This is an automated email from the ASF dual-hosted git repository.
weizhou pushed a commit to branch 4.18
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.18 by this push:
new 6d242176363 server: Allow admins to disable the 2FA of users in
subdomains (#7870)
6d242176363 is described below
commit 6d242176363c2799a2829784387093dfe2fd2a78
Author: Fabricio Duarte <[email protected]>
AuthorDate: Mon Aug 21 10:48:33 2023 -0300
server: Allow admins to disable the 2FA of users in subdomains (#7870)
---
server/src/main/java/com/cloud/user/AccountManagerImpl.java | 7 ++-----
.../test/java/com/cloud/user/AccountManagerImplTest.java | 13 ++++++-------
2 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
index c20e2fc2abf..99896dc9827 100644
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -3327,7 +3327,7 @@ public class AccountManagerImpl extends ManagerBase
implements AccountManager, M
protected UserTwoFactorAuthenticationSetupResponse
disableTwoFactorAuthentication(Long userId, Account caller, Account owner) {
UserVO userVO = null;
if (userId != null) {
- userVO = validateUser(userId, caller.getDomainId());
+ userVO = validateUser(userId);
owner =
_accountService.getActiveAccountById(userVO.getAccountId());
} else {
userId = CallContext.current().getCallingUserId();
@@ -3349,16 +3349,13 @@ public class AccountManagerImpl extends ManagerBase
implements AccountManager, M
return response;
}
- private UserVO validateUser(Long userId, Long domainId) {
+ private UserVO validateUser(Long userId) {
UserVO user = null;
if (userId != null) {
user = _userDao.findById(userId);
if (user == null) {
throw new InvalidParameterValueException("Invalid user ID
provided");
}
- if (_accountDao.findById(user.getAccountId()).getDomainId() !=
domainId) {
- throw new InvalidParameterValueException("User doesn't belong
to the specified account or domain");
- }
}
return user;
}
diff --git a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
index c79b5069c2d..2f3a68e20af 100644
--- a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
+++ b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
@@ -875,19 +875,17 @@ public class AccountManagerImplTest extends
AccountManagetImplTestBase {
@Test
public void testDisableUserTwoFactorAuthentication() {
Long userId = 1L;
+ Long accountId = 2L;
UserVO userVO = Mockito.mock(UserVO.class);
Account caller = Mockito.mock(Account.class);
+ Account owner = Mockito.mock(Account.class);
- AccountVO accountMock = Mockito.mock(AccountVO.class);
Mockito.doNothing().when(accountManagerImpl).checkAccess(nullable(Account.class),
Mockito.isNull(), nullable(Boolean.class), nullable(Account.class));
- Mockito.when(caller.getDomainId()).thenReturn(1L);
Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO);
- Mockito.when(userVO.getAccountId()).thenReturn(1L);
- Mockito.when(_accountDao.findById(1L)).thenReturn(accountMock);
- Mockito.when(accountMock.getDomainId()).thenReturn(1L);
-
Mockito.when(_accountService.getActiveAccountById(1L)).thenReturn(caller);
+ Mockito.when(userVO.getAccountId()).thenReturn(accountId);
+
Mockito.when(_accountService.getActiveAccountById(accountId)).thenReturn(owner);
userVoMock.setKeyFor2fa("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL");
userVoMock.setUser2faProvider("totp");
@@ -895,8 +893,9 @@ public class AccountManagerImplTest extends
AccountManagetImplTestBase {
Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock);
- UserTwoFactorAuthenticationSetupResponse response =
accountManagerImpl.disableTwoFactorAuthentication(userId, caller, caller);
+ UserTwoFactorAuthenticationSetupResponse response =
accountManagerImpl.disableTwoFactorAuthentication(userId, caller, owner);
+ Mockito.verify(accountManagerImpl).checkAccess(caller, null, true,
owner);
Assert.assertNull(response.getSecretCode());
Assert.assertNull(userVoMock.getKeyFor2fa());
Assert.assertNull(userVoMock.getUser2faProvider());
