start adding frontend MFA login support

преди 4 години · d14534fdd4
--- a/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java
+++ b/bubble-server/src/main/java/bubble/cloud/auth/AuthenticatorAuthFieldHandler.java
@@ -1,18 +1,30 @@
 package bubble.cloud.auth;

 import bubble.model.account.TotpBean;
 import org.cobbzilla.util.collection.SingletonList;
 import org.cobbzilla.wizard.validation.ConstraintViolationBean;

 import java.util.Collections;
 import java.util.List;

 import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString;
 import static org.cobbzilla.util.json.JsonUtil.json;

 public class AuthenticatorAuthFieldHandler implements AuthFieldHandler {

    @Override public List<ConstraintViolationBean> validate(String val) {
        // nothing to validate? or should we validate that the val is a proper secret key?
        // just ensure it is a valid TotpBean. should always be valid
        try {
            final TotpBean bean = json(val, TotpBean.class);
        } catch (Exception e) {
            return new SingletonList<>(new ConstraintViolationBean("err.authenticator.invalid", "Not a valid TotpBean: "+val+": "+shortErrorString(e)));
        }
        return Collections.emptyList();
    }

    // return verbatim, so user can re-add if needed
    @Override public String mask(String val) { return val; }
    public static final String MASKED_VALUE = "{\"masked\": true}";

    // we mask with a special value to tell the frontend it has been masked
    @Override public String mask(String val) { return MASKED_VALUE; }

 }
--- a/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java
+++ b/bubble-server/src/main/java/bubble/model/account/AccountPolicy.java
@@ -201,6 +201,7 @@ public class AccountPolicy extends IdentifiableBase implements HasAccount {
            for (AccountContact c : contacts) {
                if (c.getUuid().equals(contactUuid)) {
                    c.setVerified(true);
                    if (c.isAuthenticator()) c.setAuthFactor(AuthFactorType.required);
                    break;
                }
            }
--- a/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java
+++ b/bubble-server/src/main/java/bubble/notify/storage/StorageResult.java
@@ -7,7 +7,7 @@ import lombok.NoArgsConstructor;
 import lombok.Setter;
 import lombok.experimental.Accessors;

 import static org.cobbzilla.util.daemon.ZillaRuntime.errorString;
 import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString;
 import static org.cobbzilla.util.json.JsonUtil.json;

@NoArgsConstructor @Accessors(chain=true)
@@ -31,7 +31,7 @@ public class StorageResult {
    public static StorageResult failed(StorageDriverNotification notification, NotificationType type, Exception e) {
        return new StorageResult()
                .setSuccess(false)
                .setError(errorString(e))
                .setError(shortErrorString(e))
                .setKey(notification.getKey())
                .setType(type);
    }
--- a/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties
+++ b/bubble-server/src/main/resources/message_templates/server/en_US/post_auth/ResourceMessages.properties
@@ -79,6 +79,7 @@ button_label_submit_verify_code=Verify
 message_verify_authenticator_preamble=Install the Google Authenticator app on your device, then scan the QR code shown here and enter the code it displays.
 message_verify_authenticator_backupCodes=Backup Codes
 message_verify_authenticator_backupCodes_description=If you lose your device or don't have access to it, you can use one of these backup codes. Write them down in a safe place.
 message_verify_authenticator_masked=Authenticator was set up elsewhere, cannot show setup/verification information here
 field_label_policy_contact_requiredForNetworkUnlock=Required to unlock a new Bubble
 field_label_policy_contact_requiredForNetworkUnlock_icon=fa fa-unlock
 field_label_policy_contact_requiredForNodeOperations=Required for operations on your Bubble
@@ -207,9 +208,10 @@ err.accountPlan.stopNetworkBeforeDeleting=You must stop the bubble first, the de
 err.admin.cannotRemoveAdminStatusFromSelf=You cannot remove admin status from your own account
 err.allowedCountriesJson.length=Allowed countries list is too long
 err.approval.invalid=Approval cannot proceed
 err.authenticator.cannotCreate=Cannot create authenticator
 err.authenticator.configured=Only one authenticator can be configured
 err.authenticator.invalid=Authenticator data is invalid
 err.authenticator.notConfigured=Authenticator has not been configured
 err.authenticator.cannotCreate=Cannot create authenticator
 err.backup.cannotDelete=Cannot delete backup with its current status
 err.backupCleaner.didNotRun=Backup cleaner did not run
 err.backupCleaner.neverRun=Backup cleaner was never run
--- a/+ 1
+++ b/+ 1
@@ -1 +1 @@
 Subproject commit 701a13ded7f917deccc67b090e0c78c46944c936
 Subproject commit 240b7e3ac70c9d1ac91a69abfd3f943045a8cf31
--- a/utils/cobbzilla-utils
+++ b/utils/cobbzilla-utils
@@ -1 +1 @@
 Subproject commit dd0fcf4cd9a5b1f1ccaff29697494e9c5930bd06
 Subproject commit f4f5cf048b22a484db635700c00c011d0b2c7434