Skip to content

Commit

Permalink
Skip enrollment of TOTP Authenticator
Browse files Browse the repository at this point in the history
  • Loading branch information
Hasanthi Dissanayake committed Nov 6, 2023
1 parent 3048e26 commit c4ff494
Showing 1 changed file with 30 additions and 28 deletions.
58 changes: 30 additions & 28 deletions .../main/java/org/wso2/carbon/identity/application/authenticator/totp/TOTPAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,34 +348,36 @@ protected void initiateAuthenticationRequest(HttpServletRequest request,
}
if (enrolUserInAuthenticationFlowEnabled &&
request.getParameter(TOTPAuthenticatorConstants.ENABLE_TOTP) == null) {
// If TOTP is not enabled for the user and he hasn't redirected to the enrollment page yet.
if (log.isDebugEnabled()) {
log.debug("User has not enabled TOTP: " + username);
}
Map<String, String> claims;
if (isInitialFederationAttempt) {
claims = TOTPKeyGenerator.generateClaimsForFedUser(username, tenantDomain, context);
} else {
claims = TOTPKeyGenerator.generateClaims(UserCoreUtil.addDomainToName(username,
authenticatingUser.getUserStoreDomain()), false, context);
}
Map<String, String> claimProperties = TOTPUtil.getClaimProperties(tenantDomain,
TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL);
// Context will have the decrypted secret key all the time.
if (claimProperties.containsKey(TOTPAuthenticatorConstants.ENABLE_ENCRYPTION)) {
context.setProperty(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL,
claims.get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL));
} else {
context.setProperty(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL,
TOTPUtil.decrypt(claims.get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL)));
}
context.setProperty(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL,
claims.get(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL));
String qrURL = claims.get(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL);
TOTPUtil.redirectToEnableTOTPReqPage(request, response, context, qrURL, runtimeParams);
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Redirecting user to the TOTP enable page.");
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
if(!isAPIBasedAuthenticationSupported()) {
// If TOTP is not enabled for the user and he hasn't redirected to the enrollment page yet.
if (log.isDebugEnabled()) {
log.debug("User has not enabled TOTP: " + username);
}
Map<String, String> claims;
if (isInitialFederationAttempt) {
claims = TOTPKeyGenerator.generateClaimsForFedUser(username, tenantDomain, context);
} else {
claims = TOTPKeyGenerator.generateClaims(UserCoreUtil.addDomainToName(username,
authenticatingUser.getUserStoreDomain()), false, context);
}
Map<String, String> claimProperties = TOTPUtil.getClaimProperties(tenantDomain,
TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL);
// Context will have the decrypted secret key all the time.
if (claimProperties.containsKey(TOTPAuthenticatorConstants.ENABLE_ENCRYPTION)) {
context.setProperty(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL,
claims.get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL));
} else {
context.setProperty(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL,
TOTPUtil.decrypt(claims.get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL)));
}
context.setProperty(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL,
claims.get(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL));
String qrURL = claims.get(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL);
TOTPUtil.redirectToEnableTOTPReqPage(request, response, context, qrURL, runtimeParams);
if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
diagnosticLogBuilder.resultMessage("Redirecting user to the TOTP enable page.");
LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
}
}
} else if (Boolean.valueOf(request.getParameter(TOTPAuthenticatorConstants.ENABLE_TOTP)) ||
isTOTPEnabledByAdmin) {
Expand Down

0 comments on commit c4ff494

Please sign in to comment.