tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-09-26 03:19:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Double authentication active

Browse Source
This commit is contained in:
Jose Gonzalez 2023-02-16 07:25:26 +01:00
parent 1de571fa66
commit e42c4575d5
3 changed files with 546 additions and 488 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
pandora_console/godmode/users/configure_user.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* User creation / update. * User creation / update.
* *
@ -28,7 +29,7 @@
// Load global vars. // Load global vars.
global $config; global $config;
// hd($_REQUEST, true); //TODO. For testing purposes.
check_login(); check_login();
require_once $config['homedir'].'/vendor/autoload.php'; require_once $config['homedir'].'/vendor/autoload.php';
@ -1531,27 +1532,50 @@ if (isset($config['ehorus_user_level_conf']) === true && (bool) $config['ehorus_
$ehorus .= '</div>'; $ehorus .= '</div>';
} }
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id); // Double authentication.
$doubleAuthElementsContent = [];
if (isset($config['double_auth_enabled']) === true && (bool) ($config['double_auth_enabled']) === true && check_acl($config['id_user'], 0, 'PM')) { if (isset($config['double_auth_enabled']) === true && (bool) ($config['double_auth_enabled']) === true && check_acl($config['id_user'], 0, 'PM')) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>'; // Know if Double Auth is enabled.
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id);
// Double authentication elements.
$doubleAuthElementsSubContent = [];
// Caption.
$doubleAuthElementsSubContent[] = '<span>'.__('Double authentication').'</span>';
// Switch.
if (($config['2FA_all_users'] == '' && !$double_auth_enabled) if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled) || ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM') || check_acl($config['id_user'], 0, 'PM')
) { ) {
if ($new_user === false) { if ($new_user === false) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true); $doubleAuthElementsSubContent[] = html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
} else { } else {
$double_authentication .= ui_print_help_tip(__('User must be created before activating double authentication.'), true); $doubleAuthElementsSubContent[] = ui_print_help_tip(__('User must be created before activating double authentication.'), true);
} }
} }
// Control for show.
$doubleAuthElementsContent[] = html_print_div(
[
'style' => 'display: flex; flex-direction: row-reverse; align-items: center;',
'class' => 'margin-top-10',
'content' => implode('', $doubleAuthElementsSubContent),
],
true
);
// Dialog. // Dialog.
$double_authentication .= '<div id="dialog-double_auth" class="invisible"><div id="dialog-double_auth-container"></div></div>'; $doubleAuthElementsContent[] = html_print_div(
[
'id' => 'dialog-double_auth',
'class' => 'invisible',
'content' => html_print_div(['id' => 'dialog-double_auth-container'], true),
],
true
);
} }
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') { if ($double_auth_enabled === true && (bool) $config['double_auth_enabled'] === true && empty($config['2FA_all_users']) === false) {
$double_authentication .= html_print_button( $doubleAuthElementsContent[] = html_print_button(
__('Show information'), __('Show information'),
'show_info', 'show_info',
false, false,
@ -1561,9 +1585,29 @@ if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_u
); );
} }
$doubleAuthentication = html_print_div(['content' => implode('', $doubleAuthElementsContent)], true);
/*
if (isset($double_authentication)) { if (isset($double_authentication)) {
$double_authentication .= '</div>'; $double_authentication .= '</div>';
} }*/
@ -2175,14 +2219,11 @@ function show_data_section () {
$elementSelected.children().removeClass('invisible'); $elementSelected.children().removeClass('invisible');
} }
function switch_ehorus_conf() function switch_ehorus_conf() {
{ if (!$('#checkbox-ehorus_user_level_enabled').prop('checked')) {
if(!$('#checkbox-ehorus_user_level_enabled').prop('checked'))
{
$(".user_edit_ehorus_outer").hide(); $(".user_edit_ehorus_outer").hide();
}else } else {
{
$(".user_edit_ehorus_outer").show(); $(".user_edit_ehorus_outer").show();
} }
@ -2220,8 +2261,7 @@ function show_double_auth_info () {
// data is a number, convert it to integer to do the compare // data is a number, convert it to integer to do the compare
else if (Number(data) === -1) { else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
} } else {
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
} }
}, },
@ -2290,8 +2330,7 @@ function show_double_auth_activation () {
// data is a number, convert it to integer to do the compare // data is a number, convert it to integer to do the compare
else if (Number(data) === -1) { else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
} } else {
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
} }
}, },
@ -2362,12 +2401,10 @@ function show_double_auth_deactivation () {
success: function(data, textStatus, xhr) { success: function(data, textStatus, xhr) {
if (data === -1) { if (data === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
} } else if (data) {
else if (data) {
$dialogContainer.html("<?php echo '<b><div class=\"green\">'.__('The double autentication was deactivated successfully').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"green\">'.__('The double autentication was deactivated successfully').'</div></b>'; ?>");
$("input#checkbox-double_auth").prop("checked", false); $("input#checkbox-double_auth").prop("checked", false);
} } else {
else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>"); $dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
} }
}, },

7
pandora_console/godmode/users/user_management.php
View File

@ -220,6 +220,9 @@ $userManagementTable->data['fields_phone'][0] = html_print_input_text_extended(
true true
); );
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width w50p';
$userManagementTable->cellclass['captions_fields_admin_user'][0] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][0] = $doubleAuthentication;
if (users_is_admin() === true) { if (users_is_admin() === true) {
$globalProfileContent = []; $globalProfileContent = [];
$globalProfileContent[] = '<span>'.__('Administrator user').'</span>'; $globalProfileContent[] = '<span>'.__('Administrator user').'</span>';
@ -230,8 +233,8 @@ if (users_is_admin() === true) {
true true
); );
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width'; $userManagementTable->cellclass['captions_fields_admin_user'][1] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][0] = html_print_div( $userManagementTable->data['captions_fields_admin_user'][1] = html_print_div(
[ [
'class' => 'margin-top-10', 'class' => 'margin-top-10',
'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;',

94
pandora_console/include/ajax/double_auth.ajax.php
View File

@ -1,21 +1,39 @@
<?php <?php
// Pandora FMS - http://pandorafms.com
// ================================================== /**
// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas * Double Authentication Ajax file.
// Please see http://pandorafms.org for full contribution list *
// This program is free software; you can redistribute it and/or * @category Users
// modify it under the terms of the GNU General Public License * @package Pandora FMS
// as published by the Free Software Foundation for version 2. * @subpackage Community
// This program is distributed in the hope that it will be useful, * @version 1.0.0
// but WITHOUT ANY WARRANTY; without even the implied warranty of * @license See below
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
// GNU General Public License for more details. * ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2023 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
global $config; global $config;
// Login check // Login check.
check_login(); check_login();
// Security check // Security check.
$id_user = (string) get_parameter('id_user'); $id_user = (string) get_parameter('id_user');
$FA_forced = (int) get_parameter('FA_forced'); $FA_forced = (int) get_parameter('FA_forced');
$id_user_auth = (string) get_parameter('id_user_auth', $config['id_user']); $id_user_auth = (string) get_parameter('id_user_auth', $config['id_user']);
@ -30,15 +48,15 @@ if ($id_user !== $config['id_user'] && $FA_forced != 1) {
return; return;
} }
// Load the class // Load the class.
require_once $config['homedir'].'/include/auth/GAuth/Auth.php'; require_once $config['homedir'].'/include/auth/GAuth/Auth.php';
// Default lenght of the secret // Default lenght of the secret.
$secret_lenght = 16; $secret_lenght = 16;
// Default lenght of the code // Default lenght of the code.
$code_lenght = 6; $code_lenght = 6;
// Generate a new secret for the user // Generate a new secret for the user.
$generate_double_auth_secret = (bool) get_parameter('generate_double_auth_secret'); $generate_double_auth_secret = (bool) get_parameter('generate_double_auth_secret');
if ($generate_double_auth_secret) { if ($generate_double_auth_secret) {
$gAuth = new \GAuth\Auth(); $gAuth = new \GAuth\Auth();
@ -93,7 +111,7 @@ if ($validate_double_auth_code) {
return; return;
} }
// Set the provided secret to the user // Set the provided secret to the user.
$save_double_auth_secret = (bool) get_parameter('save_double_auth_secret'); $save_double_auth_secret = (bool) get_parameter('save_double_auth_secret');
if ($save_double_auth_secret) { if ($save_double_auth_secret) {
$result = false; $result = false;
@ -101,10 +119,10 @@ if ($save_double_auth_secret) {
$secret = (string) get_parameter('secret'); $secret = (string) get_parameter('secret');
if (strlen($secret) === $secret_lenght) { if (strlen($secret) === $secret_lenght) {
// Delete the actual value (if exists) // Delete the actual value (if exists).
$where = ['id_user' => $id_user]; $where = ['id_user' => $id_user];
db_process_sql_delete('tuser_double_auth', $where); db_process_sql_delete('tuser_double_auth', $where);
// Insert the new value // Insert the new value.
$values = [ $values = [
'id_user' => $id_user, 'id_user' => $id_user,
'secret' => $secret, 'secret' => $secret,
@ -116,12 +134,12 @@ if ($save_double_auth_secret) {
return; return;
} }
// Disable the double auth for the user // Disable the double auth for the user.
$deactivate_double_auth = (bool) get_parameter('deactivate_double_auth'); $deactivate_double_auth = (bool) get_parameter('deactivate_double_auth');
if ($deactivate_double_auth) { if ($deactivate_double_auth) {
$result = false; $result = false;
// Delete the actual value (if exists) // Delete the actual value (if exists).
$where = ['id_user' => $id_user]; $where = ['id_user' => $id_user];
$result = db_process_sql_delete('tuser_double_auth', $where); $result = db_process_sql_delete('tuser_double_auth', $where);
@ -129,7 +147,7 @@ if ($deactivate_double_auth) {
return; return;
} }
// Get the info page to the container dialog // Get the info page to the container dialog.
$get_double_auth_data_page = (bool) get_parameter('get_double_auth_data_page'); $get_double_auth_data_page = (bool) get_parameter('get_double_auth_data_page');
if ($get_double_auth_data_page) { if ($get_double_auth_data_page) {
$secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $id_user); $secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $id_user);
@ -146,7 +164,7 @@ if ($get_double_auth_data_page) {
$html .= '</p>'; $html .= '</p>';
$html .= '</div>'; $html .= '</div>';
$html .= '<div class="center_align">'; $html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>"; $html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>'; $html .= '<br>';
$html .= __('QR').': <br>'; $html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>'; $html .= '<div id="qr-container"></div>';
@ -161,7 +179,7 @@ if ($get_double_auth_data_page) {
var secret = "<?php echo $secret; ?>"; var secret = "<?php echo $secret; ?>";
var id_user_auth = "<?php echo $id_user_auth; ?>"; var id_user_auth = "<?php echo $id_user_auth; ?>";
// QR code with the secret to add it to the app // QR code with the secret to add it to the app.
paint_qrcode("otpauth://totp/"+id_user_auth+"?secret="+secret, $("div#qr-container").get(0), 200, 200); paint_qrcode("otpauth://totp/"+id_user_auth+"?secret="+secret, $("div#qr-container").get(0), 200, 200);
$("div#qr-container").attr("title", "").find("canvas").remove(); $("div#qr-container").attr("title", "").find("canvas").remove();
@ -179,7 +197,7 @@ if ($get_double_auth_data_page) {
return; return;
} }
// Get the info page to the container dialog // Get the info page to the container dialog.
$get_double_auth_info_page = (bool) get_parameter('get_double_auth_info_page'); $get_double_auth_info_page = (bool) get_parameter('get_double_auth_info_page');
if ($get_double_auth_info_page) { if ($get_double_auth_info_page) {
$container_id = (string) get_parameter('containerID'); $container_id = (string) get_parameter('containerID');
@ -209,14 +227,14 @@ if ($get_double_auth_info_page) {
ob_clean(); ob_clean();
?> ?>
<script type="text/javascript"> <script type="text/javascript">
// Open the download page on click // Open the download page on click.
$("input[name=\"google_authenticator_download\"]").click(function (e) { $("#button-google_authenticator_download").click(function (e) {
e.preventDefault(); e.preventDefault();
window.open("https://support.google.com/accounts/answer/1066447"); window.open("https://support.google.com/accounts/answer/1066447");
}); });
// Change the container content with the generation page // Change the container content with the generation page.
$("input[name=\"continue_to_generate\"]").click(function (e) { $("#button-continue_to_generate").click(function (e) {
e.preventDefault(); e.preventDefault();
if (!confirm("<?php echo __('Are you installed the app yet?'); ?>")) { if (!confirm("<?php echo __('Are you installed the app yet?'); ?>")) {
@ -268,7 +286,7 @@ if ($get_double_auth_info_page) {
return; return;
} }
// Get the page that generates a secret for the user // Get the page that generates a secret for the user.
$get_double_auth_generation_page = (bool) get_parameter('get_double_auth_generation_page'); $get_double_auth_generation_page = (bool) get_parameter('get_double_auth_generation_page');
if ($get_double_auth_generation_page) { if ($get_double_auth_generation_page) {
$container_id = (string) get_parameter('containerID'); $container_id = (string) get_parameter('containerID');
@ -289,7 +307,7 @@ if ($get_double_auth_generation_page) {
$html .= '</p>'; $html .= '</p>';
$html .= '</div>'; $html .= '</div>';
$html .= '<div class="center_align">'; $html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>"; $html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>'; $html .= '<br>';
$html .= __('QR').': <br>'; $html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>'; $html .= '<div id="qr-container"></div>';
@ -319,7 +337,7 @@ if ($get_double_auth_generation_page) {
}, 10); }, 10);
// Load the same page with another secret // Load the same page with another secret
$("input[name=\"continue_to_generate\"]").click(function(e) { $("#button-continue_to_generate").click(function(e) {
e.preventDefault(); e.preventDefault();
var containerID = "<?php echo $container_id; ?>"; var containerID = "<?php echo $container_id; ?>";
@ -360,7 +378,7 @@ if ($get_double_auth_generation_page) {
}); });
// Load the validation page // Load the validation page
$("input[name=\"continue_to_validate\"]").click(function(e) { $("#button-continue_to_validate").click(function(e) {
e.preventDefault(); e.preventDefault();
if (!confirm("<?php echo __('Are you introduced the code in the authenticator app yet?'); ?>")) { if (!confirm("<?php echo __('Are you introduced the code in the authenticator app yet?'); ?>")) {
@ -455,7 +473,7 @@ if ($get_double_auth_validation_page) {
$(this).removeClass("red").css('border-color', '#cbcbcb'); $(this).removeClass("red").css('border-color', '#cbcbcb');
}); });
$("input[name=\"continue_to_validate\"]").click(function(e) { $("#button-continue_to_validate").click(function(e) {
e.preventDefault(); e.preventDefault();
// Hide the error message // Hide the error message
@ -463,7 +481,7 @@ if ($get_double_auth_validation_page) {
var containerID = "<?php echo $container_id; ?>"; var containerID = "<?php echo $container_id; ?>";
$("input[name=\"continue_to_validate\"]").prop('enabled', false).hide(); $("#button-continue_to_validate").prop('enabled', false).hide();
$("div#button-container").find("img").show(); $("div#button-container").find("img").show();
$.ajax({ $.ajax({
@ -493,7 +511,7 @@ if ($get_double_auth_validation_page) {
} }
// Invalid code // Invalid code
else if (data === false) { else if (data === false) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show(); $("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide(); $("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00'); $("input#text-code").addClass("red").css('border-color', '#c00');
@ -501,7 +519,7 @@ if ($get_double_auth_validation_page) {
} }
// Valid code but not saved // Valid code but not saved
else if (data === 1) { else if (data === 1) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show(); $("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide(); $("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00'); $("input#text-code").addClass("red").css('border-color', '#c00');