Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-01-09 16:44:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #14632 from annando/issue-13943

Browse source 
Issue 13943: Notify users on login that they are blocked
This commit is contained in:
Hypolite Petovan 2024-12-28 09:00:49 -05:00 committed by GitHub
commit 9944311b95
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 75 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/Model/User.php
View file

@ -678,11 +678,12 @@ class User
* @param mixed $user_info * @param mixed $user_info
* @param string $password * @param string $password
* @param bool $third_party * @param bool $third_party
* @param bool $with_blocked
* @return int User Id if authentication is successful * @return int User Id if authentication is successful
* @throws HTTPException\ForbiddenException * @throws HTTPException\ForbiddenException
* @throws HTTPException\NotFoundException * @throws HTTPException\NotFoundException
*/ */
public static function getIdFromPasswordAuthentication($user_info, string $password, bool $third_party = false): int public static function getIdFromPasswordAuthentication($user_info, string $password, bool $third_party = false, bool $with_blocked = false): int
{ {
// Addons registered with the "authenticate" hook may create the user on the // Addons registered with the "authenticate" hook may create the user on the
// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
@ -690,7 +691,7 @@ class User
// user in our database, if applicable, before re-throwing the exception if // user in our database, if applicable, before re-throwing the exception if
// they fail. // they fail.
try { try {
$user = self::getAuthenticationInfo($user_info); $user = self::getAuthenticationInfo($user_info, $with_blocked);
} catch (Exception $e) { } catch (Exception $e) {
$username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? ''); $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
@ -783,10 +784,11 @@ class User
* - User array with at least the uid and the hashed password * - User array with at least the uid and the hashed password
* *
* @param mixed $user_info * @param mixed $user_info
* @param bool $with_blocked
* @return array|null Null if not found/determined * @return array|null Null if not found/determined
* @throws HTTPException\NotFoundException * @throws HTTPException\NotFoundException
*/ */
public static function getAuthenticationInfo($user_info) public static function getAuthenticationInfo($user_info, bool $with_blocked = false)
{ {
$user = null; $user = null;
@ -805,25 +807,27 @@ class User
throw new Exception(DI::l10n()->t('Not enough information to authenticate')); throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
} }
} elseif (is_int($user_info) || is_string($user_info)) { } elseif (is_int($user_info) || is_string($user_info)) {
if (is_int($user_info)) {
$user = DBA::selectFirst(
'user',
['uid', 'nickname', 'password', 'legacy_password'],
[
'uid' => $user_info,
'blocked' => 0,
'account_expired' => 0,
'account_removed' => 0,
'verified' => 1
]
);
} else {
$fields = ['uid', 'nickname', 'password', 'legacy_password']; $fields = ['uid', 'nickname', 'password', 'legacy_password'];
if (is_int($user_info)) {
$condition = [
'uid' => $user_info,
'account_expired' => false,
'account_removed' => false,
'verified' => true
];
if (!$with_blocked) {
$condition = DBA::mergeConditions($condition, ['blocked' => false]);
}
$user = DBA::selectFirst('user', $fields, $condition);
} else {
$condition = [ $condition = [
"(`email` = ? OR `username` = ? OR `nickname` = ?) "(`email` = ? OR `username` = ? OR `nickname` = ?)
AND `verified` AND NOT `blocked` AND NOT `account_removed` AND NOT `account_expired`", AND `verified` AND NOT `account_removed` AND NOT `account_expired`",
$user_info, $user_info, $user_info $user_info, $user_info, $user_info
]; ];
if (!$with_blocked) {
$condition = DBA::mergeConditions($condition, ['blocked' => false]);
}
$user = DBA::selectFirst('user', $fields, $condition); $user = DBA::selectFirst('user', $fields, $condition);
} }

8
src/Security/Authentication.php
View file

@ -238,7 +238,7 @@ class Authentication
$record = $this->dba->selectFirst( $record = $this->dba->selectFirst(
'user', 'user',
[], [],
['uid' => User::getIdFromPasswordAuthentication($username, $password)] ['uid' => User::getIdFromPasswordAuthentication($username, $password, false, true)]
); );
} catch (Exception $e) { } catch (Exception $e) {
$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $this->remoteAddress]); $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $this->remoteAddress]);
@ -246,6 +246,12 @@ class Authentication
$this->baseUrl->redirect(); $this->baseUrl->redirect();
} }
if ($record['blocked']) {
$this->logger->warning('authenticate: user is blocked', ['action' => 'login', 'username' => $username, 'ip' => $this->remoteAddress]);
DI::sysmsg()->addNotice($this->l10n->t('Login failed because your account is blocked.'));
$this->baseUrl->redirect();
}
if (!$remember) { if (!$remember) {
$trusted = $this->cookie->get('2fa_cookie_hash') ?? null; $trusted = $this->cookie->get('2fa_cookie_hash') ?? null;
$this->cookie->clear(); $this->cookie->clear();

92
view/lang/C/messages.po
View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: 2024.09-rc\n" "Project-Id-Version: 2024.09-rc\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-12-22 07:45+0000\n" "POT-Creation-Date: 2024-12-28 00:35+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -944,7 +944,7 @@ msgstr ""
msgid "Enter user nickname: " msgid "Enter user nickname: "
msgstr "" msgstr ""
#: src/Console/User.php:168 src/Model/User.php:831 #: src/Console/User.php:168 src/Model/User.php:835
#: src/Module/Api/Twitter/ContactEndpoint.php:60 #: src/Module/Api/Twitter/ContactEndpoint.php:60
#: src/Module/Moderation/Users/Active.php:57 #: src/Module/Moderation/Users/Active.php:57
#: src/Module/Moderation/Users/Blocked.php:57 #: src/Module/Moderation/Users/Blocked.php:57
@ -1708,7 +1708,7 @@ msgstr ""
#: src/Content/Feature.php:116 src/Content/GroupManager.php:133 #: src/Content/Feature.php:116 src/Content/GroupManager.php:133
#: src/Content/Nav.php:264 src/Content/Text/HTML.php:868 #: src/Content/Nav.php:264 src/Content/Text/HTML.php:868
#: src/Content/Widget.php:552 src/Model/User.php:1390 #: src/Content/Widget.php:552 src/Model/User.php:1394
msgid "Groups" msgid "Groups"
msgstr "" msgstr ""
@ -3616,138 +3616,138 @@ msgstr ""
msgid "Responsible account: %s" msgid "Responsible account: %s"
msgstr "" msgstr ""
#: src/Model/User.php:217 src/Model/User.php:1310 #: src/Model/User.php:217 src/Model/User.php:1314
msgid "SERIOUS ERROR: Generation of security keys failed." msgid "SERIOUS ERROR: Generation of security keys failed."
msgstr "" msgstr ""
#: src/Model/User.php:740 src/Model/User.php:773 #: src/Model/User.php:741 src/Model/User.php:774
msgid "Login failed" msgid "Login failed"
msgstr "" msgstr ""
#: src/Model/User.php:805 #: src/Model/User.php:807
msgid "Not enough information to authenticate" msgid "Not enough information to authenticate"
msgstr "" msgstr ""
#: src/Model/User.php:930 #: src/Model/User.php:934
msgid "Password can't be empty" msgid "Password can't be empty"
msgstr "" msgstr ""
#: src/Model/User.php:972 #: src/Model/User.php:976
msgid "Empty passwords are not allowed." msgid "Empty passwords are not allowed."
msgstr "" msgstr ""
#: src/Model/User.php:976 #: src/Model/User.php:980
msgid "The new password has been exposed in a public data dump, please choose another." msgid "The new password has been exposed in a public data dump, please choose another."
msgstr "" msgstr ""
#: src/Model/User.php:980 #: src/Model/User.php:984
msgid "The password length is limited to 72 characters." msgid "The password length is limited to 72 characters."
msgstr "" msgstr ""
#: src/Model/User.php:984 #: src/Model/User.php:988
msgid "The password can't contain white spaces nor accentuated letters" msgid "The password can't contain white spaces nor accentuated letters"
msgstr "" msgstr ""
#: src/Model/User.php:1193 #: src/Model/User.php:1197
msgid "Passwords do not match. Password unchanged." msgid "Passwords do not match. Password unchanged."
msgstr "" msgstr ""
#: src/Model/User.php:1200 #: src/Model/User.php:1204
msgid "An invitation is required." msgid "An invitation is required."
msgstr "" msgstr ""
#: src/Model/User.php:1204 #: src/Model/User.php:1208
msgid "Invitation could not be verified." msgid "Invitation could not be verified."
msgstr "" msgstr ""
#: src/Model/User.php:1212 #: src/Model/User.php:1216
msgid "Invalid OpenID url" msgid "Invalid OpenID url"
msgstr "" msgstr ""
#: src/Model/User.php:1225 src/Security/Authentication.php:214 #: src/Model/User.php:1229 src/Security/Authentication.php:214
msgid "We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID." msgid "We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID."
msgstr "" msgstr ""
#: src/Model/User.php:1225 src/Security/Authentication.php:214 #: src/Model/User.php:1229 src/Security/Authentication.php:214
msgid "The error message was:" msgid "The error message was:"
msgstr "" msgstr ""
#: src/Model/User.php:1231 #: src/Model/User.php:1235
msgid "Please enter the required information." msgid "Please enter the required information."
msgstr "" msgstr ""
#: src/Model/User.php:1245 #: src/Model/User.php:1249
#, php-format #, php-format
msgid "system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values." msgid "system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values."
msgstr "" msgstr ""
#: src/Model/User.php:1252 #: src/Model/User.php:1256
#, php-format #, php-format
msgid "Username should be at least %s character." msgid "Username should be at least %s character."
msgid_plural "Username should be at least %s characters." msgid_plural "Username should be at least %s characters."
msgstr[0] "" msgstr[0] ""
msgstr[1] "" msgstr[1] ""
#: src/Model/User.php:1256 #: src/Model/User.php:1260
#, php-format #, php-format
msgid "Username should be at most %s character." msgid "Username should be at most %s character."
msgid_plural "Username should be at most %s characters." msgid_plural "Username should be at most %s characters."
msgstr[0] "" msgstr[0] ""
msgstr[1] "" msgstr[1] ""
#: src/Model/User.php:1264 #: src/Model/User.php:1268
msgid "That doesn't appear to be your full (First Last) name." msgid "That doesn't appear to be your full (First Last) name."
msgstr "" msgstr ""
#: src/Model/User.php:1269 #: src/Model/User.php:1273
msgid "Your email domain is not among those allowed on this site." msgid "Your email domain is not among those allowed on this site."
msgstr "" msgstr ""
#: src/Model/User.php:1273 #: src/Model/User.php:1277
msgid "Not a valid email address." msgid "Not a valid email address."
msgstr "" msgstr ""
#: src/Model/User.php:1276 #: src/Model/User.php:1280
msgid "The nickname was blocked from registration by the nodes admin." msgid "The nickname was blocked from registration by the nodes admin."
msgstr "" msgstr ""
#: src/Model/User.php:1280 src/Model/User.php:1286 #: src/Model/User.php:1284 src/Model/User.php:1290
msgid "Cannot use that email." msgid "Cannot use that email."
msgstr "" msgstr ""
#: src/Model/User.php:1292 #: src/Model/User.php:1296
msgid "Your nickname can only contain a-z, 0-9 and _." msgid "Your nickname can only contain a-z, 0-9 and _."
msgstr "" msgstr ""
#: src/Model/User.php:1300 src/Model/User.php:1350 #: src/Model/User.php:1304 src/Model/User.php:1354
msgid "Nickname is already registered. Please choose another." msgid "Nickname is already registered. Please choose another."
msgstr "" msgstr ""
#: src/Model/User.php:1337 src/Model/User.php:1341 #: src/Model/User.php:1341 src/Model/User.php:1345
msgid "An error occurred during registration. Please try again." msgid "An error occurred during registration. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1364 #: src/Model/User.php:1368
msgid "An error occurred creating your default profile. Please try again." msgid "An error occurred creating your default profile. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1371 #: src/Model/User.php:1375
msgid "An error occurred creating your self contact. Please try again." msgid "An error occurred creating your self contact. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1376 #: src/Model/User.php:1380
msgid "Friends" msgid "Friends"
msgstr "" msgstr ""
#: src/Model/User.php:1380 #: src/Model/User.php:1384
msgid "An error occurred creating your default contact circle. Please try again." msgid "An error occurred creating your default contact circle. Please try again."
msgstr "" msgstr ""
#: src/Model/User.php:1428 #: src/Model/User.php:1432
msgid "Profile Photos" msgid "Profile Photos"
msgstr "" msgstr ""
#: src/Model/User.php:1616 #: src/Model/User.php:1620
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3755,7 +3755,7 @@ msgid ""
"\t\t\tthe administrator of %2$s has set up an account for you." "\t\t\tthe administrator of %2$s has set up an account for you."
msgstr "" msgstr ""
#: src/Model/User.php:1619 #: src/Model/User.php:1623
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3786,12 +3786,12 @@ msgid ""
"\t\tThank you and welcome to %4$s." "\t\tThank you and welcome to %4$s."
msgstr "" msgstr ""
#: src/Model/User.php:1651 src/Model/User.php:1757 #: src/Model/User.php:1655 src/Model/User.php:1761
#, php-format #, php-format
msgid "Registration details for %s" msgid "Registration details for %s"
msgstr "" msgstr ""
#: src/Model/User.php:1671 #: src/Model/User.php:1675
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3806,12 +3806,12 @@ msgid ""
"\t\t" "\t\t"
msgstr "" msgstr ""
#: src/Model/User.php:1690 #: src/Model/User.php:1694
#, php-format #, php-format
msgid "Registration at %s" msgid "Registration at %s"
msgstr "" msgstr ""
#: src/Model/User.php:1714 #: src/Model/User.php:1718
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3820,7 +3820,7 @@ msgid ""
"\t\t\t" "\t\t\t"
msgstr "" msgstr ""
#: src/Model/User.php:1722 #: src/Model/User.php:1726
#, php-format #, php-format
msgid "" msgid ""
"\n" "\n"
@ -3851,7 +3851,7 @@ msgid ""
"\t\t\tThank you and welcome to %2$s." "\t\t\tThank you and welcome to %2$s."
msgstr "" msgstr ""
#: src/Model/User.php:1784 #: src/Model/User.php:1788
msgid "User with delegates can't be removed, please remove delegate users first" msgid "User with delegates can't be removed, please remove delegate users first"
msgstr "" msgstr ""
@ -11759,12 +11759,16 @@ msgstr ""
msgid "Login failed. Please check your credentials." msgid "Login failed. Please check your credentials."
msgstr "" msgstr ""
#: src/Security/Authentication.php:359 #: src/Security/Authentication.php:251
msgid "Login failed because your account is blocked."
msgstr ""
#: src/Security/Authentication.php:365
#, php-format #, php-format
msgid "Welcome %s" msgid "Welcome %s"
msgstr "" msgstr ""
#: src/Security/Authentication.php:360 #: src/Security/Authentication.php:366
msgid "Please upload a profile photo." msgid "Please upload a profile photo."
msgstr "" msgstr ""