SL-20278 Disconnect saving MFA from saving password

indra/newview/llfloaterforgetuser.cpp

@@ -229,6 +229,7 @@ void LLFloaterForgetUser::forgetUser(const std::string &userid, const std::strin
 {
     // Remove creds
     gSecAPIHandler->removeFromCredentialMap("login_list", grid, userid);
+    gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, userid);
 
     LLPointer<LLCredential> cred = gSecAPIHandler->loadCredential(grid);
     if (cred.notNull() && cred->userID() == userid)

indra/newview/lllogininstance.cpp

@@ -87,6 +87,7 @@ LLLoginInstance::LLLoginInstance() :
 	mLoginModule(new LLLogin()),
 	mNotifications(NULL),
 	mLoginState("offline"),
+    mSaveMFA(true),
 	mAttemptComplete(false),
 	mTransferRate(0.0f),
 	mDispatcher("LLLoginInstance", "change")
@@ -449,10 +450,7 @@ void LLLoginInstance::handleLoginFailure(const LLSD& event)
             gViewerWindow->setShowProgress(FALSE);
         }
 
-        LLSD args(llsd::map( "MESSAGE", LLTrans::getString(response["message_id"]) ));
-        LLSD payload;
-        LLNotificationsUtil::add("PromptMFAToken", args, payload,
-            boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+        showMFAChallange(LLTrans::getString(response["message_id"]));
     }
     else if(   reason_response == "key"
             || reason_response == "presence"
@@ -540,10 +538,7 @@ bool LLLoginInstance::handleTOSResponse(bool accepted, const std::string& key)
         {
             // SL-18511 this TOS failure happened while we are in the middle of an MFA challenge/response.
             // the previously entered token is very likely expired, so prompt again
-            LLSD args(llsd::map( "MESSAGE", LLTrans::getString("LoginFailedAuthenticationMFARequired") ));
-            LLSD payload;
-            LLNotificationsUtil::add("PromptMFAToken", args, payload,
-                boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+            showMFAChallange(LLTrans::getString("LoginFailedAuthenticationMFARequired"));
         }
         else
         {
@@ -561,6 +556,22 @@ bool LLLoginInstance::handleTOSResponse(bool accepted, const std::string& key)
     return true;
 }
 
+void LLLoginInstance::showMFAChallange(const std::string& message)
+{
+    LLSD args(llsd::map("MESSAGE", message));
+    LLSD payload;
+    if (gSavedSettings.getBOOL("RememberUser"))
+    {
+        LLNotificationsUtil::add("PromptMFATokenWithSave", args, payload,
+                                 boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+    }
+    else
+    {
+        LLNotificationsUtil::add("PromptMFAToken", args, payload,
+                                 boost::bind(&LLLoginInstance::handleMFAChallenge, this, _1, _2));
+    }
+}
+
 bool LLLoginInstance::handleMFAChallenge(LLSD const & notif, LLSD const & response)
 {
     bool continue_clicked = response["continue"].asBoolean();
@@ -576,6 +587,7 @@ bool LLLoginInstance::handleMFAChallenge(LLSD const & notif, LLSD const & respon
 
         // Set the request data to true and retry login.
         mRequestData["params"]["token"] = token;
+        mSaveMFA = response.has("ignore") ? response["ignore"].asBoolean() : false;
         reconnect();
     } else {
         LL_INFOS("LLLogin") << "PromptMFAToken: no token, attemptComplete" << LL_ENDL;

indra/newview/lllogininstance.h

@@ -56,6 +56,7 @@ class LLLoginInstance : public LLSingleton<LLLoginInstance>
 	bool authSuccess() { return mAttemptComplete && mLoginState == "online"; }
 
 	const std::string& getLoginState() { return mLoginState; }
+    bool saveMFA() const { return mSaveMFA; }
 	LLSD getResponse(const std::string& key) { return getResponse()[key]; }
 	LLSD getResponse();
 
@@ -84,6 +85,7 @@ class LLLoginInstance : public LLSingleton<LLLoginInstance>
 	void syncWithUpdater(ResponsePtr resp, const LLSD& notification, const LLSD& response);
 
 	bool handleTOSResponse(bool v, const std::string& key);
+    void showMFAChallange(const std::string& message);
     bool handleMFAChallenge(LLSD const & notif, LLSD const & response);
 
 	void attemptComplete() { mAttemptComplete = true; } // In the future an event?
@@ -95,6 +97,7 @@ class LLLoginInstance : public LLSingleton<LLLoginInstance>
 	LLSD mRequestData;
 	LLSD mResponseData;
 	bool mAttemptComplete;
+    bool mSaveMFA;
 	F64 mTransferRate;
 	std::string mSerialNumber;
 	int mLastExecEvent;

indra/newview/llpanellogin.cpp

@@ -1110,11 +1110,6 @@ void LLPanelLogin::onRememberPasswordCheck(void*)
 
         std::string grid(LLGridManager::getInstance()->getGridId());
         std::string user_id(cred->userID());
-        if (!remember_password)
-        {
-            gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, user_id);
-            gSecAPIHandler->syncProtectedMap();
-        }
     }
 }
 

indra/newview/llstartup.cpp

@@ -3795,14 +3795,23 @@ bool process_login_success_response()
 
 
 	// Only save mfa_hash for future logins if the user wants their info remembered.
-	if(response.has("mfa_hash") && gSavedSettings.getBOOL("RememberUser") && gSavedSettings.getBOOL("RememberPassword"))
+	if(response.has("mfa_hash")
+       && gSavedSettings.getBOOL("RememberUser")
+       && LLLoginInstance::getInstance()->saveMFA())
 	{
 		std::string grid(LLGridManager::getInstance()->getGridId());
 		std::string user_id(gUserCredential->userID());
 		gSecAPIHandler->addToProtectedMap("mfa_hash", grid, user_id, response["mfa_hash"]);
 		// TODO(brad) - related to SL-17223 consider building a better interface that sync's automatically
 		gSecAPIHandler->syncProtectedMap();
 	}
+    else if (!LLLoginInstance::getInstance()->saveMFA())
+    {
+        std::string grid(LLGridManager::getInstance()->getGridId());
+        std::string user_id(gUserCredential->userID());
+        gSecAPIHandler->removeFromProtectedMap("mfa_hash", grid, user_id);
+        gSecAPIHandler->syncProtectedMap();
+    }
 
 	bool success = false;
 	// JC: gesture loading done below, when we have an asset system

indra/newview/lltoastalertpanel.cpp

@@ -279,6 +279,10 @@ LLToastAlertPanel::LLToastAlertPanel( LLNotificationPtr notification, bool modal
 	if (!edit_text_name.empty())
 	{
 		S32 y = VPAD + BTN_HEIGHT + VPAD/2;
+        if (form->getIgnoreType() != LLNotificationForm::IGNORE_NO)
+        {
+            y += EDITOR_HEIGHT;
+        }
 		mLineEditor = LLUICtrlFactory::getInstance()->createFromFile<LLLineEditor>("alert_line_editor.xml", this, LLPanel::child_registry_t::instance());
 
 		if (mLineEditor)
@@ -522,6 +526,10 @@ void LLToastAlertPanel::onButtonPressed( const LLSD& data, S32 button )
 	{
 		response[mLineEditor->getName()] = mLineEditor->getValue();
 	}
+    if (mNotification->getForm()->getIgnoreType() != LLNotificationForm::IGNORE_NO)
+    {
+        response["ignore"] = mNotification->isIgnored();
+    }
 	response[button_data->mButton->getName()] = true;
 
 	// If we declared a URL and chose the URL option, go to the url

indra/newview/skins/default/xui/en/notifications.xml

@@ -11988,16 +11988,41 @@ Packing: [PACK_TIME]s [PSIZE]KB
 Unpacking: [UNPACK_TIME]s [USIZE]KB
     <tag>fail</tag>
   </notification>
-
+
+    <notification
+     icon="alertmodal.tga"
+     label="Prompt for MFA Token"
+     name="PromptMFAToken"
+     type="alertmodal">
+        [MESSAGE]
+        <tag>confirm</tag>
+        <form name="form">
+            <input name="token" type="text" width="400" />
+            <button
+             default="true"
+             index="0"
+             name="continue"
+             text="Continue"/>
+            <button
+             index="1"
+             name="cancel"
+             text="Cancel"/>
+        </form>
+    </notification>
+
   <notification
    icon="alertmodal.tga"
    label="Prompt for MFA Token"
-   name="PromptMFAToken"
+   name="PromptMFATokenWithSave"
    type="alertmodal">
     [MESSAGE]
     <tag>confirm</tag>
     <form name="form">
       <input name="token" type="text" width="400" />
+      <ignore
+       name="ignore"
+       checkbox_only="true"
+       text="Remember this computer for 30 days."/>
       <button
        default="true"
        index="0"