From 33dea152fc6b0c061b1f61060cc75710dd0ec236 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Thu, 26 May 2016 21:05:54 -0400 Subject: Rename 2FA controller --- app/Controller/TwoFactorController.php | 202 ++++++++++++++++++++++++ app/Controller/Twofactor.php | 202 ------------------------ app/Middleware/PostAuthenticationMiddleware.php | 4 +- app/ServiceProvider/AuthenticationProvider.php | 2 +- app/ServiceProvider/RouteProvider.php | 2 +- app/Template/twofactor/check.php | 4 +- app/Template/twofactor/disable.php | 2 +- app/Template/twofactor/index.php | 2 +- app/Template/twofactor/show.php | 4 +- app/Template/user_view/sidebar.php | 10 +- 10 files changed, 217 insertions(+), 217 deletions(-) create mode 100644 app/Controller/TwoFactorController.php delete mode 100644 app/Controller/Twofactor.php diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php new file mode 100644 index 00000000..c8540f85 --- /dev/null +++ b/app/Controller/TwoFactorController.php @@ -0,0 +1,202 @@ +userSession->getId()) { + throw new AccessForbiddenException(); + } + } + + /** + * Show form to disable/enable 2FA + * + * @access public + */ + public function index() + { + $user = $this->getUser(); + $this->checkCurrentUser($user); + unset($this->sessionStorage->twoFactorSecret); + + $this->response->html($this->helper->layout->user('twofactor/index', array( + 'user' => $user, + 'provider' => $this->authenticationManager->getPostAuthenticationProvider()->getName(), + ))); + } + + /** + * Show page with secret and test form + * + * @access public + */ + public function show() + { + $user = $this->getUser(); + $this->checkCurrentUser($user); + + $label = $user['email'] ?: $user['username']; + $provider = $this->authenticationManager->getPostAuthenticationProvider(); + + if (! isset($this->sessionStorage->twoFactorSecret)) { + $provider->generateSecret(); + $provider->beforeCode(); + $this->sessionStorage->twoFactorSecret = $provider->getSecret(); + } else { + $provider->setSecret($this->sessionStorage->twoFactorSecret); + } + + $this->response->html($this->helper->layout->user('twofactor/show', array( + 'user' => $user, + 'secret' => $this->sessionStorage->twoFactorSecret, + 'qrcode_url' => $provider->getQrCodeUrl($label), + 'key_url' => $provider->getKeyUrl($label), + ))); + } + + /** + * Test code and save secret + * + * @access public + */ + public function test() + { + $user = $this->getUser(); + $this->checkCurrentUser($user); + + $values = $this->request->getValues(); + + $provider = $this->authenticationManager->getPostAuthenticationProvider(); + $provider->setCode(empty($values['code']) ? '' : $values['code']); + $provider->setSecret($this->sessionStorage->twoFactorSecret); + + if ($provider->authenticate()) { + $this->flash->success(t('The two factor authentication code is valid.')); + + $this->user->update(array( + 'id' => $user['id'], + 'twofactor_activated' => 1, + 'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(), + )); + + unset($this->sessionStorage->twoFactorSecret); + $this->userSession->disablePostAuthentication(); + + $this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id']))); + } else { + $this->flash->failure(t('The two factor authentication code is not valid.')); + $this->response->redirect($this->helper->url->to('TwoFactorController', 'show', array('user_id' => $user['id']))); + } + } + + /** + * Disable 2FA for the current user + * + * @access public + */ + public function deactivate() + { + $user = $this->getUser(); + $this->checkCurrentUser($user); + + $this->user->update(array( + 'id' => $user['id'], + 'twofactor_activated' => 0, + 'twofactor_secret' => '', + )); + + // Allow the user to test or disable the feature + $this->userSession->disablePostAuthentication(); + + $this->flash->success(t('User updated successfully.')); + $this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id']))); + } + + /** + * Check 2FA + * + * @access public + */ + public function check() + { + $user = $this->getUser(); + $this->checkCurrentUser($user); + + $values = $this->request->getValues(); + + $provider = $this->authenticationManager->getPostAuthenticationProvider(); + $provider->setCode(empty($values['code']) ? '' : $values['code']); + $provider->setSecret($user['twofactor_secret']); + + if ($provider->authenticate()) { + $this->userSession->validatePostAuthentication(); + $this->flash->success(t('The two factor authentication code is valid.')); + $this->response->redirect($this->helper->url->to('DashboardController', 'show')); + } else { + $this->flash->failure(t('The two factor authentication code is not valid.')); + $this->response->redirect($this->helper->url->to('TwoFactorController', 'code')); + } + } + + /** + * Ask the 2FA code + * + * @access public + */ + public function code() + { + if (! isset($this->sessionStorage->twoFactorBeforeCodeCalled)) { + $provider = $this->authenticationManager->getPostAuthenticationProvider(); + $provider->beforeCode(); + $this->sessionStorage->twoFactorBeforeCodeCalled = true; + } + + $this->response->html($this->helper->layout->app('twofactor/check', array( + 'title' => t('Check two factor authentication code'), + ))); + } + + /** + * Disable 2FA for a user + * + * @access public + */ + public function disable() + { + $user = $this->getUser(); + + if ($this->request->getStringParam('disable') === 'yes') { + $this->checkCSRFParam(); + + $this->user->update(array( + 'id' => $user['id'], + 'twofactor_activated' => 0, + 'twofactor_secret' => '', + )); + + return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); + } + + return $this->response->html($this->helper->layout->user('twofactor/disable', array( + 'user' => $user, + ))); + } +} diff --git a/app/Controller/Twofactor.php b/app/Controller/Twofactor.php deleted file mode 100644 index 118613b2..00000000 --- a/app/Controller/Twofactor.php +++ /dev/null @@ -1,202 +0,0 @@ -userSession->getId()) { - throw new AccessForbiddenException(); - } - } - - /** - * Show form to disable/enable 2FA - * - * @access public - */ - public function index() - { - $user = $this->getUser(); - $this->checkCurrentUser($user); - unset($this->sessionStorage->twoFactorSecret); - - $this->response->html($this->helper->layout->user('twofactor/index', array( - 'user' => $user, - 'provider' => $this->authenticationManager->getPostAuthenticationProvider()->getName(), - ))); - } - - /** - * Show page with secret and test form - * - * @access public - */ - public function show() - { - $user = $this->getUser(); - $this->checkCurrentUser($user); - - $label = $user['email'] ?: $user['username']; - $provider = $this->authenticationManager->getPostAuthenticationProvider(); - - if (! isset($this->sessionStorage->twoFactorSecret)) { - $provider->generateSecret(); - $provider->beforeCode(); - $this->sessionStorage->twoFactorSecret = $provider->getSecret(); - } else { - $provider->setSecret($this->sessionStorage->twoFactorSecret); - } - - $this->response->html($this->helper->layout->user('twofactor/show', array( - 'user' => $user, - 'secret' => $this->sessionStorage->twoFactorSecret, - 'qrcode_url' => $provider->getQrCodeUrl($label), - 'key_url' => $provider->getKeyUrl($label), - ))); - } - - /** - * Test code and save secret - * - * @access public - */ - public function test() - { - $user = $this->getUser(); - $this->checkCurrentUser($user); - - $values = $this->request->getValues(); - - $provider = $this->authenticationManager->getPostAuthenticationProvider(); - $provider->setCode(empty($values['code']) ? '' : $values['code']); - $provider->setSecret($this->sessionStorage->twoFactorSecret); - - if ($provider->authenticate()) { - $this->flash->success(t('The two factor authentication code is valid.')); - - $this->user->update(array( - 'id' => $user['id'], - 'twofactor_activated' => 1, - 'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(), - )); - - unset($this->sessionStorage->twoFactorSecret); - $this->userSession->disablePostAuthentication(); - - $this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id']))); - } else { - $this->flash->failure(t('The two factor authentication code is not valid.')); - $this->response->redirect($this->helper->url->to('twofactor', 'show', array('user_id' => $user['id']))); - } - } - - /** - * Disable 2FA for the current user - * - * @access public - */ - public function deactivate() - { - $user = $this->getUser(); - $this->checkCurrentUser($user); - - $this->user->update(array( - 'id' => $user['id'], - 'twofactor_activated' => 0, - 'twofactor_secret' => '', - )); - - // Allow the user to test or disable the feature - $this->userSession->disablePostAuthentication(); - - $this->flash->success(t('User updated successfully.')); - $this->response->redirect($this->helper->url->to('twofactor', 'index', array('user_id' => $user['id']))); - } - - /** - * Check 2FA - * - * @access public - */ - public function check() - { - $user = $this->getUser(); - $this->checkCurrentUser($user); - - $values = $this->request->getValues(); - - $provider = $this->authenticationManager->getPostAuthenticationProvider(); - $provider->setCode(empty($values['code']) ? '' : $values['code']); - $provider->setSecret($user['twofactor_secret']); - - if ($provider->authenticate()) { - $this->userSession->validatePostAuthentication(); - $this->flash->success(t('The two factor authentication code is valid.')); - $this->response->redirect($this->helper->url->to('DashboardController', 'show')); - } else { - $this->flash->failure(t('The two factor authentication code is not valid.')); - $this->response->redirect($this->helper->url->to('twofactor', 'code')); - } - } - - /** - * Ask the 2FA code - * - * @access public - */ - public function code() - { - if (! isset($this->sessionStorage->twoFactorBeforeCodeCalled)) { - $provider = $this->authenticationManager->getPostAuthenticationProvider(); - $provider->beforeCode(); - $this->sessionStorage->twoFactorBeforeCodeCalled = true; - } - - $this->response->html($this->helper->layout->app('twofactor/check', array( - 'title' => t('Check two factor authentication code'), - ))); - } - - /** - * Disable 2FA for a user - * - * @access public - */ - public function disable() - { - $user = $this->getUser(); - - if ($this->request->getStringParam('disable') === 'yes') { - $this->checkCSRFParam(); - - $this->user->update(array( - 'id' => $user['id'], - 'twofactor_activated' => 0, - 'twofactor_secret' => '', - )); - - return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); - } - - return $this->response->html($this->helper->layout->user('twofactor/disable', array( - 'user' => $user, - ))); - } -} diff --git a/app/Middleware/PostAuthenticationMiddleware.php b/app/Middleware/PostAuthenticationMiddleware.php index c1237f47..650d47aa 100644 --- a/app/Middleware/PostAuthenticationMiddleware.php +++ b/app/Middleware/PostAuthenticationMiddleware.php @@ -19,7 +19,7 @@ class PostAuthenticationMiddleware extends BaseMiddleware { $controller = strtolower($this->router->getController()); $action = strtolower($this->router->getAction()); - $ignore = ($controller === 'twofactor' && in_array($action, array('code', 'check'))) || ($controller === 'auth' && $action === 'logout'); + $ignore = ($controller === 'twofactorcontroller' && in_array($action, array('code', 'check'))) || ($controller === 'auth' && $action === 'logout'); if ($ignore === false && $this->userSession->hasPostAuthentication() && ! $this->userSession->isPostAuthenticationValidated()) { $this->nextMiddleware = null; @@ -28,7 +28,7 @@ class PostAuthenticationMiddleware extends BaseMiddleware $this->response->text('Not Authorized', 401); } - $this->response->redirect($this->helper->url->to('twofactor', 'code')); + $this->response->redirect($this->helper->url->to('TwoFactorController', 'code')); } $this->next(); diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index 051dcc30..3b5a9bab 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -140,7 +140,7 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('Link', '*', Role::APP_ADMIN); $acl->add('ProjectCreation', 'create', Role::APP_MANAGER); $acl->add('Projectuser', '*', Role::APP_MANAGER); - $acl->add('Twofactor', 'disable', Role::APP_ADMIN); + $acl->add('TwoFactorController', 'disable', Role::APP_ADMIN); $acl->add('UserImportController', '*', Role::APP_ADMIN); $acl->add('UserCreationController', '*', Role::APP_ADMIN); $acl->add('UserListController', '*', Role::APP_ADMIN); diff --git a/app/ServiceProvider/RouteProvider.php b/app/ServiceProvider/RouteProvider.php index 2d705217..f44820d9 100644 --- a/app/ServiceProvider/RouteProvider.php +++ b/app/ServiceProvider/RouteProvider.php @@ -153,7 +153,7 @@ class RouteProvider implements ServiceProviderInterface $container['route']->addRoute('user/:user_id/accounts', 'UserViewController', 'external'); $container['route']->addRoute('user/:user_id/integrations', 'UserViewController', 'integrations'); $container['route']->addRoute('user/:user_id/authentication', 'UserCredentialController', 'changeAuthentication'); - $container['route']->addRoute('user/:user_id/2fa', 'twofactor', 'index'); + $container['route']->addRoute('user/:user_id/2fa', 'TwoFactorController', 'index'); $container['route']->addRoute('user/:user_id/avatar', 'AvatarFile', 'show'); // Groups diff --git a/app/Template/twofactor/check.php b/app/Template/twofactor/check.php index b0cb4825..06801d50 100644 --- a/app/Template/twofactor/check.php +++ b/app/Template/twofactor/check.php @@ -1,4 +1,4 @@ -
+ form->csrf() ?> form->label(t('Code'), 'code') ?> @@ -7,4 +7,4 @@
-
\ No newline at end of file + diff --git a/app/Template/twofactor/disable.php b/app/Template/twofactor/disable.php index bdbe1233..bc419181 100644 --- a/app/Template/twofactor/disable.php +++ b/app/Template/twofactor/disable.php @@ -8,7 +8,7 @@

- url->link(t('Yes'), 'twofactor', 'disable', array('user_id' => $user['id'], 'disable' => 'yes'), true, 'btn btn-red') ?> + url->link(t('Yes'), 'TwoFactorController', 'disable', array('user_id' => $user['id'], 'disable' => 'yes'), true, 'btn btn-red') ?> url->link(t('cancel'), 'UserViewController', 'show', array('user_id' => $user['id'])) ?>
diff --git a/app/Template/twofactor/index.php b/app/Template/twofactor/index.php index 6de36514..1ed414ed 100644 --- a/app/Template/twofactor/index.php +++ b/app/Template/twofactor/index.php @@ -2,7 +2,7 @@

-
+ form->csrf() ?>

text->e($provider) ?>

diff --git a/app/Template/twofactor/show.php b/app/Template/twofactor/show.php index 59897e20..0aeef427 100644 --- a/app/Template/twofactor/show.php +++ b/app/Template/twofactor/show.php @@ -19,7 +19,7 @@

- + form->csrf() ?> form->label(t('Code'), 'code') ?> @@ -28,4 +28,4 @@
- \ No newline at end of file + diff --git a/app/Template/user_view/sidebar.php b/app/Template/user_view/sidebar.php index 5eb0457b..0f2f3569 100644 --- a/app/Template/user_view/sidebar.php +++ b/app/Template/user_view/sidebar.php @@ -49,12 +49,12 @@ user->isCurrentUser($user['id'])): ?> -
  • app->checkMenuSelection('twofactor', 'index') ?>> - url->link(t('Two factor authentication'), 'twofactor', 'index', array('user_id' => $user['id'])) ?> +
  • app->checkMenuSelection('TwoFactorController', 'index') ?>> + url->link(t('Two factor authentication'), 'TwoFactorController', 'index', array('user_id' => $user['id'])) ?>
    • - user->hasAccess('twofactor', 'disable') && $user['twofactor_activated'] == 1): ?> -
  • app->checkMenuSelection('twofactor', 'disable') ?>> - url->link(t('Two factor authentication'), 'twofactor', 'disable', array('user_id' => $user['id'])) ?> + user->hasAccess('TwoFactorController', 'disable') && $user['twofactor_activated'] == 1): ?> +
  • app->checkMenuSelection('TwoFactorController', 'disable') ?>> + url->link(t('Two factor authentication'), 'TwoFactorController', 'disable', array('user_id' => $user['id'])) ?>
    • -- cgit v1.2.3