From c4c22262718800e8f8460baba526f846cbfeef3a Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 27 Jul 2024 12:49:05 +0200 Subject: [PATCH] split mfa verification for mfa association and associated mfa --- .../vauthenticator/server/mfa/MfaConfig.kt | 5 +- .../vauthenticator/server/mfa/domain/Mfa.kt | 15 +- .../server/mfa/domain/MfaMethodsEnrollment.kt | 2 +- .../server/mfa/domain/MfaSenderAndVerifier.kt | 44 +++++- .../DynamoMfaAccountMethodsRepository.kt | 6 +- .../repository/MfaAccountMethodsRepository.kt | 7 +- .../server/mfa/web/MfaController.kt | 2 +- .../domain/AccountAwareOtpMfaVerifierTest.kt | 139 ++++++++++++++++-- .../mfa/domain/MfaMethodsEnrollmentTest.kt | 7 +- .../server/mfa/domain/TaimosOtpMfaTest.kt | 2 +- .../DynamoMfaAccountMethodsRepositoryTest.kt | 4 +- .../server/mfa/web/MfaControllerTest.kt | 2 +- .../server/support/MfaFixture.kt | 2 +- .../MfaMethodsEnrollmentAssociationTest.kt | 8 +- 14 files changed, 204 insertions(+), 41 deletions(-) diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt index 8f13017d..36d3a76c 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt @@ -77,9 +77,10 @@ class MfaConfig { @Bean fun otpMfaVerifier( + otpMfa: OtpMfa, accountRepository: AccountRepository, - otpMfa: OtpMfa - ) = AccountAwareOtpMfaVerifier(accountRepository, otpMfa) + mfaAccountMethodsRepository : MfaAccountMethodsRepository, + ) = AccountAwareOtpMfaVerifier(accountRepository, otpMfa, mfaAccountMethodsRepository) @Bean fun mfaMailSender( diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/domain/Mfa.kt b/src/main/kotlin/com/vauthenticator/server/mfa/domain/Mfa.kt index ac9d2757..3f64f0d4 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/domain/Mfa.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/domain/Mfa.kt @@ -11,8 +11,6 @@ sealed class MfaDevice(val mfaMethod: MfaMethod) class EmailMfaDevice(val email: String, mfaMethod: MfaMethod) : MfaDevice(mfaMethod) -class MfaException(message: String) : AuthenticationException(message) - class MfaFailureEvent(authentication: Authentication, exception: AuthenticationException) : AbstractAuthenticationFailureEvent(authentication, exception) {} @@ -29,5 +27,16 @@ value class MfaChallenge(private val content: String) { } enum class MfaMethod { EMAIL_MFA_METHOD, SMS_MFA_METHOD, OTP_MFA_METHOD } +data class MfaAccountMethod( + val userName: String, + val key: Kid, + val method: MfaMethod, + val mfaChannel: String, + val associated: Boolean +) + +class MfaException(message: String) : AuthenticationException(message) -data class MfaAccountMethod(val userName: String, val key: Kid, val method: MfaMethod, val mfaChannel : String) \ No newline at end of file +// todo +class UnAssociatedMfaVerificationException(message: String) : AuthenticationException(message) +class AssociatedMfaVerificationException(message: String) : AuthenticationException(message) diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt index 9dc0b626..dc7cd96e 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollment.kt @@ -29,7 +29,7 @@ class MfaMethodsEnrollmentAssociation( associate( ticketId, ) { - otpMfaVerifier.verifyMfaChallengeFor( + otpMfaVerifier.verifyMfaChallengeToBeAssociatedFor( it.userName, it.context.mfaMethod(), it.context.mfaChannel(), diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaSenderAndVerifier.kt b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaSenderAndVerifier.kt index 91d6b985..48696978 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaSenderAndVerifier.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/domain/MfaSenderAndVerifier.kt @@ -2,6 +2,7 @@ package com.vauthenticator.server.mfa.domain import com.vauthenticator.server.account.repository.AccountRepository import com.vauthenticator.server.email.EMailSenderService +import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository interface OtpMfaSender { @@ -9,7 +10,14 @@ interface OtpMfaSender { } interface OtpMfaVerifier { - fun verifyMfaChallengeFor( + fun verifyMfaChallengeToBeAssociatedFor( + userName: String, + mfaMethod: MfaMethod, + mfaChannel: String, + challenge: MfaChallenge + ) + + fun verifyAssociatedMfaChallengeFor( userName: String, mfaMethod: MfaMethod, mfaChannel: String, @@ -33,16 +41,42 @@ class OtpMfaEmailSender( class AccountAwareOtpMfaVerifier( private val accountRepository: AccountRepository, - private val otpMfa: OtpMfa + private val otpMfa: OtpMfa, + private val mfaAccountMethodsRepository: MfaAccountMethodsRepository ) : OtpMfaVerifier { - override fun verifyMfaChallengeFor( + + override fun verifyMfaChallengeToBeAssociatedFor( userName: String, mfaMethod: MfaMethod, mfaChannel: String, challenge: MfaChallenge ) { - val account = accountRepository.accountFor(userName).get() - otpMfa.verify(account, mfaMethod, mfaChannel, challenge) + mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) + .map { + val account = accountRepository.accountFor(userName).get() + if (!it.associated) { + otpMfa.verify(account, mfaMethod, mfaChannel, challenge) + } else { + throw AssociatedMfaVerificationException("Mfa Challenge verification failed: this mfa method is already associated") + } + } + } + + override fun verifyAssociatedMfaChallengeFor( + userName: String, + mfaMethod: MfaMethod, + mfaChannel: String, + challenge: MfaChallenge + ) { + mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) + .map { + val account = accountRepository.accountFor(userName).get() + if (it.associated) { + otpMfa.verify(account, mfaMethod, mfaChannel, challenge) + } else { + throw UnAssociatedMfaVerificationException("Mfa Challenge verification failed: this mfa method has to be associated") + } + } } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepository.kt b/src/main/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepository.kt index a984b493..301641e5 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepository.kt @@ -1,6 +1,7 @@ package com.vauthenticator.server.mfa.repository import com.vauthenticator.server.extentions.asDynamoAttribute +import com.vauthenticator.server.extentions.valueAsBoolFor import com.vauthenticator.server.extentions.valueAsStringFor import com.vauthenticator.server.keys.* import com.vauthenticator.server.mfa.domain.MfaAccountMethod @@ -32,7 +33,8 @@ class DynamoMfaAccountMethodsRepository( userName, Kid(it.valueAsStringFor("key_id")), valueOf(it.valueAsStringFor("mfa_method")), - it.valueAsStringFor("mfa_channel") + it.valueAsStringFor("mfa_channel"), + it.valueAsBoolFor("associated") ) } @@ -49,7 +51,7 @@ class DynamoMfaAccountMethodsRepository( ): MfaAccountMethod { val kid = keyRepository.createKeyFrom(masterKid, KeyType.SYMMETRIC, KeyPurpose.MFA) storeOnDynamo(userName, mfaMfaMethod, mfaChannel, kid, associated) - return MfaAccountMethod(userName, kid, mfaMfaMethod, mfaChannel) + return MfaAccountMethod(userName, kid, mfaMfaMethod, mfaChannel, associated) } private fun storeOnDynamo( diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/repository/MfaAccountMethodsRepository.kt b/src/main/kotlin/com/vauthenticator/server/mfa/repository/MfaAccountMethodsRepository.kt index 99eb6f1c..5fd15fc7 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/repository/MfaAccountMethodsRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/repository/MfaAccountMethodsRepository.kt @@ -4,13 +4,10 @@ import com.vauthenticator.server.mfa.domain.MfaAccountMethod import com.vauthenticator.server.mfa.domain.MfaMethod import java.util.* -//todo the interface has to take in account the enrolled method - interface MfaAccountMethodsRepository { -// fun findOne(userName: String, mfaChannel : String): Optional - fun findOne(userName: String, mfaMfaMethod: MfaMethod, mfaChannel : String): Optional + fun findOne(userName: String, mfaMfaMethod: MfaMethod, mfaChannel: String): Optional fun findAll(userName: String): List - fun save(userName: String, mfaMfaMethod: MfaMethod, mfaChannel : String, associated : Boolean): MfaAccountMethod + fun save(userName: String, mfaMfaMethod: MfaMethod, mfaChannel: String, associated: Boolean): MfaAccountMethod } diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/web/MfaController.kt b/src/main/kotlin/com/vauthenticator/server/mfa/web/MfaController.kt index a479176c..5a0efb49 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/web/MfaController.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/web/MfaController.kt @@ -58,7 +58,7 @@ class MfaController( try { val defaultMfaChannel = mfaChannel.orElseGet { authentication.name } - otpMfaVerifier.verifyMfaChallengeFor(authentication.name, mfaMethod, defaultMfaChannel, MfaChallenge(mfaCode)) + otpMfaVerifier.verifyAssociatedMfaChallengeFor(authentication.name, mfaMethod, defaultMfaChannel, MfaChallenge(mfaCode)) publisher.publishEvent(MfaSuccessEvent(authentication)) nextHopeLoginWorkflowSuccessHandler.onAuthenticationSuccess(request, response, authentication) diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/domain/AccountAwareOtpMfaVerifierTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/domain/AccountAwareOtpMfaVerifierTest.kt index 366d4e92..6bdf7e18 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/domain/AccountAwareOtpMfaVerifierTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/domain/AccountAwareOtpMfaVerifierTest.kt @@ -1,13 +1,17 @@ package com.vauthenticator.server.mfa.domain import com.vauthenticator.server.account.repository.AccountRepository +import com.vauthenticator.server.keys.Kid +import com.vauthenticator.server.mfa.repository.MfaAccountMethodsRepository import com.vauthenticator.server.support.AccountTestFixture.anAccount import io.mockk.every import io.mockk.impl.annotations.MockK import io.mockk.junit5.MockKExtension import io.mockk.just import io.mockk.runs +import io.mockk.verify import org.junit.jupiter.api.Assertions.assertThrows +import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Test import org.junit.jupiter.api.extension.ExtendWith import java.util.* @@ -15,41 +19,154 @@ import java.util.* @ExtendWith(MockKExtension::class) internal class AccountAwareOtpMfaVerifierTest { + private val account = anAccount() + private val userName = account.email + private val email = userName + private val challenge = MfaChallenge("AN_MFA_CHALLENGE") + + @MockK lateinit var accountRepository: AccountRepository + @MockK + lateinit var mfaAccountMethodsRepository: MfaAccountMethodsRepository + @MockK lateinit var otpMfa: OtpMfa + lateinit var underTest: OtpMfaVerifier + + @BeforeEach + fun setUp() { + underTest = AccountAwareOtpMfaVerifier(accountRepository, otpMfa, mfaAccountMethodsRepository) + } + @Test - internal fun `when a challenge is successfully verified`() { - val account = anAccount() + internal fun `when associated mfa challenge is successfully verified`() { val challenge = MfaChallenge("AN_MFA_CHALLENGE") - val underTest = AccountAwareOtpMfaVerifier(accountRepository, otpMfa) - every { accountRepository.accountFor(account.email) } returns Optional.of(account) - every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge) } just runs + every { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } returns + Optional.of( + MfaAccountMethod( + userName, + Kid("A_KID"), + MfaMethod.EMAIL_MFA_METHOD, + email, + true + ) + ) + every { accountRepository.accountFor(userName) } returns Optional.of(account) + every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, userName, challenge) } just runs + + underTest.verifyAssociatedMfaChallengeFor(userName, MfaMethod.EMAIL_MFA_METHOD, userName, challenge) - underTest.verifyMfaChallengeFor(account.email, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge) + verify { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } } @Test - internal fun `when a challenge fails on verification`() { - val account = anAccount() - val challenge = MfaChallenge("AN_MFA_CHALLENGE") + internal fun `when not associated mfa challenge fails on verification`() { + every { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } returns + Optional.of( + MfaAccountMethod( + userName, + Kid("A_KID"), + MfaMethod.EMAIL_MFA_METHOD, + email, + false + ) + ) + every { accountRepository.accountFor(userName) } returns Optional.of(account) + every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, userName, challenge) } just runs + + assertThrows(UnAssociatedMfaVerificationException::class.java) { + underTest.verifyAssociatedMfaChallengeFor( + userName, + MfaMethod.EMAIL_MFA_METHOD, + userName, + challenge + ) + } + + verify { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } + } + @Test + internal fun `when associated mfa challenge fails on verification`() { every { accountRepository.accountFor(account.email) } returns Optional.of(account) every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge) } throws MfaException("") + every { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } returns + Optional.of( + MfaAccountMethod( + userName, + Kid("A_KID"), + MfaMethod.EMAIL_MFA_METHOD, + email, + true + ) + ) + assertThrows(MfaException::class.java) { + underTest.verifyAssociatedMfaChallengeFor( + account.email, + MfaMethod.EMAIL_MFA_METHOD, + account.email, + challenge + ) + } + + verify { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } + } + - val underTest = AccountAwareOtpMfaVerifier(accountRepository, otpMfa) + @Test + internal fun `when not associated mfa verification succeed on association verification`() { + every { accountRepository.accountFor(account.email) } returns Optional.of(account) + every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge) } throws MfaException("") + every { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } returns + Optional.of( + MfaAccountMethod( + userName, + Kid("A_KID"), + MfaMethod.EMAIL_MFA_METHOD, + email, + false + ) + ) assertThrows(MfaException::class.java) { - underTest.verifyMfaChallengeFor( + underTest.verifyMfaChallengeToBeAssociatedFor( + account.email, + MfaMethod.EMAIL_MFA_METHOD, + account.email, + challenge + ) + } + + verify { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } + } + + @Test + internal fun `when associated mfa verification succeed on association verification`() { + every { accountRepository.accountFor(account.email) } returns Optional.of(account) + every { otpMfa.verify(account, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge) } throws MfaException("") + every { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } returns + Optional.of( + MfaAccountMethod( + userName, + Kid("A_KID"), + MfaMethod.EMAIL_MFA_METHOD, + email, + true + ) + ) + assertThrows(AssociatedMfaVerificationException::class.java) { + underTest.verifyMfaChallengeToBeAssociatedFor( account.email, MfaMethod.EMAIL_MFA_METHOD, account.email, challenge ) } + + verify { mfaAccountMethodsRepository.findOne(userName, MfaMethod.EMAIL_MFA_METHOD, userName) } } } \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt index 6a64f144..f8b84038 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/domain/MfaMethodsEnrollmentTest.kt @@ -43,7 +43,8 @@ class MfaMethodsEnrollmentTest { account.email, Kid("A_KID"), EMAIL_MFA_METHOD, - emailMfaChannel + emailMfaChannel, + true ) @BeforeEach @@ -90,7 +91,7 @@ class MfaMethodsEnrollmentTest { ) } returns Optional.of(emailMfaAccountMethod) every { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } returns ticketId - every { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD,emailMfaChannel) } just runs + every { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) } just runs val actual = uut.enroll(account, EMAIL_MFA_METHOD, emailMfaChannel, clientAppId, true) @@ -102,7 +103,7 @@ class MfaMethodsEnrollmentTest { ) } verify { ticketCreator.createTicketFor(account, clientAppId, ticketContext(emailMfaChannel)) } - verify { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD,emailMfaChannel) } + verify { mfaSender.sendMfaChallenge(account.email, EMAIL_MFA_METHOD, emailMfaChannel) } assertEquals(ticketId, actual) } diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/domain/TaimosOtpMfaTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/domain/TaimosOtpMfaTest.kt index 551e020b..2e38607c 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/domain/TaimosOtpMfaTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/domain/TaimosOtpMfaTest.kt @@ -44,7 +44,7 @@ class TaimosOtpMfaTest { 0L ) every { mfaAccountMethodsRepository.findOne(email, MfaMethod.EMAIL_MFA_METHOD, email) } returns - of(MfaAccountMethod(email, Kid("A_KID"), MfaMethod.EMAIL_MFA_METHOD, email)) + of(MfaAccountMethod(email, Kid("A_KID"), MfaMethod.EMAIL_MFA_METHOD, email, true)) every { keyRepository.keyFor(Kid("A_KID"), KeyPurpose.MFA) } returns key every { keyDecrypter.decryptKey("QV9FTkNSWVBURURfS0VZ") } returns "QV9ERUNSWVBURURfU1lNTUVUUklDX0tFWQ==" diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepositoryTest.kt index a8d4b915..16a00972 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepositoryTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/repository/DynamoMfaAccountMethodsRepositoryTest.kt @@ -45,7 +45,7 @@ class DynamoMfaAccountMethodsRepositoryTest { underTest.save(email, MfaMethod.EMAIL_MFA_METHOD, email, true) val mfaAccountMethods = underTest.findAll(email) assertEquals( - listOf(MfaAccountMethod(email, Kid(""), MfaMethod.EMAIL_MFA_METHOD, email)), + listOf(MfaAccountMethod(email, Kid(""), MfaMethod.EMAIL_MFA_METHOD, email, true)), mfaAccountMethods ) } @@ -63,7 +63,7 @@ class DynamoMfaAccountMethodsRepositoryTest { underTest.save(email, MfaMethod.EMAIL_MFA_METHOD, email, true) val mfaAccountMethods = underTest.findOne(email, MfaMethod.EMAIL_MFA_METHOD, email) assertEquals( - Optional.of(MfaAccountMethod(email, Kid(""), MfaMethod.EMAIL_MFA_METHOD, email)), + Optional.of(MfaAccountMethod(email, Kid(""), MfaMethod.EMAIL_MFA_METHOD, email, true)), mfaAccountMethods ) } diff --git a/src/test/kotlin/com/vauthenticator/server/mfa/web/MfaControllerTest.kt b/src/test/kotlin/com/vauthenticator/server/mfa/web/MfaControllerTest.kt index 4c89e07d..5e9aa038 100644 --- a/src/test/kotlin/com/vauthenticator/server/mfa/web/MfaControllerTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/mfa/web/MfaControllerTest.kt @@ -90,7 +90,7 @@ internal class MfaControllerTest { @Test internal fun `when an mfa challenge is verified`() { every { - otpMfaVerifier.verifyMfaChallengeFor( + otpMfaVerifier.verifyAssociatedMfaChallengeFor( account.email, MfaMethod.EMAIL_MFA_METHOD, account.email, diff --git a/src/test/kotlin/com/vauthenticator/server/support/MfaFixture.kt b/src/test/kotlin/com/vauthenticator/server/support/MfaFixture.kt index b7b99bff..817fc60a 100644 --- a/src/test/kotlin/com/vauthenticator/server/support/MfaFixture.kt +++ b/src/test/kotlin/com/vauthenticator/server/support/MfaFixture.kt @@ -7,6 +7,6 @@ import com.vauthenticator.server.mfa.domain.MfaMethod object MfaFixture { fun accountMfaAssociatedMfaMethods(email: String) = listOf( - MfaAccountMethod(email, Kid("A_KID"), MfaMethod.EMAIL_MFA_METHOD, email) + MfaAccountMethod(email, Kid("A_KID"), MfaMethod.EMAIL_MFA_METHOD, email,true) ) } \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt b/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt index 7894ed5d..e3f7598c 100644 --- a/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/ticket/MfaMethodsEnrollmentAssociationTest.kt @@ -35,11 +35,13 @@ class MfaMethodsEnrollmentAssociationTest { private val email = account.email private val userName = email + //todo private val mfaAccountMethod = MfaAccountMethod( email, Kid(""), EMAIL_MFA_METHOD, - email + email, + true ) private val ticket = TicketFixture.ticketFor( RAW_TICKET, @@ -99,7 +101,7 @@ class MfaMethodsEnrollmentAssociationTest { fun `when mfa is associated`() { every { ticketRepository.loadFor(ticketId) } returns of(ticket) every { - otpMfaVerifier.verifyMfaChallengeFor( + otpMfaVerifier.verifyMfaChallengeToBeAssociatedFor( userName, ticket.context.mfaMethod(), ticket.context.mfaChannel(), @@ -129,7 +131,7 @@ class MfaMethodsEnrollmentAssociationTest { ) } verify { - otpMfaVerifier.verifyMfaChallengeFor( + otpMfaVerifier.verifyMfaChallengeToBeAssociatedFor( userName, ticket.context.mfaMethod(), ticket.context.mfaChannel(),