SL-17019 mfa_hash should get saved per-username

5 files changed, 43 insertions, 33 deletions

diff --git a/indra/newview/app_settings/settings.xml b/indra/newview/app_settings/settings.xml
index 6c36fa6f09..7d39a54c1d 100644
--- a/indra/newview/app_settings/settings.xml
+++ b/indra/newview/app_settings/settings.xml
@@ -16815,5 +16815,16 @@
   <key>Value</key>
   <integer>1</integer>
   </map>
+  <key>MFAHash</key>
+  <map>
+    <key>Comment</key>
+    <string>Override MFA state hash for authentication</string>
+    <key>Persist</key>
+    <integer>0</integer>
+    <key>Type</key>
+    <string>String</string>
+    <key>Value</key>
+    <string></string>
+  </map>
 </map>
 </llsd>
diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml
index c45e841b94..537744b44c 100644
--- a/indra/newview/app_settings/settings_per_account.xml
+++ b/indra/newview/app_settings/settings_per_account.xml
@@ -436,16 +436,5 @@
         <key>Value</key>
         <integer>2</integer>
       </map>
-      <key>MFAHash</key>
-      <map>
-        <key>Comment</key>
-        <string>MFA state hash for authentication</string>
-        <key>Persist</key>
-        <integer>0</integer>
-        <key>Type</key>
-        <string>String</string>
-        <key>Value</key>
-        <string></string>
-      </map>
     </map>
 </llsd>
diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp
index fd186fcddc..2335674501 100644
--- a/indra/newview/lllogininstance.cpp
+++ b/indra/newview/lllogininstance.cpp
@@ -230,34 +230,43 @@ void LLLoginInstance::constructAuthParams(LLPointer<LLCredential> user_credentia
     // log request_params _before_ adding the credentials or sensitive MFA hash data
     LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer<LLSDNotationFormatter>(request_params) << LL_ENDL;
 
-    std::string mfa_hash = gSavedPerAccountSettings.getString("MFAHash"); //non-persistent to enable testing
-    LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER);
+    // Copy the credentials into the request after logging the rest
+    LLSD credentials(user_credential->getLoginParams());
+    for (LLSD::map_const_iterator it = credentials.beginMap();
+         it != credentials.endMap();
+         it++
+         )
+    {
+        request_params[it->first] = it->second;
+    }
+
+    std::string mfa_hash = gSavedSettings.getString("MFAHash"); //non-persistent to enable testing
     std::string grid(LLGridManager::getInstance()->getGridId());
-    if (basic_secure_store)
+    std::string user_id = user_credential->userID();
+    if (gSecAPIHandler)
     {
         if (mfa_hash.empty())
         {
-            mfa_hash = basic_secure_store->getProtectedData("mfa_hash", grid).asString();
+            // normal execution, mfa_hash was not set from debug setting so load from protected store
+            LLSD data_map = gSecAPIHandler->getProtectedData("mfa_hash", grid);
+            if (data_map.isMap() && data_map.has(user_id))
+            {
+                mfa_hash = data_map[user_id].asString();
+            }
         }
         else
         {
             // SL-16888 the mfa_hash is being overridden for testing so save it for consistency for future login requests
-            basic_secure_store->setProtectedData("mfa_hash", grid, mfa_hash);
+            gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, mfa_hash);
         }
     }
-
-    request_params["mfa_hash"] = mfa_hash;
-
-    // Copy the credentials into the request after logging the rest
-    LLSD credentials(user_credential->getLoginParams());
-    for (LLSD::map_const_iterator it = credentials.beginMap();
-         it != credentials.endMap();
-         it++
-         )
+    else
     {
-        request_params[it->first] = it->second;
+        LL_WARNS() << "unable to access protected store for mfa_hash" << LL_ENDL;
     }
 
+    request_params["mfa_hash"] = mfa_hash;
+
 	// Specify desired timeout/retry options
 	LLSD http_params;
 	F32 srv_timeout = llclamp(gSavedSettings.getF32("LoginSRVTimeout"), LOGIN_SRV_TIMEOUT_MIN, LOGIN_SRV_TIMEOUT_MAX);
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp
index 64e6042047..e7a1622332 100644
--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -3621,9 +3621,9 @@ bool process_login_success_response()
 	// Only save mfa_hash for future logins if the user wants their info remembered.
 	if(response.has("mfa_hash") && gSavedSettings.getBOOL("RememberUser") && gSavedSettings.getBOOL("RememberPassword"))
 	{
-		LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER);
 		std::string grid(LLGridManager::getInstance()->getGridId());
-		basic_secure_store->setProtectedData("mfa_hash", grid, response["mfa_hash"]);
+		std::string user_id(gUserCredential->userID());
+		gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, response["mfa_hash"]);
 	}
 
 	bool success = false;
diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp
index 9253516411..a8f57f975a 100644
--- a/indra/newview/tests/lllogininstance_test.cpp
+++ b/indra/newview/tests/lllogininstance_test.cpp
@@ -191,15 +191,14 @@ std::string LLGridManager::getGridId(const std::string& grid)
     return std::string();
 }
 
-LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
-{
-    return nullptr;
-}
+//LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
+//{
+//    return nullptr;
+//}
 
 //-----------------------------------------------------------------------------
 #include "../llviewercontrol.h"
 LLControlGroup gSavedSettings("Global");
-LLControlGroup gSavedPerAccountSettings("PerAccount");
 
 LLControlGroup::LLControlGroup(const std::string& name) :
 	LLInstanceTracker<LLControlGroup, std::string>(name){}
@@ -236,6 +235,8 @@ LLAppViewer * LLAppViewer::sInstance = 0;
 static std::string gTOSType;
 static LLEventPump * gTOSReplyPump = NULL;
 
+LLPointer<LLSecAPIHandler> gSecAPIHandler;
+
 //static
 LLFloater* LLFloaterReg::showInstance(const std::string& name, const LLSD& key, BOOL focus)
 {