We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
pwm
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

fix issue with forcing otp setup

Jason Rivard 9 lat temu
rodzic
55ea12dd7c
commit
c53c04c318
2 zmienionych plików z 18 dodań i 9 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 6 3
      src/main/java/password/pwm/ldap/UserStatusReader.java
  2. 12 6
      src/main/java/password/pwm/util/operations/OtpService.java

+ 6 - 3
src/main/java/password/pwm/ldap/UserStatusReader.java
Wyświetl plik 

@@ -547,29 +547,32 @@ public class UserStatusReader {
 
     )
 
             throws ChaiUnavailableException, PwmUnrecoverableException
 
     {
 
+        LOGGER.trace(sessionLabel, "checkOtp: beginning process to check if user OTP setup is required");
 
 
         final UserIdentity userIdentity = uiBean.getUserIdentity();
 
 
-        if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_ENABLE)) {
 
+        if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.OTP_ENABLED)) {
 
+            LOGGER.trace(sessionLabel, "checkOtp: OTP is not enabled, user OTP setup is not required");
 
             return false;
 
         }
 
 
         final boolean hasStoredOtp = otpUserRecord != null && otpUserRecord.getSecret() != null;
 
 
         if (hasStoredOtp) {
 
+            LOGGER.trace(sessionLabel, "checkOtp: user has existing valid otp record, user OTP setup is not required");
 
             return false;
 
         }
 
 
         final List<UserPermission> setupOtpPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.OTP_SETUP_USER_PERMISSION);
 
         if (!LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, uiBean.getUserIdentity(), setupOtpPermission)) {
 
-            LOGGER.debug(sessionLabel,
 
-                    "checkOtp: " + userIdentity.toString() + " is not eligible for checkOtp due to query match");
 
+            LOGGER.trace(sessionLabel, "checkOtp: " + userIdentity.toString() + " is not eligible for checkOtp due to query match");
 
             return false;
 
         }
 
 
         final ForceSetupPolicy policy = pwmApplication.getConfig().readSettingAsEnum(PwmSetting.OTP_FORCE_SETUP,ForceSetupPolicy.class);
 
 
         // hasStoredOtp is always true at this point, so if forced then update needed
 
+        LOGGER.debug(sessionLabel, "checkOtp: user does not have existing valid otp record, user OTP setup is required");
 
         return policy == ForceSetupPolicy.FORCE || policy == ForceSetupPolicy.FORCE_ALLOW_SKIP;
 
     }

+ 12 - 6
src/main/java/password/pwm/util/operations/OtpService.java
Wyświetl plik 

@@ -26,6 +26,7 @@ import com.novell.ldapchai.exception.ChaiUnavailableException;
 
 import org.apache.commons.codec.binary.Base32;
 
 import password.pwm.AppProperty;
 
 import password.pwm.PwmApplication;
 
+import password.pwm.PwmConstants;
 
 import password.pwm.bean.SessionLabel;
 
 import password.pwm.bean.UserIdentity;
 
 import password.pwm.config.Configuration;
 
@@ -132,7 +133,7 @@ public class OtpService implements PwmService {
 
     }
 
 
     private List<String> createRawRecoveryCodes(final int numRecoveryCodes, final SessionLabel sessionLabel)
 
-            throws PwmUnrecoverableException 
+            throws PwmUnrecoverableException
 
     {
 
         final MacroMachine macroMachine = MacroMachine.forNonUserSpecific(pwmApplication, sessionLabel);
 
         final String configuredTokenMacro = settings.getRecoveryTokenMacro();
 
@@ -278,13 +279,18 @@ public class OtpService implements PwmService {
 
                         LOGGER.error(sessionLabel, "unexpected error reading stored otp configuration from " + location + " for user " + userIdentity + ", error: " + e.getMessage());
 
                     }
 
                 } else {
 
-                    LOGGER.warn(sessionLabel,String.format("Storage location %s not implemented", location.toString()));
 
+                    LOGGER.warn(sessionLabel,String.format("storage location %s not implemented", location.toString()));
 
                 }
 
             }
 
         }
 
 
-        LOGGER.trace(sessionLabel,"readOTPUserConfiguration completed in " + TimeDuration.fromCurrent(
 
-                methodStartTime).asCompactString());
 
+        LOGGER.trace(sessionLabel,"readOTPUserConfiguration completed in "
 
+                + TimeDuration.fromCurrent(methodStartTime).asCompactString()
 
+                + (otpConfig == null
 
+                ? ", no otp record found"
 
+                : ", recordType=" + otpConfig.getType() + ", identifier=" + otpConfig.getIdentifier() + ", timestamp="
 
+                + PwmConstants.DEFAULT_DATETIME_FORMAT.format(otpConfig.getTimestamp()))
 
+        );
 
         return otpConfig;
 
     }
 
 
@@ -408,7 +414,7 @@ public class OtpService implements PwmService {
 
         }
 
         return userGUID;
 
     }
 
-    
+
 
     public static class OtpSettings implements Serializable {
 
         private OTPStorageFormat otpStorageFormat;
 
         private OTPUserRecord.Type otpType = OTPUserRecord.Type.TOTP;
 
@@ -463,7 +469,7 @@ public class OtpService implements PwmService {
 
 
         public static OtpSettings fromConfig(final Configuration config) {
 
             final OtpSettings otpSettings = new OtpSettings();
 
-            
+
 
             otpSettings.otpStorageFormat = config.readSettingAsEnum(PwmSetting.OTP_SECRET_STORAGEFORMAT,OTPStorageFormat.class);
 
             otpSettings.recoveryCodesCount = (int)config.readSettingAsLong(PwmSetting.OTP_RECOVERY_CODES);
 
             otpSettings.totpPastIntervals = Integer.parseInt(config.readAppProperty(AppProperty.TOTP_PAST_INTERVALS));

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5