From c56d0cb5533cfab682908fedd6493b04426822d0 Mon Sep 17 00:00:00 2001 From: toskrip Date: Mon, 15 Aug 2022 14:50:31 +0200 Subject: [PATCH 1/3] Fix typo in t001 related to 2FA test --- docs/tests/t001.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tests/t001.md b/docs/tests/t001.md index aa85759bdd8..ba28e8b9e8a 100644 --- a/docs/tests/t001.md +++ b/docs/tests/t001.md @@ -144,7 +144,7 @@ This test focuses on checking that a login is no longer possible after the due d **prerequisites:** - The system wide setting for 2-FA(2-Factor Authentication) usage has to be activated. -- The system wide setting for 2-FA type is set to 'APPLICATION' or 'LETTER'. +- The system wide setting for 2-FA type is set to 'LETTER'. - The authentication type **Marked for 2-Factor Authentication** is set within the user's profile. - The due to for 2-FA activation has been exceeded. From e163e91f739836f8108bac4e87848b28d097be01 Mon Sep 17 00:00:00 2001 From: toskrip Date: Mon, 15 Aug 2022 16:33:14 +0200 Subject: [PATCH 2/3] Fix missing Janino library needed by Logback --- core/pom.xml | 7 +++++++ pom.xml | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/core/pom.xml b/core/pom.xml index 513b128c91c..ed90ebe7367 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -192,6 +192,11 @@ ch.qos.logback logback-classic + + + org.codehaus.janino + janino + antlr antlr @@ -265,6 +270,8 @@ org.apache.httpcomponents:httpclient + + org.codehaus.janino diff --git a/pom.xml b/pom.xml index 9f20fc6ab21..4f5f0a6eb8b 100644 --- a/pom.xml +++ b/pom.xml @@ -485,6 +485,12 @@ logback-classic ${logback.version} + + + org.codehaus.janino + janino + 2.7.5 + javax.xml.bind jaxb-api From 2f3dcc0abb7ea5460f44f1482d82d25b08ab0ad8 Mon Sep 17 00:00:00 2001 From: Thomas Hillger Date: Tue, 16 Aug 2022 12:50:18 +0200 Subject: [PATCH 3/3] LC-32 Added additional information about running LibreClinica system when generating QR code for 2-FA. --- .../service/otp/TwoFactorService.java | 9 ++++- .../service/otp/TwoFactorServiceTest.java | 38 ++++++++++--------- docs/tests/t003.md | 2 +- pom.xml | 2 +- web/pom.xml | 2 +- 5 files changed, 32 insertions(+), 21 deletions(-) diff --git a/core/src/main/java/org/akaza/openclinica/service/otp/TwoFactorService.java b/core/src/main/java/org/akaza/openclinica/service/otp/TwoFactorService.java index 849a414ccf8..bd9ff0618a1 100644 --- a/core/src/main/java/org/akaza/openclinica/service/otp/TwoFactorService.java +++ b/core/src/main/java/org/akaza/openclinica/service/otp/TwoFactorService.java @@ -4,6 +4,7 @@ import static com.google.common.base.Splitter.fixedLength; import static dev.samstevens.totp.code.HashingAlgorithm.SHA1; import static java.lang.Enum.valueOf; +import static java.lang.String.format; import static java.time.LocalDate.now; import static java.time.LocalDate.parse; import static org.akaza.openclinica.domain.admin.TwoFactorType.APPLICATION; @@ -43,6 +44,7 @@ public class TwoFactorService { private static final String FAR_FUTURE_ACTIVATION_DUE_DATE_AS_FALLBACK = "2050-01-01"; private static final String FALSE_STRING = "false"; + private static final String SYS_URL = "sysURL"; @VisibleForTesting static final String TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE = "2fa.type"; @VisibleForTesting @@ -228,11 +230,16 @@ String extractedVerificationTypeSetting() { return coreResources.getDATAINFO().getProperty(TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE, APPLICATION.name()); } + @VisibleForTesting + String extractSystemInfo(String systemSettings) { + return systemSettings.replaceAll("http(|s)://|/MainMenu", ""); + } + private byte[] generateImageData(String secret) throws QrGenerationException { // @formatter:off QrData data = new QrData.Builder(). issuer("LibreClinica"). - label("LibreClinica"). + label(format("LibreClinica (%1$s)", extractSystemInfo(coreResources.getDATAINFO().getProperty(SYS_URL)))). algorithm(SHA1). secret(secret). digits(6). diff --git a/core/src/test/java/org/akaza/openclinica/service/otp/TwoFactorServiceTest.java b/core/src/test/java/org/akaza/openclinica/service/otp/TwoFactorServiceTest.java index 17374757e1e..8a749edee35 100644 --- a/core/src/test/java/org/akaza/openclinica/service/otp/TwoFactorServiceTest.java +++ b/core/src/test/java/org/akaza/openclinica/service/otp/TwoFactorServiceTest.java @@ -30,7 +30,6 @@ public class TwoFactorServiceTest { @Mock private CoreResources coreResources; - private String settingDueDateString; private TwoFactorService service; private Properties properties; @@ -42,11 +41,6 @@ public void setUp() throws Exception { String extractedVerificationTypeSetting() { return LETTER.name(); } - - @Override - String extractedDueDateSetting() { - return settingDueDateString; - } }; service.coreResources = coreResources; @@ -56,21 +50,21 @@ String extractedDueDateSetting() { @Test public void testIsTwoFactorOutdated_CurrentDate() { - settingDueDateString = LocalDate.now().format(ISO_DATE); + properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, LocalDate.now().format(ISO_DATE)); assertThat(service.isTwoFactorOutdated(), is(false)); } @Test public void testIsTwoFactorOutdated_FutureDate() { - settingDueDateString = LocalDate.now().plus(1, DAYS).format(ISO_DATE); + properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, LocalDate.now().plus(1, DAYS).format(ISO_DATE)); assertThat(service.isTwoFactorOutdated(), is(false)); } @Test public void testIsTwoFactorOutdated_Yesterday() { - settingDueDateString = LocalDate.now().minus(1, DAYS).format(ISO_DATE); + properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, LocalDate.now().minus(1, DAYS).format(ISO_DATE)); assertThat(service.isTwoFactorOutdated(), is(true)); } @@ -118,33 +112,43 @@ public void testIsTwoFactorActivatedLetterAndOutDated_NoDueDateProvided() { @Test public void testIsTwoFactorActivatedLetterAndOutDated_OutdatedDueDateProvided() { - properties.put(TwoFactorService.TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE, "letter"); + properties.put(TwoFactorService.TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE, "LETTER"); properties.put(TWO_FACTOR_ACTIVATED_SETTING, "true"); properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, "2020-01-01"); - boolean outdated = service.isTwoFactorActivatedLetterAndOutDated(); - - assertThat("test", outdated, is(Boolean.TRUE)); + assertThat(service.isTwoFactorActivatedLetterAndOutDated(), is(TRUE)); } @Test public void testIsTwoFactorOutdated_EmptySettingString() { - settingDueDateString = ""; + properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, ""); assertThat(service.isTwoFactorOutdated(), is(false)); } @Test public void testIsTwoFactorOutdated_NullSettingString() { - settingDueDateString = null; - assertThat(service.isTwoFactorOutdated(), is(false)); } @Test public void testIsTwoFactorOutdated_InValidSettingWrongFormat() { - settingDueDateString = "01.01.2000"; + properties.put(TWO_FACTOR_ACTIVATION_DUE_DATE, "01.01.2000"); assertThat(service.isTwoFactorOutdated(), is(false)); } + + @Test + public void testExtractSystemInfo_UsingHttp() { + String systemSetting = "http://some-system.elsewhere.com:8080/HolyStudy/MainMenu"; + + assertThat(service.extractSystemInfo(systemSetting), is("some-system.elsewhere.com:8080/HolyStudy")); + } + + @Test + public void testExtractSystemInfo_UsingHttps() { + String systemSetting = "https://some-system.elsewhere.com:8080/HolyStudy/MainMenu"; + + assertThat(service.extractSystemInfo(systemSetting), is("some-system.elsewhere.com:8080/HolyStudy")); + } } diff --git a/docs/tests/t003.md b/docs/tests/t003.md index 6034c56b2d4..0b0708662d4 100644 --- a/docs/tests/t003.md +++ b/docs/tests/t003.md @@ -236,7 +236,7 @@ This test focuses on availability of 2-factor (type application) authentication **expected results:** 1. The **Authentication Type** radio group is visible and the **Standard** option is checked by default. 1. When the **2-Factor Authentication** option is selected the **QR-Code** button is getting visible. -1. When the **QR-Code** button is getting clicked a QR-code is getting displayed and displayed. +1. When the **QR-Code** button is getting clicked a QR-code is getting displayed. 1. The **Confirm User Profile Updates** page displays the new authentication type **2-Factor Authentication**. 1. The **Alerts & Messages** panel (on the left) displays **Your profile has been updated successfully.**. 1. When accessing the user's profile again the option **2-Factor Authentication** option is checked. diff --git a/pom.xml b/pom.xml index 4f5f0a6eb8b..c671b433c50 100644 --- a/pom.xml +++ b/pom.xml @@ -685,7 +685,7 @@ org.mockito - mockito-all + mockito-core 1.9.5 test diff --git a/web/pom.xml b/web/pom.xml index 32d1d61234b..b4a3536729d 100644 --- a/web/pom.xml +++ b/web/pom.xml @@ -289,7 +289,7 @@ --> org.mockito - mockito-all + mockito-core