This is an automated email from the ASF dual-hosted git repository. harikrishna pushed a commit to branch 2FA in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 8ac23fed7f6c31691dc514a137c4cd67c5fca701 Author: Harikrishna Patnala <[email protected]> AuthorDate: Thu Nov 24 01:28:00 2022 +0530 Changes in verification page and 2FA enable setting --- .../com/cloud/api/auth/APIAuthenticationManagerImpl.java | 9 ++++----- server/src/main/java/com/cloud/user/AccountManager.java | 2 +- server/src/main/java/com/cloud/user/AccountManagerImpl.java | 9 ++++++--- ui/public/locales/en.json | 3 ++- ui/src/views/dashboard/TwoFa.vue | 13 ++++++------- 5 files changed, 19 insertions(+), 17 deletions(-) diff --git a/server/src/main/java/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/main/java/com/cloud/api/auth/APIAuthenticationManagerImpl.java index 4927b62d5a3..d847e5c6135 100644 --- a/server/src/main/java/com/cloud/api/auth/APIAuthenticationManagerImpl.java +++ b/server/src/main/java/com/cloud/api/auth/APIAuthenticationManagerImpl.java @@ -80,11 +80,10 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements APIAuth cmdList.add(DefaultLoginAPIAuthenticatorCmd.class); cmdList.add(DefaultLogoutAPIAuthenticatorCmd.class); - if(enable2FA.value()) { - cmdList.add(ListUserTwoFactorAuthenticatorProvidersCmd.class); - cmdList.add(ValidateUserTwoFactorAuthenticationCodeCmd.class); - cmdList.add(SetupUserTwoFactorAuthenticationCmd.class); - } + cmdList.add(ListUserTwoFactorAuthenticatorProvidersCmd.class); + cmdList.add(ValidateUserTwoFactorAuthenticationCodeCmd.class); + cmdList.add(SetupUserTwoFactorAuthenticationCmd.class); + for (PluggableAPIAuthenticator apiAuthenticator: _apiAuthenticators) { List<Class<?>> commands = apiAuthenticator.getAuthCommands(); diff --git a/server/src/main/java/com/cloud/user/AccountManager.java b/server/src/main/java/com/cloud/user/AccountManager.java index 95d87079a8d..46936fb47f3 100644 --- a/server/src/main/java/com/cloud/user/AccountManager.java +++ b/server/src/main/java/com/cloud/user/AccountManager.java @@ -195,7 +195,7 @@ public interface AccountManager extends AccountService, Configurable { "enable.two.factor.authentication", "false", "Determines whether two factor authentication is enabled or not. This can be done at domain level as well", - true, + false, ConfigKey.Scope.Domain); ConfigKey<String> userTwoFactorAuthenticationProviderPlugin = new ConfigKey<>("Advanced", String.class, diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java index 36d7272d87d..c7fb0737427 100644 --- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java +++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java @@ -3201,15 +3201,18 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M if (cmd.getEnable()) { checkAccess(caller, null, true, owner); Long userId = CallContext.current().getCallingUserId(); + UserAccountVO userAccount = _userAccountDao.findById(userId); + UserVO userVO = _userDao.findById(userId); + + if (!enable2FA.valueIn(userAccount.getDomainId())) { + throw new CloudRuntimeException("2FA is not enabled for this domain or at global level"); + } if (StringUtils.isEmpty(providerName)) { throw new InvalidParameterValueException("Provider name is mandatory to setup 2FA"); } UserTwoFactorAuthenticator provider = getUserTwoFactorAuthenticationProvider(providerName); - UserAccountVO userAccount = _userAccountDao.findById(userId); - UserVO userVO = _userDao.findById(userId); String code = provider.setup2FAKey(userAccount); - UserVO user = _userDao.createForUpdate(); user.setKeyFor2fa(code); user.setUser2faProvider(provider.getName()); diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json index 7f085b22490..31f9783dded 100644 --- a/ui/public/locales/en.json +++ b/ui/public/locales/en.json @@ -2219,6 +2219,7 @@ "message.error.add.secondary.ipaddress": "There was an error adding the secondary IP Address.", "message.error.agent.password": "Please enter agent password.", "message.error.agent.username": "Please enter agent username.", +"message.error.authentication.code": "Please enter authentication code.", "message.error.binaries.iso.url": "Please enter binaries ISO URL.", "message.error.bucket": "Please enter bucket", "message.error.cloudian.console": "Single-Sign-On failed for Cloudian management console. Please ask your administrator to fix integration issues.", @@ -2588,7 +2589,7 @@ "message.template.type.change.warning": "WARNING: Changing the template type to SYSTEM will disable further changes to the template.", "message.tooltip.reserved.system.netmask": "The network prefix that defines the pod subnet. Uses CIDR notation.", "message.traffic.type.to.basic.zone": "traffic type to basic zone", -"message.two.fa.auth": "Open the two factor authentication application on your device to view your authentication code", +"message.two.fa.auth": "<br>1. Open the authenticator application on your device <br>2. Enter the authentication code of the user to verify", "message.two.fa.register.account": "1. Open the authenticator application on your device <br>2. Scan the below QR code to add the user <br>3. If you cannot scan the QR code, enter the setup key manually <br>4. Verification of the 2FA code is mandatory to complete the 2FA setup", "message.two.fa.staticpin": "1. Use the generated static pin as 2FA code for two factor authentication<br>2. Verification of the 2FA code is mandatory to complete the 2FA setup", "message.two.fa.view.setup.key": "Click here to view the setup key", diff --git a/ui/src/views/dashboard/TwoFa.vue b/ui/src/views/dashboard/TwoFa.vue index 416c915e2e3..acbd87170a5 100644 --- a/ui/src/views/dashboard/TwoFa.vue +++ b/ui/src/views/dashboard/TwoFa.vue @@ -35,12 +35,12 @@ :rules="rules" @finish="handleSubmit" layout="vertical"> - <a-form-item name="secretkey" ref="secretkey"> + <a-form-item name="code" ref="code"> <a-input class="center-align" style="width: 400px" - v-model:value="form.secretkey" - placeholder="secret key" /> + v-model:value="form.code" + placeholder="xxxxxxx" /> </a-form-item> <div :span="24" class="center-align top-padding"> <a-button @@ -51,7 +51,7 @@ @click="handleSubmit">{{ $t('label.verify') }} </a-button> </div> - <div class="note"> {{ $t('message.two.fa.auth') }} </div> + <p style="text-align: center" v-html="$t('message.two.fa.auth')"></p> </a-form> </a-form> </template> @@ -75,14 +75,13 @@ export default { this.formRef = ref() this.form = reactive({}) this.rules = reactive({ - secretkey: [{ required: true, message: this.$t('message.error.secret.key') }] + code: [{ required: true, message: this.$t('message.error.authentication.code') }] }) }, handleSubmit () { this.formRef.value.validate().then(() => { const values = toRaw(this.form) - console.log(values.secretkey) - api('validateUserTwoFactorAuthenticationCode', { '2facode': values.secretkey }).then(response => { + api('validateUserTwoFactorAuthenticationCode', { '2facode': values.code }).then(response => { this.twoFAresponse = true if (this.twoFAresponse) { this.$notification.destroy()
