This is an automated email from the ASF dual-hosted git repository. harikrishna pushed a commit to branch 2FA in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 93cb673e18c5990435f7765cfae06b1fa2184fbe Author: Harikrishna Patnala <[email protected]> AuthorDate: Mon Sep 26 12:04:25 2022 +0530 Added VO changes --- api/src/main/java/com/cloud/user/User.java | 4 ++++ api/src/main/java/com/cloud/user/UserAccount.java | 9 +++++++++ .../main/java/com/cloud/user/UserAccountVO.java | 22 ++++++++++++++++++++++ .../src/main/java/com/cloud/user/UserVO.java | 22 ++++++++++++++++++++++ .../auth/GoogleUserTwoFactorAuthenticator.java | 7 ++++--- 5 files changed, 61 insertions(+), 3 deletions(-) diff --git a/api/src/main/java/com/cloud/user/User.java b/api/src/main/java/com/cloud/user/User.java index c3ac66c6979..c706fd3c400 100644 --- a/api/src/main/java/com/cloud/user/User.java +++ b/api/src/main/java/com/cloud/user/User.java @@ -90,4 +90,8 @@ public interface User extends OwnedBy, InternalIdentity { public String getExternalEntity(); public void setExternalEntity(String entity); + + public boolean is2faEnabled(); + + public String getKeyFor2fa(); } diff --git a/api/src/main/java/com/cloud/user/UserAccount.java b/api/src/main/java/com/cloud/user/UserAccount.java index 0449514cc19..fd8cce19145 100644 --- a/api/src/main/java/com/cloud/user/UserAccount.java +++ b/api/src/main/java/com/cloud/user/UserAccount.java @@ -67,4 +67,13 @@ public interface UserAccount extends InternalIdentity { public String getExternalEntity(); public void setExternalEntity(String entity); + + public boolean is2faEnabled(); + + public void set2faEnabled(boolean is2faEnabled); + + public String getKeyFor2fa(); + + public void setKeyFor2fa(String keyFor2fa); + } diff --git a/engine/schema/src/main/java/com/cloud/user/UserAccountVO.java b/engine/schema/src/main/java/com/cloud/user/UserAccountVO.java index dfebb3c346c..6cab3b7380d 100644 --- a/engine/schema/src/main/java/com/cloud/user/UserAccountVO.java +++ b/engine/schema/src/main/java/com/cloud/user/UserAccountVO.java @@ -109,6 +109,12 @@ public class UserAccountVO implements UserAccount, InternalIdentity { @Column(name = "external_entity", length = 65535) private String externalEntity = null; + @Column(name = "is_2fa_enabled") + boolean is2faEnabled; + + @Column(name = "key_for_2fa") + private String keyFor2fa; + public UserAccountVO() { } @@ -311,4 +317,20 @@ public class UserAccountVO implements UserAccount, InternalIdentity { public void setExternalEntity(String externalEntity) { this.externalEntity = externalEntity; } + + public boolean is2faEnabled() { + return is2faEnabled; + } + + public void set2faEnabled(boolean is2faEnabled) { + this.is2faEnabled = is2faEnabled; + } + + public String getKeyFor2fa() { + return keyFor2fa; + } + + public void setKeyFor2fa(String keyFor2fa) { + this.keyFor2fa = keyFor2fa; + } } diff --git a/engine/schema/src/main/java/com/cloud/user/UserVO.java b/engine/schema/src/main/java/com/cloud/user/UserVO.java index 94e61ff14a8..ebfec77f236 100644 --- a/engine/schema/src/main/java/com/cloud/user/UserVO.java +++ b/engine/schema/src/main/java/com/cloud/user/UserVO.java @@ -106,6 +106,12 @@ public class UserVO implements User, Identity, InternalIdentity { @Column(name = "external_entity", length = 65535) private String externalEntity; + @Column(name = "is_2fa_enabled") + boolean is2faEnabled; + + @Column(name = "key_for_2fa") + private String keyFor2fa; + public UserVO() { this.uuid = UUID.randomUUID().toString(); } @@ -316,4 +322,20 @@ public class UserVO implements User, Identity, InternalIdentity { public void setExternalEntity(String externalEntity) { this.externalEntity = externalEntity; } + + public boolean is2faEnabled() { + return is2faEnabled; + } + + public void set2faEnabled(boolean is2faEnabled) { + this.is2faEnabled = is2faEnabled; + } + + public String getKeyFor2fa() { + return keyFor2fa; + } + + public void setKeyFor2fa(String keyFor2fa) { + this.keyFor2fa = keyFor2fa; + } } diff --git a/plugins/user-two-factor-authenticators/google/src/main/java/org/apache/cloudstack/auth/GoogleUserTwoFactorAuthenticator.java b/plugins/user-two-factor-authenticators/google/src/main/java/org/apache/cloudstack/auth/GoogleUserTwoFactorAuthenticator.java index 1d771ad62b1..21aa63fa933 100644 --- a/plugins/user-two-factor-authenticators/google/src/main/java/org/apache/cloudstack/auth/GoogleUserTwoFactorAuthenticator.java +++ b/plugins/user-two-factor-authenticators/google/src/main/java/org/apache/cloudstack/auth/GoogleUserTwoFactorAuthenticator.java @@ -38,7 +38,7 @@ public class GoogleUserTwoFactorAuthenticator extends AdapterBase implements Use @Override public void check2FA(String code, UserAccount userAccount) throws CloudAuthenticationException { // TODO: in future get userAccount specific 2FA key - String expectedCode = get2FACode(get2FAKey()); + String expectedCode = get2FACode(get2FAKey(userAccount)); if (expectedCode.equals(code)) { s_logger.info("2FA matches user's input"); return; @@ -46,8 +46,9 @@ public class GoogleUserTwoFactorAuthenticator extends AdapterBase implements Use throw new CloudAuthenticationException("two-factor authentication has failed for the user"); } - public static String get2FAKey() { - return "7t4gabg72liipmq7n43lt3cw66fel4iz"; + public static String get2FAKey(UserAccount userAccount) { + return userAccount.getKeyFor2fa(); + //return "7t4gabg72liipmq7n43lt3cw66fel4iz"; /* This logic can be replaced on per-user-account basis where the key is generated to show the user one-time QR code,
