diff options
author | Brad Kittenbrink <brad@lindenlab.com> | 2022-03-09 14:13:02 -0800 |
---|---|---|
committer | Brad Kittenbrink <brad@lindenlab.com> | 2022-03-17 13:29:12 -0700 |
commit | 6bdd744d78f2040767abe57afcb06f8a55a9dd83 (patch) | |
tree | 3b061503e2dab19ee3c472d3f21436c971d29caf /indra/newview | |
parent | dc7a24681b4f01b187ae686b628d98a4214a8ab1 (diff) |
SL-17019 mfa_hash should get saved per-username
Diffstat (limited to 'indra/newview')
-rw-r--r-- | indra/newview/app_settings/settings.xml | 11 | ||||
-rw-r--r-- | indra/newview/app_settings/settings_per_account.xml | 11 | ||||
-rw-r--r-- | indra/newview/lllogininstance.cpp | 39 | ||||
-rw-r--r-- | indra/newview/llstartup.cpp | 4 | ||||
-rw-r--r-- | indra/newview/tests/lllogininstance_test.cpp | 11 |
5 files changed, 43 insertions, 33 deletions
diff --git a/indra/newview/app_settings/settings.xml b/indra/newview/app_settings/settings.xml index 6c36fa6f09..7d39a54c1d 100644 --- a/indra/newview/app_settings/settings.xml +++ b/indra/newview/app_settings/settings.xml @@ -16815,5 +16815,16 @@ <key>Value</key> <integer>1</integer> </map> + <key>MFAHash</key> + <map> + <key>Comment</key> + <string>Override MFA state hash for authentication</string> + <key>Persist</key> + <integer>0</integer> + <key>Type</key> + <string>String</string> + <key>Value</key> + <string></string> + </map> </map> </llsd> diff --git a/indra/newview/app_settings/settings_per_account.xml b/indra/newview/app_settings/settings_per_account.xml index c45e841b94..537744b44c 100644 --- a/indra/newview/app_settings/settings_per_account.xml +++ b/indra/newview/app_settings/settings_per_account.xml @@ -436,16 +436,5 @@ <key>Value</key> <integer>2</integer> </map> - <key>MFAHash</key> - <map> - <key>Comment</key> - <string>MFA state hash for authentication</string> - <key>Persist</key> - <integer>0</integer> - <key>Type</key> - <string>String</string> - <key>Value</key> - <string></string> - </map> </map> </llsd> diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index fd186fcddc..2335674501 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -230,34 +230,43 @@ void LLLoginInstance::constructAuthParams(LLPointer<LLCredential> user_credentia // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer<LLSDNotationFormatter>(request_params) << LL_ENDL; - std::string mfa_hash = gSavedPerAccountSettings.getString("MFAHash"); //non-persistent to enable testing - LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER); + // Copy the credentials into the request after logging the rest + LLSD credentials(user_credential->getLoginParams()); + for (LLSD::map_const_iterator it = credentials.beginMap(); + it != credentials.endMap(); + it++ + ) + { + request_params[it->first] = it->second; + } + + std::string mfa_hash = gSavedSettings.getString("MFAHash"); //non-persistent to enable testing std::string grid(LLGridManager::getInstance()->getGridId()); - if (basic_secure_store) + std::string user_id = user_credential->userID(); + if (gSecAPIHandler) { if (mfa_hash.empty()) { - mfa_hash = basic_secure_store->getProtectedData("mfa_hash", grid).asString(); + // normal execution, mfa_hash was not set from debug setting so load from protected store + LLSD data_map = gSecAPIHandler->getProtectedData("mfa_hash", grid); + if (data_map.isMap() && data_map.has(user_id)) + { + mfa_hash = data_map[user_id].asString(); + } } else { // SL-16888 the mfa_hash is being overridden for testing so save it for consistency for future login requests - basic_secure_store->setProtectedData("mfa_hash", grid, mfa_hash); + gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, mfa_hash); } } - - request_params["mfa_hash"] = mfa_hash; - - // Copy the credentials into the request after logging the rest - LLSD credentials(user_credential->getLoginParams()); - for (LLSD::map_const_iterator it = credentials.beginMap(); - it != credentials.endMap(); - it++ - ) + else { - request_params[it->first] = it->second; + LL_WARNS() << "unable to access protected store for mfa_hash" << LL_ENDL; } + request_params["mfa_hash"] = mfa_hash; + // Specify desired timeout/retry options LLSD http_params; F32 srv_timeout = llclamp(gSavedSettings.getF32("LoginSRVTimeout"), LOGIN_SRV_TIMEOUT_MIN, LOGIN_SRV_TIMEOUT_MAX); diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp index 64e6042047..e7a1622332 100644 --- a/indra/newview/llstartup.cpp +++ b/indra/newview/llstartup.cpp @@ -3621,9 +3621,9 @@ bool process_login_success_response() // Only save mfa_hash for future logins if the user wants their info remembered. if(response.has("mfa_hash") && gSavedSettings.getBOOL("RememberUser") && gSavedSettings.getBOOL("RememberPassword")) { - LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER); std::string grid(LLGridManager::getInstance()->getGridId()); - basic_secure_store->setProtectedData("mfa_hash", grid, response["mfa_hash"]); + std::string user_id(gUserCredential->userID()); + gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, response["mfa_hash"]); } bool success = false; diff --git a/indra/newview/tests/lllogininstance_test.cpp b/indra/newview/tests/lllogininstance_test.cpp index 9253516411..a8f57f975a 100644 --- a/indra/newview/tests/lllogininstance_test.cpp +++ b/indra/newview/tests/lllogininstance_test.cpp @@ -191,15 +191,14 @@ std::string LLGridManager::getGridId(const std::string& grid) return std::string(); } -LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type) -{ - return nullptr; -} +//LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type) +//{ +// return nullptr; +//} //----------------------------------------------------------------------------- #include "../llviewercontrol.h" LLControlGroup gSavedSettings("Global"); -LLControlGroup gSavedPerAccountSettings("PerAccount"); LLControlGroup::LLControlGroup(const std::string& name) : LLInstanceTracker<LLControlGroup, std::string>(name){} @@ -236,6 +235,8 @@ LLAppViewer * LLAppViewer::sInstance = 0; static std::string gTOSType; static LLEventPump * gTOSReplyPump = NULL; +LLPointer<LLSecAPIHandler> gSecAPIHandler; + //static LLFloater* LLFloaterReg::showInstance(const std::string& name, const LLSD& key, BOOL focus) { |