From 9a96d7503254acf3abfabf830c14daf5f496db0a Mon Sep 17 00:00:00 2001 From: MDeLuise <66636702+MDeLuise@users.noreply.github.com> Date: Tue, 17 Sep 2024 16:15:24 +0200 Subject: [PATCH] fix(auth): return `MfaRequiredException` for invalid `trustKey` on login --- .../mfa/shiro/MfaOptionServiceImpl.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java index f62a142cb7e..e12a28124c0 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/mfa/shiro/MfaOptionServiceImpl.java @@ -12,6 +12,15 @@ *******************************************************************************/ package org.eclipse.kapua.service.authentication.credential.mfa.shiro; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Optional; +import java.util.UUID; +import java.util.stream.Collectors; + import org.apache.commons.lang.time.DateUtils; import org.apache.http.client.utils.URIBuilder; import org.apache.shiro.authc.IncorrectCredentialsException; @@ -57,15 +66,6 @@ import org.slf4j.LoggerFactory; import org.springframework.security.crypto.bcrypt.BCrypt; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; -import java.util.Optional; -import java.util.UUID; -import java.util.stream.Collectors; - /** * {@link MfaOptionService} implementation. * @@ -314,7 +314,7 @@ public boolean validateMfaCredentials(KapuaId scopeId, KapuaId userId, String to return false; }); if (!res) { - if ( (tokenAuthenticationCode != null && !tokenAuthenticationCode.isEmpty()) || (tokenTrustKey != null && !tokenTrustKey.isEmpty())) { + if (tokenAuthenticationCode != null && !tokenAuthenticationCode.isEmpty()) { throw new IncorrectCredentialsException(); } // In case both the authenticationCode and the trustKey are null, the MFA login via Rest API must be triggered.