@@ -1,18 +1,30 @@ | |||||
package bubble.cloud.auth; | package bubble.cloud.auth; | ||||
import bubble.model.account.TotpBean; | |||||
import org.cobbzilla.util.collection.SingletonList; | |||||
import org.cobbzilla.wizard.validation.ConstraintViolationBean; | import org.cobbzilla.wizard.validation.ConstraintViolationBean; | ||||
import java.util.Collections; | import java.util.Collections; | ||||
import java.util.List; | import java.util.List; | ||||
import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString; | |||||
import static org.cobbzilla.util.json.JsonUtil.json; | |||||
public class AuthenticatorAuthFieldHandler implements AuthFieldHandler { | public class AuthenticatorAuthFieldHandler implements AuthFieldHandler { | ||||
@Override public List<ConstraintViolationBean> validate(String val) { | @Override public List<ConstraintViolationBean> validate(String val) { | ||||
// nothing to validate? or should we validate that the val is a proper secret key? | |||||
// just ensure it is a valid TotpBean. should always be valid | |||||
try { | |||||
final TotpBean bean = json(val, TotpBean.class); | |||||
} catch (Exception e) { | |||||
return new SingletonList<>(new ConstraintViolationBean("err.authenticator.invalid", "Not a valid TotpBean: "+val+": "+shortErrorString(e))); | |||||
} | |||||
return Collections.emptyList(); | return Collections.emptyList(); | ||||
} | } | ||||
// return verbatim, so user can re-add if needed | |||||
@Override public String mask(String val) { return val; } | |||||
public static final String MASKED_VALUE = "{\"masked\": true}"; | |||||
// we mask with a special value to tell the frontend it has been masked | |||||
@Override public String mask(String val) { return MASKED_VALUE; } | |||||
} | } |
@@ -201,6 +201,7 @@ public class AccountPolicy extends IdentifiableBase implements HasAccount { | |||||
for (AccountContact c : contacts) { | for (AccountContact c : contacts) { | ||||
if (c.getUuid().equals(contactUuid)) { | if (c.getUuid().equals(contactUuid)) { | ||||
c.setVerified(true); | c.setVerified(true); | ||||
if (c.isAuthenticator()) c.setAuthFactor(AuthFactorType.required); | |||||
break; | break; | ||||
} | } | ||||
} | } | ||||
@@ -7,7 +7,7 @@ import lombok.NoArgsConstructor; | |||||
import lombok.Setter; | import lombok.Setter; | ||||
import lombok.experimental.Accessors; | import lombok.experimental.Accessors; | ||||
import static org.cobbzilla.util.daemon.ZillaRuntime.errorString; | |||||
import static org.cobbzilla.util.daemon.ZillaRuntime.shortErrorString; | |||||
import static org.cobbzilla.util.json.JsonUtil.json; | import static org.cobbzilla.util.json.JsonUtil.json; | ||||
@NoArgsConstructor @Accessors(chain=true) | @NoArgsConstructor @Accessors(chain=true) | ||||
@@ -31,7 +31,7 @@ public class StorageResult { | |||||
public static StorageResult failed(StorageDriverNotification notification, NotificationType type, Exception e) { | public static StorageResult failed(StorageDriverNotification notification, NotificationType type, Exception e) { | ||||
return new StorageResult() | return new StorageResult() | ||||
.setSuccess(false) | .setSuccess(false) | ||||
.setError(errorString(e)) | |||||
.setError(shortErrorString(e)) | |||||
.setKey(notification.getKey()) | .setKey(notification.getKey()) | ||||
.setType(type); | .setType(type); | ||||
} | } | ||||
@@ -79,6 +79,7 @@ button_label_submit_verify_code=Verify | |||||
message_verify_authenticator_preamble=Install the Google Authenticator app on your device, then scan the QR code shown here and enter the code it displays. | message_verify_authenticator_preamble=Install the Google Authenticator app on your device, then scan the QR code shown here and enter the code it displays. | ||||
message_verify_authenticator_backupCodes=Backup Codes | message_verify_authenticator_backupCodes=Backup Codes | ||||
message_verify_authenticator_backupCodes_description=If you lose your device or don't have access to it, you can use one of these backup codes. Write them down in a safe place. | message_verify_authenticator_backupCodes_description=If you lose your device or don't have access to it, you can use one of these backup codes. Write them down in a safe place. | ||||
message_verify_authenticator_masked=Authenticator was set up elsewhere, cannot show setup/verification information here | |||||
field_label_policy_contact_requiredForNetworkUnlock=Required to unlock a new Bubble | field_label_policy_contact_requiredForNetworkUnlock=Required to unlock a new Bubble | ||||
field_label_policy_contact_requiredForNetworkUnlock_icon=fa fa-unlock | field_label_policy_contact_requiredForNetworkUnlock_icon=fa fa-unlock | ||||
field_label_policy_contact_requiredForNodeOperations=Required for operations on your Bubble | field_label_policy_contact_requiredForNodeOperations=Required for operations on your Bubble | ||||
@@ -207,9 +208,10 @@ err.accountPlan.stopNetworkBeforeDeleting=You must stop the bubble first, the de | |||||
err.admin.cannotRemoveAdminStatusFromSelf=You cannot remove admin status from your own account | err.admin.cannotRemoveAdminStatusFromSelf=You cannot remove admin status from your own account | ||||
err.allowedCountriesJson.length=Allowed countries list is too long | err.allowedCountriesJson.length=Allowed countries list is too long | ||||
err.approval.invalid=Approval cannot proceed | err.approval.invalid=Approval cannot proceed | ||||
err.authenticator.cannotCreate=Cannot create authenticator | |||||
err.authenticator.configured=Only one authenticator can be configured | err.authenticator.configured=Only one authenticator can be configured | ||||
err.authenticator.invalid=Authenticator data is invalid | |||||
err.authenticator.notConfigured=Authenticator has not been configured | err.authenticator.notConfigured=Authenticator has not been configured | ||||
err.authenticator.cannotCreate=Cannot create authenticator | |||||
err.backup.cannotDelete=Cannot delete backup with its current status | err.backup.cannotDelete=Cannot delete backup with its current status | ||||
err.backupCleaner.didNotRun=Backup cleaner did not run | err.backupCleaner.didNotRun=Backup cleaner did not run | ||||
err.backupCleaner.neverRun=Backup cleaner was never run | err.backupCleaner.neverRun=Backup cleaner was never run | ||||
@@ -1 +1 @@ | |||||
Subproject commit 701a13ded7f917deccc67b090e0c78c46944c936 | |||||
Subproject commit 240b7e3ac70c9d1ac91a69abfd3f943045a8cf31 |
@@ -1 +1 @@ | |||||
Subproject commit dd0fcf4cd9a5b1f1ccaff29697494e9c5930bd06 | |||||
Subproject commit f4f5cf048b22a484db635700c00c011d0b2c7434 |