etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

server: Allow admins to disable the 2FA of users in subdomains (#7870)

This commit is contained in:
Fabricio Duarte 2023-08-21 10:48:33 -03:00 committed by GitHub
parent ddc2a362a8
commit 6d24217636
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/main/java/com/cloud/user/AccountManagerImpl.java
View File

@ -3327,7 +3327,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
protected UserTwoFactorAuthenticationSetupResponse disableTwoFactorAuthentication(Long userId, Account caller, Account owner) {
UserVO userVO = null;
if (userId != null) {
userVO = validateUser(userId, caller.getDomainId());
userVO = validateUser(userId);
owner = _accountService.getActiveAccountById(userVO.getAccountId());
} else {
userId = CallContext.current().getCallingUserId();
@ -3349,16 +3349,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return response;
}
private UserVO validateUser(Long userId, Long domainId) {
private UserVO validateUser(Long userId) {
UserVO user = null;
if (userId != null) {
user = _userDao.findById(userId);
if (user == null) {
throw new InvalidParameterValueException("Invalid user ID provided");
}
if (_accountDao.findById(user.getAccountId()).getDomainId() != domainId) {
throw new InvalidParameterValueException("User doesn't belong to the specified account or domain");
}
}
return user;
}

13
server/src/test/java/com/cloud/user/AccountManagerImplTest.java
View File

@ -875,19 +875,17 @@ public class AccountManagerImplTest extends AccountManagetImplTestBase {
@Test
public void testDisableUserTwoFactorAuthentication() {
Long userId = 1L;
Long accountId = 2L;
UserVO userVO = Mockito.mock(UserVO.class);
Account caller = Mockito.mock(Account.class);
Account owner = Mockito.mock(Account.class);
AccountVO accountMock = Mockito.mock(AccountVO.class);
Mockito.doNothing().when(accountManagerImpl).checkAccess(nullable(Account.class), Mockito.isNull(), nullable(Boolean.class), nullable(Account.class));
Mockito.when(caller.getDomainId()).thenReturn(1L);
Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO);
Mockito.when(userVO.getAccountId()).thenReturn(1L);
Mockito.when(_accountDao.findById(1L)).thenReturn(accountMock);
Mockito.when(accountMock.getDomainId()).thenReturn(1L);
Mockito.when(_accountService.getActiveAccountById(1L)).thenReturn(caller);
Mockito.when(userVO.getAccountId()).thenReturn(accountId);
Mockito.when(_accountService.getActiveAccountById(accountId)).thenReturn(owner);
userVoMock.setKeyFor2fa("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL");
userVoMock.setUser2faProvider("totp");
@ -895,8 +893,9 @@ public class AccountManagerImplTest extends AccountManagetImplTestBase {
Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock);
UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.disableTwoFactorAuthentication(userId, caller, caller);
UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.disableTwoFactorAuthentication(userId, caller, owner);
Mockito.verify(accountManagerImpl).checkAccess(caller, null, true, owner);
Assert.assertNull(response.getSecretCode());
Assert.assertNull(userVoMock.getKeyFor2fa());
Assert.assertNull(userVoMock.getUser2faProvider());