From afc8a59267bc6a5b5d527ead751027c1d8a2bcc1 Mon Sep 17 00:00:00 2001 From: stephb9959 Date: Thu, 5 May 2022 09:25:32 -0700 Subject: [PATCH] Adding protection for enabling MFA when MFA is not available. --- build | 2 +- src/RESTAPI/RESTAPI_subuser_handler.cpp | 13 +++++++++++++ src/RESTAPI/RESTAPI_user_handler.cpp | 13 +++++++++++++ src/framework/ow_constants.h | 2 ++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/build b/build index 801f180..31ff414 100644 --- a/build +++ b/build @@ -1 +1 @@ -47 \ No newline at end of file +48 \ No newline at end of file diff --git a/src/RESTAPI/RESTAPI_subuser_handler.cpp b/src/RESTAPI/RESTAPI_subuser_handler.cpp index d9fb001..a3c30ab 100644 --- a/src/RESTAPI/RESTAPI_subuser_handler.cpp +++ b/src/RESTAPI/RESTAPI_subuser_handler.cpp @@ -6,6 +6,7 @@ #include "StorageService.h" #include "framework/ow_constants.h" #include "SMSSender.h" +#include "SMTPMailerService.h" #include "ACLProcessor.h" #include "AuthService.h" #include "RESTAPI/RESTAPI_db_helpers.h" @@ -252,6 +253,18 @@ namespace OpenWifi { return BadRequest(RESTAPI::Errors::BadMFAMethod); } + if( NewUser.userTypeProprietaryInfo.mfa.enabled && + NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::SMS && + !SMSSender()->Enabled()) { + return BadRequest(RESTAPI::Errors::SMSMFANotEnabled); + } + + if( NewUser.userTypeProprietaryInfo.mfa.enabled && + NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::EMAIL && + !SMTPMailerService()->Enabled()) { + return BadRequest(RESTAPI::Errors::EMailMFANotEnabled); + } + bool ChangingMFA = NewUser.userTypeProprietaryInfo.mfa.enabled && !Existing.userTypeProprietaryInfo.mfa.enabled; Existing.userTypeProprietaryInfo.mfa.enabled = NewUser.userTypeProprietaryInfo.mfa.enabled; diff --git a/src/RESTAPI/RESTAPI_user_handler.cpp b/src/RESTAPI/RESTAPI_user_handler.cpp index a0391b0..2cdd46c 100644 --- a/src/RESTAPI/RESTAPI_user_handler.cpp +++ b/src/RESTAPI/RESTAPI_user_handler.cpp @@ -6,6 +6,7 @@ #include "StorageService.h" #include "framework/ow_constants.h" #include "SMSSender.h" +#include "SMTPMailerService.h" #include "ACLProcessor.h" #include "AuthService.h" #include "RESTAPI/RESTAPI_db_helpers.h" @@ -260,6 +261,18 @@ namespace OpenWifi { return BadRequest(RESTAPI::Errors::BadMFAMethod); } + if( NewUser.userTypeProprietaryInfo.mfa.enabled && + NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::SMS && + !SMSSender()->Enabled()) { + return BadRequest(RESTAPI::Errors::SMSMFANotEnabled); + } + + if( NewUser.userTypeProprietaryInfo.mfa.enabled && + NewUser.userTypeProprietaryInfo.mfa.method == MFAMETHODS::EMAIL && + !SMTPMailerService()->Enabled()) { + return BadRequest(RESTAPI::Errors::EMailMFANotEnabled); + } + bool ChangingMFA = NewUser.userTypeProprietaryInfo.mfa.enabled && !Existing.userTypeProprietaryInfo.mfa.enabled; Existing.userTypeProprietaryInfo.mfa.enabled = NewUser.userTypeProprietaryInfo.mfa.enabled; diff --git a/src/framework/ow_constants.h b/src/framework/ow_constants.h index 7311c28..7e34c7e 100644 --- a/src/framework/ow_constants.h +++ b/src/framework/ow_constants.h @@ -102,6 +102,8 @@ namespace OpenWifi::RESTAPI::Errors { static const std::string InvalidRegistrationOperatorId{"Invalid registration operator ID."}; static const std::string InvalidRegistrationOperatorName{"Invalid registration operator name."}; static const std::string RegistrationNameDuplicate{"Registration name must be unique."}; + static const std::string SMSMFANotEnabled{"SMS is not enabled in the security service."}; + static const std::string EMailMFANotEnabled{"email is not enabled in the security service."}; } namespace OpenWifi::RESTAPI::Protocol {