Merge branch 'feature/mfa_prompt' into develop

[finishes #153075659] https://www.pivotaltracker.com/story/show/153075659
cloudfoundry · Feb 16, 2018 · 913e773 · 913e773
2 parents 28a7a34 + a42331e
commit 913e773
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 16 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java
@@ -118,6 +118,7 @@
 @Controller
 public class LoginInfoEndpoint {
 
+    public static final String MFA_CODE = "mfaCode";
     private static Log logger = LogFactory.getLog(LoginInfoEndpoint.class);
 
     public static final String NotANumber = OriginKeys.NotANumber;
@@ -240,7 +241,7 @@ public String infoForJson(Model model, Principal principal, HttpServletRequest r
 
     @RequestMapping(value = {"/info"}, headers = "Accept=text/html, */*")
     public String infoForHtml(Model model, Principal principal, HttpServletRequest request) {
-        return login(model, principal, Collections.singletonList(PASSCODE), false, request);
+        return login(model, principal, Arrays.asList(PASSCODE, MFA_CODE), false, request);
     }
 
     static class SavedAccountOptionModel extends SavedAccountOption {
@@ -582,27 +583,28 @@ public void populatePrompts(Model model, List<String> exclude) {
         }
         Map<String, String[]> map = new LinkedHashMap<>();
         for (Prompt prompt : zoneConfiguration.getPrompts()) {
-            if (!exclude.contains(prompt.getName())) {
-                String[] details = prompt.getDetails();
-                if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
-                    String urlInPasscode = extractUrlFromString(prompt.getDetails()[1]);
-                    if (hasText(urlInPasscode)) {
-                        String[] newDetails = new String[details.length];
-                        System.arraycopy(details, 0, newDetails, 0, details.length);
-                        newDetails[1] = newDetails[1].replace(urlInPasscode, addSubdomainToUrl(urlInPasscode));
-                        details = newDetails;
-                    }
+            String[] details = prompt.getDetails();
+            if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
+                String urlInPasscode = extractUrlFromString(prompt.getDetails()[1]);
+                if (hasText(urlInPasscode)) {
+                    String[] newDetails = new String[details.length];
+                    System.arraycopy(details, 0, newDetails, 0, details.length);
+                    newDetails[1] = newDetails[1].replace(urlInPasscode, addSubdomainToUrl(urlInPasscode));
+                    details = newDetails;
                 }
-                map.put(prompt.getName(), details);
             }
+            map.put(prompt.getName(), details);
         }
         if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get(), OriginKeys.UAA)) {
             Prompt p = new Prompt(
-                "mfaCode",
+                MFA_CODE,
                 "password",
                 "MFA Code ( Register at " + addSubdomainToUrl(getBaseUrl()+" )")
             );
-            map.put(p.getName(), p.getDetails());
+            map.putIfAbsent(p.getName(), p.getDetails());
+        }
+        for (String excludeThisPrompt : exclude) {
+            map.remove(excludeThisPrompt);
         }
         model.addAttribute("prompts", map);
     }

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java
@@ -574,6 +574,7 @@ public void testGeneratePasscodeForUnknownUaaPrincipal() throws Exception {
 
     @Test
     public void test_PromptLogic() throws Exception {
+        IdentityZoneHolder.get().getConfig().getMfaConfig().setEnabled(true);
         LoginInfoEndpoint endpoint = getEndpoint();
         endpoint.infoForHtml(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl()));
         assertNotNull("prompts attribute should be present", model.get("prompts"));
@@ -583,14 +584,16 @@ public void test_PromptLogic() throws Exception {
         assertNotNull(mapPrompts.get("username"));
         assertNotNull(mapPrompts.get("password"));
         assertNull(mapPrompts.get("passcode"));
+        assertNull(mapPrompts.get("mfaCode"));
 
         endpoint.infoForJson(model, null, new MockHttpServletRequest("GET", endpoint.getBaseUrl()));
         assertNotNull("prompts attribute should be present", model.get("prompts"));
         assertTrue("prompts should be a Map for JSON content", model.get("prompts") instanceof Map);
         mapPrompts = (Map)model.get("prompts");
-        assertEquals("there should be two prompts for html", 2, mapPrompts.size());
+        assertEquals("there should be two prompts for html", 3, mapPrompts.size());
         assertNotNull(mapPrompts.get("username"));
         assertNotNull(mapPrompts.get("password"));
+        assertNotNull(mapPrompts.get("mfaCode"));
         assertNull(mapPrompts.get("passcode"));
 
         //add a SAML IDP, should make the passcode prompt appear
@@ -600,10 +603,11 @@ public void test_PromptLogic() throws Exception {
         assertNotNull("prompts attribute should be present", model.get("prompts"));
         assertTrue("prompts should be a Map for JSON content", model.get("prompts") instanceof Map);
         mapPrompts = (Map)model.get("prompts");
-        assertEquals("there should be three prompts for html", 3, mapPrompts.size());
+        assertEquals("there should be three prompts for html", 4, mapPrompts.size());
         assertNotNull(mapPrompts.get("username"));
         assertNotNull(mapPrompts.get("password"));
         assertNotNull(mapPrompts.get("passcode"));
+        assertNotNull(mapPrompts.get("mfaCode"));
 
         when(mockIDPConfigurator.getIdentityProviderDefinitions((List<String>) isNull(), eq(IdentityZone.getUaa()))).thenReturn(idps);