Change supported criteria for Google Authenticator

List Google Authenticator as supported when - hash algorithm is SHA256 or SHA512 - number of digits is 8 - OTP type is hotp Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-02-28 14:59:33 +02:00 · 2024-02-28 14:59:33 +02:00 · e06fcbe6ae
commit e06fcbe6ae
parent 244ecd45a7
4 changed files with 30 additions and 26 deletions
--- a/services/src/main/java/org/keycloak/authentication/otp/GoogleAuthenticatorProvider.java
+++ b/services/src/main/java/org/keycloak/authentication/otp/GoogleAuthenticatorProvider.java
@ -22,15 +22,10 @@ public class GoogleAuthenticatorProvider implements OTPApplicationProviderFactor

    @Override
    public boolean supports(OTPPolicy policy) {
-        if (policy.getDigits() != 6) {
-            return false;
+        if (policy.getType().equals("totp")) {
+            return policy.getPeriod() == 30;
        }
-
-        if (!policy.getAlgorithm().equals("HmacSHA1")) {
-            return false;
-        }
-
-        return policy.getType().equals("totp") && policy.getPeriod() == 30;
+        return true;
    }

    @Override
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java
@ -318,7 +318,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
            String pageSource = driver.getPageSource();

            assertTrue(pageSource.contains("FreeOTP"));
-            assertFalse(pageSource.contains("Google Authenticator"));
+            assertTrue(pageSource.contains("Google Authenticator"));

            totpPage.clickManual();

--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@ -338,7 +338,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
            String pageSource = driver.getPageSource();

            assertTrue(pageSource.contains("FreeOTP"));
-            assertFalse(pageSource.contains("Google Authenticator"));
+            assertTrue(pageSource.contains("Google Authenticator"));
            assertFalse(pageSource.contains("Microsoft Authenticator"));

            totpPage.clickManual();
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@ -1027,8 +1027,17 @@ public class RealmTest extends AbstractAdminTest {
        rep = realm.toRepresentation();

        supportedApplications = rep.getOtpSupportedApplications();
-        assertThat(supportedApplications, hasSize(1));
-        assertThat(supportedApplications, containsInAnyOrder("totpAppFreeOTPName"));
+        assertThat(supportedApplications, hasSize(2));
+        assertThat(supportedApplications, containsInAnyOrder("totpAppFreeOTPName", "totpAppGoogleName"));
+
+        rep.setOtpPolicyType("hotp");
+        realm.update(rep);
+
+        rep = realm.toRepresentation();
+
+        supportedApplications = rep.getOtpSupportedApplications();
+        assertThat(supportedApplications, hasSize(2));
+        assertThat(supportedApplications, containsInAnyOrder("totpAppFreeOTPName", "totpAppGoogleName"));
    }

    private void setupTestAppAndUser() {