diff --git a/src/main/java/de/assecutor/votianlt/pages/view/LoginView.java b/src/main/java/de/assecutor/votianlt/pages/view/LoginView.java index 3071754..c1acb61 100644 --- a/src/main/java/de/assecutor/votianlt/pages/view/LoginView.java +++ b/src/main/java/de/assecutor/votianlt/pages/view/LoginView.java @@ -25,6 +25,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import com.vaadin.flow.server.VaadinSession; +import org.springframework.beans.factory.annotation.Value; @Route("login") @PageTitle("Bei VotianLT anmelden") @@ -42,6 +43,9 @@ public class LoginView extends VerticalLayout implements BeforeEnterObserver, Af @Autowired private AuthenticationManager authenticationManager; + @Value("${app.security.two-factor.enabled:false}") + private boolean twoFactorEnabled; + private Authentication pendingAuth; public LoginView() { @@ -96,13 +100,27 @@ public class LoginView extends VerticalLayout implements BeforeEnterObserver, Af private void handlePasswordLogin(String username, String password) { try { - // Prüfe Benutzername/Passwort, aber setze Benutzer noch nicht in den SecurityContext + // Prüfe Benutzername/Passwort Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password)); - this.pendingAuth = auth; - twoFaField.setVisible(true); - verify2faButton.setVisible(true); - twoFactorService.initiateTwoFactorFor(username); - Notification.show("2FA-Code per E-Mail gesendet.", 3000, Notification.Position.BOTTOM_CENTER); + + if (twoFactorEnabled) { + // 2FA aktiviert: Benutzer noch nicht in SecurityContext setzen + this.pendingAuth = auth; + twoFaField.setVisible(true); + verify2faButton.setVisible(true); + twoFactorService.initiateTwoFactorFor(username); + Notification.show("2FA-Code per E-Mail gesendet.", 3000, Notification.Position.BOTTOM_CENTER); + } else { + // 2FA deaktiviert: Direkt anmelden + SecurityContextHolder.getContext().setAuthentication(auth); + var vaadinSession = VaadinSession.getCurrent(); + if (vaadinSession != null) { + var wrappedSession = vaadinSession.getSession(); + wrappedSession.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, + SecurityContextHolder.getContext()); + } + UI.getCurrent().getPage().setLocation("/dashboard"); + } } catch (Exception ex) { loginForm.setError(true); this.pendingAuth = null; diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties new file mode 100644 index 0000000..a6dbf5f --- /dev/null +++ b/src/main/resources/application-prod.properties @@ -0,0 +1,8 @@ +# Production Configuration +# 2FA Configuration - Aktiviert für Produktion +app.security.two-factor.enabled=true + +# Production-specific settings +logging.level.root=WARN +logging.level.de.assecutor.votianlt=INFO + diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 0ea7e68..fdefb93 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -29,4 +29,7 @@ spring.websocket.servlet.max-binary-message-buffer-size=8192 spring.websocket.stomp.enabled=true # STOMP heartbeat settings (in milliseconds) spring.websocket.stomp.heartbeat.outgoing=10000 -spring.websocket.stomp.heartbeat.incoming=10000 \ No newline at end of file +spring.websocket.stomp.heartbeat.incoming=10000 + +# 2FA Configuration +app.security.two-factor.enabled=false \ No newline at end of file