Merge branch 'release/10.9.5' into release/v10.9.5

mjabascal10 · mjabascal10 · commit 0ffc970bc119 · 2025-12-17T10:10:06.000-06:00
# Conflicts:
#	backend/src/main/java/com/park/utmstack/config/Constants.java
diff --git a/backend/src/main/java/com/park/utmstack/config/Constants.java b/backend/src/main/java/com/park/utmstack/config/Constants.java
@@ -2,9 +2,7 @@
 
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
 
-import java.util.Collections;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 
 public final class Constants {
@@ -130,7 +128,6 @@ public final class Constants {
     // Defines the index pattern for querying Elasticsearch statistics indexes.
     // ----------------------------------------------------------------------------------
     public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
-    public static final String API_ACCESS_LOGS = ".utmstack-api-logs";
 
     // Logging
     public static final String TRACE_ID_KEY = "traceId";
@@ -142,10 +139,7 @@ public final class Constants {
     public static final String DURATION_KEY = "duration";
     public static final String CAUSE_KEY = "cause";
     public static final String LAYER_KEY = "layer";
-
-    public static final String API_KEY_HEADER = "Utm-Api-Key";
-    public static final List<String> API_ENDPOINT_IGNORE = Collections.emptyList();
-
+    public static final String TFA_EXEMPTION_HEADER = "X-Bypass-TFA";
 
     private Constants() {
     }
diff --git a/backend/src/main/java/com/park/utmstack/security/jwt/TokenProvider.java b/backend/src/main/java/com/park/utmstack/security/jwt/TokenProvider.java
@@ -1,6 +1,7 @@
 package com.park.utmstack.security.jwt;
 
 
+import com.park.utmstack.config.Constants;
 import com.park.utmstack.security.AuthoritiesConstants;
 import com.park.utmstack.util.CipherUtil;
 import io.jsonwebtoken.*;
@@ -16,10 +17,12 @@
 import org.springframework.stereotype.Component;
 import tech.jhipster.config.JHipsterProperties;
 
+import javax.servlet.http.HttpServletRequest;
 import java.security.Key;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 @Component
@@ -116,4 +119,16 @@ public boolean validateToken(String authToken) {
         }
         return false;
     }
+
+    public boolean canBypassTwoFactorAuth(HttpServletRequest request) {
+        boolean tfaExemptionRequested = Boolean.parseBoolean(request.getHeader(Constants.TFA_EXEMPTION_HEADER));
+
+        boolean forceTfaAuth = Boolean.parseBoolean(
+                Optional.ofNullable(System.getenv(Constants.PROP_TFA_ENABLE)).orElse("true")
+        );
+
+        return tfaExemptionRequested || !forceTfaAuth;
+    }
+
+
 }
diff --git a/backend/src/main/java/com/park/utmstack/web/rest/UserJWTController.java b/backend/src/main/java/com/park/utmstack/web/rest/UserJWTController.java
@@ -77,7 +77,8 @@ public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM, H
                 throw new TooMuchLoginAttemptsException(String.format("Authentication blocked: IP %s exceeded login attempt threshold", ip));
             }
 
-            boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE));
+            boolean isTfaExempted = this.tokenProvider.canBypassTwoFactorAuth(request);
+            boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE)) || isTfaExempted;
 
             UsernamePasswordAuthenticationToken authenticationToken =
                     new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,8 @@ public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM, H`
`77`	`77`	`throw new TooMuchLoginAttemptsException(String.format("Authentication blocked: IP %s exceeded login attempt threshold", ip));`
`78`	`78`	`}`
`79`	`79`
`80`		`- boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE));`
	`80`	`+ boolean isTfaExempted = this.tokenProvider.canBypassTwoFactorAuth(request);`
	`81`	`+ boolean authenticated = !Boolean.parseBoolean(Constants.CFG.get(Constants.PROP_TFA_ENABLE)) \|\| isTfaExempted;`
`81`	`82`
`82`	`83`	`UsernamePasswordAuthenticationToken authenticationToken =`
`83`	`84`	`new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());`