Database Reference
In-Depth Information
Is the Current Pass Code Still Valid?
In
distribute2Factor()
we want to determine if the user is coming back to request another two-factor
authentication code before the 10-minute timeout on an existing two-factor code has expired. The user
may or may not have an existing, cached two-factor authentication code: we may get
nulls
back for
values from that table. For that reason, we bracket the following code (Listing 9-23) in a try/catch block.
Getting
nulls
into our
String
members is no problem, but parsing a
null
into a
Date
and comparing
nulls
with the
String.equals()
method will throw exceptions.
Listing 9-23.
Test Validity of Cached Two-Factor Authentication Code
try{
String cTimeStamp = rs.getString( 7 );
String cIPAddr = rs.getString( 8 );
// Ten minutes ago Date
Date
tmaDate = new Date( (new Date()).getTime() - 10*60*1000 )
;
Date cacheDate = ora2JavaDtFmt.parse( cTimeStamp );
// If user coming from same IP Address within 10 minutes
// do not distribute Code (will overwrite code from new IP Addr)
if( ipAddress.equals( cIPAddr ) && cacheDate.after( tmaDate ) )
return "0";
} catch( Exception z ) {}
The heart of this code is the last line where we test if the user is coming from the same IP Address for
which we generated the two-factor code, and if the date is less than 10 minutes old. If that is the case, we
do not generate a new two-factor code, and we do not resend the existing code; we simply return.
While here, take a minute to read through the line of code we use to calculate ten minutes ago,
tmaDate
. We get the milliseconds of the current date and subtract 10 minutes of 60 seconds of 1,000
milliseconds.
Distribute the Pass Code to Routes
Next on our agenda in the
distribute2Factor()
method is to send the generated two-factor code to the
preferred and/or existing devices. By preference, we will send the two-factor code to the user's pager and
cell phone. If neither of those is available, we will send the code to the user's e-mail. See Listing 9-24.
To send the code to a cell phone, the user must have both a phone number and a carrier code. If he
does, we call the
distribToSMS()
method. Notice that we add the return value,
int
to our cumulative
distribCode
. Similarly, we send the two-factor code to a pager if the user has pager number. In the
following sections, we explore the individual methods to send 2-factor codes to specific devices.
Listing 9-24.
Call Methods to Distribute to SMS, Pager, and/or E-Mail
if( ( smsNo != null ) && ( !smsNo.equals( "" ) ) &&
( smsURL != null ) && ( !smsURL.equals( "" ) )
)
distribCode +=
distribToSMS
( twoFactorAuth, smsNo, smsURL );
if( ( pagerNo != null ) && ( !pagerNo.equals( "" ) ) )
distribCode +=
distribToPagerURL
( twoFactorAuth, pagerNo );
