tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Eric Lippmann 2025-07-23 14:03:30 +02:00
parent 0070c807a7
commit a1d36202dc
4 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
application/controllers/AuthenticationController.php
View File

@ -91,8 +91,13 @@ class AuthenticationController extends Controller
->sendResponse(); ->sendResponse();
exit; exit;
} }
// FORM DOES NOT REDIRECT, IF USER HAS 2FA ENABLED and token hasn't been challenged
$form->handleRequest(); $form->handleRequest();
} }
// if ($user->has2FA() && irgendwas_mit_session()) {
// // 2 FA form erstellen und zeigen und handeln
// in der session speichern ob der token gepasst hat
// }
$this->view->form = $form; $this->view->form = $form;
$this->view->defaultTitle = $this->translate('Icinga Web 2 Login'); $this->view->defaultTitle = $this->translate('Icinga Web 2 Login');
$this->view->requiresSetup = $requiresSetup; $this->view->requiresSetup = $requiresSetup;

12
application/forms/Authentication/LoginForm.php
View File

@ -161,6 +161,18 @@ class LoginForm extends Form
// Call provided AuthenticationHook(s) after successful login // Call provided AuthenticationHook(s) after successful login
AuthenticationHook::triggerLogin($user); AuthenticationHook::triggerLogin($user);
// If user has 2FA enabled and the token hasn't been validated, redirect to login again, so that
// the token is challenged.
$redirect = $this->getElement('redirect');
$old = $redirect->getValue();
$new = [];
if ($old) {
$new['redirect'] = $old;
}
$redirect->setValue(Url::fromPath('authentication/login', $new)->getRelativeUrl());
return true;
$this->getResponse()->setRerenderLayout(true); $this->getResponse()->setRerenderLayout(true);
return true; return true;
} }

9
library/Icinga/Authentication/Auth.php
View File

@ -87,6 +87,9 @@ class Auth
*/ */
public function isAuthenticated() public function isAuthenticated()
{ {
// return false just for testing. isAuthenticated must return false if the user is authentiacted but has 2FA enabled and the token hasn't been challenged yet.
return false;
if ($this->user !== null) { if ($this->user !== null) {
return true; return true;
} }
@ -94,6 +97,9 @@ class Auth
if ($this->user === null && ! $this->authExternal()) { if ($this->user === null && ! $this->authExternal()) {
return false; return false;
} }
// real 2fa check from above must happen here
return true; return true;
} }
@ -129,6 +135,7 @@ class Auth
$this->persistCurrentUser(); $this->persistCurrentUser();
} }
// don't log if 2fa hasn't been challenged yet
AuditHook::logActivity('login', 'User logged in'); AuditHook::logActivity('login', 'User logged in');
} }
@ -449,5 +456,7 @@ class Auth
// Load the user's roles // Load the user's roles
$admissionLoader = new AdmissionLoader(); $admissionLoader = new AdmissionLoader();
$admissionLoader->applyRoles($user); $admissionLoader->applyRoles($user);
// Set 2FA status from the user preferences in the user obect
} }
} }

3
library/Icinga/User/Preferences/PreferencesStore.php
View File

@ -282,8 +282,9 @@ class PreferencesStore
} }
} catch (Exception $e) { } catch (Exception $e) {
throw new NotWritableError( throw new NotWritableError(
'Cannot update preferences for user %s in database', 'Cannot update preferences for user %s in database: %s',
$this->getUser()->getUsername(), $this->getUser()->getUsername(),
$e->getMessage(),
$e $e
); );
} }