Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-21 09:50:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop' into feature-optional-network-group-count

Browse source
This commit is contained in:
Hank Grabowski 2022-07-08 15:35:26 -04:00
commit 96d3b5bcf1
13 changed files with 821 additions and 613 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Module/Security/TwoFactor/SignOut.php
View file

@ -108,7 +108,7 @@ class SignOut extends BaseModule
info($this->t('Logged out.'));
$this->baseUrl->redirect();
}
} catch (NotFoundException $exception) {
} catch (TwoFactor\Exception\TrustedBrowserNotFoundException $exception) {
$this->cookie->clear();
$this->session->clear();

50
src/Module/Security/TwoFactor/Trust.php
View file

@ -29,7 +29,9 @@ use Friendica\Core\Session\Capability\IHandleSessions;
use Friendica\Model\User;
use Friendica\Model\User\Cookie;
use Friendica\Module\Response;
use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Network\HTTPException\FoundException;
use Friendica\Network\HTTPException\MovedPermanentlyException;
use Friendica\Network\HTTPException\TemporaryRedirectException;
use Friendica\Security\Authentication;
use Friendica\Util\Profiler;
use Friendica\Security\TwoFactor;
@ -53,23 +55,24 @@ class Trust extends BaseModule
/** @var TwoFactor\Factory\TrustedBrowser */
protected $trustedBrowserFactory;
/** @var TwoFactor\Repository\TrustedBrowser */
protected $trustedBrowserRepositoy;
protected $trustedBrowserRepository;
public function __construct(App $app, Authentication $auth, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, IHandleSessions $session, Cookie $cookie, TwoFactor\Factory\TrustedBrowser $trustedBrowserFactory, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Response $response, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->app = $app;
$this->auth = $auth;
$this->session = $session;
$this->cookie = $cookie;
$this->trustedBrowserFactory = $trustedBrowserFactory;
$this->trustedBrowserRepositoy = $trustedBrowserRepositoy;
$this->app = $app;
$this->auth = $auth;
$this->session = $session;
$this->cookie = $cookie;
$this->trustedBrowserFactory = $trustedBrowserFactory;
$this->trustedBrowserRepository = $trustedBrowserRepositoy;
}
protected function post(array $request = [])
{
if (!local_user() || !$this->session->get('2fa')) {
$this->logger->info('Invalid call', ['request' => $request]);
return;
}
@ -82,16 +85,27 @@ class Trust extends BaseModule
case 'trust':
case 'dont_trust':
$trustedBrowser = $this->trustedBrowserFactory->createForUserWithUserAgent(local_user(), $this->server['HTTP_USER_AGENT'], $action === 'trust');
$this->trustedBrowserRepositoy->save($trustedBrowser);
try {
$this->trustedBrowserRepository->save($trustedBrowser);
// The string is sent to the browser to be sent back with each request
if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) {
notice($this->t('Couldn\'t save browser to Cookie.'));
};
// The string is sent to the browser to be sent back with each request
if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) {
notice($this->t('Couldn\'t save browser to Cookie.'));
};
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected error when saving the trusted browser.', ['trustedBrowser' => $trustedBrowser, 'exception' => $exception]);
}
break;
}
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
try {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
} catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) {
// exception wanted!
throw $e;
} catch (\Exception $e) {
$this->logger->warning('Unexpected error during authentication.', ['user' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
}
}
}
@ -103,13 +117,17 @@ class Trust extends BaseModule
if ($this->cookie->get('2fa_cookie_hash')) {
try {
$trustedBrowser = $this->trustedBrowserRepositoy->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
$trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
if (!$trustedBrowser->trusted) {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
$this->baseUrl->redirect();
}
} catch (NotFoundException $exception) {
} catch (TwoFactor\Exception\TrustedBrowserNotFoundException $exception) {
$this->logger->notice('Trusted Browser of the cookie not found.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected persistence exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (\Exception $exception) {
$this->logger->warning('Unexpected exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
}
}

32
src/Module/Settings/TwoFactor/Trusted.php
View file

@ -77,7 +77,7 @@ class Trusted extends BaseSettings
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
switch ($_POST['action']) {
case 'remove_all' :
case 'remove_all':
$this->trustedBrowserRepo->removeAllForUser(local_user());
info($this->t('Trusted browsers successfully removed.'));
$this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
@ -118,9 +118,9 @@ class Trusted extends BaseSettings
$result = $parser->parse($trustedBrowser->user_agent);
$uaData = [
'os' => $result->os->family,
'device' => $result->device->family,
'browser' => $result->ua->family,
'os' => $result->os->family,
'device' => $result->device->family,
'browser' => $result->ua->family,
'trusted_labeled' => $trustedBrowser->trusted ? $this->t('Yes') : $this->t('No'),
];
@ -128,21 +128,21 @@ class Trusted extends BaseSettings
}, $trustedBrowsers->getArrayCopy());
return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/trusted_browsers.tpl'), [
'$form_security_token' => self::getFormSecurityToken('settings_2fa_trusted'),
'$form_security_token' => self::getFormSecurityToken('settings_2fa_trusted'),
'$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
'$title' => $this->t('Two-factor Trusted Browsers'),
'$message' => $this->t('Trusted browsers are individual browsers you chose to skip two-factor authentication to access Friendica. Please use this feature sparingly, as it can negate the benefit of two-factor authentication.'),
'$device_label' => $this->t('Device'),
'$os_label' => $this->t('OS'),
'$browser_label' => $this->t('Browser'),
'$trusted_label' => $this->t('Trusted'),
'$created_label' => $this->t('Created At'),
'$last_used_label' => $this->t('Last Use'),
'$remove_label' => $this->t('Remove'),
'$remove_all_label' => $this->t('Remove All'),
'$title' => $this->t('Two-factor Trusted Browsers'),
'$message' => $this->t('Trusted browsers are individual browsers you chose to skip two-factor authentication to access Friendica. Please use this feature sparingly, as it can negate the benefit of two-factor authentication.'),
'$device_label' => $this->t('Device'),
'$os_label' => $this->t('OS'),
'$browser_label' => $this->t('Browser'),
'$trusted_label' => $this->t('Trusted'),
'$created_label' => $this->t('Created At'),
'$last_used_label' => $this->t('Last Use'),
'$remove_label' => $this->t('Remove'),
'$remove_all_label' => $this->t('Remove All'),
'$trusted_browsers' => $trustedBrowserDisplay,
'$trusted_browsers' => $trustedBrowserDisplay,
]);
}
}