tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-09-26 03:19:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Double authentication active

Browse Source
This commit is contained in:
Jose Gonzalez 2023-02-16 07:25:26 +01:00
parent 1de571fa66
commit e42c4575d5
3 changed files with 546 additions and 488 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

933
pandora_console/godmode/users/configure_user.php
View File

File diff suppressed because it is too large Load Diff

7
pandora_console/godmode/users/user_management.php
View File

@ -220,6 +220,9 @@ $userManagementTable->data['fields_phone'][0] = html_print_input_text_extended(
true true
); );
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width w50p';
$userManagementTable->cellclass['captions_fields_admin_user'][0] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][0] = $doubleAuthentication;
if (users_is_admin() === true) { if (users_is_admin() === true) {
$globalProfileContent = []; $globalProfileContent = [];
$globalProfileContent[] = '<span>'.__('Administrator user').'</span>'; $globalProfileContent[] = '<span>'.__('Administrator user').'</span>';
@ -230,8 +233,8 @@ if (users_is_admin() === true) {
true true
); );
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width'; $userManagementTable->cellclass['captions_fields_admin_user'][1] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][0] = html_print_div( $userManagementTable->data['captions_fields_admin_user'][1] = html_print_div(
[ [
'class' => 'margin-top-10', 'class' => 'margin-top-10',
'style' => 'display: flex; flex-direction: row-reverse; align-items: center;', 'style' => 'display: flex; flex-direction: row-reverse; align-items: center;',

94
pandora_console/include/ajax/double_auth.ajax.php
View File

@ -1,21 +1,39 @@
<?php <?php
// Pandora FMS - http://pandorafms.com
// ================================================== /**
// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas * Double Authentication Ajax file.
// Please see http://pandorafms.org for full contribution list *
// This program is free software; you can redistribute it and/or * @category Users
// modify it under the terms of the GNU General Public License * @package Pandora FMS
// as published by the Free Software Foundation for version 2. * @subpackage Community
// This program is distributed in the hope that it will be useful, * @version 1.0.0
// but WITHOUT ANY WARRANTY; without even the implied warranty of * @license See below
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
// GNU General Public License for more details. * ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2023 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
global $config; global $config;
// Login check // Login check.
check_login(); check_login();
// Security check // Security check.
$id_user = (string) get_parameter('id_user'); $id_user = (string) get_parameter('id_user');
$FA_forced = (int) get_parameter('FA_forced'); $FA_forced = (int) get_parameter('FA_forced');
$id_user_auth = (string) get_parameter('id_user_auth', $config['id_user']); $id_user_auth = (string) get_parameter('id_user_auth', $config['id_user']);
@ -30,15 +48,15 @@ if ($id_user !== $config['id_user'] && $FA_forced != 1) {
return; return;
} }
// Load the class // Load the class.
require_once $config['homedir'].'/include/auth/GAuth/Auth.php'; require_once $config['homedir'].'/include/auth/GAuth/Auth.php';
// Default lenght of the secret // Default lenght of the secret.
$secret_lenght = 16; $secret_lenght = 16;
// Default lenght of the code // Default lenght of the code.
$code_lenght = 6; $code_lenght = 6;
// Generate a new secret for the user // Generate a new secret for the user.
$generate_double_auth_secret = (bool) get_parameter('generate_double_auth_secret'); $generate_double_auth_secret = (bool) get_parameter('generate_double_auth_secret');
if ($generate_double_auth_secret) { if ($generate_double_auth_secret) {
$gAuth = new \GAuth\Auth(); $gAuth = new \GAuth\Auth();
@ -93,7 +111,7 @@ if ($validate_double_auth_code) {
return; return;
} }
// Set the provided secret to the user // Set the provided secret to the user.
$save_double_auth_secret = (bool) get_parameter('save_double_auth_secret'); $save_double_auth_secret = (bool) get_parameter('save_double_auth_secret');
if ($save_double_auth_secret) { if ($save_double_auth_secret) {
$result = false; $result = false;
@ -101,10 +119,10 @@ if ($save_double_auth_secret) {
$secret = (string) get_parameter('secret'); $secret = (string) get_parameter('secret');
if (strlen($secret) === $secret_lenght) { if (strlen($secret) === $secret_lenght) {
// Delete the actual value (if exists) // Delete the actual value (if exists).
$where = ['id_user' => $id_user]; $where = ['id_user' => $id_user];
db_process_sql_delete('tuser_double_auth', $where); db_process_sql_delete('tuser_double_auth', $where);
// Insert the new value // Insert the new value.
$values = [ $values = [
'id_user' => $id_user, 'id_user' => $id_user,
'secret' => $secret, 'secret' => $secret,
@ -116,12 +134,12 @@ if ($save_double_auth_secret) {
return; return;
} }
// Disable the double auth for the user // Disable the double auth for the user.
$deactivate_double_auth = (bool) get_parameter('deactivate_double_auth'); $deactivate_double_auth = (bool) get_parameter('deactivate_double_auth');
if ($deactivate_double_auth) { if ($deactivate_double_auth) {
$result = false; $result = false;
// Delete the actual value (if exists) // Delete the actual value (if exists).
$where = ['id_user' => $id_user]; $where = ['id_user' => $id_user];
$result = db_process_sql_delete('tuser_double_auth', $where); $result = db_process_sql_delete('tuser_double_auth', $where);
@ -129,7 +147,7 @@ if ($deactivate_double_auth) {
return; return;
} }
// Get the info page to the container dialog // Get the info page to the container dialog.
$get_double_auth_data_page = (bool) get_parameter('get_double_auth_data_page'); $get_double_auth_data_page = (bool) get_parameter('get_double_auth_data_page');
if ($get_double_auth_data_page) { if ($get_double_auth_data_page) {
$secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $id_user); $secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $id_user);
@ -146,7 +164,7 @@ if ($get_double_auth_data_page) {
$html .= '</p>'; $html .= '</p>';
$html .= '</div>'; $html .= '</div>';
$html .= '<div class="center_align">'; $html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>"; $html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>'; $html .= '<br>';
$html .= __('QR').': <br>'; $html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>'; $html .= '<div id="qr-container"></div>';
@ -161,7 +179,7 @@ if ($get_double_auth_data_page) {
var secret = "<?php echo $secret; ?>"; var secret = "<?php echo $secret; ?>";
var id_user_auth = "<?php echo $id_user_auth; ?>"; var id_user_auth = "<?php echo $id_user_auth; ?>";
// QR code with the secret to add it to the app // QR code with the secret to add it to the app.
paint_qrcode("otpauth://totp/"+id_user_auth+"?secret="+secret, $("div#qr-container").get(0), 200, 200); paint_qrcode("otpauth://totp/"+id_user_auth+"?secret="+secret, $("div#qr-container").get(0), 200, 200);
$("div#qr-container").attr("title", "").find("canvas").remove(); $("div#qr-container").attr("title", "").find("canvas").remove();
@ -179,7 +197,7 @@ if ($get_double_auth_data_page) {
return; return;
} }
// Get the info page to the container dialog // Get the info page to the container dialog.
$get_double_auth_info_page = (bool) get_parameter('get_double_auth_info_page'); $get_double_auth_info_page = (bool) get_parameter('get_double_auth_info_page');
if ($get_double_auth_info_page) { if ($get_double_auth_info_page) {
$container_id = (string) get_parameter('containerID'); $container_id = (string) get_parameter('containerID');
@ -209,14 +227,14 @@ if ($get_double_auth_info_page) {
ob_clean(); ob_clean();
?> ?>
<script type="text/javascript"> <script type="text/javascript">
// Open the download page on click // Open the download page on click.
$("input[name=\"google_authenticator_download\"]").click(function (e) { $("#button-google_authenticator_download").click(function (e) {
e.preventDefault(); e.preventDefault();
window.open("https://support.google.com/accounts/answer/1066447"); window.open("https://support.google.com/accounts/answer/1066447");
}); });
// Change the container content with the generation page // Change the container content with the generation page.
$("input[name=\"continue_to_generate\"]").click(function (e) { $("#button-continue_to_generate").click(function (e) {
e.preventDefault(); e.preventDefault();
if (!confirm("<?php echo __('Are you installed the app yet?'); ?>")) { if (!confirm("<?php echo __('Are you installed the app yet?'); ?>")) {
@ -268,7 +286,7 @@ if ($get_double_auth_info_page) {
return; return;
} }
// Get the page that generates a secret for the user // Get the page that generates a secret for the user.
$get_double_auth_generation_page = (bool) get_parameter('get_double_auth_generation_page'); $get_double_auth_generation_page = (bool) get_parameter('get_double_auth_generation_page');
if ($get_double_auth_generation_page) { if ($get_double_auth_generation_page) {
$container_id = (string) get_parameter('containerID'); $container_id = (string) get_parameter('containerID');
@ -289,7 +307,7 @@ if ($get_double_auth_generation_page) {
$html .= '</p>'; $html .= '</p>';
$html .= '</div>'; $html .= '</div>';
$html .= '<div class="center_align">'; $html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>"; $html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>'; $html .= '<br>';
$html .= __('QR').': <br>'; $html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>'; $html .= '<div id="qr-container"></div>';
@ -319,7 +337,7 @@ if ($get_double_auth_generation_page) {
}, 10); }, 10);
// Load the same page with another secret // Load the same page with another secret
$("input[name=\"continue_to_generate\"]").click(function(e) { $("#button-continue_to_generate").click(function(e) {
e.preventDefault(); e.preventDefault();
var containerID = "<?php echo $container_id; ?>"; var containerID = "<?php echo $container_id; ?>";
@ -360,7 +378,7 @@ if ($get_double_auth_generation_page) {
}); });
// Load the validation page // Load the validation page
$("input[name=\"continue_to_validate\"]").click(function(e) { $("#button-continue_to_validate").click(function(e) {
e.preventDefault(); e.preventDefault();
if (!confirm("<?php echo __('Are you introduced the code in the authenticator app yet?'); ?>")) { if (!confirm("<?php echo __('Are you introduced the code in the authenticator app yet?'); ?>")) {
@ -455,7 +473,7 @@ if ($get_double_auth_validation_page) {
$(this).removeClass("red").css('border-color', '#cbcbcb'); $(this).removeClass("red").css('border-color', '#cbcbcb');
}); });
$("input[name=\"continue_to_validate\"]").click(function(e) { $("#button-continue_to_validate").click(function(e) {
e.preventDefault(); e.preventDefault();
// Hide the error message // Hide the error message
@ -463,7 +481,7 @@ if ($get_double_auth_validation_page) {
var containerID = "<?php echo $container_id; ?>"; var containerID = "<?php echo $container_id; ?>";
$("input[name=\"continue_to_validate\"]").prop('enabled', false).hide(); $("#button-continue_to_validate").prop('enabled', false).hide();
$("div#button-container").find("img").show(); $("div#button-container").find("img").show();
$.ajax({ $.ajax({
@ -493,7 +511,7 @@ if ($get_double_auth_validation_page) {
} }
// Invalid code // Invalid code
else if (data === false) { else if (data === false) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show(); $("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide(); $("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00'); $("input#text-code").addClass("red").css('border-color', '#c00');
@ -501,7 +519,7 @@ if ($get_double_auth_validation_page) {
} }
// Valid code but not saved // Valid code but not saved
else if (data === 1) { else if (data === 1) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show(); $("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide(); $("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00'); $("input#text-code").addClass("red").css('border-color', '#c00');