Skip to content

Commit

Permalink
fix: changed exception returned from bad empty auth code or trustkey …
Browse files Browse the repository at this point in the history 
…used on MFA login
  • Loading branch information
angelo.andreussi committed Jun 14, 2024
1 parent e11c0df commit f05a671
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions ...a/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,19 +314,20 @@ public boolean validateMfaCredentials(KapuaId scopeId, KapuaId userId, String to
return false;
});
if (!res) {
if (tokenAuthenticationCode != null || tokenTrustKey != null) {
if ( (tokenAuthenticationCode != null && !tokenAuthenticationCode.isEmpty()) || (tokenTrustKey != null && !tokenTrustKey.isEmpty())) {
throw new IncorrectCredentialsException();

Check warning on line 318 in service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java

View check run for this annotation

Codecov / codecov/patch

service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java#L318 

Added line #L318 was not covered by tests
}
// In case both the authenticationCode and the trustKey are null, the MFA login via Rest API must be triggered.
// Since this method only returns true or false, the MFA request via Rest API is handled through exceptions.
// It could also be the case that tokens are not null but empty, in this case we throw same exception...
throw new MfaRequiredException();
}
return res;
}

private Boolean validateFromTrustKey(TxContext tx, MfaOption mfaOption, String tokenTrustKey) throws KapuaAuthenticationException {
// Check trust machine authentication on the server side
if (mfaOption.getTrustKey() == null) {
if (mfaOption.getTrustKey() == null || tokenTrustKey.isEmpty()) {
return false;
}
Date now = new Date(System.currentTimeMillis());
Expand All @@ -345,6 +346,9 @@ private Boolean validateFromTrustKey(TxContext tx, MfaOption mfaOption, String t
private Boolean validateFromTokenAuthenticationCode(TxContext tx, KapuaId scopeId, MfaOption mfaOption, String tokenAuthenticationCode) throws KapuaAuthenticationException {
// Do MFA match
try {
if (tokenAuthenticationCode.isEmpty()) { //Token is not a numeric value and it's empty, so for sure validation is false even considering scratch codes
return false;

Check warning on line 350 in service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java

View check run for this annotation

Codecov / codecov/patch

service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java#L350 

Added line #L350 was not covered by tests
}
final int numberToken = Integer.parseInt(tokenAuthenticationCode);
boolean isCodeValid = mfaAuthenticator.authorize(mfaOption.getMfaSecretKey(), numberToken);
if (isCodeValid) {
Expand Down

0 comments on commit f05a671

Please sign in to comment.