Database Reference
In-Depth Information
// Recommend not send to e-mail unless no other distrib option succeeds
// !Uncomment code in next line!
if(
//( distribCode == 0 )
&&
( eMail != null ) && ( !eMail.equals( "" ) )
)
distribCode +=
distribToEMail
( twoFactorAuth, eMail );
Currently, we have commented a test that we will want to implement that avoids sending the two-
factor code to e-mail if we were successful in sending the code to a pager or cell phone. We've
commented the test so that you can also see the e-mail route in action, but you may want to uncomment
the test in production. Also, we can only send the code to e-mail if the user has an e-mail address.
Cache the Pass Code in Oracle
Once we have distributed our two-factor authentication code, if we actually found a route to deliver it
(distribCode > 0 )
, we want to cache it for comparison to any code the user enters. The following
statement from the
distribute2Factor()
method (Listing 9-25) updates the entry, if it exists. One feature
of an update statement is that it returns an integer that indicates how many rows were updated. If we see
that less than 1 row was updated, we assume we need to insert a row to cache codes for this particular
user. In other words, we attempt an update which also serves as a test to see if we need to insert a row.
Once we've got most users entered for most applications, we will almost always want to do an update, so
this order, update then insert, is the most efficient.
Listing 9-25.
Cache the Two-Factor Authentication Code
if( distribCode > 0 || isTesting ) {
int cnt =
stmt.executeUpdate(
"
UPDATE
v_two_fact_cd_cache SET two_factor_cd = '" + twoFactorAuth +
"', ip_address = '" + ipAddress + "', distrib_cd = " +
String.valueOf( distribCode ) + ", cache_ts=SYSDATE " +
"WHERE employee_id = " + empID );
if( cnt < 1 )
stmt.executeUpdate(
"
INSERT
INTO v_two_fact_cd_cache( employee_id ,two_factor_cd, distrib_cd ) VALUES " +
"( " + empID + ", '" + twoFactorAuth +"', " + String.valueOf( distribCode ) + " )" );
}
Distributing the Code to SMS
We saw earlier in this chapter, in our testing, that we need to set a session property for our SMTP server.
That is the first statement we execute in Listing 9-26. After that, we call the
UTL_MAIL
package to send a
message to the user's cell phone. The arguments for the send function are sender's e-mail, recipient e-
mail, two other distributions we are not concerned with, the message title (“Response”), and the
message text (our two-factor authentication code).
