Skip to content
Code-Schnipsel Gruppen Projekte
Commit a774c06d erstellt von Henning Leutz's avatar Henning Leutz :martial_arts_uniform:
Dateien durchsuchen

Merge branch 'next-2.x' into 'main' 

fix: add method_exists check before calling method and replace security with encryption

See merge request !6
Übergeordnete 61c7b086 e6898ab0
No related branches found
No related tags found
2 Merge Requests!7Update 'next-2.x' with latest changes from 'main',!6fix: add method_exists check before calling method and replace security with encryption
Pipeline #15191 mit Warnungen bestanden mit Phase
Phase:
    in 51 Sekunden
    Leerzeichenänderungen ausblenden
    Inline Nebeneinander
    werden angezeigt mit 90 Ergänzungen und 79 Löschungen
    .gitlab-ci.yml
    + 0
    2
    Zeige Datei @ a774c06d
    include: include:
    - component: dev.quiqqer.com/quiqqer/stabilization/ci-cd-components/quiqqer-package-bundle/quiqqer-package-bundle@2 - component: dev.quiqqer.com/quiqqer/stabilization/ci-cd-components/quiqqer-package-bundle/quiqqer-package-bundle@2
    inputs:
    quiqqer-major-version: 1
    # Remove the entire phpunit-php8.1 block, to allow PHPUnit to run on PHP 8.1 in your pipeline # Remove the entire phpunit-php8.1 block, to allow PHPUnit to run on PHP 8.1 in your pipeline
    phpunit-php8.1: phpunit-php8.1:
    ......
    ajax/deleteKeys.php
    + 9
    0
    Zeige Datei @ a774c06d
    ...@@ -27,6 +27,15 @@ function ($userId, $titles) { ...@@ -27,6 +27,15 @@ function ($userId, $titles) {
    ); );
    } }
    if (!method_exists($SessionUser, 'checkEditPermission')) {
    throw new QUI\Permissions\Exception(
    QUI::getLocale()->get(
    'quiqqer/core',
    'exception.lib.user.no.edit.rights'
    )
    );
    }
    $SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
    try { try {
    ......
    ajax/generateKey.php
    + 12
    3
    Zeige Datei @ a774c06d
    ...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
    use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
    use QUI\Auth\Google2Fa\Auth; use QUI\Auth\Google2Fa\Auth;
    use QUI\Security; use QUI\Security\Encryption;
    use QUI\Utils\Security\Orthos; use QUI\Utils\Security\Orthos;
    QUI::$Ajax->registerFunction( QUI::$Ajax->registerFunction(
    ...@@ -29,6 +29,15 @@ function ($userId, $title) { ...@@ -29,6 +29,15 @@ function ($userId, $title) {
    ); );
    } }
    if (!method_exists($SessionUser, 'checkEditPermission')) {
    throw new QUI\Permissions\Exception(
    QUI::getLocale()->get(
    'quiqqer/core',
    'exception.lib.user.no.edit.rights'
    )
    );
    }
    $SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
    try { try {
    ...@@ -50,7 +59,7 @@ function ($userId, $title) { ...@@ -50,7 +59,7 @@ function ($userId, $title) {
    } }
    $secrets[$title] = [ $secrets[$title] = [
    'key' => Security::encrypt($Google2FA->generateSecretKey(32)), 'key' => Encryption::encrypt($Google2FA->generateSecretKey(32)),
    'recoveryKeys' => Auth::generateRecoveryKeys(), 'recoveryKeys' => Auth::generateRecoveryKeys(),
    'createUserId' => $SessionUser->getId(), 'createUserId' => $SessionUser->getId(),
    'createDate' => date('Y-m-d H:i:s') 'createDate' => date('Y-m-d H:i:s')
    ...@@ -74,7 +83,7 @@ function ($userId, $title) { ...@@ -74,7 +83,7 @@ function ($userId, $title) {
    ); );
    return false; return false;
    } catch (\Exception $Exception) { } catch (\Exception) {
    QUI::getMessagesHandler()->addError( QUI::getMessagesHandler()->addError(
    QUI::getLocale()->get( QUI::getLocale()->get(
    'quiqqer/authgoogle2fa', 'quiqqer/authgoogle2fa',
    ......
    ajax/getKey.php
    + 12
    3
    Zeige Datei @ a774c06d
    ...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
    */ */
    use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
    use QUI\Security; use QUI\Security\Encryption;
    use QUI\Utils\Security\Orthos; use QUI\Utils\Security\Orthos;
    QUI::$Ajax->registerFunction( QUI::$Ajax->registerFunction(
    ...@@ -28,6 +28,15 @@ function ($userId, $title) { ...@@ -28,6 +28,15 @@ function ($userId, $title) {
    ); );
    } }
    if (!method_exists($SessionUser, 'checkEditPermission')) {
    throw new QUI\Permissions\Exception(
    QUI::getLocale()->get(
    'quiqqer/core',
    'exception.lib.user.no.edit.rights'
    )
    );
    }
    $SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
    try { try {
    ...@@ -46,7 +55,7 @@ function ($userId, $title) { ...@@ -46,7 +55,7 @@ function ($userId, $title) {
    ]); ]);
    } }
    $keyData['key'] = Security::decrypt($secrets[$title]['key']); $keyData['key'] = Encryption::decrypt($secrets[$title]['key']);
    $keyData['qrCode'] = $Google2FA->getQRCodeInline( $keyData['qrCode'] = $Google2FA->getQRCodeInline(
    $_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'],
    $AuthUser->getUsername(), $AuthUser->getUsername(),
    ...@@ -60,7 +69,7 @@ function ($userId, $title) { ...@@ -60,7 +69,7 @@ function ($userId, $title) {
    $keyData['recoveryKeys'] = []; $keyData['recoveryKeys'] = [];
    foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) { foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) {
    $recoveryKeyData['key'] = trim(Security::decrypt($recoveryKeyData['key'])); $recoveryKeyData['key'] = trim(Encryption::decrypt($recoveryKeyData['key']));
    $keyData['recoveryKeys'][] = $recoveryKeyData; $keyData['recoveryKeys'][] = $recoveryKeyData;
    } }
    } catch (QUI\Auth\Google2Fa\Exception $Exception) { } catch (QUI\Auth\Google2Fa\Exception $Exception) {
    ......
    ajax/getKeys.php
    + 9
    0
    Zeige Datei @ a774c06d
    ...@@ -23,6 +23,15 @@ function ($userId) { ...@@ -23,6 +23,15 @@ function ($userId) {
    ); );
    } }
    if (!method_exists($SessionUser, 'checkEditPermission')) {
    throw new QUI\Permissions\Exception(
    QUI::getLocale()->get(
    'quiqqer/core',
    'exception.lib.user.no.edit.rights'
    )
    );
    }
    $SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
    $keys = []; $keys = [];
    ......
    ajax/regenerateRecoveryKeys.php
    + 9
    0
    Zeige Datei @ a774c06d
    ...@@ -27,6 +27,15 @@ function ($userId, $title) { ...@@ -27,6 +27,15 @@ function ($userId, $title) {
    ); );
    } }
    if (!method_exists($SessionUser, 'checkEditPermission')) {
    throw new QUI\Permissions\Exception(
    QUI::getLocale()->get(
    'quiqqer/core',
    'exception.lib.user.no.edit.rights'
    )
    );
    }
    $SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
    try { try {
    ......
    composer.json
    + 3
    3
    Zeige Datei @ a774c06d
    ...@@ -8,16 +8,16 @@ ...@@ -8,16 +8,16 @@
    { {
    "name": "Patrick Müller", "name": "Patrick Müller",
    "email": "p.mueller@pcsg.de", "email": "p.mueller@pcsg.de",
    "homepage": "http://www.pcsg.de", "homepage": "https://www.pcsg.de",
    "role": "Developer" "role": "Developer"
    } }
    ], ],
    "support": { "support": {
    "email": "support@pcsg.de", "email": "support@pcsg.de",
    "url": "http://www.pcsg.de" "url": "https://www.pcsg.de"
    }, },
    "require": { "require": {
    "quiqqer/quiqqer": ">=1.1|dev-master|dev-dev", "quiqqer/core": "^2",
    "pragmarx/google2fa": "2.*", "pragmarx/google2fa": "2.*",
    "bacon/bacon-qr-code": "~1.0" "bacon/bacon-qr-code": "~1.0"
    }, },
    ......
    phpstan-baseline.neon
    + 1
    35
    Zeige Datei @ a774c06d
    parameters: parameters:
    ignoreErrors: ignoreErrors:
    - \ No newline at end of file
    message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
    count: 1
    path: ajax/deleteKeys.php
    -
    message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
    count: 1
    path: ajax/generateKey.php
    -
    message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
    count: 1
    path: ajax/getKey.php
    -
    message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
    count: 1
    path: ajax/getKeys.php
    -
    message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
    count: 1
    path: ajax/regenerateRecoveryKeys.php
    -
    message: "#^Method QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:getPasswordResetControl\\(\\) should return QUI\\\\Control but returns null\\.$#"
    count: 1
    path: src/QUI/Auth/Google2Fa/Auth.php
    -
    message: "#^Property QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:\\$User \\(QUI\\\\Users\\\\User\\) does not accept QUI\\\\Users\\\\Nobody\\|null\\.$#"
    count: 1
    path: src/QUI/Auth/Google2Fa/Auth.php
    src/QUI/Auth/Google2Fa/Auth.php
    + 33
    31
    Zeige Datei @ a774c06d
    ...@@ -5,9 +5,10 @@ ...@@ -5,9 +5,10 @@
    use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
    use QUI; use QUI;
    use QUI\Auth\Google2Fa\Exception as Google2FaException; use QUI\Auth\Google2Fa\Exception as Google2FaException;
    use QUI\Security; use QUI\Control;
    use QUI\Locale;
    use QUI\Security\Encryption;
    use QUI\Users\AbstractAuthenticator; use QUI\Users\AbstractAuthenticator;
    use QUI\Users\User;
    /** /**
    * Class Auth * Class Auth
    ...@@ -23,14 +24,14 @@ class Auth extends AbstractAuthenticator ...@@ -23,14 +24,14 @@ class Auth extends AbstractAuthenticator
    * *
    * @var Google2FA * @var Google2FA
    */ */
    protected $Google2FA = null; protected Google2FA | null $Google2FA = null;
    /** /**
    * User that is to be authenticated * User that is to be authenticated
    * *
    * @var User * @var QUI\Interfaces\Users\User | null
    */ */
    protected $User = null; protected QUI\Interfaces\Users\User | null $User = null;
    /** /**
    * Auth Constructor. * Auth Constructor.
    ...@@ -44,7 +45,7 @@ public function __construct($user = '') ...@@ -44,7 +45,7 @@ public function __construct($user = '')
    if (!empty($user)) { if (!empty($user)) {
    try { try {
    $this->User = QUI::getUsers()->getUserByName($user); $this->User = QUI::getUsers()->getUserByName($user);
    } catch (\Exception $Exception) { } catch (\Exception) {
    $this->User = QUI::getUsers()->getNobody(); $this->User = QUI::getUsers()->getNobody();
    } }
    } }
    ...@@ -53,10 +54,10 @@ public function __construct($user = '') ...@@ -53,10 +54,10 @@ public function __construct($user = '')
    } }
    /** /**
    * @param null|\QUI\Locale $Locale * @param null|Locale $Locale
    * @return string * @return string
    */ */
    public function getTitle($Locale = null) public function getTitle(null | Locale $Locale = null): string
    { {
    if (is_null($Locale)) { if (is_null($Locale)) {
    $Locale = QUI::getLocale(); $Locale = QUI::getLocale();
    ...@@ -66,10 +67,10 @@ public function getTitle($Locale = null) ...@@ -66,10 +67,10 @@ public function getTitle($Locale = null)
    } }
    /** /**
    * @param null|\QUI\Locale $Locale * @param null|Locale $Locale
    * @return string * @return string
    */ */
    public function getDescription($Locale = null) public function getDescription(null | Locale $Locale = null): string
    { {
    if (is_null($Locale)) { if (is_null($Locale)) {
    $Locale = QUI::getLocale(); $Locale = QUI::getLocale();
    ...@@ -81,15 +82,15 @@ public function getDescription($Locale = null) ...@@ -81,15 +82,15 @@ public function getDescription($Locale = null)
    /** /**
    * Authenticate the user * Authenticate the user
    * *
    * @param string|array|integer $authData * @param string|array|integer $authParams
    * *
    * @throws QUI\Auth\Google2Fa\Exception * @throws QUI\Auth\Google2Fa\Exception
    */ */
    public function auth($authData) public function auth(string | array | int $authParams): void
    { {
    if ( if (
    !is_array($authData) !is_array($authParams)
    || !isset($authData['code']) || !isset($authParams['code'])
    ) { ) {
    throw new Google2FaException([ throw new Google2FaException([
    'quiqqer/authgoogle2fa', 'quiqqer/authgoogle2fa',
    ...@@ -97,7 +98,7 @@ public function auth($authData) ...@@ -97,7 +98,7 @@ public function auth($authData)
    ]); ]);
    } }
    $authCode = $authData['code']; $authCode = $authParams['code'];
    $authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true); $authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true);
    // if no secret keys have been generated -> automatically authenticate the user // if no secret keys have been generated -> automatically authenticate the user
    ...@@ -106,7 +107,7 @@ public function auth($authData) ...@@ -106,7 +107,7 @@ public function auth($authData)
    } }
    foreach ($authSecrets as $k => $secretData) { foreach ($authSecrets as $k => $secretData) {
    $key = trim(Security::decrypt($secretData['key'])); $key = trim(Encryption::decrypt($secretData['key']));
    if ($this->Google2FA->verifyKey($key, $authCode)) { if ($this->Google2FA->verifyKey($key, $authCode)) {
    return; return;
    ...@@ -118,7 +119,7 @@ public function auth($authData) ...@@ -118,7 +119,7 @@ public function auth($authData)
    continue; continue;
    } }
    $recoveryKey = trim(Security::decrypt($recoveryKeyData['key'])); $recoveryKey = trim(Encryption::decrypt($recoveryKeyData['key']));
    if ($recoveryKey != $authCode) { if ($recoveryKey != $authCode) {
    continue; continue;
    ...@@ -147,9 +148,9 @@ public function auth($authData) ...@@ -147,9 +148,9 @@ public function auth($authData)
    /** /**
    * Return the user object * Return the user object
    * *
    * @return \QUI\Interfaces\Users\User * @return QUI\Interfaces\Users\User
    */ */
    public function getUser() public function getUser(): QUI\Interfaces\Users\User
    { {
    return $this->User; return $this->User;
    } }
    ...@@ -157,9 +158,9 @@ public function getUser() ...@@ -157,9 +158,9 @@ public function getUser()
    /** /**
    * Return the quiqqer user id * Return the quiqqer user id
    * *
    * @return integer|boolean * @return integer
    */ */
    public function getUserId() public function getUserId(): int
    { {
    return $this->User->getId(); return $this->User->getId();
    } }
    ...@@ -170,14 +171,14 @@ public function getUserId() ...@@ -170,14 +171,14 @@ public function getUserId()
    * @param int $count (optional) - number of key [default: 10] * @param int $count (optional) - number of key [default: 10]
    * @return array * @return array
    */ */
    public static function generateRecoveryKeys($count = 10) public static function generateRecoveryKeys(int $count = 10): array
    { {
    $recoveryKeys = []; $recoveryKeys = [];
    $Google2FA = new Google2FA(); $Google2FA = new Google2FA();
    for ($i = 0; $i < $count; $i++) { for ($i = 0; $i < $count; $i++) {
    $recoveryKeys[] = [ $recoveryKeys[] = [
    'key' => Security::encrypt(md5($Google2FA->generateSecretKey(16))), 'key' => Encryption::encrypt(md5($Google2FA->generateSecretKey(16))),
    'used' => false, 'used' => false,
    'usedDate' => false 'usedDate' => false
    ]; ];
    ...@@ -187,25 +188,25 @@ public static function generateRecoveryKeys($count = 10) ...@@ -187,25 +188,25 @@ public static function generateRecoveryKeys($count = 10)
    } }
    /** /**
    * @return \QUI\Control * @return Control|null
    */ */
    public static function getLoginControl() public static function getLoginControl(): ?Control
    { {
    return new QUI\Auth\Google2Fa\Controls\Login(); return new QUI\Auth\Google2Fa\Controls\Login();
    } }
    /** /**
    * @return \QUI\Control * @return Control|null
    */ */
    public static function getSettingsControl() public static function getSettingsControl(): ?Control
    { {
    return new QUI\Auth\Google2Fa\Controls\Settings(); return new QUI\Auth\Google2Fa\Controls\Settings();
    } }
    /** /**
    * @return \QUI\Control * @return Control|null
    */ */
    public static function getPasswordResetControl() public static function getPasswordResetControl(): ?Control
    { {
    return null; return null;
    } }
    ...@@ -213,15 +214,16 @@ public static function getPasswordResetControl() ...@@ -213,15 +214,16 @@ public static function getPasswordResetControl()
    /** /**
    * @return bool * @return bool
    */ */
    public static function isCLICompatible() public static function isCLICompatible(): bool
    { {
    return true; return true;
    } }
    /** /**
    * @param QUI\System\Console $Console * @param QUI\System\Console $Console
    * @throws Exception
    */ */
    public function cliAuthentication(QUI\System\Console $Console) public function cliAuthentication(QUI\System\Console $Console): void
    { {
    $Console->clearMsg(); $Console->clearMsg();
    ......
    src/QUI/Auth/Google2Fa/Controls/Login.php
    + 1
    1
    Zeige Datei @ a774c06d
    ...@@ -31,7 +31,7 @@ public function __construct(array $attributes = []) ...@@ -31,7 +31,7 @@ public function __construct(array $attributes = [])
    /** /**
    * @return string * @return string
    */ */
    public function getBody() public function getBody(): string
    { {
    $username = QUI::getSession()->get('username'); $username = QUI::getSession()->get('username');
    $Engine = QUI::getTemplateManager()->getEngine(); $Engine = QUI::getTemplateManager()->getEngine();
    ......
    src/QUI/Auth/Google2Fa/Controls/Settings.php
    + 1
    1
    Zeige Datei @ a774c06d
    ...@@ -18,7 +18,7 @@ class Settings extends Control ...@@ -18,7 +18,7 @@ class Settings extends Control
    /** /**
    * @return string * @return string
    */ */
    public function getBody() public function getBody(): string
    { {
    return '<div class="quiqqer-auth-google2fa-settings" return '<div class="quiqqer-auth-google2fa-settings"
    data-qui="package/quiqqer/authgoogle2fa/bin/controls/Settings"> data-qui="package/quiqqer/authgoogle2fa/bin/controls/Settings">
    ......
    0% oder .
    You are about to add 0 people to the discussion. Proceed with caution.
    Bearbeitung dieser Nachricht zuerst beenden!
    Bitte registrieren oder zum Kommentieren

    PCSG & QUIQQER support and DEV System - GitLab