Merge pull request #686 from openziti/fix-mfa-required-auth-flow

Fix mfa required auth flow

.editorconfig

@@ -1,4 +1,95 @@
 [*.cs]
 
 # IDE0011: Add braces
-csharp_prefer_braces = false:silent
+csharp_prefer_braces = false:silent
+csharp_using_directive_placement = outside_namespace:silent
+csharp_prefer_simple_using_statement = true:suggestion
+csharp_style_namespace_declarations = block_scoped:silent
+csharp_style_prefer_method_group_conversion = true:silent
+csharp_style_prefer_top_level_statements = true:silent
+csharp_style_prefer_primary_constructors = true:suggestion
+csharp_style_expression_bodied_methods = false:silent
+csharp_style_expression_bodied_constructors = false:silent
+csharp_style_expression_bodied_operators = false:silent
+csharp_style_expression_bodied_properties = true:silent
+csharp_style_expression_bodied_indexers = true:silent
+csharp_style_expression_bodied_accessors = true:silent
+csharp_style_expression_bodied_lambdas = true:silent
+csharp_style_expression_bodied_local_functions = false:silent
+csharp_indent_labels = one_less_than_current
+
+[*.{cs,vb}]
+#### Naming styles ####
+
+# Naming rules
+
+dotnet_naming_rule.interface_should_be_begins_with_i.severity = suggestion
+dotnet_naming_rule.interface_should_be_begins_with_i.symbols = interface
+dotnet_naming_rule.interface_should_be_begins_with_i.style = begins_with_i
+
+dotnet_naming_rule.types_should_be_pascal_case.severity = suggestion
+dotnet_naming_rule.types_should_be_pascal_case.symbols = types
+dotnet_naming_rule.types_should_be_pascal_case.style = pascal_case
+
+dotnet_naming_rule.non_field_members_should_be_pascal_case.severity = suggestion
+dotnet_naming_rule.non_field_members_should_be_pascal_case.symbols = non_field_members
+dotnet_naming_rule.non_field_members_should_be_pascal_case.style = pascal_case
+
+# Symbol specifications
+
+dotnet_naming_symbols.interface.applicable_kinds = interface
+dotnet_naming_symbols.interface.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.interface.required_modifiers = 
+
+dotnet_naming_symbols.types.applicable_kinds = class, struct, interface, enum
+dotnet_naming_symbols.types.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.types.required_modifiers = 
+
+dotnet_naming_symbols.non_field_members.applicable_kinds = property, event, method
+dotnet_naming_symbols.non_field_members.applicable_accessibilities = public, internal, private, protected, protected_internal, private_protected
+dotnet_naming_symbols.non_field_members.required_modifiers = 
+
+# Naming styles
+
+dotnet_naming_style.begins_with_i.required_prefix = I
+dotnet_naming_style.begins_with_i.required_suffix = 
+dotnet_naming_style.begins_with_i.word_separator = 
+dotnet_naming_style.begins_with_i.capitalization = pascal_case
+
+dotnet_naming_style.pascal_case.required_prefix = 
+dotnet_naming_style.pascal_case.required_suffix = 
+dotnet_naming_style.pascal_case.word_separator = 
+dotnet_naming_style.pascal_case.capitalization = pascal_case
+
+dotnet_naming_style.pascal_case.required_prefix = 
+dotnet_naming_style.pascal_case.required_suffix = 
+dotnet_naming_style.pascal_case.word_separator = 
+dotnet_naming_style.pascal_case.capitalization = pascal_case
+dotnet_style_coalesce_expression = true:suggestion
+dotnet_style_null_propagation = true:suggestion
+dotnet_style_prefer_is_null_check_over_reference_equality_method = true:suggestion
+dotnet_style_prefer_auto_properties = true:silent
+dotnet_style_object_initializer = true:suggestion
+dotnet_style_operator_placement_when_wrapping = beginning_of_line
+tab_width = 4
+indent_size = 4
+end_of_line = crlf
+dotnet_style_collection_initializer = true:suggestion
+indent_style = tab
+dotnet_style_prefer_simplified_boolean_expressions = true:suggestion
+dotnet_style_prefer_conditional_expression_over_assignment = true:silent
+dotnet_style_prefer_conditional_expression_over_return = true:silent
+dotnet_style_explicit_tuple_names = true:suggestion
+dotnet_style_prefer_inferred_tuple_names = true:suggestion
+dotnet_style_prefer_inferred_anonymous_type_member_names = true:suggestion
+dotnet_style_prefer_compound_assignment = true:suggestion
+dotnet_style_prefer_simplified_interpolation = true:suggestion
+dotnet_style_prefer_collection_expression = when_types_loosely_match:suggestion
+dotnet_style_namespace_match_folder = true:suggestion
+dotnet_style_readonly_field = true:suggestion
+dotnet_style_predefined_type_for_locals_parameters_members = true:silent
+dotnet_style_predefined_type_for_member_access = true:silent
+dotnet_style_require_accessibility_modifiers = for_non_interface_members:silent
+dotnet_style_allow_multiple_blank_lines_experimental = true:silent
+dotnet_style_allow_statement_immediately_after_block_experimental = true:silent
+dotnet_code_quality_unused_parameters = all:suggestion

DesktopEdge/MainWindow.xaml

@@ -254,7 +254,7 @@
                 <Image x:Name="InfoBlurb" Visibility="Collapsed" Source="/Assets/Images/Warning.png" Grid.Column="0" Width="30" Grid.Row="1" Height="30" Margin="0,0,0,0"></Image>
                 <Label x:Name="Blurb" Content="An Update is available!" MouseUp="BlurbAction" Grid.Column="1" Padding="0,0,0,0" Grid.Row="1" Margin="0,0,0,0" FontFamily="pack://application:,,,/Assets/Fonts/#Open Sans" Foreground="#000000" FontSize="12" Cursor="Hand" HorizontalAlignment="Center" VerticalAlignment="Center"></Label>
                 <Image Source="/Assets/Images/closeBlack.png" Grid.Column="2" Width="10" Height="10" Grid.Row="1" Margin="0,0,0,0" Cursor="Hand" MouseUp="DoHideBlurb"></Image>
-            </Grid> 
+            </Grid>
         </Grid>
 
         <Grid x:Name="NoServiceView" Visibility="Collapsed" Margin="10,10,10,10">
@@ -318,7 +318,7 @@
                     <RowDefinition Height="*"></RowDefinition>
                 </Grid.RowDefinitions>
                 <Label x:Name="LoadingTitle" Foreground="White" Content="Loading" Grid.Row="1" HorizontalAlignment="Center" VerticalAlignment="Center" FontSize="24" FontFamily="pack://application:,,,/Assets/Fonts/#Open Sans"/>
-                <TextBlock x:Name="LoadingDetails" TextWrapping="WrapWithOverflow" Foreground="LightGray" Padding="10" Text="${x:DefaultLoadText}" Grid.Row="2" HorizontalAlignment="Center" VerticalAlignment="Center" TextAlignment="Center" FontSize="14" FontFamily="pack://application:,,,/Assets/Fonts/#Open Sans"/>
+                <TextBlock x:Name="LoadingDetails" TextWrapping="WrapWithOverflow" Foreground="LightGray" Padding="10" Text="${x:DefaultLoadText}" Grid.Row="2" HorizontalAlignment="Center" VerticalAlignment="Center" TextAlignment="Center" FontSize="14" FontFamily="pack://application:,,,/Assets/Fonts/#Open Sans"/>
                 <ProgressBar x:Name="LoadProgress" Width="100" Grid.Row="3" IsEnabled="True" />
             </Grid>
         </Grid>
@@ -373,4 +373,4 @@
     <Window.InputBindings>
         <KeyBinding x:Name="ShowDebug" Command="{Binding SomeCommand}" Key="F12" />
     </Window.InputBindings>
-</Window>
+</Window>

DesktopEdge/MainWindow.xaml.cs

@@ -45,6 +45,7 @@ limitations under the License.
 using Windows.Data.Xml.Dom;
 using Ziti.Desktop.Edge.Models;
 using System.Reflection;
+using System.Windows.Threading;
 
 namespace ZitiDesktopEdge {
 
@@ -144,8 +145,8 @@ private void ServiceClient_OnMfaEvent(object sender, MfaEvent mfa) {
 						if (identities[i].Identifier == mfa.Identifier) {
 							identities[i].WasNotified = false;
 							identities[i].WasFullNotified = false;
-							identities[i].IsMFAEnabled = true;
-							identities[i].IsAuthenticated = false;
+							identities[i].IsMFANeeded = true;
+							identities[i].ShowMFA = false;
 							identities[i].IsTimingOut = false;
 							break;
 						}
@@ -157,15 +158,15 @@ private void ServiceClient_OnMfaEvent(object sender, MfaEvent mfa) {
 							if (identities[i].Identifier == mfa.Identifier) {
 								identities[i].WasNotified = false;
 								identities[i].WasFullNotified = false;
-								identities[i].IsMFAEnabled = mfa.Successful;
-								identities[i].IsAuthenticated = mfa.Successful;
+								identities[i].ShowMFA = mfa.Successful;
 								identities[i].IsTimingOut = false;
 								identities[i].LastUpdatedTime = DateTime.Now;
 								for (int j = 0; j < identities[i].Services.Count; j++) {
 									identities[i].Services[j].TimeUpdated = DateTime.Now;
 									identities[i].Services[j].TimeoutRemaining = identities[i].Services[j].Timeout;
 								}
 								found = identities[i];
+								found.IsMFAEnabled = true;
 								break;
 							}
 						}
@@ -182,7 +183,7 @@ private void ServiceClient_OnMfaEvent(object sender, MfaEvent mfa) {
 								identities[i].WasNotified = false;
 								identities[i].WasFullNotified = false;
 								identities[i].IsMFAEnabled = false;
-								identities[i].IsAuthenticated = false;
+								identities[i].ShowMFA = false;
 								identities[i].LastUpdatedTime = DateTime.Now;
 								identities[i].IsTimingOut = false;
 								for (int j = 0; j < identities[i].Services.Count; j++) {
@@ -205,7 +206,7 @@ private void ServiceClient_OnMfaEvent(object sender, MfaEvent mfa) {
 							identities[i].WasNotified = false;
 							identities[i].WasFullNotified = false;
 							identities[i].IsTimingOut = false;
-							identities[i].IsAuthenticated = mfa.Successful;
+							identities[i].ShowMFA = mfa.Successful;
 							identities[i].LastUpdatedTime = DateTime.Now;
 							for (int j = 0; j < identities[i].Services.Count; j++) {
 								identities[i].Services[j].TimeUpdated = DateTime.Now;
@@ -279,7 +280,7 @@ private void Animatin_Completed(object sender, EventArgs e) {
 		/// <param name="identity">The Ziti Identity to Authenticate</param>
 		async public void ShowMFARecoveryCodes(ZitiIdentity identity) {
 			if (identity.IsMFAEnabled) {
-				if (identity.IsAuthenticated && identity.RecoveryCodes != null) {
+				if (identity.ShowMFA && identity.RecoveryCodes != null) {
 					MFASetup.Opacity = 0;
 					MFASetup.Visibility = Visibility.Visible;
 					MFASetup.Margin = new Thickness(0, 0, 0, 0);
@@ -722,7 +723,6 @@ private void ServiceClient_OnNotificationEvent(object sender, NotificationEvent
 					found.MinTimeout = notification.MfaMinimumTimeout;
 
 					if (notification.MfaMinimumTimeout == 0) {
-						// found.MFAInfo.IsAuthenticated = false;
 						// display mfa token icon
 						displayMFARequired = true;
 					} else {
@@ -738,7 +738,7 @@ private void ServiceClient_OnNotificationEvent(object sender, NotificationEvent
 				}
 			}
 
-			// we may need to display mfa icon, based on the timer in UI, remove found.MFAInfo.IsAuthenticated setting in this function. 
+			// we may need to display mfa icon, based on the timer in UI, remove found.MFAInfo.ShowMFA setting in this function. 
 			// the below function can show mfa icon even after user authenticates successfully, in race conditions
 			if (displayMFARequired || displayMFATimout) {
 				this.Dispatcher.Invoke(() => {
@@ -782,7 +782,7 @@ private void ServiceClient_OnControllerEvent(object sender, ControllerEvent e) {
 
 		string nextVersionStr = null;
 		private void MonitorClient_OnReconnectFailure(object sender, object e) {
-			logger.Debug("OnReconnectFailure triggered");
+			logger.Trace("OnReconnectFailure triggered");
 			if (nextVersionStr == null) {
 				// check for the current version
 				nextVersionStr = "checking for update";
@@ -1082,7 +1082,6 @@ private void ServiceClient_OnIdentityEvent(object sender, IdentityEvent e) {
 						if (zid.ContollerVersion != null && zid.ContollerVersion.Length > 0) found.ContollerVersion = zid.ContollerVersion;
 						found.IsEnabled = zid.IsEnabled;
 						found.IsMFAEnabled = e.Id.MfaEnabled;
-						found.IsAuthenticated = !e.Id.MfaNeeded;
 						found.IsConnected = true;
 						for (int i = 0; i < identities.Count; i++) {
 							if (identities[i].Identifier == found.Identifier) {
@@ -1128,7 +1127,7 @@ private void ServiceClient_OnMetricsEvent(object sender, List<Identity> ids) {
 				long totalUp = 0;
 				long totalDown = 0;
 				foreach (var id in ids) {
-					//logger.Debug($"==== MetricsEvent     : id {id.Name} down: {id.Metrics.Down} up:{id.Metrics.Up}");
+					//logger.Debug($"==== MetricsEvent : id {id.Name} down: {id.Metrics.Down} up:{id.Metrics.Up}");
 					if (id?.Metrics != null) {
 						totalDown += id.Metrics.Down;
 						totalUp += id.Metrics.Up;
@@ -1154,7 +1153,7 @@ public void SetSpeed(decimal bytes, Label speed, Label speedLabel) {
 		private void ServiceClient_OnServiceEvent(object sender, ServiceEvent e) {
 			if (e == null) return;
 
-			logger.Debug($"==== ServiceEvent     : action:{e.Action} identifier:{e.Identifier} name:{e.Service.Name} ");
+			logger.Debug($"==== ServiceEvent : action:{e.Action} identifier:{e.Identifier} name:{e.Service.Name} ");
 			var found = identities.Find(id => id.Identifier == e.Identifier);
 			if (found == null) {
 				logger.Debug($"{e.Action} service event for {e.Service.Name} but the provided identity identifier {e.Identifier} is not found!");
@@ -1184,7 +1183,7 @@ private void addService(ZitiIdentity found, Service added) {
 				if (zs.HasFailingPostureCheck()) {
 					found.HasServiceFailingPostureCheck = true;
 					if (zs.PostureChecks.Any(p => !p.IsPassing && p.QueryType == "MFA")) {
-						found.IsAuthenticated = false;
+						found.ShowMFA = false;
 					}
 				}
 			} else {
@@ -1334,7 +1333,7 @@ private bool IsTimingOut() {
 		private bool IsTimedOut() {
 			if (identities != null) {
 				for (int i = 0; i < identities.Count; i++) {
-					if (identities[i].IsMFAEnabled && !identities[i].IsAuthenticated) return true;
+					if (identities[i].IsMFANeeded && !identities[i].ShowMFA) return true;
 				}
 			}
 			return false;
@@ -1386,7 +1385,7 @@ private void LoadIdentities(Boolean repaint) {
 						IdentityItem idItem = new IdentityItem();
 
 						idItem.ToggleStatus.IsEnabled = id.IsEnabled;
-						if (id.IsEnabled) idItem.ToggleStatus.Content = "ENABLED";
+						if (id.IsEnabled) idItem.ToggleStatus.Content = "ENABLED";
 						else idItem.ToggleStatus.Content = "DISABLED";
 
 						idItem.Authenticate += IdItem_Authenticate;

DesktopEdge/Models/MFA.cs

@@ -24,6 +24,6 @@ namespace ZitiDesktopEdge.Models {
 	public class MFA {
 		public string Url { get; set; }
 		public string[] RecoveryCodes { get; set; }
-		public bool IsAuthenticated { get; set; }
+		public bool IsAuthenticateda { get; set; }
 	}
 }

DesktopEdge/Models/ZitiIdentity.cs

@@ -33,6 +33,12 @@ public class ZitiIdentity {
 		public string EnrollmentStatus { get; set; }
 		public string Status { get; set; }
 		public bool IsMFAEnabled { get; set; }
+
+		public void MFADebug(string where) {
+			logger.Info($"{where}\n\tIdentifiter  : {Identifier}\n\tIsMFAEnabled : {IsMFAEnabled}\n\tIsMFANeeded  : {IsMFANeeded}\n\tShowMFA\t     : {ShowMFA}");
+		}
+
+		public bool IsMFANeeded { get; set; }
 		public int MinTimeout { get; set; }
 		public int MaxTimeout { get; set; }
 		public DateTime LastUpdatedTime { get; set; }
@@ -41,7 +47,7 @@ public class ZitiIdentity {
 		public bool WasFullNotified { get; set; }
 		public string Fingerprint { get; set; }
 		public string Identifier { get; set; }
-		public bool IsAuthenticated { get; set; }
+		public bool ShowMFA { get; set; }
 		public bool IsTimedOut { get; set; }
 		public string[] RecoveryCodes { get; set; }
 		public bool IsTimingOut { get; set; }
@@ -86,7 +92,7 @@ public ZitiIdentity(string Name, string ControllerUrl, bool IsEnabled, List<Ziti
 
 		public static ZitiIdentity FromClient(DataStructures.Identity id) {
 			ZitiIdentity zid = new ZitiIdentity() {
-				ControllerUrl = (id.Config == null) ? "": id.Config.ztAPI,
+				ControllerUrl = (id.Config == null) ? "" : id.Config.ztAPI,
 				ContollerVersion = id.ControllerVersion,
 				EnrollmentStatus = "status",
 				Fingerprint = id.FingerPrint,
@@ -96,7 +102,8 @@ public static ZitiIdentity FromClient(DataStructures.Identity id) {
 				Status = id.Status,
 				RecoveryCodes = new string[0],
 				IsMFAEnabled = id.MfaEnabled,
-				IsAuthenticated = !id.MfaNeeded,
+				IsMFANeeded = id.MfaNeeded,
+				ShowMFA = id.MfaNeeded && !id.MfaEnabled,
 				IsTimedOut = false,
 				IsTimingOut = false,
 				MinTimeout = id.MinTimeout,
@@ -105,8 +112,10 @@ public static ZitiIdentity FromClient(DataStructures.Identity id) {
 				TimeoutMessage = "",
 				IsConnected = true
 			};
-
-
+
+#if DEBUG
+			zid.MFADebug("002");
+#endif
 			if (id.Services != null) {
 				foreach (var svc in id.Services) {
 					if (svc != null) {

DesktopEdge/Views/ItemRenderers/IdentityItem.xaml

@@ -40,7 +40,7 @@
                 <Image Name="PostureTimedOut" Visibility="Collapsed" Grid.Column="2" Source="/Assets/Images/lockout.png" VerticalAlignment="Bottom" HorizontalAlignment="Center" RenderOptions.BitmapScalingMode="Fant" Width="26" Height="26" Margin="0,0,0,6" Cursor="Hand" MouseUp="MFAAuthenticate"></Image>
                 <Image Name="MfaRequired" Source="/Assets/Images/mfaoff.png" Grid.Column="2" Cursor="Hand" Width="50" Height="26" VerticalAlignment="Bottom" RenderOptions.BitmapScalingMode="Fant" Stretch="Uniform" Visibility="Visible" MouseUp="MFAAuthenticate"></Image>
                 <Canvas Name="ServiceCountArea" Grid.Column="2" Grid.Row="0" Width="50" Height="40" Cursor="Hand" Visibility="Collapsed">
-                    <Border Width="44" Height="26" Background="#0068F9" CornerRadius="12" Canvas.Top="10" Canvas.Left="3"></Border>
+					<Border Name="ServiceCountBorder" Width="44" Height="26" Background="#0068F9" CornerRadius="12" Canvas.Top="10" Canvas.Left="3"></Border>
                     <Label Name="ServiceCount" Width="50" Height="26" Canvas.Top="9" Padding="0,0,0,0" FontSize="14" Content="23" Foreground="White" HorizontalAlignment="Center" VerticalContentAlignment="Center" HorizontalContentAlignment="Center"></Label>
                 </Canvas>
                 <Image Name="TimerCountdown" Visibility="Collapsed" Grid.Column="2" Source="/Assets/Images/timer.png" VerticalAlignment="Bottom" HorizontalAlignment="Center" Width="26" Height="26" Margin="0,0,0,6" Cursor="Hand" MouseUp="MFAAuthenticate"></Image>