Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generic OTP(one time password)-based 2FA(2-factor-authentication) support #215

Merged
merged 33 commits into from
Mar 31, 2022
+10,861 −9,561
Merged

generic OTP(one time password)-based 2FA(2-factor-authentication) support #215

Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
27c82fa
persisting OTP secrets - uml
rkrenn Mar 20, 2022
94f37bb
persist&retrieve OTP secret (user service)
rkrenn Mar 20, 2022
309d082
error messages when activating 2FA
rkrenn Mar 20, 2022
37f2db3
OTP authenticator types enumeration
rkrenn Mar 20, 2022
068e52b
return OTP type with PasswordOutVO
rkrenn Mar 20, 2022
29ef56e
define some default OTP authenticator for new passwords
rkrenn Mar 20, 2022
d965ae9
wrap-up persisting OTP secrets (service layer)
rkrenn Mar 20, 2022
fdd70a9
2fa checkbox and OTP authenticator selector for admin password UI
rkrenn Mar 20, 2022
5ec8ea1
GoogleAuthenticator OTPAuthenticator
rkrenn Mar 20, 2022
2848cd8
UserService.getOTPRegistrationInfo(), .verifyOTP() - uml
rkrenn Mar 21, 2022
1a2f146
AuthenticationVO.otp field
rkrenn Mar 21, 2022
bc52cd7
.vsl templates for OTP authentication service descriptions
rkrenn Mar 21, 2022
9318bc9
UserService.getOTPRegistrationInfo(), .verifyOTP() - impl
rkrenn Mar 21, 2022
8453cab
refactor OTPAuthenticators: sendOTP(), verifyOTP() methods
rkrenn Mar 21, 2022
78d1171
refactor GoogleAuthenticator - sendOTP(), verifyOTP()
rkrenn Mar 21, 2022
4b40570
constants for data in OTP auth service description vsl templates
rkrenn Mar 21, 2022
33b0044
UserService.getOTPRegistrationInfo(), .verifyOTP() - test stubs
rkrenn Mar 21, 2022
4ae211e
send OTP after successfully verifying credentials
rkrenn Mar 21, 2022
b7340f8
OTP prompt for login page
rkrenn Mar 21, 2022
a1c16db
add Password.showOtpRegistrationInfo field - uml
rkrenn Mar 30, 2022
16fcb79
OTPAuthenticator abstraction, Google Authenticator impl.
rkrenn Mar 30, 2022
66f6c09
set/reset showOtpRegistrationInfo flag
rkrenn Mar 30, 2022
d442023
expose spring applicationContext via CoreUtil
rkrenn Mar 30, 2022
ec9ea79
messages for failing OTP authentication
rkrenn Mar 30, 2022
ad11ba9
otp registration info .vsl templates describing Google Authenticator
rkrenn Mar 30, 2022
0523fe8
Google Authenticator default settings
rkrenn Mar 30, 2022
c114e05
variables used in otp registrationinfo message templates
rkrenn Mar 30, 2022
294df01
urlencoding utility method for velocity templates
rkrenn Mar 30, 2022
039c451
login prompt: otp verification input and registration info message
rkrenn Mar 30, 2022
1d5edc9
VO graph serialisation params for otp registration info message template
rkrenn Mar 30, 2022
57c44c5
non auto-ddl database changes
rkrenn Mar 30, 2022
9222239
by defaul, disable 2FA for trusted hosts
rkrenn Mar 31, 2022
9de4432
2fa/otp password UI labels
rkrenn Mar 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
non auto-ddl database changes
@rkrenn
rkrenn committed Mar 30, 2022
commit 57c44c51328e5e985548333e334225652a596e74
12 changes: 9 additions & 3 deletions core/db/schema-create.sql
View file
Original file line number Diff line number Diff line change
@@ -1119,9 +1119,9 @@

create table PASSWORD (
ID BIGINT not null,
PASSWORD_IV BYTEA,
PASSWORD_SALT BYTEA,
ENCRYPTED_PASSWORD BYTEA,
PASSWORD_IV BYTEA unique,
PASSWORD_SALT BYTEA unique,
ENCRYPTED_PASSWORD BYTEA unique,
PASSWORD_HASH_SALT BYTEA unique,
PASSWORD_HASH BYTEA unique,
DEPARTMENT_PASSWORD_SALT BYTEA not null unique,
@@ -1139,6 +1139,12 @@
MAX_WRONG_PASSWORD_ATTEMPTS_SINCE_LAST_SUCCESSFUL_LOGON BIGINT,
WRONG_PASSWORD_ATTEMPTS_SINCE_LAST_SUCCESSFUL_LOGON BIGINT not null,
LAST_LOGON_ATTEMPT_TIMESTAMP TIMESTAMP WITHOUT TIME ZONE,
ENABLE2FA BOOLEAN not null,
OTP_TYPE CHARACTER VARYING(1024),
OTP_SECRET_SALT BYTEA unique,
OTP_SECRET_IV BYTEA unique,
ENCRYPTED_OTP_SECRET BYTEA unique,
SHOW_OTP_REGISTRATION_INFO BOOLEAN not null,
LAST_LOGON_ATTEMPT_HOST CHARACTER VARYING(1024),
LAST_SUCCESSFUL_LOGON_TIMESTAMP TIMESTAMP WITHOUT TIME ZONE,
LAST_SUCCESSFUL_LOGON_HOST CHARACTER VARYING(1024),
8 changes: 8 additions & 0 deletions core/db/schema-up-190.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@

alter table PASSWORD add column ENABLE2FA BOOLEAN;
update PASSWORD set ENABLE2FA = 'f';
alter table PASSWORD alter ENABLE2FA set not null;

alter table PASSWORD add column SHOW_OTP_REGISTRATION_INFO BOOLEAN;
update PASSWORD set SHOW_OTP_REGISTRATION_INFO = 'f';
alter table PASSWORD alter SHOW_OTP_REGISTRATION_INFO set not null;