shapeblue
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/src/main/java/com/cloud/exception/CloudTwoFactorAuthenticationException.java‎
Lines changed: 32 additions & 0 deletions b/‎api/src/main/java/com/cloud/exception/CloudTwoFactorAuthenticationException.java‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎api/src/main/java/com/cloud/user/AccountService.java‎
Lines changed: 16 additions & 0 deletions b/‎api/src/main/java/com/cloud/user/AccountService.java‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎api/src/main/java/com/cloud/user/User.java‎
Lines changed: 4 additions & 0 deletions b/‎api/src/main/java/com/cloud/user/User.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎api/src/main/java/com/cloud/user/UserAccount.java‎
Lines changed: 18 additions & 0 deletions b/‎api/src/main/java/com/cloud/user/UserAccount.java‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎api/src/main/java/org/apache/cloudstack/api/ApiConstants.java‎
Lines changed: 10 additions & 0 deletions b/‎api/src/main/java/org/apache/cloudstack/api/ApiConstants.java‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎api/src/main/java/org/apache/cloudstack/api/ApiErrorCode.java‎
Lines changed: 1 addition & 0 deletions b/‎api/src/main/java/org/apache/cloudstack/api/ApiErrorCode.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/src/main/java/org/apache/cloudstack/api/auth/APIAuthenticationType.java‎
Lines changed: 1 addition & 1 deletion b/‎api/src/main/java/org/apache/cloudstack/api/auth/APIAuthenticationType.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/src/main/java/org/apache/cloudstack/api/command/admin/config/ListCfgsByCmd.java‎
Lines changed: 3 additions & 1 deletion b/‎api/src/main/java/org/apache/cloudstack/api/command/admin/config/ListCfgsByCmd.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎api/src/main/java/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java‎
Lines changed: 8 additions & 0 deletions b/‎api/src/main/java/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java‎
Lines changed: 8 additions & 0 deletions
@@ -75,6 +75,7 @@ jobs:
                   smoke/test_list_ids_parameter
                   smoke/test_loadbalance
                   smoke/test_login
+                  smoke/test_2fa
                   smoke/test_metrics_api
                   smoke/test_migration
                   smoke/test_multipleips_per_nic
 
@@ -0,0 +1,32 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.exception;
+
+import com.cloud.utils.SerialVersionUID;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+public class CloudTwoFactorAuthenticationException extends CloudRuntimeException {
+    private static final long serialVersionUID = SerialVersionUID.CloudTwoFactorAuthenticationException;
+
+    public CloudTwoFactorAuthenticationException(String message) {
+        super(message);
+    }
+
+    public CloudTwoFactorAuthenticationException(String message, Throwable th) {
+        super(message, th);
+    }
+}
@@ -16,6 +16,7 @@
 // under the License.
 package com.cloud.user;
 
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cloudstack.acl.ControlledEntity;
@@ -33,6 +34,7 @@
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
+import org.apache.cloudstack.auth.UserTwoFactorAuthenticator;
 
 public interface AccountService {
 
@@ -124,4 +126,18 @@ User createUser(String userName, String password, String firstName, String lastN
     public Map<String, String> getKeys(GetUserKeysCmd cmd);
 
     public Map<String, String> getKeys(Long userId);
+
+    /**
+     * Lists user two-factor authentication provider plugins
+     * @return list of providers
+     */
+    List<UserTwoFactorAuthenticator> listUserTwoFactorAuthenticationProviders();
+
+    /**
+     * Finds user two factor authenticator provider by domain ID
+     * @param domainId domain id
+     * @return backup provider
+     */
+    UserTwoFactorAuthenticator getUserTwoFactorAuthenticationProvider(final Long domainId);
+
 }
@@ -90,4 +90,8 @@ public enum Source {
     public String getExternalEntity();
 
     public void setExternalEntity(String entity);
+
+    public boolean isUser2faEnabled();
+
+    public String getKeyFor2fa();
 }
@@ -17,6 +17,7 @@
 package com.cloud.user;
 
 import java.util.Date;
+import java.util.Map;
 
 import org.apache.cloudstack.api.InternalIdentity;
 
@@ -67,4 +68,21 @@ public interface UserAccount extends InternalIdentity {
     public String getExternalEntity();
 
     public void setExternalEntity(String entity);
+
+    public boolean isUser2faEnabled();
+
+    public void setUser2faEnabled(boolean user2faEnabled);
+
+    public String getKeyFor2fa();
+
+    public void setKeyFor2fa(String keyFor2fa);
+
+    public String getUser2faProvider();
+
+    public void setUser2faProvider(String user2faProvider);
+
+    public Map<String, String> getDetails();
+
+    public void setDetails(Map<String, String> details);
+
 }
@@ -239,6 +239,10 @@ public class ApiConstants {
     public static final String IP_ADDRESSES = "ipaddresses";
     public static final String IP6_ADDRESS = "ip6address";
     public static final String IP_ADDRESS_ID = "ipaddressid";
+    public static final String IS_2FA_ENABLED = "is2faenabled";
+    public static final String IS_2FA_VERIFIED = "is2faverified";
+
+    public static final String IS_2FA_MANDATED = "is2famandated";
     public static final String IS_ASYNC = "isasync";
     public static final String IP_AVAILABLE = "ipavailable";
     public static final String IP_LIMIT = "iplimit";
@@ -1003,13 +1007,19 @@ public class ApiConstants {
 
     public static final String ADMINS_ONLY = "adminsonly";
     public static final String ANNOTATION_FILTER = "annotationfilter";
+    public static final String CODE_FOR_2FA = "codefor2fa";
+    public static final String PROVIDER_FOR_2FA = "providerfor2fa";
+    public static final String ISSUER_FOR_2FA = "issuerfor2fa";
+    public static final String MANDATE_2FA = "mandate2fa";
+    public static final String SECRET_CODE = "secretcode";
     public static final String LOGIN = "login";
     public static final String LOGOUT = "logout";
     public static final String LIST_IDPS = "listIdps";
 
     public static final String PUBLIC_MTU = "publicmtu";
     public static final String PRIVATE_MTU = "privatemtu";
     public static final String MTU = "mtu";
+    public static final String LIST_APIS = "listApis";
 
     /**
      * This enum specifies IO Drivers, each option controls specific policies on I/O.
 
@@ -23,6 +23,7 @@
 public enum ApiErrorCode {
 
     UNAUTHORIZED(401),
+    UNAUTHORIZED2FA(511),
     METHOD_NOT_ALLOWED(405),
     MALFORMED_PARAMETER_ERROR(430),
     PARAM_ERROR(431),
 
@@ -17,5 +17,5 @@
 package org.apache.cloudstack.api.auth;
 
 public enum APIAuthenticationType {
-    LOGIN_API, LOGOUT_API, READONLY_API
+    LOGIN_API, LOGOUT_API, READONLY_API, LOGIN_2FA_API
 }
@@ -42,9 +42,11 @@
 import com.cloud.utils.Pair;
 import com.cloud.utils.exception.CloudRuntimeException;
 
-@APICommand(name = "listConfigurations", description = "Lists all configurations.", responseObject = ConfigurationResponse.class,
+@APICommand(name = ListCfgsByCmd.APINAME, description = "Lists all configurations.", responseObject = ConfigurationResponse.class,
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class ListCfgsByCmd extends BaseListCmd {
+
+    public static final String APINAME = "listConfigurations";
     public static final Logger s_logger = Logger.getLogger(ListCfgsByCmd.class.getName());
 
 
 
@@ -79,6 +79,10 @@ public class UpdateUserCmd extends BaseCmd {
     @Parameter(name = ApiConstants.USERNAME, type = CommandType.STRING, description = "Unique username")
     private String username;
 
+    @Parameter(name = ApiConstants.MANDATE_2FA, type = CommandType.BOOLEAN, description = "Provide true to mandate the user to use two factor authentication has to be enabled." +
+            "This parameter is only used to mandate 2FA, not to disable 2FA", since = "4.18.0.0")
+    private Boolean mandate2FA;
+
     @Inject
     private RegionService _regionService;
 
@@ -126,6 +130,10 @@ public String getUsername() {
         return username;
     }
 
+    public Boolean getMandate2FA() {
+        return mandate2FA;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
Original file line number	Diff line number	Diff line change
`@@ -90,4 +90,8 @@ public enum Source {`
`90`	`90`	`public String getExternalEntity();`
`91`	`91`
`92`	`92`	`public void setExternalEntity(String entity);`
	`93`	`+`
	`94`	`+ public boolean isUser2faEnabled();`
	`95`	`+`
	`96`	`+ public String getKeyFor2fa();`
`93`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,5 @@`
`17`	`17`	`package org.apache.cloudstack.api.auth;`
`18`	`18`
`19`	`19`	`public enum APIAuthenticationType {`
`20`		`- LOGIN_API, LOGOUT_API, READONLY_API`
	`20`	`+ LOGIN_API, LOGOUT_API, READONLY_API, LOGIN_2FA_API`
`21`	`21`	`}`