Package jetbrains.buildServer.controllers.login

Interface TwoFactorWebLoginModel

  • All Known Implementing Classes:
    TwoFactorWebLoginModelImpl
    public interface TwoFactorWebLoginModel
    Represents web login model for two-factor authentication.
    Author:
    Daniil Boger

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean canEditSensitiveSettings​(javax.servlet.http.HttpServletRequest request)
      Returns true if user completed extra 2FA validation to edit sensitive settings or if user has not enabled 2FA.
      boolean completedSecondFactor​(javax.servlet.http.HttpServletRequest request)
      Checks is 2FA completed for user, provided in request.
      void initializeSensitiveSettingsEntry​(javax.servlet.http.HttpServletRequest request)
      Initializes extra 2FA check to access sensitive settings (for example, access tokens) This method should do nothing when called for a user without 2FA, or if it has 2FA, but not completed it.
      boolean isEnteringSensitiveSettings​(javax.servlet.http.HttpServletRequest request)
      Checks if user is entering sensitive settings.
      void login​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, int password)
      Attempts to receive user from request and login him with TOTP password.
      void loginWithRecoveryKey​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String key)
      Same as login(HttpServletRequest, HttpServletResponse, int), but using one-time recovery key

    • Method Detail

      • login

        void login​(@NotNull
           javax.servlet.http.HttpServletRequest request,
           @NotNull
           javax.servlet.http.HttpServletResponse response,
           int password)
    throws AuthenticationFailedException
        Attempts to receive user from request and login him with TOTP password. Login is successful if and only if the provided TOTP password is correct. Will do nothing if 2FA is disabled or there is no user in request.
        Parameters:
        request - request
        response - response
        password - TOTP password, integer in [0, 10^6) interval
        Throws:
        AuthenticationFailedException - if password is incorrect

      • completedSecondFactor

        boolean completedSecondFactor​(@NotNull
                              javax.servlet.http.HttpServletRequest request)
        Checks is 2FA completed for user, provided in request. Returns false if there is no user. If there is a user in request, the return value is following:
        • If 2FA is disabled, returns true in any case
        • If 2FA is optional, returns true if user has not enabled 2FA, or it has enabled 2FA and completed it
        • If 2FA is mandatory, returns true either if user has enabled 2FA and completed it or it has active grace period.
        Implementation should count that users without active 2FA can be considered as "completed 2FA"
        Parameters:
        request - request

      • initializeSensitiveSettingsEntry

        void initializeSensitiveSettingsEntry​(@NotNull
                                      javax.servlet.http.HttpServletRequest request)
        Initializes extra 2FA check to access sensitive settings (for example, access tokens) This method should do nothing when called for a user without 2FA, or if it has 2FA, but not completed it. After calling this method, next successful 2FA for a user (if user is not logged out after initialization) should grant him access to sensitive settings. Does nothing if user passed this extra check recently or no user is logged in.
        Parameters:
        request - request

      • isEnteringSensitiveSettings

        boolean isEnteringSensitiveSettings​(@NotNull
                                    javax.servlet.http.HttpServletRequest request)
        Checks if user is entering sensitive settings. This method should return true if #initializeSensitiveSettingsEntry(HttpServletRequest, HttpServletResponse) was called, and no logout/session expiration happened.
        Parameters:
        request - request
        Returns:
        true if user is present and entering sensitive settings, false otherwise

      • canEditSensitiveSettings

        boolean canEditSensitiveSettings​(@NotNull
                                 javax.servlet.http.HttpServletRequest request)
        Returns true if user completed extra 2FA validation to edit sensitive settings or if user has not enabled 2FA. False otherwise.
        Parameters:
        request - request
        Returns:
        see above