SL-20278 Disconnect saving MFA from saving password

author: Andrey Kleshchev <andreykproductengine@lindenlab.com> 2023-09-13 18:50:42 +0300
committer: akleshchev <117672381+akleshchev@users.noreply.github.com> 2023-09-15 03:07:29 +0300
commit: 69a98a8465f910d58911456dfe840a7b829ccc65 (patch)
tree: f4ccde3382f4dd13e8cc31a84a7bad4cafb09f3a /indra
parent: 76c6dc025d39adba54cff2c112337274efaddd10 (diff)
7 files changed, 69 insertions, 16 deletions
diff --git a/indra/newview/llfloaterforgetuser.cpp b/indra/newview/llfloaterforgetuser.cpp
index 97b022699f..05e0b07584 100644
--- a/indra/newview/llfloaterforgetuser.cpp
+++ b/indra/newview/llfloaterforgetuser.cpp
@@ -229,6 +229,7 @@ void LLFloaterForgetUser::forgetUser(const std::string &userid, const std::strin
 {
     // Remove creds
     gSecAPIHandler->removeFromCredentialMap("login_list", grid, userid);
+    gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, userid);
 
     LLPointer<LLCredential> cred = gSecAPIHandler->loadCredential(grid);
     if (cred.notNull() && cred->userID() == userid)
diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp
index dd8c9b2dde..01496fa7ce 100644
--- a/indra/newview/lllogininstance.cpp
+++ b/indra/newview/lllogininstance.cpp
@@ -87,6 +87,7 @@ LLLoginInstance::LLLoginInstance() :
 	mLoginModule(new LLLogin()),
 	mNotifications(NULL),
 	mLoginState("offline"),
+    mSaveMFA(true),
 	mAttemptComplete(false),
 	mTransferRate(0.0f),
 	mDispatcher("LLLoginInstance", "change")
@@ -449,10 +450,7 @@ void LLLoginInstance::handleLoginFailure(const LLSD& event)
             gViewerWindow->setShowProgress(FALSE);
         }
 
-        LLSD args(llsd::map( "MESSAGE", LLTrans::getString(response["message_id"]) ));
-        LLSD payload;
-        LLNotificationsUtil::add("PromptMFAToken", args, payload,
-            boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+        showMFAChallange(LLTrans::getString(response["message_id"]));
     }
     else if(   reason_response == "key"
             || reason_response == "presence"
@@ -540,10 +538,7 @@ bool LLLoginInstance::handleTOSResponse(bool accepted, const std::string& key)
         {
             // SL-18511 this TOS failure happened while we are in the middle of an MFA challenge/response.
             // the previously entered token is very likely expired, so prompt again
-            LLSD args(llsd::map( "MESSAGE", LLTrans::getString("LoginFailedAuthenticationMFARequired") ));
-            LLSD payload;
-            LLNotificationsUtil::add("PromptMFAToken", args, payload,
-                boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+            showMFAChallange(LLTrans::getString("LoginFailedAuthenticationMFARequired"));
         }
         else
         {
@@ -561,6 +556,22 @@ bool LLLoginInstance::handleTOSResponse(bool accepted, const std::string& key)
     return true;
 }
 
+void LLLoginInstance::showMFAChallange(const std::string& message)
+{
+    LLSD args(llsd::map("MESSAGE", message));
+    LLSD payload;
+    if (gSavedSettings.getBOOL("RememberUser"))
+    {
+        LLNotificationsUtil::add("PromptMFATokenWithSave", args, payload,
+                                 boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+    }
+    else
+    {
+        LLNotificationsUtil::add("PromptMFAToken", args, payload,
+                                 boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+    }
+}
+
 bool LLLoginInstance::handleMFAChallenge(LLSD const & notif, LLSD const & response)
 {
     bool continue_clicked = response["continue"].asBoolean();
@@ -576,6 +587,7 @@ bool LLLoginInstance::handleMFAChallenge(LLSD const & notif, LLSD const & respon
 
         // Set the request data to true and retry login.
         mRequestData["params"]["token"] = token;
+        mSaveMFA = response.has("ignore") ? response["ignore"].asBoolean() : false;
         reconnect();
     } else {
         LL_INFOS("LLLogin") << "PromptMFAToken: no token, attemptComplete" << LL_ENDL;
diff --git a/indra/newview/lllogininstance.h b/indra/newview/lllogininstance.h
index ee3ef0e4b1..2e9aab7c00 100644
--- a/indra/newview/lllogininstance.h
+++ b/indra/newview/lllogininstance.h
@@ -56,6 +56,7 @@ public:
 	bool authSuccess() { return mAttemptComplete && mLoginState == "online"; }
 
 	const std::string& getLoginState() { return mLoginState; }
+    bool saveMFA() const { return mSaveMFA; }
 	LLSD getResponse(const std::string& key) { return getResponse()[key]; }
 	LLSD getResponse();
 
@@ -84,6 +85,7 @@ private:
 	void syncWithUpdater(ResponsePtr resp, const LLSD& notification, const LLSD& response);
 
 	bool handleTOSResponse(bool v, const std::string& key);
+    void showMFAChallange(const std::string& message);
     bool handleMFAChallenge(LLSD const & notif, LLSD const & response);
 
 	void attemptComplete() { mAttemptComplete = true; } // In the future an event?
@@ -95,6 +97,7 @@ private:
 	LLSD mRequestData;
 	LLSD mResponseData;
 	bool mAttemptComplete;
+    bool mSaveMFA;
 	F64 mTransferRate;
 	std::string mSerialNumber;
 	int mLastExecEvent;
diff --git a/indra/newview/llpanellogin.cpp b/indra/newview/llpanellogin.cpp
index 8f1e57e44c..49756a4e09 100644
--- a/indra/newview/llpanellogin.cpp
+++ b/indra/newview/llpanellogin.cpp
@@ -1110,11 +1110,6 @@ void LLPanelLogin::onRememberPasswordCheck(void*)
 
         std::string grid(LLGridManager::getInstance()->getGridId());
         std::string user_id(cred->userID());
-        if (!remember_password)
-        {
-            gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, user_id);
-            gSecAPIHandler->syncProtectedMap();
-        }
     }
 }
 
diff --git a/indra/newview/llstartup.cpp b/indra/newview/llstartup.cpp
index ced6ffa32e..ad87fca25b 100644
--- a/indra/newview/llstartup.cpp
+++ b/indra/newview/llstartup.cpp
@@ -3795,7 +3795,9 @@ bool process_login_success_response()
 
 
 	// Only save mfa_hash for future logins if the user wants their info remembered.
-	if(response.has("mfa_hash") && gSavedSettings.getBOOL("RememberUser") && gSavedSettings.getBOOL("RememberPassword"))
+	if(response.has("mfa_hash")
+       && gSavedSettings.getBOOL("RememberUser")
+       && LLLoginInstance::getInstance()->saveMFA())
 	{
 		std::string grid(LLGridManager::getInstance()->getGridId());
 		std::string user_id(gUserCredential->userID());
@@ -3803,6 +3805,13 @@ bool process_login_success_response()
 		// TODO(brad) - related to SL-17223 consider building a better interface that sync's automatically
 		gSecAPIHandler->syncProtectedMap();
 	}
+    else if (!LLLoginInstance::getInstance()->saveMFA())
+    {
+        std::string grid(LLGridManager::getInstance()->getGridId());
+        std::string user_id(gUserCredential->userID());
+        gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, user_id);
+        gSecAPIHandler->syncProtectedMap();
+    }
 
 	bool success = false;
 	// JC: gesture loading done below, when we have an asset system
diff --git a/indra/newview/lltoastalertpanel.cpp b/indra/newview/lltoastalertpanel.cpp
index 692e8d91a9..d35833fac9 100644
--- a/indra/newview/lltoastalertpanel.cpp
+++ b/indra/newview/lltoastalertpanel.cpp
@@ -279,6 +279,10 @@ LLToastAlertPanel::LLToastAlertPanel( LLNotificationPtr notification, bool modal
 	if (!edit_text_name.empty())
 	{
 		S32 y = VPAD + BTN_HEIGHT + VPAD/2;
+        if (form->getIgnoreType() != LLNotificationForm::IGNORE_NO)
+        {
+            y += EDITOR_HEIGHT;
+        }
 		mLineEditor = LLUICtrlFactory::getInstance()->createFromFile<LLLineEditor>("alert_line_editor.xml", this, LLPanel::child_registry_t::instance());
 	
 		if (mLineEditor)
@@ -522,6 +526,10 @@ void LLToastAlertPanel::onButtonPressed( const LLSD& data, S32 button )
 	{
 		response[mLineEditor->getName()] = mLineEditor->getValue();
 	}
+    if (mNotification->getForm()->getIgnoreType() != LLNotificationForm::IGNORE_NO)
+    {
+        response["ignore"] = mNotification->isIgnored();
+    }
 	response[button_data->mButton->getName()] = true;
 
 	// If we declared a URL and chose the URL option, go to the url
diff --git a/indra/newview/skins/default/xui/en/notifications.xml b/indra/newview/skins/default/xui/en/notifications.xml
index ef720e65e3..204fead7e0 100644
--- a/indra/newview/skins/default/xui/en/notifications.xml
+++ b/indra/newview/skins/default/xui/en/notifications.xml
@@ -11988,16 +11988,41 @@ Packing: [PACK_TIME]s [PSIZE]KB
 Unpacking: [UNPACK_TIME]s [USIZE]KB
     <tag>fail</tag>
   </notification>
-  
+
+    <notification
+     icon="alertmodal.tga"
+     label="Prompt for MFA Token"
+     name="PromptMFAToken"
+     type="alertmodal">
+        [MESSAGE]
+        <tag>confirm</tag>
+        <form name="form">
+            <input name="token" type="text" width="400" />
+            <button
+             default="true"
+             index="0"
+             name="continue"
+             text="Continue"/>
+            <button
+             index="1"
+             name="cancel"
+             text="Cancel"/>
+        </form>
+    </notification>
+
   <notification
    icon="alertmodal.tga"
    label="Prompt for MFA Token"
-   name="PromptMFAToken"
+   name="PromptMFATokenWithSave"
    type="alertmodal">
     [MESSAGE]
     <tag>confirm</tag>
     <form name="form">
       <input name="token" type="text" width="400" />
+      <ignore
+       name="ignore"
+       checkbox_only="true"
+       text="Remember this computer for 30 days."/>
       <button
        default="true"
        index="0"
author	Andrey Kleshchev <andreykproductengine@lindenlab.com>	2023-09-13 18:50:42 +0300
committer	akleshchev <117672381+akleshchev@users.noreply.github.com>	2023-09-15 03:07:29 +0300
commit	69a98a8465f910d58911456dfe840a7b829ccc65 (patch)
tree	f4ccde3382f4dd13e8cc31a84a7bad4cafb09f3a /indra
parent	76c6dc025d39adba54cff2c112337274efaddd10 (diff)