[GitHub] [cloudstack] harikrishna-patnala commented on a diff in pull request #6924: [Draft] User two factor authentication

Tue, 29 Nov 2022 22:17:21 -0800 


harikrishna-patnala commented on code in PR #6924:
URL: https://github.com/apache/cloudstack/pull/6924#discussion_r1035566540


##########
server/src/main/java/com/cloud/user/AccountManagerImpl.java:
##########
@@ -315,6 +322,31 @@ public class AccountManagerImpl extends ManagerBase 
implements AccountManager, M
     private int _cleanupInterval;
     private List<String> apiNameList;
 
+    protected static Map<String, UserTwoFactorAuthenticator> 
userTwoFactorAuthenticationProvidersMap = new HashMap<>();
+
+    private List<UserTwoFactorAuthenticator> 
userTwoFactorAuthenticationProviders;
+
+    static ConfigKey<Boolean> enableUserTwoFactorAuthentication = new 
ConfigKey<Boolean>("Advanced",
+            Boolean.class,
+            "enable.user.two.factor.authentication",
+            "false",
+            "Determines whether two factor authentication is enabled or not. 
This can also be configured at domain level.",
+            false,
+            ConfigKey.Scope.Domain);
+
+    ConfigKey<Boolean> mandateUserTwoFactorAuthentication = new 
ConfigKey<Boolean>("Advanced",
+            Boolean.class,
+            "mandate.user.two.factor.authentication",
+            "false",
+            "Determines whether to make the two factor authentication 
mandatory or not. This can also be configured at domain level.",
+            false,
+            ConfigKey.Scope.Domain);
+
+    ConfigKey<String> userTwoFactorAuthenticationDefaultProvider = new 
ConfigKey<>("Advanced", String.class,
+            "user.two.factor.authentication.default.provider",
+            "GOOGLE",
+            "The default user two factor authentication provider plugin. Eg. 
google, staticpin", true, ConfigKey.Scope.Domain);

Review Comment:
   This config is used only to get the default 2FA provider only when using 
API. In UI we use the listUserTwoFactorAuthenticatorProviders API to fetch the 
provider names, so if it is from UI check is not required.
   
   I've intentionally did nt keep the check in configurationmanager impl 
because, we will have to add specific if condition only for this. setup 2FA API 
will fail with proper error if does not find the provider name.
   
   Hope this is fine.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to