Skip to content
Code-Schnipsel Gruppen Projekte
Commit 24596451 erstellt von Henning Leutz's avatar Henning Leutz :martial_arts_uniform:
Dateien durchsuchen

Merge branch 'dev' into 'next'

feat: new versioning

See merge request !1
Übergeordnete 35a2c734 013fedf8
No related branches found
No related tags found
2 Merge Requests!2Next,!1feat: new versioning
Pipeline #5586 bestanden mit Phase
in 11 Sekunden
include:
- project: 'quiqqer/stabilization/semantic-release'
file: '/ci-templates/.gitlab-ci.yml'
GPL-3.0+
\ No newline at end of file
<?php
use QUI\Utils\Security\Orthos;
/**
* Create new google authenticator key for a user
*
* @param array $titles - titles of the keys that should be deleted
* @return bool - success
*/
use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction(
'package_quiqqer_authgoogle2fa_ajax_deleteKeys',
function ($userId, $titles) {
$Users = QUI::getUsers();
$AuthUser = $Users->get((int)$userId);
$titles = Orthos::clearArray(json_decode($titles, true));
$Users = QUI::getUsers();
$AuthUser = $Users->get((int)$userId);
$titles = Orthos::clearArray(json_decode($titles, true));
$SessionUser = QUI::getUserBySession();
// @todo Check user edit permission of session user
......@@ -48,9 +49,9 @@ function ($userId, $titles) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.deleteKeys.error',
array(
[
'error' => $Exception->getMessage()
)
]
)
);
......@@ -75,6 +76,6 @@ function ($userId, $titles) {
return true;
},
array('userId', 'titles'),
['userId', 'titles'],
'Permission::checkAdminUser'
);
<?php
use PragmaRX\Google2FA\Google2FA;
use QUI\Utils\Security\Orthos;
use QUI\Security;
use QUI\Auth\Google2Fa\Auth;
/**
* Create new google authenticator key for a user
*
* @param string $title - key title
* @return bool - success
*/
use PragmaRX\Google2FA\Google2FA;
use QUI\Auth\Google2Fa\Auth;
use QUI\Security;
use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction(
'package_quiqqer_authgoogle2fa_ajax_generateKey',
function ($userId, $title) {
$Users = QUI::getUsers();
$Users = QUI::getUsers();
$SessionUser = QUI::getUserBySession();
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
if ($Users->isNobodyUser($SessionUser)) {
throw new QUI\Permissions\Exception(
......@@ -32,28 +33,28 @@ function ($userId, $title) {
try {
$Google2FA = new Google2FA();
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
if (empty($secrets)) {
$secrets = array();
$secrets = [];
}
if (isset($secrets[$title])) {
throw new QUI\Auth\Google2Fa\Exception(array(
throw new QUI\Auth\Google2Fa\Exception([
'quiqqer/authgoogle2fa',
'exception.ajax.generateKey.title.already.exists',
array(
[
'title' => $title
)
));
]
]);
}
$secrets[$title] = array(
'key' => Security::encrypt($Google2FA->generateSecretKey(32)),
$secrets[$title] = [
'key' => Security::encrypt($Google2FA->generateSecretKey(32)),
'recoveryKeys' => Auth::generateRecoveryKeys(),
'createUserId' => $SessionUser->getId(),
'createDate' => date('Y-m-d H:i:s')
);
'createDate' => date('Y-m-d H:i:s')
];
$AuthUser->setAttribute(
'quiqqer.auth.google2fa.secrets',
......@@ -66,9 +67,9 @@ function ($userId, $title) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.generateKey.error',
array(
[
'error' => $Exception->getMessage()
)
]
)
);
......@@ -88,14 +89,14 @@ function ($userId, $title) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.generateKey.success',
array(
[
'title' => $title
)
]
)
);
return true;
},
array('userId', 'title'),
['userId', 'title'],
'Permission::checkAdminUser'
);
<?php
use PragmaRX\Google2FA\Google2FA;
use QUI\Utils\Security\Orthos;
use QUI\Security;
/**
* Create new google authenticator key for a user
*
* @param string $title - key title
* @return array - key data
*/
use PragmaRX\Google2FA\Google2FA;
use QUI\Security;
use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction(
'package_quiqqer_authgoogle2fa_ajax_getKey',
function ($userId, $title) {
$Users = QUI::getUsers();
$Users = QUI::getUsers();
$SessionUser = QUI::getUserBySession();
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
if ($Users->isNobodyUser($SessionUser)) {
throw new QUI\Permissions\Exception(
......@@ -31,35 +32,35 @@ function ($userId, $title) {
try {
$Google2FA = new Google2FA();
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
if (!isset($secrets[$title])) {
throw new QUI\Auth\Google2Fa\Exception(array(
throw new QUI\Auth\Google2Fa\Exception([
'quiqqer/authgoogle2fa',
'exception.ajax.getKey.title.not.found',
array(
'title' => $title,
'user' => $AuthUser->getUsername(),
[
'title' => $title,
'user' => $AuthUser->getUsername(),
'userId' => $AuthUser->getId()
)
));
]
]);
}
$keyData['key'] = Security::decrypt($secrets[$title]['key']);
$keyData['key'] = Security::decrypt($secrets[$title]['key']);
$keyData['qrCode'] = $Google2FA->getQRCodeInline(
$_SERVER['SERVER_NAME'],
$AuthUser->getUsername(),
$keyData['key']
);
$CreateUser = QUI::getUsers()->get($secrets[$title]['createUserId']);
$CreateUser = QUI::getUsers()->get($secrets[$title]['createUserId']);
$keyData['createUser'] = $CreateUser->getUsername() . ' (' . $CreateUser->getId() . ')';
$keyData['createDate'] = $secrets[$title]['createDate'];
$keyData['recoveryKeys'] = array();
$keyData['recoveryKeys'] = [];
foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) {
$recoveryKeyData['key'] = trim(Security::decrypt($recoveryKeyData['key']));
$recoveryKeyData['key'] = trim(Security::decrypt($recoveryKeyData['key']));
$keyData['recoveryKeys'][] = $recoveryKeyData;
}
} catch (QUI\Auth\Google2Fa\Exception $Exception) {
......@@ -67,9 +68,9 @@ function ($userId, $title) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.getKey.error',
array(
[
'error' => $Exception->getMessage()
)
]
)
);
......@@ -91,6 +92,6 @@ function ($userId, $title) {
return $keyData;
},
array('userId', 'title'),
['userId', 'title'],
'Permission::checkAdminUser'
);
......@@ -6,12 +6,13 @@
* @param string $title - key title
* @return array - key data
*/
QUI::$Ajax->registerFunction(
'package_quiqqer_authgoogle2fa_ajax_getKeys',
function ($userId) {
$Users = QUI::getUsers();
$Users = QUI::getUsers();
$SessionUser = QUI::getUserBySession();
$AuthUser = $Users->get((int)$userId);
$AuthUser = $Users->get((int)$userId);
if ($Users->isNobodyUser($SessionUser)) {
throw new QUI\Permissions\Exception(
......@@ -24,7 +25,7 @@ function ($userId) {
$SessionUser->checkEditPermission();
$keys = array();
$keys = [];
try {
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
......@@ -36,24 +37,24 @@ function ($userId) {
foreach ($secrets as $title => $secret) {
$CreateUser = QUI::getUsers()->get($secret['createUserId']);
$keys[] = array(
'title' => $title,
$keys[] = [
'title' => $title,
'created' => $secret['createDate']
. ' - '
. $CreateUser->getUsername()
. ' ('
. $CreateUser->getId()
. ')'
);
. ' - '
. $CreateUser->getUsername()
. ' ('
. $CreateUser->getId()
. ')'
];
}
} catch (QUI\Auth\Google2Fa\Exception $Exception) {
QUI::getMessagesHandler()->addError(
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.getKeys.error',
array(
[
'error' => $Exception->getMessage()
)
]
)
);
......@@ -71,6 +72,6 @@ function ($userId) {
return $keys;
},
array('userId'),
['userId'],
'Permission::checkAdminUser'
);
<?php
use QUI;
use PragmaRX\Google2FA\Google2FA;
use QUI\Utils\Security\Orthos;
use QUI\Security;
use QUI\Auth\Google2Fa\Auth;
/**
* Re-generate a set of recovery keys for a user authentication key
*
* @param string $title - key title
* @return bool - success
*/
use QUI\Auth\Google2Fa\Auth;
use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction(
'package_quiqqer_authgoogle2fa_ajax_regenerateRecoveryKeys',
function ($userId, $title) {
$Users = QUI::getUsers();
$Users = QUI::getUsers();
$SessionUser = QUI::getUserBySession();
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
$AuthUser = $Users->get((int)$userId);
$title = Orthos::clear($title);
if ($Users->isNobodyUser($SessionUser)) {
throw new QUI\Permissions\Exception(
......@@ -35,19 +33,19 @@ function ($userId, $title) {
$secrets = json_decode($AuthUser->getAttribute('quiqqer.auth.google2fa.secrets'), true);
if (empty($secrets)) {
$secrets = array();
$secrets = [];
}
if (!isset($secrets[$title])) {
throw new QUI\Auth\Google2Fa\Exception(array(
throw new QUI\Auth\Google2Fa\Exception([
'quiqqer/authgoogle2fa',
'exception.ajax.getKey.title.not.found',
array(
'title' => $title,
'user' => $AuthUser->getUsername(),
[
'title' => $title,
'user' => $AuthUser->getUsername(),
'userId' => $AuthUser->getId()
)
));
]
]);
}
$secrets[$title]['recoveryKeys'] = Auth::generateRecoveryKeys();
......@@ -63,9 +61,9 @@ function ($userId, $title) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.regenerateRecoveryKeys.error',
array(
[
'error' => $Exception->getMessage()
)
]
)
);
......@@ -85,14 +83,14 @@ function ($userId, $title) {
QUI::getLocale()->get(
'quiqqer/authgoogle2fa',
'message.ajax.regenerateRecoveryKeys.success',
array(
[
'title' => $title
)
]
)
);
return true;
},
array('userId', 'title'),
['userId', 'title'],
'Permission::checkAdminUser'
);
......@@ -2,12 +2,12 @@
namespace QUI\Auth\Google2Fa;
use QUI;
use PragmaRX\Google2FA\Google2FA;
use QUI\Users\AbstractAuthenticator;
use QUI\Users\User;
use QUI;
use QUI\Auth\Google2Fa\Exception as Google2FaException;
use QUI\Security;
use QUI\Users\AbstractAuthenticator;
use QUI\Users\User;
/**
* Class Auth
......@@ -87,16 +87,17 @@ public function getDescription($Locale = null)
*/
public function auth($authData)
{
if (!is_array($authData)
if (
!is_array($authData)
|| !isset($authData['code'])
) {
throw new Google2FaException(array(
throw new Google2FaException([
'quiqqer/authgoogle2fa',
'exception.auth.wrong.auth.code'
));
]);
}
$authCode = $authData['code'];
$authCode = $authData['code'];
$authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true);
// if no secret keys have been generated -> automatically authenticate the user
......@@ -124,11 +125,11 @@ public function auth($authData)
}
// set used status of recovery key to true
$recoveryKeyData['used'] = true;
$recoveryKeyData['used'] = true;
$recoveryKeyData['usedDate'] = date('Y-m-d H:i:s');
$secretData['recoveryKeys'][$k2] = $recoveryKeyData;
$authSecrets[$k] = $secretData;
$authSecrets[$k] = $secretData;
$this->User->setAttribute('quiqqer.auth.google2fa.secrets', json_encode($authSecrets));
$this->User->save(QUI::getUsers()->getSystemUser());
......@@ -137,10 +138,10 @@ public function auth($authData)
}
}
throw new Google2FaException(array(
throw new Google2FaException([
'quiqqer/authgoogle2fa',
'exception.auth.wrong.auth.code'
));
]);
}
/**
......@@ -171,15 +172,15 @@ public function getUserId()
*/
public static function generateRecoveryKeys($count = 10)
{
$recoveryKeys = array();
$Google2FA = new Google2FA();
$recoveryKeys = [];
$Google2FA = new Google2FA();
for ($i = 0; $i < $count; $i++) {
$recoveryKeys[] = array(
'key' => Security::encrypt(md5($Google2FA->generateSecretKey(16))),
'used' => false,
$recoveryKeys[] = [
'key' => Security::encrypt(md5($Google2FA->generateSecretKey(16))),
'used' => false,
'usedDate' => false
);
];
}
return $recoveryKeys;
......@@ -236,8 +237,8 @@ public function cliAuthentication(QUI\System\Console $Console)
$code = $Console->readInput();
$this->auth(array(
$this->auth([
'code' => $code
));
]);
}
}
......@@ -3,6 +3,7 @@
/**
* This file contains QUI\Auth\Google2Fa\Controls\Login
*/
namespace QUI\Auth\Google2Fa\Controls;
use QUI;
......@@ -20,7 +21,7 @@ class Login extends Control
*
* @param array $attributes
*/
public function __construct(array $attributes = array())
public function __construct(array $attributes = [])
{
parent::__construct($attributes);
......@@ -33,11 +34,11 @@ public function __construct(array $attributes = array())
public function getBody()
{
$username = QUI::getSession()->get('username');
$Engine = QUI::getTemplateManager()->getEngine();
$Engine = QUI::getTemplateManager()->getEngine();
$Engine->assign(array(
$Engine->assign([
'username' => $username
));
]);
return $Engine->fetch(dirname(__FILE__) . '/Login.html');
}
......
......@@ -3,9 +3,9 @@
/**
* This file contains
*/
namespace QUI\Auth\Google2Fa\Controls;
use QUI;
use QUI\Control;
/**
......
......@@ -6,5 +6,4 @@
class Exception extends QUIUserException
{
// nothing
}
0% oder .
You are about to add 0 people to the discussion. Proceed with caution.
Bearbeitung dieser Nachricht zuerst beenden!
Bitte registrieren oder zum Kommentieren