-web | 2 +- utils/cobbzilla-utils | 2 +- 6 files changed, 23 insertions(+), 8 deletions(-) diff --git a/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java b/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java index 8fb80a99..f06a6863 100644 --- a/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java +++ b/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java @@ -1,18 +1,30 @@ package bubble.cloud.auth; +import bubble.model.account.TotpBean; +import org.cobbzilla.util.collection.SingletonList; import org.cobbzilla.wizard.validation.ConstraintViolationBean; import java.util.Collections; import java.util.List; +import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString; +import static org.cobbzilla.util.json.JsonUtil.json; + public class AuthenticatorAuthFieldHandler implements AuthFieldHandler { @Override public List validate(String val) { - // nothing to validate? or should we validate that the val is a proper secret key? + // just ensure it is a valid TotpBean. should always be valid + try { + final TotpBean bean = json(val, TotpBean.class); + } catch (Exception e) { + return new SingletonList<>(new ConstraintViolationBean("err.authenticator.invalid", "Not a valid TotpBean: "+val+": "+shortErrorString(e))); + } return Collections.emptyList(); } - // return verbatim, so user can re-add if needed - @Override public String mask(String val) { return val; } + public static final String MASKED_VALUE = "{\"masked\": true}"; + + // we mask with a special value to tell the frontend it has been masked + @Override public String mask(String val) { return MASKED_VALUE; } } diff --git a/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java b/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java index 1b9b1d27..2b8bc5ac 100644 --- a/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java +++ b/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java @@ -201,6 +201,7 @@ public class AccountPolicy extends IdentifiableBase implements HasAccount { for (AccountContact c : contacts) { if (c.getUuid().equals(contactUuid)) { c.setVerified(true); + if (c.isAuthenticator()) c.setAuthFactor(AuthFactorType.required); break; } } diff --git a/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java b/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java index 87536d3a..dc1d0f86 100644 --- a/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java +++ b/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java @@ -7,7 +7,7 @@ import lombok.NoArgsConstructor; import lombok.Setter; import lombok.experimental.Accessors; -import static org.cobbzilla.util.daemon.ZillaRuntime.errorString; +import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString; import static org.cobbzilla.util.json.JsonUtil.json; @NoArgsConstructor @Accessors(chain=true) @@ -31,7 +31,7 @@ public class StorageResult { public static StorageResult failed(StorageDriverNotification notification, NotificationType type, Exception e) { return new StorageResult() .setSuccess(false) - .setError(errorString(e)) + .setError(shortErrorString(e)) .setKey(notification.getKey()) .setType(type); } diff --git a/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties b/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties index 9b0e365b..75d7764a 100644 --- a/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties +++ b/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties @@ -79,6 +79,7 @@ button_label_submit_verify_code=Verify message_verify_authenticator_preamble=Install the Google Authenticator app on your device, then scan the QR code shown here and enter the code it displays. message_verify_authenticator_backupCodes=Backup Codes message_verify_authenticator_backupCodes_description=If you lose your device or don't have access to it, you can use one of these backup codes. Write them down in a safe place. +message_verify_authenticator_masked=Authenticator was set up elsewhere, cannot show setup/verification information here field_label_policy_contact_requiredForNetworkUnlock=Required to unlock a new Bubble field_label_policy_contact_requiredForNetworkUnlock_icon=fa fa-unlock field_label_policy_contact_requiredForNodeOperations=Required for operations on your Bubble @@ -207,9 +208,10 @@ err.accountPlan.stopNetworkBeforeDeleting=You must stop the bubble first, the de err.admin.cannotRemoveAdminStatusFromSelf=You cannot remove admin status from your own account err.allowedCountriesJson.length=Allowed countries list is too long err.approval.invalid=Approval cannot proceed +err.authenticator.cannotCreate=Cannot create authenticator err.authenticator.configured=Only one authenticator can be configured +err.authenticator.invalid=Authenticator data is invalid err.authenticator.notConfigured=Authenticator has not been configured -err.authenticator.cannotCreate=Cannot create authenticator err.backup.cannotDelete=Cannot delete backup with its current status err.backupCleaner.didNotRun=Backup cleaner did not run err.backupCleaner.neverRun=Backup cleaner was never run diff --git a/bubble-web b/bubble-web index 701a13de..240b7e3a 160000 --- a/bubble-web +++ b/bubble-web @@ -1 +1 @@ -Subproject commit 701a13ded7f917deccc67b090e0c78c46944c936 +Subproject commit 240b7e3ac70c9d1ac91a69abfd3f943045a8cf31 diff --git a/utils/cobbzilla-utils b/utils/cobbzilla-utils index dd0fcf4c..f4f5cf04 160000 --- a/utils/cobbzilla-utils +++ b/utils/cobbzilla-utils @@ -1 +1 @@ -Subproject commit dd0fcf4cd9a5b1f1ccaff29697494e9c5930bd06 +Subproject commit f4f5cf048b22a484db635700c00c011d0b2c7434