diff options
| author | Brad Kittenbrink <brad@lindenlab.com> | 2022-03-09 14:13:02 -0800 |
|---|---|---|
| committer | Brad Kittenbrink <brad@lindenlab.com> | 2022-03-17 13:29:12 -0700 |
| commit | 6bdd744d78f2040767abe57afcb06f8a55a9dd83 (patch) | |
| tree | 3b061503e2dab19ee3c472d3f21436c971d29caf /indra/newview/lllogininstance.cpp | |
| parent | dc7a24681b4f01b187ae686b628d98a4214a8ab1 (diff) | |
SL-17019 mfa_hash should get saved per-username
Diffstat (limited to 'indra/newview/lllogininstance.cpp')
| -rw-r--r-- | indra/newview/lllogininstance.cpp | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/indra/newview/lllogininstance.cpp b/indra/newview/lllogininstance.cpp index fd186fcddc..2335674501 100644 --- a/indra/newview/lllogininstance.cpp +++ b/indra/newview/lllogininstance.cpp @@ -230,34 +230,43 @@ void LLLoginInstance::constructAuthParams(LLPointer<LLCredential> user_credentia // log request_params _before_ adding the credentials or sensitive MFA hash data LL_DEBUGS("LLLogin") << "Login parameters: " << LLSDOStreamer<LLSDNotationFormatter>(request_params) << LL_ENDL; - std::string mfa_hash = gSavedPerAccountSettings.getString("MFAHash"); //non-persistent to enable testing - LLPointer<LLSecAPIHandler> basic_secure_store = getSecHandler(BASIC_SECHANDLER); + // Copy the credentials into the request after logging the rest + LLSD credentials(user_credential->getLoginParams()); + for (LLSD::map_const_iterator it = credentials.beginMap(); + it != credentials.endMap(); + it++ + ) + { + request_params[it->first] = it->second; + } + + std::string mfa_hash = gSavedSettings.getString("MFAHash"); //non-persistent to enable testing std::string grid(LLGridManager::getInstance()->getGridId()); - if (basic_secure_store) + std::string user_id = user_credential->userID(); + if (gSecAPIHandler) { if (mfa_hash.empty()) { - mfa_hash = basic_secure_store->getProtectedData("mfa_hash", grid).asString(); + // normal execution, mfa_hash was not set from debug setting so load from protected store + LLSD data_map = gSecAPIHandler->getProtectedData("mfa_hash", grid); + if (data_map.isMap() && data_map.has(user_id)) + { + mfa_hash = data_map[user_id].asString(); + } } else { // SL-16888 the mfa_hash is being overridden for testing so save it for consistency for future login requests - basic_secure_store->setProtectedData("mfa_hash", grid, mfa_hash); + gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, mfa_hash); } } - - request_params["mfa_hash"] = mfa_hash; - - // Copy the credentials into the request after logging the rest - LLSD credentials(user_credential->getLoginParams()); - for (LLSD::map_const_iterator it = credentials.beginMap(); - it != credentials.endMap(); - it++ - ) + else { - request_params[it->first] = it->second; + LL_WARNS() << "unable to access protected store for mfa_hash" << LL_ENDL; } + request_params["mfa_hash"] = mfa_hash; + // Specify desired timeout/retry options LLSD http_params; F32 srv_timeout = llclamp(gSavedSettings.getF32("LoginSRVTimeout"), LOGIN_SRV_TIMEOUT_MIN, LOGIN_SRV_TIMEOUT_MAX); |