Merge branch 'next-2.x' into 'main'

fix: add method_exists check before calling method and replace security with encryption

See merge request !6

.gitlab-ci.yml

 include:
   - component: dev.quiqqer.com/quiqqer/stabilization/ci-cd-components/quiqqer-package-bundle/quiqqer-package-bundle@2
-    inputs:
-      quiqqer-major-version: 1
 
 # Remove the entire phpunit-php8.1 block, to allow PHPUnit to run on PHP 8.1 in your pipeline
 phpunit-php8.1:

ajax/deleteKeys.php

@@ -27,6 +27,15 @@ function ($userId, $titles) {
             );
         }
 
+        if (!method_exists($SessionUser, 'checkEditPermission')) {
+            throw new QUI\Permissions\Exception(
+                QUI::getLocale()->get(
+                    'quiqqer/core',
+                    'exception.lib.user.no.edit.rights'
+                )
+            );
+        }
+
         $SessionUser->checkEditPermission();
 
         try {

ajax/generateKey.php

@@ -9,7 +9,7 @@
 
 use PragmaRX\Google2FA\Google2FA;
 use QUI\Auth\Google2Fa\Auth;
-use QUI\Security;
+use QUI\Security\Encryption;
 use QUI\Utils\Security\Orthos;
 
 QUI::$Ajax->registerFunction(
@@ -29,6 +29,15 @@ function ($userId, $title) {
             );
         }
 
+        if (!method_exists($SessionUser, 'checkEditPermission')) {
+            throw new QUI\Permissions\Exception(
+                QUI::getLocale()->get(
+                    'quiqqer/core',
+                    'exception.lib.user.no.edit.rights'
+                )
+            );
+        }
+
         $SessionUser->checkEditPermission();
 
         try {
@@ -50,7 +59,7 @@ function ($userId, $title) {
             }
 
             $secrets[$title] = [
-                'key' => Security::encrypt($Google2FA->generateSecretKey(32)),
+                'key' => Encryption::encrypt($Google2FA->generateSecretKey(32)),
                 'recoveryKeys' => Auth::generateRecoveryKeys(),
                 'createUserId' => $SessionUser->getId(),
                 'createDate' => date('Y-m-d H:i:s')
@@ -74,7 +83,7 @@ function ($userId, $title) {
             );
 
             return false;
-        } catch (\Exception $Exception) {
+        } catch (\Exception) {
             QUI::getMessagesHandler()->addError(
                 QUI::getLocale()->get(
                     'quiqqer/authgoogle2fa',

ajax/getKey.php

@@ -8,7 +8,7 @@
  */
 
 use PragmaRX\Google2FA\Google2FA;
-use QUI\Security;
+use QUI\Security\Encryption;
 use QUI\Utils\Security\Orthos;
 
 QUI::$Ajax->registerFunction(
@@ -28,6 +28,15 @@ function ($userId, $title) {
             );
         }
 
+        if (!method_exists($SessionUser, 'checkEditPermission')) {
+            throw new QUI\Permissions\Exception(
+                QUI::getLocale()->get(
+                    'quiqqer/core',
+                    'exception.lib.user.no.edit.rights'
+                )
+            );
+        }
+
         $SessionUser->checkEditPermission();
 
         try {
@@ -46,7 +55,7 @@ function ($userId, $title) {
                 ]);
             }
 
-            $keyData['key'] = Security::decrypt($secrets[$title]['key']);
+            $keyData['key'] = Encryption::decrypt($secrets[$title]['key']);
             $keyData['qrCode'] = $Google2FA->getQRCodeInline(
                 $_SERVER['SERVER_NAME'],
                 $AuthUser->getUsername(),
@@ -60,7 +69,7 @@ function ($userId, $title) {
             $keyData['recoveryKeys'] = [];
 
             foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) {
-                $recoveryKeyData['key'] = trim(Security::decrypt($recoveryKeyData['key']));
+                $recoveryKeyData['key'] = trim(Encryption::decrypt($recoveryKeyData['key']));
                 $keyData['recoveryKeys'][] = $recoveryKeyData;
             }
         } catch (QUI\Auth\Google2Fa\Exception $Exception) {

ajax/getKeys.php

@@ -23,6 +23,15 @@ function ($userId) {
             );
         }
 
+        if (!method_exists($SessionUser, 'checkEditPermission')) {
+            throw new QUI\Permissions\Exception(
+                QUI::getLocale()->get(
+                    'quiqqer/core',
+                    'exception.lib.user.no.edit.rights'
+                )
+            );
+        }
+
         $SessionUser->checkEditPermission();
 
         $keys = [];

ajax/regenerateRecoveryKeys.php

@@ -27,6 +27,15 @@ function ($userId, $title) {
             );
         }
 
+        if (!method_exists($SessionUser, 'checkEditPermission')) {
+            throw new QUI\Permissions\Exception(
+                QUI::getLocale()->get(
+                    'quiqqer/core',
+                    'exception.lib.user.no.edit.rights'
+                )
+            );
+        }
+
         $SessionUser->checkEditPermission();
 
         try {

composer.json

@@ -8,16 +8,16 @@
         {
             "name": "Patrick Müller",
             "email": "p.mueller@pcsg.de",
-            "homepage": "http://www.pcsg.de",
+            "homepage": "https://www.pcsg.de",
             "role": "Developer"
         }
     ],
     "support": {
         "email": "support@pcsg.de",
-        "url": "http://www.pcsg.de"
+        "url": "https://www.pcsg.de"
     },
     "require": {
-        "quiqqer/quiqqer": ">=1.1|dev-master|dev-dev",
+        "quiqqer/core": "^2",
         "pragmarx/google2fa": "2.*",
         "bacon/bacon-qr-code": "~1.0"
     },

phpstan-baseline.neon

 parameters:
-	ignoreErrors:
-		-
-			message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
-			count: 1
-			path: ajax/deleteKeys.php
-
-		-
-			message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
-			count: 1
-			path: ajax/generateKey.php
-
-		-
-			message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
-			count: 1
-			path: ajax/getKey.php
-
-		-
-			message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
-			count: 1
-			path: ajax/getKeys.php
-
-		-
-			message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
-			count: 1
-			path: ajax/regenerateRecoveryKeys.php
-
-		-
-			message: "#^Method QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:getPasswordResetControl\\(\\) should return QUI\\\\Control but returns null\\.$#"
-			count: 1
-			path: src/QUI/Auth/Google2Fa/Auth.php
-
-		-
-			message: "#^Property QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:\\$User \\(QUI\\\\Users\\\\User\\) does not accept QUI\\\\Users\\\\Nobody\\|null\\.$#"
-			count: 1
-			path: src/QUI/Auth/Google2Fa/Auth.php
+	ignoreErrors:
\ No newline at end of file

src/QUI/Auth/Google2Fa/Auth.php

@@ -5,9 +5,10 @@
 use PragmaRX\Google2FA\Google2FA;
 use QUI;
 use QUI\Auth\Google2Fa\Exception as Google2FaException;
-use QUI\Security;
+use QUI\Control;
+use QUI\Locale;
+use QUI\Security\Encryption;
 use QUI\Users\AbstractAuthenticator;
-use QUI\Users\User;
 
 /**
  * Class Auth
@@ -23,14 +24,14 @@ class Auth extends AbstractAuthenticator
      *
      * @var Google2FA
      */
-    protected $Google2FA = null;
+    protected Google2FA | null $Google2FA = null;
 
     /**
      * User that is to be authenticated
      *
-     * @var User
+     * @var QUI\Interfaces\Users\User | null
      */
-    protected $User = null;
+    protected QUI\Interfaces\Users\User | null $User = null;
 
     /**
      * Auth Constructor.
@@ -44,7 +45,7 @@ public function __construct($user = '')
         if (!empty($user)) {
             try {
                 $this->User = QUI::getUsers()->getUserByName($user);
-            } catch (\Exception $Exception) {
+            } catch (\Exception) {
                 $this->User = QUI::getUsers()->getNobody();
             }
         }
@@ -53,10 +54,10 @@ public function __construct($user = '')
     }
 
     /**
-     * @param null|\QUI\Locale $Locale
+     * @param null|Locale $Locale
      * @return string
      */
-    public function getTitle($Locale = null)
+    public function getTitle(null | Locale $Locale = null): string
     {
         if (is_null($Locale)) {
             $Locale = QUI::getLocale();
@@ -66,10 +67,10 @@ public function getTitle($Locale = null)
     }
 
     /**
-     * @param null|\QUI\Locale $Locale
+     * @param null|Locale $Locale
      * @return string
      */
-    public function getDescription($Locale = null)
+    public function getDescription(null | Locale $Locale = null): string
     {
         if (is_null($Locale)) {
             $Locale = QUI::getLocale();
@@ -81,15 +82,15 @@ public function getDescription($Locale = null)
     /**
      * Authenticate the user
      *
-     * @param string|array|integer $authData
+     * @param string|array|integer $authParams
      *
      * @throws QUI\Auth\Google2Fa\Exception
      */
-    public function auth($authData)
+    public function auth(string | array | int $authParams): void
     {
         if (
-            !is_array($authData)
-            || !isset($authData['code'])
+            !is_array($authParams)
+            || !isset($authParams['code'])
         ) {
             throw new Google2FaException([
                 'quiqqer/authgoogle2fa',
@@ -97,7 +98,7 @@ public function auth($authData)
             ]);
         }
 
-        $authCode = $authData['code'];
+        $authCode = $authParams['code'];
         $authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true);
 
         // if no secret keys have been generated -> automatically authenticate the user
@@ -106,7 +107,7 @@ public function auth($authData)
         }
 
         foreach ($authSecrets as $k => $secretData) {
-            $key = trim(Security::decrypt($secretData['key']));
+            $key = trim(Encryption::decrypt($secretData['key']));
 
             if ($this->Google2FA->verifyKey($key, $authCode)) {
                 return;
@@ -118,7 +119,7 @@ public function auth($authData)
                     continue;
                 }
 
-                $recoveryKey = trim(Security::decrypt($recoveryKeyData['key']));
+                $recoveryKey = trim(Encryption::decrypt($recoveryKeyData['key']));
 
                 if ($recoveryKey != $authCode) {
                     continue;
@@ -147,9 +148,9 @@ public function auth($authData)
     /**
      * Return the user object
      *
-     * @return \QUI\Interfaces\Users\User
+     * @return QUI\Interfaces\Users\User
      */
-    public function getUser()
+    public function getUser(): QUI\Interfaces\Users\User
     {
         return $this->User;
     }
@@ -157,9 +158,9 @@ public function getUser()
     /**
      * Return the quiqqer user id
      *
-     * @return integer|boolean
+     * @return integer
      */
-    public function getUserId()
+    public function getUserId(): int
     {
         return $this->User->getId();
     }
@@ -170,14 +171,14 @@ public function getUserId()
      * @param int $count (optional) - number of key [default: 10]
      * @return array
      */
-    public static function generateRecoveryKeys($count = 10)
+    public static function generateRecoveryKeys(int $count = 10): array
     {
         $recoveryKeys = [];
         $Google2FA = new Google2FA();
 
         for ($i = 0; $i < $count; $i++) {
             $recoveryKeys[] = [
-                'key' => Security::encrypt(md5($Google2FA->generateSecretKey(16))),
+                'key' => Encryption::encrypt(md5($Google2FA->generateSecretKey(16))),
                 'used' => false,
                 'usedDate' => false
             ];
@@ -187,25 +188,25 @@ public static function generateRecoveryKeys($count = 10)
     }
 
     /**
-     * @return \QUI\Control
+     * @return Control|null
      */
-    public static function getLoginControl()
+    public static function getLoginControl(): ?Control
     {
         return new QUI\Auth\Google2Fa\Controls\Login();
     }
 
     /**
-     * @return \QUI\Control
+     * @return Control|null
      */
-    public static function getSettingsControl()
+    public static function getSettingsControl(): ?Control
     {
         return new QUI\Auth\Google2Fa\Controls\Settings();
     }
 
     /**
-     * @return \QUI\Control
+     * @return Control|null
      */
-    public static function getPasswordResetControl()
+    public static function getPasswordResetControl(): ?Control
     {
         return null;
     }
@@ -213,15 +214,16 @@ public static function getPasswordResetControl()
     /**
      * @return bool
      */
-    public static function isCLICompatible()
+    public static function isCLICompatible(): bool
     {
         return true;
     }
 
     /**
      * @param QUI\System\Console $Console
+     * @throws Exception
      */
-    public function cliAuthentication(QUI\System\Console $Console)
+    public function cliAuthentication(QUI\System\Console $Console): void
     {
         $Console->clearMsg();
 

src/QUI/Auth/Google2Fa/Controls/Login.php

@@ -31,7 +31,7 @@ public function __construct(array $attributes = [])
     /**
      * @return string
      */
-    public function getBody()
+    public function getBody(): string
     {
         $username = QUI::getSession()->get('username');
         $Engine = QUI::getTemplateManager()->getEngine();

src/QUI/Auth/Google2Fa/Controls/Settings.php

@@ -18,7 +18,7 @@ class Settings extends Control
     /**
      * @return string
      */
-    public function getBody()
+    public function getBody(): string
     {
         return '<div class="quiqqer-auth-google2fa-settings"     
                   data-qui="package/quiqqer/authgoogle2fa/bin/controls/Settings">