Resolve "2FA enabling for LabraCORE"
- May 08, 2020
-
-
Chris Lemaire authored
-
Chris Lemaire authored
-
Chris Lemaire authored
-
Chris Lemaire authored
Possible XSS injection in APIAuthenticationEntryPoint, possible hash comparison in AuthTokenExtractor, etc.
-
Chris Lemaire authored
-
Chris Lemaire authored
-
Chris Lemaire authored
-
Chris Lemaire authored
The test for embedding 2FA is to check that Hibernate does indeed relate back an embedded data object with the right embedder (Person in our case). Adds test data to DevDatabaseLoader for development. Removes the UUID field from Person as it is to be replaced by ID and external ID for each their own purposes.
-
- May 07, 2020
-
-
Chris Lemaire authored
-
Chris Lemaire authored
Intermediate 2FA embedded class is added for future expansion. If we want to add HOTP keys for a Person, this can be added in the 2FA object for that Person. This saves us some managing within the Person class and keeps 2FA related operations separate from the Person information related operations. Totp was preferred to be TOTP. In a future commit we will also change Api to API.
-
Chris Lemaire authored
- TotpKey is used to represent a user's TotpKey in the database. This key is linked to the Person that registered it. - A TotpKeyRepository is added for getting TotpKeys and saving them. - The TotpController and TotpService provide the methods for controlling endpoints and data regarding TOTP authentication.
-
Chris Lemaire authored
Originally, a custom filter was used to process API-keyed requests. Now a custom WebAuthenticationDetails object and Spring-provided header-authentication methods are used to authenticate.
-
