diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java index b8e9df101..245acc338 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java @@ -19,8 +19,6 @@ import java.util.Optional; import java.util.Set; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; @@ -43,12 +41,11 @@ import it.infn.mw.iam.persistence.model.IamTotpRecoveryCode; import it.infn.mw.iam.persistence.repository.IamTotpMfaRepository; import it.infn.mw.iam.util.mfa.IamTotpMfaEncryptionAndDecryptionUtil; +import it.infn.mw.iam.util.mfa.IamTotpMfaInvalidArgumentError; @Service public class DefaultIamTotpMfaService implements IamTotpMfaService, ApplicationEventPublisherAware { - private static final Logger LOG = LoggerFactory.getLogger(DefaultIamTotpMfaService.class); - public static final int RECOVERY_CODE_QUANTITY = 6; private final IamAccountService iamAccountService; @@ -103,7 +100,7 @@ public void setApplicationEventPublisher(ApplicationEventPublisher applicationEv * @return the new TOTP secret */ @Override - public IamTotpMfa addTotpMfaSecret(IamAccount account) { + public IamTotpMfa addTotpMfaSecret(IamAccount account) throws IamTotpMfaInvalidArgumentError { Optional totpMfaOptional = totpMfaRepository.findByAccount(account); if (totpMfaOptional.isPresent()) { if (totpMfaOptional.get().isActive()) { @@ -116,24 +113,16 @@ public IamTotpMfa addTotpMfaSecret(IamAccount account) { // Generate secret IamTotpMfa totpMfa = new IamTotpMfa(account); - String sharedSecretToken = secretGenerator.generate(); - - try { - String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( - sharedSecretToken, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - totpMfa.setSecret(cipherText); - totpMfa.setAccount(account); + totpMfa.setSecret(IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( + secretGenerator.generate(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); + totpMfa.setAccount(account); - Set recoveryCodes = generateRecoveryCodes(totpMfa); - totpMfa.setRecoveryCodes(recoveryCodes); - totpMfaRepository.save(totpMfa); + Set recoveryCodes = generateRecoveryCodes(totpMfa); + totpMfa.setRecoveryCodes(recoveryCodes); + totpMfaRepository.save(totpMfa); - return totpMfa; - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - LOG.error(iamTotpMfaInvalidArgumentErrorMsg.getMessage()); - throw iamTotpMfaInvalidArgumentErrorMsg; - } + return totpMfa; } /** @@ -213,30 +202,24 @@ public IamTotpMfa disableTotpMfa(IamAccount account) { * Verifies a provided TOTP against an account multi-factor secret * * @param account the account whose secret we will check against - * @param totp the TOTP to validate + * @param totp the TOTP to validate * @return true if valid, false otherwise */ @Override - public boolean verifyTotp(IamAccount account, String totp) { + public boolean verifyTotp(IamAccount account, String totp) throws IamTotpMfaInvalidArgumentError { Optional totpMfaOptional = totpMfaRepository.findByAccount(account); if (!totpMfaOptional.isPresent()) { throw new MfaSecretNotFoundException("No multi-factor secret is attached to this account"); } IamTotpMfa totpMfa = totpMfaOptional.get(); + String mfaSecret = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( + totpMfa.getSecret(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - try { - String mfaSecret = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( - totpMfa.getSecret(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - - // Verify provided TOTP - if (codeVerifier.isValidCode(mfaSecret, totp)) { - totpVerifiedEvent(account, totpMfa); - return true; - } - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - LOG.error(iamTotpMfaInvalidArgumentErrorMsg.getMessage()); - throw iamTotpMfaInvalidArgumentErrorMsg; + // Verify provided TOTP + if (codeVerifier.isValidCode(mfaSecret, totp)) { + totpVerifiedEvent(account, totpMfa); + return true; } return false; @@ -264,40 +247,31 @@ public boolean verifyRecoveryCode(IamAccount account, String recoveryCode) { // Check for a matching recovery code Set accountRecoveryCodes = totpMfa.getRecoveryCodes(); - try { - for (IamTotpRecoveryCode recoveryCodeObject : accountRecoveryCodes) { - String recoveryCodeEncrypted = recoveryCodeObject.getCode(); - String recoveryCodeString = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( - recoveryCodeEncrypted, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); + for (IamTotpRecoveryCode recoveryCodeObject : accountRecoveryCodes) { + String recoveryCodeEncrypted = recoveryCodeObject.getCode(); + String recoveryCodeString = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( + recoveryCodeEncrypted, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - if (recoveryCode.equals(recoveryCodeString)) { - recoveryCodeVerifiedEvent(account, totpMfa); - return true; - } + if (recoveryCode.equals(recoveryCodeString)) { + recoveryCodeVerifiedEvent(account, totpMfa); + return true; } - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - throw iamTotpMfaInvalidArgumentErrorMsg; } return false; } - private Set generateRecoveryCodes(IamTotpMfa totpMfa) { + private Set generateRecoveryCodes(IamTotpMfa totpMfa) throws IamTotpMfaInvalidArgumentError { String[] recoveryCodeStrings = recoveryCodeGenerator.generateCodes(RECOVERY_CODE_QUANTITY); Set recoveryCodes = new HashSet<>(); - try { - for (String code : recoveryCodeStrings) { - IamTotpRecoveryCode recoveryCode = new IamTotpRecoveryCode(totpMfa); + for (String code : recoveryCodeStrings) { + IamTotpRecoveryCode recoveryCode = new IamTotpRecoveryCode(totpMfa); - recoveryCode.setCode(IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( - code, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); - recoveryCodes.add(recoveryCode); - } - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - LOG.error(iamTotpMfaInvalidArgumentErrorMsg.getMessage()); - throw iamTotpMfaInvalidArgumentErrorMsg; + recoveryCode.setCode(IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( + code, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); + recoveryCodes.add(recoveryCode); } return recoveryCodes; diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetService.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetService.java index 22d2558ac..88585127f 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetService.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetService.java @@ -36,6 +36,7 @@ import it.infn.mw.iam.persistence.repository.IamAccountRepository; import it.infn.mw.iam.persistence.repository.IamTotpMfaRepository; import it.infn.mw.iam.util.mfa.IamTotpMfaEncryptionAndDecryptionUtil; +import it.infn.mw.iam.util.mfa.IamTotpMfaInvalidArgumentError; @Service public class DefaultIamTotpRecoveryCodeResetService @@ -72,7 +73,7 @@ public void setApplicationEventPublisher(ApplicationEventPublisher applicationEv * @param account - the account to regenerate codes on */ @Override - public IamAccount resetRecoveryCodes(IamAccount account) { + public IamAccount resetRecoveryCodes(IamAccount account) throws IamTotpMfaInvalidArgumentError { Optional totpMfaOptional = totpMfaRepository.findByAccount(account); if (!totpMfaOptional.isPresent()) { throw new MfaSecretNotFoundException("No multi-factor secret is attached to this account"); @@ -82,26 +83,22 @@ public IamAccount resetRecoveryCodes(IamAccount account) { String[] recoveryCodeStrings = recoveryCodeGenerator.generateCodes(RECOVERY_CODE_QUANTITY); Set recoveryCodes = new HashSet<>(); - try { - for (String code : recoveryCodeStrings) { - IamTotpRecoveryCode recoveryCode = new IamTotpRecoveryCode(totpMfa); + for (String code : recoveryCodeStrings) { + IamTotpRecoveryCode recoveryCode = new IamTotpRecoveryCode(totpMfa); - recoveryCode.setCode(IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( - code, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); - recoveryCodes.add(recoveryCode); - } + recoveryCode.setCode(IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( + code, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); + recoveryCodes.add(recoveryCode); + } - // Attach to account - totpMfa.setRecoveryCodes(recoveryCodes); - totpMfa.touch(); - account.touch(); - accountRepository.save(account); - totpMfaRepository.save(totpMfa); - recoveryCodesResetEvent(account, totpMfa); + // Attach to account + totpMfa.setRecoveryCodes(recoveryCodes); + totpMfa.touch(); + account.touch(); + accountRepository.save(account); + totpMfaRepository.save(totpMfa); + recoveryCodesResetEvent(account, totpMfa); - return account; - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - throw iamTotpMfaInvalidArgumentErrorMsg; - } + return account; } } diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java index 712010e33..ffcc24d66 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java @@ -51,6 +51,7 @@ import it.infn.mw.iam.persistence.model.IamTotpMfa; import it.infn.mw.iam.persistence.repository.IamAccountRepository; import it.infn.mw.iam.util.mfa.IamTotpMfaEncryptionAndDecryptionUtil; +import it.infn.mw.iam.util.mfa.IamTotpMfaInvalidArgumentError; /** * Controller for customising user's authenticator app MFA settings Can enable or disable the @@ -90,20 +91,14 @@ public AuthenticatorAppSettingsController(IamTotpMfaService service, @RequestMapping(value = ADD_SECRET_URL, method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - public SecretAndDataUriDTO addSecret() { + public SecretAndDataUriDTO addSecret() throws IamTotpMfaInvalidArgumentError { final String username = getUsernameFromSecurityContext(); IamAccount account = accountRepository.findByUsername(username) .orElseThrow(() -> NoSuchAccountError.forUsername(username)); IamTotpMfa totpMfa = service.addTotpMfaSecret(account); - String mfaSecret = ""; - - try { - mfaSecret = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( - totpMfa.getSecret(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - throw iamTotpMfaInvalidArgumentErrorMsg; - } + String mfaSecret = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( + totpMfa.getSecret(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); try { SecretAndDataUriDTO dto = new SecretAndDataUriDTO(mfaSecret); diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/authenticator_app/RecoveryCodeManagementController.java b/iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/authenticator_app/RecoveryCodeManagementController.java index f18b9c43d..d3cec50f5 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/authenticator_app/RecoveryCodeManagementController.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/authenticator_app/RecoveryCodeManagementController.java @@ -43,6 +43,7 @@ import it.infn.mw.iam.persistence.model.IamTotpRecoveryCode; import it.infn.mw.iam.persistence.repository.IamTotpMfaRepository; import it.infn.mw.iam.util.mfa.IamTotpMfaEncryptionAndDecryptionUtil; +import it.infn.mw.iam.util.mfa.IamTotpMfaInvalidArgumentError; /** * Provides webpages related to recovery codes. Most of this appears if the user chooses to use a @@ -61,7 +62,6 @@ public class RecoveryCodeManagementController { private final IamTotpRecoveryCodeResetService recoveryCodeResetService; private final IamTotpMfaProperties iamTotpMfaProperties; - @Autowired public RecoveryCodeManagementController(AccountUtils accountUtils, IamTotpMfaRepository totpMfaRepository, @@ -105,7 +105,7 @@ public String viewRecoveryCodes(ModelMap model) { */ @PreAuthorize("hasRole('USER')") @RequestMapping(method = RequestMethod.GET, path = RECOVERY_CODE_GET_URL) - public @ResponseBody String[] getRecoveryCodes() { + public @ResponseBody String[] getRecoveryCodes() throws IamTotpMfaInvalidArgumentError { IamAccount account = accountUtils.getAuthenticatedUserAccount() .orElseThrow(() -> new MultiFactorAuthenticationError("Account not found")); @@ -122,16 +122,12 @@ public String viewRecoveryCodes(ModelMap model) { List recs = new ArrayList<>(totpMfa.getRecoveryCodes()); String[] codes = new String[recs.size()]; - try { - for (int i = 0; i < recs.size(); i++) { - codes[i] = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( - recs.get(i).getCode(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); - } - - return codes; - } catch (Exception iamTotpMfaInvalidArgumentErrorMsg) { - throw iamTotpMfaInvalidArgumentErrorMsg; + for (int i = 0; i < recs.size(); i++) { + codes[i] = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( + recs.get(i).getCode(), iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()); } + + return codes; } /** diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionHelper.java b/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionHelper.java index 435a00ab5..20c00e377 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionHelper.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionHelper.java @@ -20,7 +20,7 @@ public class IamTotpMfaEncryptionAndDecryptionHelper { private String encryptionAlgorithm = "AES"; private String modeOfOperation = "AES/CBC/PKCS5Padding"; - // AES KeySize has 3 options: 128, 192, or 256 bits. + // AES `keySize` has 3 options: 128, 192, or 256 bits. private int keySize = 128; private int ivSize = 16; @@ -28,7 +28,7 @@ public class IamTotpMfaEncryptionAndDecryptionHelper { // Multiples of 8 private int saltSize = 16; - // The higher the better + // The higher value the better private int iterations = 65536; private static IamTotpMfaEncryptionAndDecryptionHelper instance; @@ -69,18 +69,10 @@ public String getEncryptionAlgorithm() { return encryptionAlgorithm; } - public void setEncryptionAlgorithm(String encryptionAlgorithm) { - this.encryptionAlgorithm = encryptionAlgorithm; - } - public String getModeOfOperation() { return modeOfOperation; } - public void setModeOfOperation(String modeOfOperation) { - this.modeOfOperation = modeOfOperation; - } - /** * Helper to get the instance instead of creating new objects, * acts like a singleton pattern. diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionUtil.java b/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionUtil.java index 2db1d6958..7d60e3d4a 100644 --- a/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionUtil.java +++ b/iam-login-service/src/main/java/it/infn/mw/iam/util/mfa/IamTotpMfaEncryptionAndDecryptionUtil.java @@ -40,8 +40,8 @@ private IamTotpMfaEncryptionAndDecryptionUtil() { } /** - * This process requires a password for encrypting the plaintext. Ensure to use - * the same password for decryption as well. + * This helper method requires a password for encrypting the plaintext. + * Ensure to use the same password for decryption as well. * * @param plaintext plaintext to encrypt. * @param password Provided by the admin through the environment @@ -171,10 +171,9 @@ private static SecretKey getKeyFromPassword(String password, byte[] salt, String SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, defaultModel.getIterations(), defaultModel.getKeySize()); - SecretKey secretKey = new SecretKeySpec(factory.generateSecret(spec) - .getEncoded(), algorithm); - return secretKey; + return new SecretKeySpec(factory.generateSecret(spec) + .getEncoded(), algorithm); } /** diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsControllerTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsControllerTests.java index 459e7b040..d4fe575c6 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsControllerTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsControllerTests.java @@ -85,7 +85,7 @@ public static void init() { public void setup() { when(accountRepository.findByUsername(TEST_USERNAME)).thenReturn(Optional.of(TEST_ACCOUNT)); when(accountRepository.findByUsername(TOTP_USERNAME)).thenReturn(Optional.of(TOTP_MFA_ACCOUNT)); - when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn("define_me_please"); + when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(KEY_TO_ENCRYPT_DECRYPT); mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).alwaysDo(log()).build(); @@ -99,7 +99,7 @@ public void testAddSecret() throws Exception { totpMfa.setActive(false); totpMfa.setAccount(null); totpMfa.setSecret( - IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode("secret", + IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); when(totpMfaService.addTotpMfaSecret(account)).thenReturn(totpMfa); @@ -112,14 +112,15 @@ public void testAddSecret() throws Exception { @Test @WithMockUser(username = TEST_USERNAME) - public void testAddSecret_withDifferentPassword() throws Exception { + public void testAddSecret_withEmptyPassword() throws Exception { IamAccount account = cloneAccount(TEST_ACCOUNT); IamTotpMfa totpMfa = cloneTotpMfa(TOTP_MFA); totpMfa.setActive(false); totpMfa.setAccount(null); totpMfa.setSecret( - IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode("secret", + IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); + when(totpMfaService.addTotpMfaSecret(account)).thenReturn(totpMfa); when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(""); @@ -151,7 +152,7 @@ public void testEnableAuthenticatorApp() throws Exception { totpMfa.setActive(true); totpMfa.setAccount(account); totpMfa.setSecret( - IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode("secret", + IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, iamTotpMfaProperties.getPasswordToEncryptOrDecrypt())); String totp = "123456"; diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetServiceTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetServiceTests.java index 0b60f5668..ac0781894 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetServiceTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/DefaultIamTotpRecoveryCodeResetServiceTests.java @@ -23,10 +23,11 @@ import java.util.Optional; +import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.mockito.InjectMocks; -import org.mockito.Mock; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.context.ApplicationEventPublisher; import dev.samstevens.totp.recovery.RecoveryCodeGenerator; @@ -41,26 +42,41 @@ @SpringBootTest class DefaultIamTotpRecoveryCodeResetServiceTests extends MultiFactorTestSupport { - @Mock + @Autowired + private IamTotpMfaProperties iamTotpMfaProperties; + + @MockBean private IamAccountRepository accountRepository; - @Mock + @MockBean private IamTotpMfaRepository repository; - @Mock + @MockBean private RecoveryCodeGenerator recoveryCodeGenerator; - @Mock - private IamTotpMfaProperties iamTotpMfaProperties; - - @Mock + @MockBean private ApplicationEventPublisher eventPublisher; - @InjectMocks + @Autowired private DefaultIamTotpRecoveryCodeResetService recoveryCodeResetService; + @BeforeEach + public void setUp() { + // Only place(Test Class) to define and set password + iamTotpMfaProperties.setPasswordToEncryptAndDecrypt(KEY_TO_ENCRYPT_DECRYPT); + } + @Test - void testResetRecoveryCodes_WithNoMultiFactorSecretAttached() { + public void testEditMultiFactorSettingsIsEnabled() { + /** + * Admin hasn't defined true for the edit multi-factor settings + * button to be visible. + */ + assertFalse(iamTotpMfaProperties.isEditMultiFactorSettingsBtnEnabled()); + } + + @Test + public void testResetRecoveryCodes_WithNoMultiFactorSecretAttached() { IamAccount account = cloneAccount(TOTP_MFA_ACCOUNT); MfaSecretNotFoundException thrownException = assertThrows(MfaSecretNotFoundException.class, () -> { @@ -71,7 +87,7 @@ void testResetRecoveryCodes_WithNoMultiFactorSecretAttached() { } @Test - void testResetRecoveryCodes() { + public void testResetRecoveryCodes() { IamAccount account = cloneAccount(TOTP_MFA_ACCOUNT); when(repository.findByAccount(TOTP_MFA_ACCOUNT)).thenReturn(Optional.of(TOTP_MFA)); @@ -79,7 +95,6 @@ void testResetRecoveryCodes() { TOTP_RECOVERY_CODE_STRING_9, TOTP_RECOVERY_CODE_STRING_10, TOTP_RECOVERY_CODE_STRING_11, TOTP_RECOVERY_CODE_STRING_12 }; when(recoveryCodeGenerator.generateCodes(anyInt())).thenReturn(testArray); - when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(DEFAULT_KEY); IamAccount result = recoveryCodeResetService.resetRecoveryCodes(account); @@ -88,15 +103,16 @@ void testResetRecoveryCodes() { } @Test - void testResetRecoveryCodes_WithEmptyPassword() { + public void testResetRecoveryCodes_WithEmptyPassword() { IamAccount account = cloneAccount(TOTP_MFA_ACCOUNT); + iamTotpMfaProperties.setPasswordToEncryptAndDecrypt(""); + when(repository.findByAccount(TOTP_MFA_ACCOUNT)).thenReturn(Optional.of(TOTP_MFA)); String[] testArray = { TOTP_RECOVERY_CODE_STRING_7, TOTP_RECOVERY_CODE_STRING_8, TOTP_RECOVERY_CODE_STRING_9, TOTP_RECOVERY_CODE_STRING_10, TOTP_RECOVERY_CODE_STRING_11, TOTP_RECOVERY_CODE_STRING_12 }; when(recoveryCodeGenerator.generateCodes(anyInt())).thenReturn(testArray); - when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(""); IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { recoveryCodeResetService.resetRecoveryCodes(account); diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaCommons.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaCommons.java index 9cc91c1b6..0cd5a9c97 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaCommons.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaCommons.java @@ -16,15 +16,14 @@ package it.infn.mw.iam.test.multi_factor_authentication; public class IamTotpMfaCommons { - public static final String DEFAULT_KEY = "define_me_please"; + public static final String KEY_TO_ENCRYPT_DECRYPT = "define_me_please"; public static final String TOTP_MFA_SECRET = "secret"; public static final int DEFAULT_KEY_SIZE = 126; public static final int DEFAULT_ITERATIONS = 65536; public static final int DEFAULT_SALT_SIZE = 16; - public static final int ANOTHER_KEY_SIZE = 256; + public static final int ANOTHER_KEY_SIZE = 192; public static final int ANOTHER_ITERATIONS = 6000; public static final int ANOTHER_SALT_SIZE = 36; - -} \ No newline at end of file +} diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaEncryptionAndDecryptionUtilTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaEncryptionAndDecryptionUtilTests.java index 7c0db0763..1cd3a958d 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaEncryptionAndDecryptionUtilTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaEncryptionAndDecryptionUtilTests.java @@ -19,6 +19,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; +import org.junit.After; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.junit.MockitoJUnitRunner; @@ -30,25 +32,38 @@ @RunWith(MockitoJUnitRunner.class) public class IamTotpMfaEncryptionAndDecryptionUtilTests extends IamTotpMfaCommons { - // private static final IamTotpMfaEncryptionAndDecryptionHelper defaultModel = - // IamTotpMfaEncryptionAndDecryptionHelper - // .getInstance(); + private static final IamTotpMfaEncryptionAndDecryptionHelper defaultModel = IamTotpMfaEncryptionAndDecryptionHelper + .getInstance(); + + @Before + public void setUp() { + defaultModel.setIterations(ANOTHER_ITERATIONS); + defaultModel.setKeySize(ANOTHER_KEY_SIZE); + defaultModel.setSaltSize(ANOTHER_SALT_SIZE); + } + + @After + public void tearDown() { + defaultModel.setIterations(DEFAULT_ITERATIONS); + defaultModel.setKeySize(DEFAULT_KEY_SIZE); + defaultModel.setSaltSize(DEFAULT_SALT_SIZE); + } @Test - public void testEncryptSecretOrRecoveryCode() throws IamTotpMfaInvalidArgumentError { + public void testEncryptionAndDecryption_SecretOrRecoveryCodeMethods() throws IamTotpMfaInvalidArgumentError { // Encrypt the plainText - String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, DEFAULT_KEY); + String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT); // Decrypt the cipherText - String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, DEFAULT_KEY); + String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, KEY_TO_ENCRYPT_DECRYPT); assertEquals(TOTP_MFA_SECRET, plainText); } @Test - public void testDecryptSecretOrRecoveryCodeWithDifferentKey() throws IamTotpMfaInvalidArgumentError { + public void testDecryptSecretOrRecoveryCode_WithDifferentKey() throws IamTotpMfaInvalidArgumentError { // Encrypt the plainText - String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, DEFAULT_KEY); + String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT); IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { // Decrypt the cipherText with a different key @@ -57,16 +72,16 @@ public void testDecryptSecretOrRecoveryCodeWithDifferentKey() throws IamTotpMfaI assertTrue(thrownException.getMessage().startsWith("Please use the same password")); - // Decrypt the cipherText with a the key used for encryption. - String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, DEFAULT_KEY); + // Decrypt the cipherText with a the same key used for encryption. + String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, KEY_TO_ENCRYPT_DECRYPT); assertEquals(TOTP_MFA_SECRET, plainText); } @Test - public void testEncryptSecretOrRecoveryCodeWithTamperedCipher() throws IamTotpMfaInvalidArgumentError { + public void testEncryptSecretOrRecoveryCode_WithTamperedCipher() throws IamTotpMfaInvalidArgumentError { // Encrypt the plainText - String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, DEFAULT_KEY); + String cipherText = IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT); String modifyCipher = cipherText.substring(3); String tamperedCipher = "iam" + modifyCipher; @@ -74,27 +89,27 @@ public void testEncryptSecretOrRecoveryCodeWithTamperedCipher() throws IamTotpMf if (!tamperedCipher.substring(0, 3).equals(cipherText.substring(0, 3))) { IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { - // Decrypt the cipherText with a different key - IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(tamperedCipher, DEFAULT_KEY); + // Decrypt the tampered cipherText + IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(tamperedCipher, KEY_TO_ENCRYPT_DECRYPT); }); - // Always throws an error because we have tampered with cipherText. + // Always throws an error because user have tampered the cipherText. assertTrue(thrownException.getMessage().startsWith("Please use the same password")); } else { - // Decrypt the cipherText with a the key used for encryption. - String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, DEFAULT_KEY); + // Decrypt the right cipherText with a the same key used for encryption. + String plainText = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(cipherText, KEY_TO_ENCRYPT_DECRYPT); assertEquals(TOTP_MFA_SECRET, plainText); } } @Test - public void testEncryptSecretOrRecoveryCodeWithEmptyPlainText() throws IamTotpMfaInvalidArgumentError { + public void testEncryptSecretOrRecoveryCode_WithEmptyPlainText() throws IamTotpMfaInvalidArgumentError { IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { // Try to encrypt the empty plainText - IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(null, DEFAULT_KEY); + IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode(null, KEY_TO_ENCRYPT_DECRYPT); }); // Always throws an error because we have passed empty plaintext. @@ -102,10 +117,10 @@ public void testEncryptSecretOrRecoveryCodeWithEmptyPlainText() throws IamTotpMf } @Test - public void testDecryptSecretOrRecoveryCodeWithEmptyPlainText() throws IamTotpMfaInvalidArgumentError { + public void testDecryptSecretOrRecoveryCode_WithEmptyPlainText() throws IamTotpMfaInvalidArgumentError { IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { - IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(null, DEFAULT_KEY); + IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode(null, KEY_TO_ENCRYPT_DECRYPT); }); // Always throws an error because we have passed empty ciphertext. diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTestSupport.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTestSupport.java index 46eff7cc2..99540303d 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTestSupport.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTestSupport.java @@ -74,7 +74,7 @@ public IamTotpMfaServiceTestSupport() { TOTP_MFA = new IamTotpMfa(); TOTP_MFA.setAccount(TOTP_MFA_ACCOUNT); - TOTP_MFA.setSecret(getEncryptedCode(TOTP_MFA_SECRET, DEFAULT_KEY)); + TOTP_MFA.setSecret(getEncryptedCode(TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT)); TOTP_MFA.setActive(true); TOTP_RECOVERY_CODE_1 = new IamTotpRecoveryCode(TOTP_MFA); @@ -84,12 +84,12 @@ public IamTotpMfaServiceTestSupport() { TOTP_RECOVERY_CODE_5 = new IamTotpRecoveryCode(TOTP_MFA); TOTP_RECOVERY_CODE_6 = new IamTotpRecoveryCode(TOTP_MFA); - TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, DEFAULT_KEY)); + TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, KEY_TO_ENCRYPT_DECRYPT)); TOTP_MFA .setRecoveryCodes(new HashSet<>(Arrays.asList(TOTP_RECOVERY_CODE_1, TOTP_RECOVERY_CODE_2, diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTests.java index 0c5bd0544..7bd0d805e 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/IamTotpMfaServiceTests.java @@ -94,16 +94,16 @@ public class IamTotpMfaServiceTests extends IamTotpMfaServiceTestSupport { @Before public void setup() { - when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn("define_me_please"); + when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(KEY_TO_ENCRYPT_DECRYPT); when(secretGenerator.generate()).thenReturn("test_secret"); when(repository.findByAccount(TOTP_MFA_ACCOUNT)).thenReturn(Optional.of(TOTP_MFA)); when(iamAccountService.saveAccount(TOTP_MFA_ACCOUNT)).thenAnswer(i -> i.getArguments()[0]); when(codeVerifier.isValidCode(anyString(), anyString())).thenReturn(true); - String[] testArray = {TOTP_RECOVERY_CODE_STRING_7, TOTP_RECOVERY_CODE_STRING_8, + String[] testArray = { TOTP_RECOVERY_CODE_STRING_7, TOTP_RECOVERY_CODE_STRING_8, TOTP_RECOVERY_CODE_STRING_9, TOTP_RECOVERY_CODE_STRING_10, TOTP_RECOVERY_CODE_STRING_11, - TOTP_RECOVERY_CODE_STRING_12}; + TOTP_RECOVERY_CODE_STRING_12 }; when(recoveryCodeGenerator.generateCodes(anyInt())).thenReturn(testArray); service = new DefaultIamTotpMfaService(iamAccountService, repository, secretGenerator, @@ -175,14 +175,14 @@ public void testAddsMfaRecoveryCode_whenNoMfaSecretAssignedFails() { } @Test - public void testAddsMfaRecoveryCode_whenPasswordIsEmpty() { + public void testAddTotpMfaSecret_whenPasswordIsEmpty() { when(repository.findByAccount(TOTP_MFA_ACCOUNT)).thenReturn(Optional.empty()); when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(""); IamAccount account = cloneAccount(TOTP_MFA_ACCOUNT); IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { - // Decrypt the cipherText with a different key + // Decrypt the cipherText with empty key service.addTotpMfaSecret(account); }); @@ -196,7 +196,7 @@ public void testAddsMfaRecoveryCodes_whenPasswordIsEmpty() { IamAccount account = cloneAccount(TOTP_MFA_ACCOUNT); IamTotpMfaInvalidArgumentError thrownException = assertThrows(IamTotpMfaInvalidArgumentError.class, () -> { - // Decrypt the cipherText with a different key + // Decrypt the cipherText with empty key service.addTotpMfaRecoveryCodes(account); }); diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/MultiFactorTestSupport.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/MultiFactorTestSupport.java index 307ca0d35..57735f747 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/MultiFactorTestSupport.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/MultiFactorTestSupport.java @@ -90,7 +90,7 @@ public MultiFactorTestSupport() { TOTP_MFA.setAccount(TOTP_MFA_ACCOUNT); TOTP_MFA.setSecret( IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( - TOTP_MFA_SECRET, DEFAULT_KEY)); + TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT)); TOTP_MFA.setActive(true); TOTP_MFA.touch(); @@ -107,18 +107,18 @@ public MultiFactorTestSupport() { TOTP_RECOVERY_CODE_11 = new IamTotpRecoveryCode(TOTP_MFA); TOTP_RECOVERY_CODE_12 = new IamTotpRecoveryCode(TOTP_MFA); - TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_7.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_7, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_8.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_8, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_9.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_9, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_10.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_10, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_11.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_11, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_12.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_12, DEFAULT_KEY)); + TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_7.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_7, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_8.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_8, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_9.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_9, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_10.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_10, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_11.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_11, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_12.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_12, KEY_TO_ENCRYPT_DECRYPT)); RECOVERY_CODE_SET_FIRST = new HashSet<>( Arrays.asList(TOTP_RECOVERY_CODE_1, TOTP_RECOVERY_CODE_2, TOTP_RECOVERY_CODE_3, @@ -152,22 +152,22 @@ protected void resetTotpAccount() { TOTP_MFA.setAccount(TOTP_MFA_ACCOUNT); TOTP_MFA.setSecret( IamTotpMfaEncryptionAndDecryptionUtil.encryptSecretOrRecoveryCode( - TOTP_MFA_SECRET, DEFAULT_KEY)); + TOTP_MFA_SECRET, KEY_TO_ENCRYPT_DECRYPT)); TOTP_MFA.setActive(true); TOTP_MFA.touch(); - TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_7.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_7, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_8.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_8, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_9.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_9, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_10.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_10, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_11.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_11, DEFAULT_KEY)); - TOTP_RECOVERY_CODE_12.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_12, DEFAULT_KEY)); + TOTP_RECOVERY_CODE_1.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_1, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_2.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_2, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_3.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_3, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_4.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_4, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_5.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_5, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_6.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_6, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_7.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_7, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_8.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_8, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_9.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_9, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_10.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_10, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_11.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_11, KEY_TO_ENCRYPT_DECRYPT)); + TOTP_RECOVERY_CODE_12.setCode(getEncryptedCode(TOTP_RECOVERY_CODE_STRING_12, KEY_TO_ENCRYPT_DECRYPT)); TOTP_MFA.setRecoveryCodes(RECOVERY_CODE_SET_FIRST); } diff --git a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/authenticator_app/RecoveryCodeManagementControllerTests.java b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/authenticator_app/RecoveryCodeManagementControllerTests.java index 2ea54a85a..eb155df0d 100644 --- a/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/authenticator_app/RecoveryCodeManagementControllerTests.java +++ b/iam-login-service/src/test/java/it/infn/mw/iam/test/multi_factor_authentication/authenticator_app/RecoveryCodeManagementControllerTests.java @@ -106,7 +106,7 @@ public void setup() { when(accountUtils.getAuthenticatedUserAccount()).thenReturn(Optional.of(TOTP_MFA_ACCOUNT)); when(totpMfaRepository.findByAccount(TOTP_MFA_ACCOUNT)).thenReturn(Optional.of(TOTP_MFA)); when(service.resetRecoveryCodes(TOTP_MFA_ACCOUNT)).thenAnswer(i -> i.getArguments()[0]); - when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(DEFAULT_KEY); + when(iamTotpMfaProperties.getPasswordToEncryptOrDecrypt()).thenReturn(KEY_TO_ENCRYPT_DECRYPT); mvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).alwaysDo(log()).build(); @@ -195,7 +195,7 @@ public void testGetRecoveryCodes() throws Exception { List recoveryCodes = new ArrayList<>(RECOVERY_CODE_SET_FIRST); for (int i = 0; i < recoveryCodes.size(); i++) { originalCodes[i] = IamTotpMfaEncryptionAndDecryptionUtil.decryptSecretOrRecoveryCode( - recoveryCodes.get(i).getCode(), DEFAULT_KEY); + recoveryCodes.get(i).getCode(), KEY_TO_ENCRYPT_DECRYPT); // This is here because the string.split() method adds backslashed quotes around the separated // strings. So this is a hacky method to remove them to allow for the comparison to succeed.