Accueil Explorer Aide
Connexion
dromara
/
MaxKey
miroir de https://gitee.com/dromara/MaxKey.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

TimeBasedOtpAuthn

MaxKey il y a 4 ans
Parent
7d5ad8ba7f
commit
e0454deea9
3 fichiers modifiés avec 5 ajouts et 9 suppressions
Vue séparée Afficher les stats Diff
  1. 1 4
      maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
  2. 4 1
      maxkey-authentications/maxkey-authentication-otp/src/main/java/org/maxkey/password/onetimepwd/impl/TimeBasedOtpAuthn.java
  3. 0 4
      maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java

+ 1 - 4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
Voir le fichier 

@@ -25,7 +25,6 @@ import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 
 import org.maxkey.configuration.ApplicationConfig;
 
 import org.maxkey.constants.ConstantsLoginType;
 
-import org.maxkey.crypto.password.PasswordReciprocal;
 
 import org.maxkey.domain.UserInfo;
 
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 
 import org.maxkey.web.WebConstants;
 
@@ -222,9 +221,7 @@ public abstract class AbstractAuthenticationProvider {
 
         if (applicationConfig.getLoginConfig().isMfa() && authType.equalsIgnoreCase("tfa")) {
 
             UserInfo validUserInfo = new UserInfo();
 
             validUserInfo.setUsername(userInfo.getUsername());
 
-            String sharedSecret = 
-                    PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
 
-            validUserInfo.setSharedSecret(sharedSecret);
 
+            validUserInfo.setSharedSecret(userInfo.getSharedSecret());
 
             validUserInfo.setSharedCounter(userInfo.getSharedCounter());
 
             validUserInfo.setId(userInfo.getId());
 
             if (otpCaptcha == null || !tfaOtpAuthn.validate(validUserInfo, otpCaptcha)) {

+ 4 - 1
maxkey-authentications/maxkey-authentication-otp/src/main/java/org/maxkey/password/onetimepwd/impl/TimeBasedOtpAuthn.java
Voir le fichier 

@@ -23,6 +23,7 @@ import java.util.Date;
 
 import java.util.TimeZone;
 
 import org.apache.commons.codec.binary.Hex;
 
 import org.maxkey.crypto.Base32Utils;
 
+import org.maxkey.crypto.password.PasswordReciprocal;
 
 import org.maxkey.domain.UserInfo;
 
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 
 import org.maxkey.password.onetimepwd.algorithm.TimeBasedOTP;
 
@@ -46,7 +47,9 @@ public class TimeBasedOtpAuthn extends AbstractOtpAuthn {
 
     public boolean validate(UserInfo userInfo, String token) {
 
         _logger.debug("utcTime : " + dateFormat.format(new Date()));
 
         long currentTimeSeconds = System.currentTimeMillis() / 1000;
 
-        byte[] byteSharedSecret = Base32Utils.decode(userInfo.getSharedSecret());
 
+        String sharedSecret = 
+                PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
 
+        byte[] byteSharedSecret = Base32Utils.decode(sharedSecret);
 
         String hexSharedSecret = Hex.encodeHexString(byteSharedSecret);
 
         String timeBasedToken = "";
 
         if (crypto.equalsIgnoreCase("HmacSHA1")) {

+ 0 - 4
maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
Voir le fichier 

@@ -52,10 +52,6 @@ public class RestTimeBasedOtpController {
 
     	
     	UserInfo validUserInfo = userInfoService.loadByUsername(username);
 
     	if(validUserInfo != null) {
 
-    		 String sharedSecret = 
-                     PasswordReciprocal.getInstance().decoder(validUserInfo.getSharedSecret());
 
-             validUserInfo.setSharedSecret(sharedSecret);
 
-             validUserInfo.setSharedCounter(validUserInfo.getSharedCounter());
 
     		if(timeBasedOtpAuthn.validate(validUserInfo, token)) {
 
     			return true;
 
     		}