tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5719-9894-2fa-forzar-habilitado-y-no-poder-ser-desactivado-por-el-usuario' into 'develop' 

F2 feature

See merge request artica/pandorafms!3493
This commit is contained in:
Daniel Rodriguez 2020-11-30 14:28:03 +01:00
parent 76a9d6fa36 1ce48c812f
commit 3801fffa6e
8 changed files with 399 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
pandora_console/general/register.php
View File

@ -186,6 +186,88 @@ try {
$welcome = false;
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
if (!$double_auth_enabled && $config['2FA_all_users'] != ''
&& $config['2Fa_auth'] != '1'
&& $config['double_auth_enabled']
) {
echo '<div id="doble_auth_window" style="display: none"; >';
?>
<script type="text/javascript">
var userID = "<?php echo $config['id_user']; ?>";
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#doble_auth_window");
$dialogContainer.html($loadingSpinner);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
get_double_auth_info_page: 1,
containerID: $dialogContainer.prop('id')
},
complete: function (xhr, textStatus) {
},
success: function (data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function (xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#doble_auth_window").dialog({
<?php config_update_value('2Fa_auth', ''); ?>
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 500,
height: 400,
close: function (event, ui) {
<?php
if (!$double_auth_enabled) {
config_update_value('2Fa_auth', '1');
}
?>
// Abort the ajax request
if (typeof request != 'undefined'){
request.abort();
}
// Remove the contained html
$dialogContainer.empty();
//document.location.reload();
}
})
.show(); </script>
<?php
echo '</div>';
}
$newsletter = null;
?>

41
pandora_console/godmode/setup/setup_auth.php
View File

@ -221,10 +221,33 @@ if (is_ajax()) {
'double_auth_enabled',
1,
$config['double_auth_enabled'],
true
true,
false,
'showAndHide()'
);
$table->data['double_auth_enabled'] = $row;
// Enable 2FA for all users.
// Set default value.
set_unless_defined($config['2FA_all_users'], false);
$row = [];
$row['name'] = __('Force 2FA for all users is enabled');
$row['control'] .= html_print_checkbox_switch(
'2FA_all_users',
1,
$config['2FA_all_users'],
true
);
if (!$config['double_auth_enabled']) {
$table->rowclass['2FA_all_users'] = 'invisible';
} else {
$table->rowclass['2FA_all_users'] = '';
}
$table->data['2FA_all_users'] = $row;
// Session timeout.
// Default session timeout.
set_when_empty($config['session_timeout'], 90);
@ -317,6 +340,22 @@ echo '</form>';
?>
<script type="text/javascript">
function showAndHide() {
if ($('input[type=checkbox][name=double_auth_enabled]:checked').val() == 1) {
$('#table1-2FA_all_users').removeClass('invisible');
$('#table1-2FA_all_users-name').removeClass('invisible');
$('#table1-2FA_all_users-control').removeClass('invisible');
$('#table1-2FA_all_users').show();
} else {
$('#table1-2FA_all_users').hide();
}
}
$( document ).ready(function() {
});
//For change autocreate remote users
$('#auth').on('change', function(){
type_auth = $('#auth').val();
$.ajax({

244
pandora_console/godmode/users/configure_user.php
View File

@ -1128,6 +1128,28 @@ if ($config['ehorus_user_level_conf']) {
$ehorus .= '</div>';
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id);
if ($config['double_auth_enabled'] && check_acl($config['id_user'], 0, 'PM')) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>';
if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM')
) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
}
// Dialog.
$double_authentication .= '<div id="dialog-double_auth" style="display:none"><div id="dialog-double_auth-container"></div></div>';
}
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') {
$double_authentication .= html_print_button(__('Show information'), 'show_info', false, 'javascript:show_double_auth_info();', '', true);
}
if (isset($double_authentication)) {
$double_authentication .= '</div>';
}
if ($meta) {
enterprise_include_once('include/functions_metaconsole.php');
@ -1179,7 +1201,7 @@ echo '<div id="user_form">
<div class="edit_user_autorefresh white_box"><p style="font-weight:bold;">Extra info</p>'.$email.$phone.$not_login.$session_time.'</div>
</div>
<div class="user_edit_second_row white_box">
<div class="edit_user_options">'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$newsletter.'</div>
<div class="edit_user_options">'.$language.$access_or_pagination.$skin.$home_screen.$default_event_filter.$newsletter.$double_authentication.'</div>
<div class="edit_user_timezone">'.$timezone;
if (!is_metaconsole()) {
@ -1278,6 +1300,15 @@ if (!is_metaconsole()) {
var json_profile = $('#hidden-json_profile');
/* <![CDATA[ */
$(document).ready (function () {
$("input#checkbox-double_auth").change(function (e) {
e.preventDefault();
if (this.checked) {
show_double_auth_activation();
} else {
show_double_auth_deactivation();
}
});
$('input:radio[name="is_admin"]').change(function() {
if($('#radiobtn0002').prop('checked')) {
$('#metaconsole_agents_manager_div').show();
@ -1495,5 +1526,216 @@ function switch_ehorus_conf()
}
function show_double_auth_info () {
var userID = '<?php echo io_safe_output($id); ?>';
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
$dialogContainer.html($loadingSpinner);
console.log(userID);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
get_double_auth_data_page: 1,
FA_forced: 1,
containerID: $dialogContainer.prop('id')
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#dialog-double_auth")
.css('display','block')
.append($dialogContainer)
.dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication information'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 400,
height: 375,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
}
})
.show();
}
function show_double_auth_activation () {
var userID = '<?php echo io_safe_output($id); ?>';
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
$dialogContainer.html($loadingSpinner);
// Load the info page
var request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'html',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
FA_forced: 1,
get_double_auth_info_page: 1,
containerID: $dialogContainer.prop('id')
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
// isNaN = is not a number
if (isNaN(data)) {
$dialogContainer.html(data);
}
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error loading the data').'</div></b>'; ?>");
}
});
$("div#dialog-double_auth").dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 500,
height: 400,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
document.location.reload();
}
})
.show();
}
function show_double_auth_deactivation () {
var userID = '<?php echo io_safe_output($id); ?>';
console.log(userID);
var $loadingSpinner = $("<img src=\"<?php echo $config['homeurl']; ?>/images/spinner.gif\" />");
var $dialogContainer = $("div#dialog-double_auth-container");
var message = "<p><?php echo __('Are you sure?').'<br>'.__('The double authentication will be deactivated'); ?></p>";
var $button = $("<input type=\"button\" value=\"<?php echo __('Deactivate'); ?>\" />");
$dialogContainer
.empty()
.append(message)
.append($button);
var request;
$button.click(function(e) {
e.preventDefault();
$dialogContainer.html($loadingSpinner);
// Deactivate the double auth
request = $.ajax({
url: "<?php echo ui_get_full_url('ajax.php', false, false, false); ?>",
type: 'POST',
dataType: 'json',
data: {
page: 'include/ajax/double_auth.ajax',
id_user: userID,
FA_forced: 1,
deactivate_double_auth: 1
},
complete: function(xhr, textStatus) {
},
success: function(data, textStatus, xhr) {
console.log(data);
if (data === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else if (data) {
$dialogContainer.html("<?php echo '<b><div class=\"green\">'.__('The double autentication was deactivated successfully').'</div></b>'; ?>");
}
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
}
},
error: function(xhr, textStatus, errorThrown) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
}
});
});
$("div#dialog-double_auth").dialog({
resizable: true,
draggable: true,
modal: true,
title: "<?php echo __('Double autentication activation'); ?>",
overlay: {
opacity: 0.5,
background: "black"
},
width: 300,
height: 150,
close: function(event, ui) {
// Abort the ajax request
if (typeof request != 'undefined')
request.abort();
// Remove the contained html
$dialogContainer.empty();
document.location.reload();
}
})
.show();
}
/* ]]> */
</script>

4
pandora_console/include/ajax/double_auth.ajax.php
View File

@ -17,7 +17,9 @@ check_login();
// Security check
$id_user = (string) get_parameter('id_user');
if ($id_user !== $config['id_user']) {
$FA_forced = (int) get_parameter('FA_forced');
if ($id_user !== $config['id_user'] && $FA_forced != 1) {
db_pandora_audit(
'ACL Violation',
'Trying to access Double Authentication'

8
pandora_console/include/functions_config.php
View File

@ -721,6 +721,10 @@ function config_update_config()
$error_update[] = __('Double authentication');
}
if (!config_update_value('2FA_all_users', get_parameter('2FA_all_users'))) {
$error_update[] = __('2FA all users');
}
if (!config_update_value('session_timeout', get_parameter('session_timeout'))) {
$error_update[] = __('Session timeout');
}
@ -2008,6 +2012,10 @@ function config_process_config()
config_update_value('welcome_state', WELCOME_STARTED);
}
if (!isset($config['2Fa_auth'])) {
config_update_value('2Fa_auth', '');
}
/*
* Parse the ACL IP list for access API
*/

4
pandora_console/include/styles/pandora.css
View File

@ -691,6 +691,10 @@ select:-internal-list-box {
display: none !important;
}
.visible {
display: block;
}
div#page {
background: #fbfbfb;
background-image: none;

3
pandora_console/index.php
View File

@ -390,6 +390,7 @@ if (! isset($config['id_user'])) {
}
$login_button_saml = get_parameter('login_button_saml', false);
config_update_value('2Fa_auth', '');
if (isset($double_auth_success) && $double_auth_success) {
// This values are true cause there are checked before complete
// the 2nd auth step.
@ -719,6 +720,8 @@ if (! isset($config['id_user'])) {
$redirect_url .= '&'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
header('Location: '.ui_get_full_url('index.php'.$redirect_url));
exit;
// Always exit after sending location headers.

26
pandora_console/operation/users/user_edit.php
View File

@ -393,14 +393,21 @@ $timezone .= html_print_timezone_select('timezone', $user_info['timezone']).'</d
// Double auth.
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $config['id_user']);
if ($config['double_auth_enabled']) {
if ($config['double_auth_enabled'] || ($config['double_auth_enabled'] == '' && $double_auth_enabled)) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>';
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['2FA_all_users'] != '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM')
) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
}
// Dialog.
$double_authentication .= '<div id="dialog-double_auth" style="display:none"><div id="dialog-double_auth-container"></div></div>';
}
if ($double_auth_enabled) {
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') {
$double_authentication .= html_print_button(__('Show information'), 'show_info', false, 'javascript:show_double_auth_info();', '', true);
}
@ -881,14 +888,13 @@ $(document).ready (function () {
$("input#checkbox-double_auth").change(function (e) {
e.preventDefault();
if (this.checked) {
show_double_auth_activation();
} else {
show_double_auth_deactivation();
}
});
if (this.checked) {
show_double_auth_activation();
}
else {
show_double_auth_deactivation();
}
});
show_data_section();
});