tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Double authentication active

Browse Source
This commit is contained in:
Jose Gonzalez 2023-02-16 07:25:26 +01:00
parent 1de571fa66
commit e42c4575d5
3 changed files with 546 additions and 488 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
pandora_console/godmode/users/configure_user.php
View File

@ -1,4 +1,5 @@
<?php
/**
* User creation / update.
*
@ -28,7 +29,7 @@
// Load global vars.
global $config;
// hd($_REQUEST, true); //TODO. For testing purposes.
check_login();
require_once $config['homedir'].'/vendor/autoload.php';
@ -1531,27 +1532,50 @@ if (isset($config['ehorus_user_level_conf']) === true && (bool) $config['ehorus_
$ehorus .= '</div>';
}
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id);
// Double authentication.
$doubleAuthElementsContent = [];
if (isset($config['double_auth_enabled']) === true && (bool) ($config['double_auth_enabled']) === true && check_acl($config['id_user'], 0, 'PM')) {
$double_authentication = '<div class="label_select_simple"><p class="edit_user_labels">'.__('Double authentication').'</p>';
// Know if Double Auth is enabled.
$double_auth_enabled = (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $id);
// Double authentication elements.
$doubleAuthElementsSubContent = [];
// Caption.
$doubleAuthElementsSubContent[] = '<span>'.__('Double authentication').'</span>';
// Switch.
if (($config['2FA_all_users'] == '' && !$double_auth_enabled)
|| ($config['double_auth_enabled'] == '' && $double_auth_enabled)
|| check_acl($config['id_user'], 0, 'PM')
) {
if ($new_user === false) {
$double_authentication .= html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
$doubleAuthElementsSubContent[] = html_print_checkbox_switch('double_auth', 1, $double_auth_enabled, true);
} else {
$double_authentication .= ui_print_help_tip(__('User must be created before activating double authentication.'), true);
$doubleAuthElementsSubContent[] = ui_print_help_tip(__('User must be created before activating double authentication.'), true);
}
}
// Control for show.
$doubleAuthElementsContent[] = html_print_div(
[
'style' => 'display: flex; flex-direction: row-reverse; align-items: center;',
'class' => 'margin-top-10',
'content' => implode('', $doubleAuthElementsSubContent),
],
true
);
// Dialog.
$double_authentication .= '<div id="dialog-double_auth" class="invisible"><div id="dialog-double_auth-container"></div></div>';
$doubleAuthElementsContent[] = html_print_div(
[
'id' => 'dialog-double_auth',
'class' => 'invisible',
'content' => html_print_div(['id' => 'dialog-double_auth-container'], true),
],
true
);
}
if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_users'] != '') {
$double_authentication .= html_print_button(
if ($double_auth_enabled === true && (bool) $config['double_auth_enabled'] === true && empty($config['2FA_all_users']) === false) {
$doubleAuthElementsContent[] = html_print_button(
__('Show information'),
'show_info',
false,
@ -1561,9 +1585,29 @@ if ($double_auth_enabled && $config['double_auth_enabled'] && $config['2FA_all_u
);
}
$doubleAuthentication = html_print_div(['content' => implode('', $doubleAuthElementsContent)], true);
/*
if (isset($double_authentication)) {
$double_authentication .= '</div>';
}
}*/
@ -2175,14 +2219,11 @@ function show_data_section () {
$elementSelected.children().removeClass('invisible');
}
function switch_ehorus_conf()
{
if(!$('#checkbox-ehorus_user_level_enabled').prop('checked'))
{
function switch_ehorus_conf() {
if (!$('#checkbox-ehorus_user_level_enabled').prop('checked')) {
$(".user_edit_ehorus_outer").hide();
}else
{
} else {
$(".user_edit_ehorus_outer").show();
}
@ -2220,8 +2261,7 @@ function show_double_auth_info () {
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
} else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
@ -2290,8 +2330,7 @@ function show_double_auth_activation () {
// data is a number, convert it to integer to do the compare
else if (Number(data) === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else {
} else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Error').'</div></b>'; ?>");
}
},
@ -2362,12 +2401,10 @@ function show_double_auth_deactivation () {
success: function(data, textStatus, xhr) {
if (data === -1) {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('Authentication error').'</div></b>'; ?>");
}
else if (data) {
} else if (data) {
$dialogContainer.html("<?php echo '<b><div class=\"green\">'.__('The double autentication was deactivated successfully').'</div></b>'; ?>");
$("input#checkbox-double_auth").prop("checked", false);
}
else {
} else {
$dialogContainer.html("<?php echo '<b><div class=\"red\">'.__('There was an error deactivating the double autentication').'</div></b>'; ?>");
}
},

7
pandora_console/godmode/users/user_management.php
View File

@ -220,6 +220,9 @@ $userManagementTable->data['fields_phone'][0] = html_print_input_text_extended(
true
);
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width w50p';
$userManagementTable->cellclass['captions_fields_admin_user'][0] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][0] = $doubleAuthentication;
if (users_is_admin() === true) {
$globalProfileContent = [];
$globalProfileContent[] = '<span>'.__('Administrator user').'</span>';
@ -230,8 +233,8 @@ if (users_is_admin() === true) {
true
);
$userManagementTable->rowclass['captions_fields_admin_user'] = 'field_half_width';
$userManagementTable->data['captions_fields_admin_user'][0] = html_print_div(
$userManagementTable->cellclass['captions_fields_admin_user'][1] = 'wrap';
$userManagementTable->data['captions_fields_admin_user'][1] = html_print_div(
[
'class' => 'margin-top-10',
'style' => 'display: flex; flex-direction: row-reverse; align-items: center;',

94
pandora_console/include/ajax/double_auth.ajax.php
View File

@ -1,21 +1,39 @@
<?php
// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
/**
* Double Authentication Ajax file.
*
* @category Users
* @package Pandora FMS
* @subpackage Community
* @version 1.0.0
* @license See below
*
* ______ ___ _______ _______ ________
* | __ \.-----.--.--.--| |.-----.----.-----. | ___| | | __|
* | __/| _ | | _ || _ | _| _ | | ___| |__ |
* |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
*
* ============================================================================
* Copyright (c) 2005-2023 Artica Soluciones Tecnologicas
* Please see http://pandorafms.org for full contribution list
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* ============================================================================
*/
// Begin.
global $config;
// Login check
// Login check.
check_login();
// Security check
// Security check.
$id_user = (string) get_parameter('id_user');
$FA_forced = (int) get_parameter('FA_forced');
$id_user_auth = (string) get_parameter('id_user_auth', $config['id_user']);
@ -30,15 +48,15 @@ if ($id_user !== $config['id_user'] && $FA_forced != 1) {
return;
}
// Load the class
// Load the class.
require_once $config['homedir'].'/include/auth/GAuth/Auth.php';
// Default lenght of the secret
// Default lenght of the secret.
$secret_lenght = 16;
// Default lenght of the code
// Default lenght of the code.
$code_lenght = 6;
// Generate a new secret for the user
// Generate a new secret for the user.
$generate_double_auth_secret = (bool) get_parameter('generate_double_auth_secret');
if ($generate_double_auth_secret) {
$gAuth = new \GAuth\Auth();
@ -93,7 +111,7 @@ if ($validate_double_auth_code) {
return;
}
// Set the provided secret to the user
// Set the provided secret to the user.
$save_double_auth_secret = (bool) get_parameter('save_double_auth_secret');
if ($save_double_auth_secret) {
$result = false;
@ -101,10 +119,10 @@ if ($save_double_auth_secret) {
$secret = (string) get_parameter('secret');
if (strlen($secret) === $secret_lenght) {
// Delete the actual value (if exists)
// Delete the actual value (if exists).
$where = ['id_user' => $id_user];
db_process_sql_delete('tuser_double_auth', $where);
// Insert the new value
// Insert the new value.
$values = [
'id_user' => $id_user,
'secret' => $secret,
@ -116,12 +134,12 @@ if ($save_double_auth_secret) {
return;
}
// Disable the double auth for the user
// Disable the double auth for the user.
$deactivate_double_auth = (bool) get_parameter('deactivate_double_auth');
if ($deactivate_double_auth) {
$result = false;
// Delete the actual value (if exists)
// Delete the actual value (if exists).
$where = ['id_user' => $id_user];
$result = db_process_sql_delete('tuser_double_auth', $where);
@ -129,7 +147,7 @@ if ($deactivate_double_auth) {
return;
}
// Get the info page to the container dialog
// Get the info page to the container dialog.
$get_double_auth_data_page = (bool) get_parameter('get_double_auth_data_page');
if ($get_double_auth_data_page) {
$secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $id_user);
@ -146,7 +164,7 @@ if ($get_double_auth_data_page) {
$html .= '</p>';
$html .= '</div>';
$html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>";
$html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>';
$html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>';
@ -161,7 +179,7 @@ if ($get_double_auth_data_page) {
var secret = "<?php echo $secret; ?>";
var id_user_auth = "<?php echo $id_user_auth; ?>";
// QR code with the secret to add it to the app
// QR code with the secret to add it to the app.
paint_qrcode("otpauth://totp/"+id_user_auth+"?secret="+secret, $("div#qr-container").get(0), 200, 200);
$("div#qr-container").attr("title", "").find("canvas").remove();
@ -179,7 +197,7 @@ if ($get_double_auth_data_page) {
return;
}
// Get the info page to the container dialog
// Get the info page to the container dialog.
$get_double_auth_info_page = (bool) get_parameter('get_double_auth_info_page');
if ($get_double_auth_info_page) {
$container_id = (string) get_parameter('containerID');
@ -209,14 +227,14 @@ if ($get_double_auth_info_page) {
ob_clean();
?>
<script type="text/javascript">
// Open the download page on click
$("input[name=\"google_authenticator_download\"]").click(function (e) {
// Open the download page on click.
$("#button-google_authenticator_download").click(function (e) {
e.preventDefault();
window.open("https://support.google.com/accounts/answer/1066447");
});
// Change the container content with the generation page
$("input[name=\"continue_to_generate\"]").click(function (e) {
// Change the container content with the generation page.
$("#button-continue_to_generate").click(function (e) {
e.preventDefault();
if (!confirm("<?php echo __('Are you installed the app yet?'); ?>")) {
@ -268,7 +286,7 @@ if ($get_double_auth_info_page) {
return;
}
// Get the page that generates a secret for the user
// Get the page that generates a secret for the user.
$get_double_auth_generation_page = (bool) get_parameter('get_double_auth_generation_page');
if ($get_double_auth_generation_page) {
$container_id = (string) get_parameter('containerID');
@ -289,7 +307,7 @@ if ($get_double_auth_generation_page) {
$html .= '</p>';
$html .= '</div>';
$html .= '<div class="center_align">';
$html .= __('Code').": <b>$secret</b>";
$html .= __('Code').': <b>'.$secret.'</b>';
$html .= '<br>';
$html .= __('QR').': <br>';
$html .= '<div id="qr-container"></div>';
@ -319,7 +337,7 @@ if ($get_double_auth_generation_page) {
}, 10);
// Load the same page with another secret
$("input[name=\"continue_to_generate\"]").click(function(e) {
$("#button-continue_to_generate").click(function(e) {
e.preventDefault();
var containerID = "<?php echo $container_id; ?>";
@ -360,7 +378,7 @@ if ($get_double_auth_generation_page) {
});
// Load the validation page
$("input[name=\"continue_to_validate\"]").click(function(e) {
$("#button-continue_to_validate").click(function(e) {
e.preventDefault();
if (!confirm("<?php echo __('Are you introduced the code in the authenticator app yet?'); ?>")) {
@ -455,7 +473,7 @@ if ($get_double_auth_validation_page) {
$(this).removeClass("red").css('border-color', '#cbcbcb');
});
$("input[name=\"continue_to_validate\"]").click(function(e) {
$("#button-continue_to_validate").click(function(e) {
e.preventDefault();
// Hide the error message
@ -463,7 +481,7 @@ if ($get_double_auth_validation_page) {
var containerID = "<?php echo $container_id; ?>";
$("input[name=\"continue_to_validate\"]").prop('enabled', false).hide();
$("#button-continue_to_validate").prop('enabled', false).hide();
$("div#button-container").find("img").show();
$.ajax({
@ -493,7 +511,7 @@ if ($get_double_auth_validation_page) {
}
// Invalid code
else if (data === false) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show();
$("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00');
@ -501,7 +519,7 @@ if ($get_double_auth_validation_page) {
}
// Valid code but not saved
else if (data === 1) {
$("input[name=\"continue_to_validate\"]").prop('enabled', true).show();
$("#button-continue_to_validate").prop('enabled', true).show();
$("div#button-container").find("img").hide();
$("input#text-code").addClass("red").css('border-color', '#c00');