Fixing bugs with MFA verification

CodeDTO objects were not being verified properly MFA was not being properly checked for in verification stage
indigo-iam · Mar 11, 2022 · 469ac8e · 469ac8e
1 parent 958082c
commit 469ac8e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 18 deletions.
diff --git a/...java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java b/...java/it/infn/mw/iam/api/account/multi_factor_authentication/DefaultIamTotpMfaService.java
@@ -97,9 +97,13 @@ public void setApplicationEventPublisher(ApplicationEventPublisher applicationEv
   @Override
   public IamTotpMfa addTotpMfaSecret(IamAccount account) {
     Optional<IamTotpMfa> totpMfaOptional = totpMfaRepository.findByAccount(account);
-    if (totpMfaOptional.isPresent() && totpMfaOptional.get().isActive()) {
-      throw new MfaSecretAlreadyBoundException(
-          "A multi-factor secret is already assigned to this account");
+    if (totpMfaOptional.isPresent()) {
+      if (totpMfaOptional.get().isActive()) {
+        throw new MfaSecretAlreadyBoundException(
+            "A multi-factor secret is already assigned to this account");
+      }
+
+      totpMfaRepository.delete(totpMfaOptional.get());
     }
 
     // Generate secret
@@ -201,10 +205,6 @@ public boolean verifyTotp(IamAccount account, String totp) {
     }
 
     IamTotpMfa totpMfa = totpMfaOptional.get();
-    if (!totpMfa.isActive()) {
-      throw new MfaSecretNotFoundException("No multi-factor secret is attached to this account");
-    }
-
     String mfaSecret = totpMfa.getSecret();
 
     // Verify provided TOTP

diff --git a/...unt/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java b/...unt/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java
@@ -117,7 +117,7 @@ public SecretAndDataUriDTO addSecret() {
   @RequestMapping(value = ENABLE_URL, method = RequestMethod.POST,
       produces = MediaType.TEXT_PLAIN_VALUE)
   @ResponseBody
-  public void enableAuthenticatorApp(@ModelAttribute @Valid TotpDTO code,
+  public void enableAuthenticatorApp(@ModelAttribute @Valid CodeDTO code,
       BindingResult validationResult) {
     if (validationResult.hasErrors()) {
       throw new BadMfaCodeError("Bad code");
@@ -155,7 +155,7 @@ public void enableAuthenticatorApp(@ModelAttribute @Valid TotpDTO code,
   @RequestMapping(value = DISABLE_URL, method = RequestMethod.POST,
       produces = MediaType.TEXT_PLAIN_VALUE)
   @ResponseBody
-  public void disableAuthenticatorApp(@Valid TotpDTO code, BindingResult validationResult) {
+  public void disableAuthenticatorApp(@Valid CodeDTO code, BindingResult validationResult) {
     if (validationResult.hasErrors()) {
       throw new BadMfaCodeError("Bad code");
     }

diff --git a/...entication/authenticator_app/TotpDTO.java → ...entication/authenticator_app/CodeDTO.java b/...entication/authenticator_app/TotpDTO.java → ...entication/authenticator_app/CodeDTO.java
@@ -23,26 +23,26 @@
 /**
  * DTO containing a TOTP for MFA secrets
  */
-public class TotpDTO {
+public class CodeDTO {
 
-  @NotEmpty(message = "Totp cannot be empty")
-  @Length(min = 6, max = 6, message = "Totp must be six characters in length")
-  @Min(value = 0L, message = "Totp must be a numerical value")
-  private String totp;
+  @NotEmpty(message = "Code cannot be empty")
+  @Length(min = 6, max = 6, message = "Code must be six characters in length")
+  @Min(value = 0L, message = "Code must be a numerical value")
+  private String code;
 
 
   /**
    * @return the code
    */
   public String getCode() {
-    return totp;
+    return code;
   }
 
 
   /**
-   * @param totp new code
+   * @param code new code
    */
-  public void setTotp(final String totp) {
-    this.totp = totp;
+  public void setCode(final String code) {
+    this.code = code;
   }
 }