From fa4dc4aaf2f6b47cd4c6adc39ada24a0d6195bf3 Mon Sep 17 00:00:00 2001
From: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Date: Fri, 7 Jun 2024 12:49:53 -0700
Subject: [PATCH] Fix Duo Universal to work with transitional metadata (#4164)
---
.../Identity/TemporaryDuoWebV4SDKService.cs | 33 +++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/Core/Auth/Identity/TemporaryDuoWebV4SDKService.cs b/src/Core/Auth/Identity/TemporaryDuoWebV4SDKService.cs
index 9ddd7958d2..f78abdfd13 100644
--- a/src/Core/Auth/Identity/TemporaryDuoWebV4SDKService.cs
+++ b/src/Core/Auth/Identity/TemporaryDuoWebV4SDKService.cs
@@ -55,7 +55,10 @@ public class TemporaryDuoWebV4SDKService : ITemporaryDuoWebV4SDKService
{
if (!HasProperMetaData(provider))
{
- return null;
+ if (!HasProperMetaData_SDKV2(provider))
+ {
+ return null;
+ }
}
@@ -82,7 +85,10 @@ public class TemporaryDuoWebV4SDKService : ITemporaryDuoWebV4SDKService
{
if (!HasProperMetaData(provider))
{
- return false;
+ if (!HasProperMetaData_SDKV2(provider))
+ {
+ return false;
+ }
}
var duoClient = await BuildDuoClientAsync(provider);
@@ -114,6 +120,29 @@ public class TemporaryDuoWebV4SDKService : ITemporaryDuoWebV4SDKService
provider.MetaData.ContainsKey("ClientSecret") && provider.MetaData.ContainsKey("Host");
}
+ ///
+ /// Checks if the metadata for SDK V2 is present.
+ /// Transitional method to support Duo during v4 database rename
+ ///
+ /// The TwoFactorProvider object to check.
+ /// True if the provider has the proper metadata; otherwise, false.
+ private bool HasProperMetaData_SDKV2(TwoFactorProvider provider)
+ {
+ if (provider?.MetaData != null &&
+ provider.MetaData.TryGetValue("IKey", out var iKey) &&
+ provider.MetaData.TryGetValue("SKey", out var sKey) &&
+ provider.MetaData.ContainsKey("Host"))
+ {
+ provider.MetaData.Add("ClientId", iKey);
+ provider.MetaData.Add("ClientSecret", sKey);
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
///
/// Generates a Duo.Client object for use with Duo SDK v4. This combines the health check and the client generation
///