Remove recovery codes from MFA branch #733

rmiccoli · 2024-03-18T13:58:48Z

Starting from this PR #674

The test client app has been modified to allow downscoping the authorization request to only include a subset of the configured scopes.

Files are not complete, work still to be done on creating and displaying the angular components

Currently not displaying secret and QR code

Also adding Maven dependency for TOTP library

Also slight amendments to model logic for IamTotpMfa and IamTotpRecoveryCode

Previously, a separate controller existed for enabling and disabling the authenticator app. Since these do similar things, they are being unified into one controller. Also creating a service for enabling and disabling auth app. This currently contains two functions (enabling and disabling) but both are extremely similar so will likely unify later. Added a TODO for this to create the foundations of step up authentication from this

Files are not complete, work still to be done on creating and displaying the angular components

Currently not displaying secret and QR code

Also slight amendments to model logic for IamTotpMfa and IamTotpRecoveryCode

…ommit of the following: commit dccc0b6 Merge: 0c674fb cc3b4d5 Author: Sam Glendenning <sam.glendenning@stfc.ac.uk> Date: Mon Nov 22 14:55:04 2021 +0000 Merge branch 'iam-spring-update-oct-2021' of git://github.com/indigo-iam/iam into iam-spring-update-oct-2021 commit cc3b4d5 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 15 08:33:55 2021 +0100 More fixes for SonarCloud warnings commit 5ff5e3b Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Nov 14 16:38:07 2021 +0100 Fixes for Sonar warnings/errors and other minor improvements commit 91d0533 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Nov 13 16:02:51 2021 +0100 Tests green (locally) commit d575a47 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Nov 13 08:59:09 2021 +0100 More warning and test fixes commit 0b62963 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 12 18:38:35 2021 +0100 More test fixes commit 922b464 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Nov 9 11:00:34 2021 +0100 Test errors -> 0, Test failures -> ~12% commit f7f8513 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Nov 6 09:50:08 2021 +0100 Silence deprecation warnings Only if coming from the latest spring-security-oauth2 (for which we do not and won't have a replacement for some time). commit 8f27bd2 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Nov 6 08:44:07 2021 +0100 Use H2 datasource for the tests This prevents issues with the hikari connection pool being closed. commit 45c7b4e Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 19:44:15 2021 +0100 Service starts up! commit 4f984ee Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 19:27:01 2021 +0100 Use a keystore with key size 2048 commit 3efc9f9 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 18:37:34 2021 +0100 Flyway migration refactoring to avoid naming errors commit 3f5e741 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 18:22:42 2021 +0100 Moved source/target compatibility to Java 11 commit 7e1f1d6 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 18:14:18 2021 +0100 License updates commit b63ce93 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 18:13:32 2021 +0100 Config files changes commit 66d28d2 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 17:59:07 2021 +0100 Builds against spring boot 2.5.6 commit 0d9167a Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 10:26:35 2021 +0100 Fixed flyway migrations compilation problems commit 1ca9d73 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 10:09:10 2021 +0100 wip commit acd7e4f Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Nov 5 08:07:33 2021 +0100 WIP: maven clean succeeds commit 2b9835e Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Nov 4 18:18:33 2021 +0100 wip commit 8dbf1cf Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 19:35:18 2021 +0100 Fixed code smells reported by Sonar commit 56b570e Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 19:16:59 2021 +0100 Just build on Java 11 Still not there for Java 17... commit 1529049 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 18:41:18 2021 +0100 Restore sonar analysis commit ed52207 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 18:40:23 2021 +0100 Use openjdk:11 docker images commit cc382c2 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 18:26:14 2021 +0100 Drop java 8 commit 9dc729c Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 17:59:29 2021 +0100 Build on Jenkins with Java 11 commit 7c090dd Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 17:52:18 2021 +0100 First attempt at java version matrix build commit d77d860 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Nov 3 17:43:21 2021 +0100 Dropped validator-collections dependency commit 47cf69b Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 1 16:46:22 2021 +0100 Fix test fixture initialization commit 59406e0 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 1 16:45:23 2021 +0100 Drop DevToolsDataSourceAutoConfiguration Which breaks h2 tests. commit 6c18f35 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 1 16:44:52 2021 +0100 Add flyway debug log handle commit 2f433ad Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 1 16:44:28 2021 +0100 Streamlined h2 db test configuration commit c9eaa16 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Nov 1 16:41:39 2021 +0100 Upgrade surefire plugin to the latest version commit 3ae9b7f Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Oct 29 08:18:12 2021 +0200 Archive JUnit reports commit 9626982 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Oct 29 07:45:04 2021 +0200 Removed ununsed dependency commit de574c8 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Oct 29 07:44:30 2021 +0200 More test fixes commit b3620ac Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Fri Oct 29 07:43:58 2021 +0200 Control how many test contexts are cached during builds commit a853f94 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Oct 28 12:32:08 2021 +0200 More test fixes commit 481a456 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Oct 28 11:13:39 2021 +0200 More test fixes commit 003a486 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Oct 28 08:49:19 2021 +0200 More test fixes commit 0417ad1 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Oct 27 19:25:19 2021 +0200 More test porting commit ed30322 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Oct 27 18:29:58 2021 +0200 Fixed Velocity initialization And moved email templates from the /templates folder to the /email-templates folder in the classpath. commit b35bf83 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Wed Oct 27 08:52:18 2021 +0200 More test fixing work commit c2b205b Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Oct 26 17:48:16 2021 +0200 More test fixes commit b310d4c Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Oct 26 17:23:47 2021 +0200 All api tests green commit 4a70982 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Oct 26 12:17:49 2021 +0200 Cors configuration & actuator test fixes commit 4ed75ff Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Oct 26 00:38:23 2021 +0200 Remove cors filter configuration commit a948741 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:37:51 2021 +0200 Added license commit e025b7d Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:37:25 2021 +0200 Started migration of integration tests commit ee7fc54 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:36:54 2021 +0200 New unified test annotation commit 149d9d1 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:14:54 2021 +0200 Project compiles commit 84ed532 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:12:59 2021 +0200 Run update-tests script commit ce93f59 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:07:21 2021 +0200 Fix compilation problems on main code Fix renamed classes and changed JPAConfig commit 93b80c6 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 19:06:47 2021 +0200 First migrate to spring boot 1.5.22 commit de5f1b1 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Mon Oct 25 18:30:00 2021 +0200 Updated Spring and mitreid deps commit e9e5408 Merge: 8c9b8bc 4bfc271 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 24 17:47:19 2021 +0200 Merge pull request #433 from indigo-iam/issue-432-include-groups-in-userinfo-response-wlcg Include wlcg.groups in userinfo response commit 8c9b8bc Merge: ec31232 8ffed21 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 24 17:47:05 2021 +0200 Merge pull request #431 from indigo-iam/issue-430-improved-jwk-configuration Improved support for JWK configuration commit ec31232 Merge: 767e86e 88bb278 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 24 17:46:45 2021 +0200 Merge pull request #427 from indigo-iam/issue-426-jwt-based-client-auth First attempt at JWT-based client-auth commit 4bfc271 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 24 17:23:36 2021 +0200 Include wlcg.groups information in userinfo response Even though the IAM access token is a JWT and even though groups are included in the access token when requested, as mandated by the WLCG JWT profile, there are still apps treating the access token as an opaque string. To support those apps, and be more consistent with the traditional IAM profile behaviour, IAM should include group information in the userinfo endpoint response also for the WLCG profile. Issue: #432 commit 195c2d7 Merge: 7f90144 5b8d9d8 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Sep 23 15:23:34 2021 +0200 Merge pull request #425 from indigo-iam/issue-424-IAM-does-not-encode-group-names-correctly-aarc-g002 Fix for issue-422: iam does not encode group names correctly according to AARC G002 commit 8ffed21 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 24 09:25:36 2021 +0200 Improved support for JWT configuration It's now possible to specify the default key id and algorithm used for signing tokens. Issue: #430 commit 88bb278 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Oct 23 09:56:08 2021 +0200 More integration tests commit cd8ef61 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sat Oct 23 08:39:43 2021 +0200 More tests for JWTAuthenticationProvider commit fc7148d Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Sun Oct 17 23:03:37 2021 +0200 First attempt at JWT-based client-auth commit 767e86e Merge: 7f90144 5b8d9d8 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Sep 23 15:23:34 2021 +0200 Merge pull request #425 from indigo-iam/issue-424-IAM-does-not-encode-group-names-correctly-aarc-g002 Fix for issue-422: iam does not encode group names correctly according to AARC G002 commit 5b8d9d8 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Thu Sep 23 14:50:32 2021 +0200 Fix wrong AARC G002 group name encoding commit 7f90144 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Sep 14 07:56:12 2021 +0200 Version bumped back to 1.8.0-SNAPSHOT commit 1828bf0 Author: Andrea Ceccanti <andrea.ceccanti@gmail.com> Date: Tue Sep 14 07:55:41 2021 +0200 Test custom logging conf

This ensures tables are created properly and contain the appropriate test data. Currently, no test data for multi-factor secrets and recovery codes exist.

This is currently done through a GET request because I couldn't get a POST request to work. Will investigate this as a TOTP needs to be passed for verification anyway. Secrets and recovery codes are generated through the user account service and then added in plaintext. Later on, will add functionality for encrypting them

These were old event classes that are no longer used/have been replaced

Still work to be done on autowiring QR generator instead of creating a new object each time

Mfa settings menu now updates to show status of user's multi-factor settings that are enabled (i.e. button will be green or red). Toaster notification also displays upon successful operation Authenticator app disabling now possible through GET request. Still working on POST request and code validation

Means submit button cannot be clicked until a code of 6 or more characters is entered

Also reports errors to the user in the same modal view, e.g. invalid code format, incorrect code

…ller

Previously, the changes to the persistence layer were weaved into the original iam_account migration file. They now have a separate file that instantiates them.

and fix tests

to avoid a warning

due to rebase from develop branch

sonarcloud · 2024-10-25T13:02:39Z

Quality Gate failed

Failed conditions
64.0% Coverage on New Code (required ≥ 85%)

See analysis details on SonarCloud

rmiccoli mentioned this pull request Mar 18, 2024

Remove recovery codes for MFA #712

Closed

rmiccoli changed the title ~~Remove recovery codes for MFA branch~~ Remove recovery codes from MFA branch Mar 18, 2024

andreaceccanti and others added 28 commits October 18, 2024 12:22

Allow config option in test client app to avoid disclosing tokens

e687d58

Dynamic downscoping in test client app

35afc07

The test client app has been modified to allow downscoping the authorization request to only include a subset of the configured scopes.

Bumped version to v1.7.1

ea14b3e

v1.7.1 changelog

688167a

More CHANGELOG tweaks

4652c76

Initial HTML and JS for enabling MFA on user account through dashboard

cce959e

Files are not complete, work still to be done on creating and displaying the angular components

Button and modal for editing MFA settings now appears

6982e61

Adding modal for enabling authenticator app

b915ab9

Currently not displaying secret and QR code

Adding models for IamTotpMfa and IamTotpRecoveryCode

de76ac0

Also adding Maven dependency for TOTP library

Adding modal for disabling authenticator app

6e22a49

Also slight amendments to model logic for IamTotpMfa and IamTotpRecoveryCode

Initial HTML and JS for enabling MFA on user account through dashboard

5b44bfa

Files are not complete, work still to be done on creating and displaying the angular components

Button and modal for editing MFA settings now appears

e46eb63

Adding modal for enabling authenticator app

9fe4654

Currently not displaying secret and QR code

Adding modal for disabling authenticator app

28f6e11

Also slight amendments to model logic for IamTotpMfa and IamTotpRecoveryCode

Syncing branch with origin

929c34b

Making database schema changes for MySQL and H2

d822982

This ensures tables are created properly and contain the appropriate test data. Currently, no test data for multi-factor secrets and recovery codes exist.

Ignoring .factorypath autogenerated file

bf0946c

Removing non-existent files

7ed9f0a

These were old event classes that are no longer used/have been replaced

MFA secret and QR code now display on authenticator app enabling modal

7428407

Still work to be done on autowiring QR generator instead of creating a new object each time

Adding license to files, adding basic input detection for MFA modals

1adc4ff

Means submit button cannot be clicked until a code of 6 or more characters is entered

Verification code now sends through post successfully

c060714

Adding TOTP validation for enabling and disabling authenticator app MFA

a27f5c7

Also reports errors to the user in the same modal view, e.g. invalid code format, incorrect code

Autowiring QR generator and code verifier into AuthenticatorAppContro…

5752a5b

…ller

Database migrations for totp_mfa now in separate file

d4280a8

Previously, the changes to the persistence layer were weaved into the original iam_account migration file. They now have a separate file that instantiates them.

rmiccoli and others added 25 commits October 20, 2024 17:33

Fix tests

22e7eb0

Fix some test

c5dc7c0

Fix other tests

064de33

Add download recovery codes button

86be30b

Add support to provide password and related config

ad315eb

Add totpMFA util and helper classes

dc07160

Update method name in mfa properties file

fb8bb1e

Update code with encryption and decryption method

18678e7

Remove totp mfa helper class dependency

e77ddcf

Update test cases to fix TotpMfaUtil changes

d692342

Update tests to address totpMfa util change

ef2a0f2

Add missing license to the files

7e444a1

Verify test cases after totp mfa util change

24b7372

Improve code coverage for totp mfa util change

ee0ae98

Update AES size for to fix timeout errors

a421826

Add GCM mode option along with CBC

3042756

Delete recovery codes from the interface

50d3a79

Remove recovery codes generator and verifier

79d6cf7

Fix test

57c70cd

Change function name

7b3e5c2

and fix tests

Fix infinite recursion problem

65322d5

Add jackson dependency

f59ae61

Implement the Serializable interface

b7fdba4

to avoid a warning

Ignore junit test

a7abf25

Fix code

9367c6e

due to rebase from develop branch

rmiccoli force-pushed the mfa-without-rc branch from a69b6cb to 9367c6e Compare October 21, 2024 10:13

rmiccoli added 3 commits October 21, 2024 14:50

Fix tests

4a3f6d2

Fix test

caa4a42

Fix docker compose file

e3455a4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove recovery codes from MFA branch #733

Remove recovery codes from MFA branch #733

rmiccoli commented Mar 18, 2024

sonarcloud bot commented Oct 25, 2024

Remove recovery codes from MFA branch #733

Are you sure you want to change the base?

Remove recovery codes from MFA branch #733

Conversation

rmiccoli commented Mar 18, 2024

sonarcloud bot commented Oct 25, 2024

Quality Gate failed