-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove: deprecated native MFA feature #2717
Merged
Merged
Commits on Feb 8, 2024
-
Remove: deprecated native MFA feature
- Context about its deprecation: - This feature is under-utilized, and requires further maintenance for which our team lacks the resource. (For example, this feature is potentially vulnerable because a secure Content-Security-Policy cannot be applied to its pages without breaking them.) The feature has also been marked as "not ready for production" for a few years now. So we opt to remove the feature and instead recommend using the external IDPs's own MFA features. See more context in #2196. - This commit removes all MFA-specific codes, except for the following, on which we will make follow-up commits: - README's deprecation notice - database operations - Content-Security-Policy's exemption toward MFA endpoint (https://github.com/cloudfoundry/uaa/blob/72565fb56cd1f90af499119d32c891937f3c5a76/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/ContentSecurityPolicyFilter.java#L29) - breaking changes planning: cloudfoundry/uaa-release#739 - Further notes about specific changes in tests: - For PasscodeMockMvcTests.testLoginUsingPasscodeWithUnknownToken(), the assertion on response code is changed from 401 to 403. This is because 403 was the original asserted value before MFA was added (see: 92abee6). The 403 response also makes sense in the context of the test (authentication present but has insufficient access). [#186854489]
Configuration menu - View commit details
-
Copy full SHA for d2e08d6 - Browse repository at this point
Copy the full SHA d2e08d6View commit details -
clean up unused MFA-related DB tables
- the MFA feature has been removed, hence adding DB migrations to drop the feature's related DB tables. - also clean up README and tests [#186854489]
Configuration menu - View commit details
-
Copy full SHA for bdcee19 - Browse repository at this point
Copy the full SHA bdcee19View commit details -
- the MFA feature has been removed (aka the "/login/mfa/" endpoint) hence the code that creates an exemption for the MFA endpoint when enforcing "Content-Security-Policy" is no longer needed [#186854489]
Configuration menu - View commit details
-
Copy full SHA for 5e99022 - Browse repository at this point
Copy the full SHA 5e99022View commit details -
remove: out of date deprecation notice about MFA
- the MFA feature has been removed, so no longer need the deprecation notice [#186854489]
Configuration menu - View commit details
-
Copy full SHA for 6584e02 - Browse repository at this point
Copy the full SHA 6584e02View commit details -
- the beans are for MFA feature, which has been removed [#186854489]
Configuration menu - View commit details
-
Copy full SHA for 0eb0524 - Browse repository at this point
Copy the full SHA 0eb0524View commit details -
refactor: reduce unnecessary dependency
- use a more standard way to intialize a list, instead of using com.beust.jcommander.internal.Lists.newArrayList - motivation: this com.beust.jcommander.internal.Lists.newArrayList dep was added to our dependencies indirectly via another dependency I'm trying to remove [#186854489]
Configuration menu - View commit details
-
Copy full SHA for 9acc0d3 - Browse repository at this point
Copy the full SHA 9acc0d3View commit details -
- these deps are for MFA feature (which has been removed) - also: before, the code was using org.apache.httpcomponents:httpclient but getting it indirectly via the MFA-related deps (which this commit aims to remove); hence, now need to directly declare org.apache.httpcomponents:httpclient as a dependency. [#186854489]
Configuration menu - View commit details
-
Copy full SHA for 5d35990 - Browse repository at this point
Copy the full SHA 5d35990View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1181e06 - Browse repository at this point
Copy the full SHA 1181e06View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.