Skip to content
Code-Schnipsel Gruppen Projekte

Revisionen vergleichen

Änderungen werden so angezeigt, als ob die Quellrevision mit der Zielrevision zusammengeführt würde. Erfahre mehr über den Vergleich von Revisionen.

Quelle

Zielprojekt auswählen
No results found

Ziel

Zielprojekt auswählen
  • quiqqer/authgoogle2fa
1 Ergebnis
Änderungen anzeigen
Commits auf Quelle (4)
  • Henning Leutz's avatar
    Merge branch 'main' into 'next-2.x' · d8637524
    verfasst von Henning Leutz
    Update 'next-2.x' with latest changes from 'main'
    
    See merge request !5
    d8637524
  • Henning Leutz's avatar
    fix: add method_exists check before calling method and replace security with encryption · 4df5756e
    verfasst von Henning Leutz
    In this commit, added an existence check before calling the checkEditPermission method in ajax
    files. The Security class use in some files was replaced by Encryption. This commit also made
    adjustment on getUser function to either return user object or null.
    
    Related: #4
    4df5756e
  • Henning Leutz's avatar
    fix!: update ci configuration and package details · e6898ab0
    verfasst von Henning Leutz
    - Removed inputs for 'quiqqer-major-version' from .gitlab-ci.yml file for stabilization.
    - Allowed phpunit to run on PHP 8.1 by removing phpunit-php8.1 block from .gitlab-ci.yml.
    - Updated the homepage URL from 'http' to 'https' in composer.json.
    - Changed the support URL from 'http' to 'https' in composer.json.
    - Updated the required 'quiqqer/quiqqer' version to 'quiqqer/core' '^2' in composer.json.
    
    BREAKING CHANGE: 'quiqqer/quiqqer' version to 'quiqqer/core'
    e6898ab0
  • Henning Leutz's avatar
    Merge branch 'next-2.x' into 'main' · a774c06d
    verfasst von Henning Leutz
    fix: add method_exists check before calling method and replace security with encryption
    
    See merge request !6
    a774c06d
include: include:
- component: dev.quiqqer.com/quiqqer/stabilization/ci-cd-components/quiqqer-package-bundle/quiqqer-package-bundle@2 - component: dev.quiqqer.com/quiqqer/stabilization/ci-cd-components/quiqqer-package-bundle/quiqqer-package-bundle@2
inputs:
quiqqer-major-version: 1
# Remove the entire phpunit-php8.1 block, to allow PHPUnit to run on PHP 8.1 in your pipeline # Remove the entire phpunit-php8.1 block, to allow PHPUnit to run on PHP 8.1 in your pipeline
phpunit-php8.1: phpunit-php8.1:
......
...@@ -27,6 +27,15 @@ function ($userId, $titles) { ...@@ -27,6 +27,15 @@ function ($userId, $titles) {
); );
} }
if (!method_exists($SessionUser, 'checkEditPermission')) {
throw new QUI\Permissions\Exception(
QUI::getLocale()->get(
'quiqqer/core',
'exception.lib.user.no.edit.rights'
)
);
}
$SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
try { try {
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use QUI\Auth\Google2Fa\Auth; use QUI\Auth\Google2Fa\Auth;
use QUI\Security; use QUI\Security\Encryption;
use QUI\Utils\Security\Orthos; use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction( QUI::$Ajax->registerFunction(
...@@ -29,6 +29,15 @@ function ($userId, $title) { ...@@ -29,6 +29,15 @@ function ($userId, $title) {
); );
} }
if (!method_exists($SessionUser, 'checkEditPermission')) {
throw new QUI\Permissions\Exception(
QUI::getLocale()->get(
'quiqqer/core',
'exception.lib.user.no.edit.rights'
)
);
}
$SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
try { try {
...@@ -50,7 +59,7 @@ function ($userId, $title) { ...@@ -50,7 +59,7 @@ function ($userId, $title) {
} }
$secrets[$title] = [ $secrets[$title] = [
'key' => Security::encrypt($Google2FA->generateSecretKey(32)), 'key' => Encryption::encrypt($Google2FA->generateSecretKey(32)),
'recoveryKeys' => Auth::generateRecoveryKeys(), 'recoveryKeys' => Auth::generateRecoveryKeys(),
'createUserId' => $SessionUser->getId(), 'createUserId' => $SessionUser->getId(),
'createDate' => date('Y-m-d H:i:s') 'createDate' => date('Y-m-d H:i:s')
...@@ -74,7 +83,7 @@ function ($userId, $title) { ...@@ -74,7 +83,7 @@ function ($userId, $title) {
); );
return false; return false;
} catch (\Exception $Exception) { } catch (\Exception) {
QUI::getMessagesHandler()->addError( QUI::getMessagesHandler()->addError(
QUI::getLocale()->get( QUI::getLocale()->get(
'quiqqer/authgoogle2fa', 'quiqqer/authgoogle2fa',
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
*/ */
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use QUI\Security; use QUI\Security\Encryption;
use QUI\Utils\Security\Orthos; use QUI\Utils\Security\Orthos;
QUI::$Ajax->registerFunction( QUI::$Ajax->registerFunction(
...@@ -28,6 +28,15 @@ function ($userId, $title) { ...@@ -28,6 +28,15 @@ function ($userId, $title) {
); );
} }
if (!method_exists($SessionUser, 'checkEditPermission')) {
throw new QUI\Permissions\Exception(
QUI::getLocale()->get(
'quiqqer/core',
'exception.lib.user.no.edit.rights'
)
);
}
$SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
try { try {
...@@ -46,7 +55,7 @@ function ($userId, $title) { ...@@ -46,7 +55,7 @@ function ($userId, $title) {
]); ]);
} }
$keyData['key'] = Security::decrypt($secrets[$title]['key']); $keyData['key'] = Encryption::decrypt($secrets[$title]['key']);
$keyData['qrCode'] = $Google2FA->getQRCodeInline( $keyData['qrCode'] = $Google2FA->getQRCodeInline(
$_SERVER['SERVER_NAME'], $_SERVER['SERVER_NAME'],
$AuthUser->getUsername(), $AuthUser->getUsername(),
...@@ -60,7 +69,7 @@ function ($userId, $title) { ...@@ -60,7 +69,7 @@ function ($userId, $title) {
$keyData['recoveryKeys'] = []; $keyData['recoveryKeys'] = [];
foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) { foreach ($secrets[$title]['recoveryKeys'] as $k => $recoveryKeyData) {
$recoveryKeyData['key'] = trim(Security::decrypt($recoveryKeyData['key'])); $recoveryKeyData['key'] = trim(Encryption::decrypt($recoveryKeyData['key']));
$keyData['recoveryKeys'][] = $recoveryKeyData; $keyData['recoveryKeys'][] = $recoveryKeyData;
} }
} catch (QUI\Auth\Google2Fa\Exception $Exception) { } catch (QUI\Auth\Google2Fa\Exception $Exception) {
......
...@@ -23,6 +23,15 @@ function ($userId) { ...@@ -23,6 +23,15 @@ function ($userId) {
); );
} }
if (!method_exists($SessionUser, 'checkEditPermission')) {
throw new QUI\Permissions\Exception(
QUI::getLocale()->get(
'quiqqer/core',
'exception.lib.user.no.edit.rights'
)
);
}
$SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
$keys = []; $keys = [];
......
...@@ -27,6 +27,15 @@ function ($userId, $title) { ...@@ -27,6 +27,15 @@ function ($userId, $title) {
); );
} }
if (!method_exists($SessionUser, 'checkEditPermission')) {
throw new QUI\Permissions\Exception(
QUI::getLocale()->get(
'quiqqer/core',
'exception.lib.user.no.edit.rights'
)
);
}
$SessionUser->checkEditPermission(); $SessionUser->checkEditPermission();
try { try {
......
...@@ -8,16 +8,16 @@ ...@@ -8,16 +8,16 @@
{ {
"name": "Patrick Müller", "name": "Patrick Müller",
"email": "p.mueller@pcsg.de", "email": "p.mueller@pcsg.de",
"homepage": "http://www.pcsg.de", "homepage": "https://www.pcsg.de",
"role": "Developer" "role": "Developer"
} }
], ],
"support": { "support": {
"email": "support@pcsg.de", "email": "support@pcsg.de",
"url": "http://www.pcsg.de" "url": "https://www.pcsg.de"
}, },
"require": { "require": {
"quiqqer/quiqqer": ">=1.1|dev-master|dev-dev", "quiqqer/core": "^2",
"pragmarx/google2fa": "2.*", "pragmarx/google2fa": "2.*",
"bacon/bacon-qr-code": "~1.0" "bacon/bacon-qr-code": "~1.0"
}, },
......
parameters: parameters:
ignoreErrors: ignoreErrors:
- \ No newline at end of file
message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
count: 1
path: ajax/deleteKeys.php
-
message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
count: 1
path: ajax/generateKey.php
-
message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
count: 1
path: ajax/getKey.php
-
message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
count: 1
path: ajax/getKeys.php
-
message: "#^Call to an undefined method QUI\\\\Interfaces\\\\Users\\\\User\\:\\:checkEditPermission\\(\\)\\.$#"
count: 1
path: ajax/regenerateRecoveryKeys.php
-
message: "#^Method QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:getPasswordResetControl\\(\\) should return QUI\\\\Control but returns null\\.$#"
count: 1
path: src/QUI/Auth/Google2Fa/Auth.php
-
message: "#^Property QUI\\\\Auth\\\\Google2Fa\\\\Auth\\:\\:\\$User \\(QUI\\\\Users\\\\User\\) does not accept QUI\\\\Users\\\\Nobody\\|null\\.$#"
count: 1
path: src/QUI/Auth/Google2Fa/Auth.php
...@@ -5,9 +5,10 @@ ...@@ -5,9 +5,10 @@
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use QUI; use QUI;
use QUI\Auth\Google2Fa\Exception as Google2FaException; use QUI\Auth\Google2Fa\Exception as Google2FaException;
use QUI\Security; use QUI\Control;
use QUI\Locale;
use QUI\Security\Encryption;
use QUI\Users\AbstractAuthenticator; use QUI\Users\AbstractAuthenticator;
use QUI\Users\User;
/** /**
* Class Auth * Class Auth
...@@ -23,14 +24,14 @@ class Auth extends AbstractAuthenticator ...@@ -23,14 +24,14 @@ class Auth extends AbstractAuthenticator
* *
* @var Google2FA * @var Google2FA
*/ */
protected $Google2FA = null; protected Google2FA | null $Google2FA = null;
/** /**
* User that is to be authenticated * User that is to be authenticated
* *
* @var User * @var QUI\Interfaces\Users\User | null
*/ */
protected $User = null; protected QUI\Interfaces\Users\User | null $User = null;
/** /**
* Auth Constructor. * Auth Constructor.
...@@ -44,7 +45,7 @@ public function __construct($user = '') ...@@ -44,7 +45,7 @@ public function __construct($user = '')
if (!empty($user)) { if (!empty($user)) {
try { try {
$this->User = QUI::getUsers()->getUserByName($user); $this->User = QUI::getUsers()->getUserByName($user);
} catch (\Exception $Exception) { } catch (\Exception) {
$this->User = QUI::getUsers()->getNobody(); $this->User = QUI::getUsers()->getNobody();
} }
} }
...@@ -53,10 +54,10 @@ public function __construct($user = '') ...@@ -53,10 +54,10 @@ public function __construct($user = '')
} }
/** /**
* @param null|\QUI\Locale $Locale * @param null|Locale $Locale
* @return string * @return string
*/ */
public function getTitle($Locale = null) public function getTitle(null | Locale $Locale = null): string
{ {
if (is_null($Locale)) { if (is_null($Locale)) {
$Locale = QUI::getLocale(); $Locale = QUI::getLocale();
...@@ -66,10 +67,10 @@ public function getTitle($Locale = null) ...@@ -66,10 +67,10 @@ public function getTitle($Locale = null)
} }
/** /**
* @param null|\QUI\Locale $Locale * @param null|Locale $Locale
* @return string * @return string
*/ */
public function getDescription($Locale = null) public function getDescription(null | Locale $Locale = null): string
{ {
if (is_null($Locale)) { if (is_null($Locale)) {
$Locale = QUI::getLocale(); $Locale = QUI::getLocale();
...@@ -81,15 +82,15 @@ public function getDescription($Locale = null) ...@@ -81,15 +82,15 @@ public function getDescription($Locale = null)
/** /**
* Authenticate the user * Authenticate the user
* *
* @param string|array|integer $authData * @param string|array|integer $authParams
* *
* @throws QUI\Auth\Google2Fa\Exception * @throws QUI\Auth\Google2Fa\Exception
*/ */
public function auth($authData) public function auth(string | array | int $authParams): void
{ {
if ( if (
!is_array($authData) !is_array($authParams)
|| !isset($authData['code']) || !isset($authParams['code'])
) { ) {
throw new Google2FaException([ throw new Google2FaException([
'quiqqer/authgoogle2fa', 'quiqqer/authgoogle2fa',
...@@ -97,7 +98,7 @@ public function auth($authData) ...@@ -97,7 +98,7 @@ public function auth($authData)
]); ]);
} }
$authCode = $authData['code']; $authCode = $authParams['code'];
$authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true); $authSecrets = json_decode($this->User->getAttribute('quiqqer.auth.google2fa.secrets'), true);
// if no secret keys have been generated -> automatically authenticate the user // if no secret keys have been generated -> automatically authenticate the user
...@@ -106,7 +107,7 @@ public function auth($authData) ...@@ -106,7 +107,7 @@ public function auth($authData)
} }
foreach ($authSecrets as $k => $secretData) { foreach ($authSecrets as $k => $secretData) {
$key = trim(Security::decrypt($secretData['key'])); $key = trim(Encryption::decrypt($secretData['key']));
if ($this->Google2FA->verifyKey($key, $authCode)) { if ($this->Google2FA->verifyKey($key, $authCode)) {
return; return;
...@@ -118,7 +119,7 @@ public function auth($authData) ...@@ -118,7 +119,7 @@ public function auth($authData)
continue; continue;
} }
$recoveryKey = trim(Security::decrypt($recoveryKeyData['key'])); $recoveryKey = trim(Encryption::decrypt($recoveryKeyData['key']));
if ($recoveryKey != $authCode) { if ($recoveryKey != $authCode) {
continue; continue;
...@@ -147,9 +148,9 @@ public function auth($authData) ...@@ -147,9 +148,9 @@ public function auth($authData)
/** /**
* Return the user object * Return the user object
* *
* @return \QUI\Interfaces\Users\User * @return QUI\Interfaces\Users\User
*/ */
public function getUser() public function getUser(): QUI\Interfaces\Users\User
{ {
return $this->User; return $this->User;
} }
...@@ -157,9 +158,9 @@ public function getUser() ...@@ -157,9 +158,9 @@ public function getUser()
/** /**
* Return the quiqqer user id * Return the quiqqer user id
* *
* @return integer|boolean * @return integer
*/ */
public function getUserId() public function getUserId(): int
{ {
return $this->User->getId(); return $this->User->getId();
} }
...@@ -170,14 +171,14 @@ public function getUserId() ...@@ -170,14 +171,14 @@ public function getUserId()
* @param int $count (optional) - number of key [default: 10] * @param int $count (optional) - number of key [default: 10]
* @return array * @return array
*/ */
public static function generateRecoveryKeys($count = 10) public static function generateRecoveryKeys(int $count = 10): array
{ {
$recoveryKeys = []; $recoveryKeys = [];
$Google2FA = new Google2FA(); $Google2FA = new Google2FA();
for ($i = 0; $i < $count; $i++) { for ($i = 0; $i < $count; $i++) {
$recoveryKeys[] = [ $recoveryKeys[] = [
'key' => Security::encrypt(md5($Google2FA->generateSecretKey(16))), 'key' => Encryption::encrypt(md5($Google2FA->generateSecretKey(16))),
'used' => false, 'used' => false,
'usedDate' => false 'usedDate' => false
]; ];
...@@ -187,25 +188,25 @@ public static function generateRecoveryKeys($count = 10) ...@@ -187,25 +188,25 @@ public static function generateRecoveryKeys($count = 10)
} }
/** /**
* @return \QUI\Control * @return Control|null
*/ */
public static function getLoginControl() public static function getLoginControl(): ?Control
{ {
return new QUI\Auth\Google2Fa\Controls\Login(); return new QUI\Auth\Google2Fa\Controls\Login();
} }
/** /**
* @return \QUI\Control * @return Control|null
*/ */
public static function getSettingsControl() public static function getSettingsControl(): ?Control
{ {
return new QUI\Auth\Google2Fa\Controls\Settings(); return new QUI\Auth\Google2Fa\Controls\Settings();
} }
/** /**
* @return \QUI\Control * @return Control|null
*/ */
public static function getPasswordResetControl() public static function getPasswordResetControl(): ?Control
{ {
return null; return null;
} }
...@@ -213,15 +214,16 @@ public static function getPasswordResetControl() ...@@ -213,15 +214,16 @@ public static function getPasswordResetControl()
/** /**
* @return bool * @return bool
*/ */
public static function isCLICompatible() public static function isCLICompatible(): bool
{ {
return true; return true;
} }
/** /**
* @param QUI\System\Console $Console * @param QUI\System\Console $Console
* @throws Exception
*/ */
public function cliAuthentication(QUI\System\Console $Console) public function cliAuthentication(QUI\System\Console $Console): void
{ {
$Console->clearMsg(); $Console->clearMsg();
......
...@@ -31,7 +31,7 @@ public function __construct(array $attributes = []) ...@@ -31,7 +31,7 @@ public function __construct(array $attributes = [])
/** /**
* @return string * @return string
*/ */
public function getBody() public function getBody(): string
{ {
$username = QUI::getSession()->get('username'); $username = QUI::getSession()->get('username');
$Engine = QUI::getTemplateManager()->getEngine(); $Engine = QUI::getTemplateManager()->getEngine();
......
...@@ -18,7 +18,7 @@ class Settings extends Control ...@@ -18,7 +18,7 @@ class Settings extends Control
/** /**
* @return string * @return string
*/ */
public function getBody() public function getBody(): string
{ {
return '<div class="quiqqer-auth-google2fa-settings" return '<div class="quiqqer-auth-google2fa-settings"
data-qui="package/quiqqer/authgoogle2fa/bin/controls/Settings"> data-qui="package/quiqqer/authgoogle2fa/bin/controls/Settings">
......