Authentication - Fix MFA when all methods are enabled.

2023-06-24 21:18:39 +00:00 · 2023-06-24 21:18:39 +00:00 · aa7def54a6
parent 123ac6e00a
commit aa7def54a6
8 changed files with 178 additions and 27 deletions
--- a/core/authentication/app_languages.php
+++ b/core/authentication/app_languages.php
@ -78,8 +78,8 @@ $text['label-email_description']['zh-cn'] = "检查您的电子邮件以获取
 $text['label-email_description']['ja-jp'] = "メールで確認コードを確認してください。";
 $text['label-email_description']['ko-kr'] = "이메일에서 확인 코드를 확인하세요.";

-$text['label-totp_description']['en-us'] = "Enter your verification code.";
-$text['label-totp_description']['en-gb'] = "Enter your verification code.";
+$text['label-totp_description']['en-us'] = "Enter your Authenticator code.";
+$text['label-totp_description']['en-gb'] = "Enter your Authenticator code.";
 $text['label-totp_description']['ar-eg'] = "أدخل رمز التحقق الخاص بك.";
 $text['label-totp_description']['de-at'] = "Geben Sie Ihren Bestätigungs-Code ein.";
 $text['label-totp_description']['de-ch'] = "Geben Sie Ihren Bestätigungs-Code ein.";
@ -104,6 +104,32 @@ $text['label-totp_description']['zh-cn'] = "輸入您的驗證碼。";
 $text['label-totp_description']['ja-jp'] = "確認コードを入力してください。";
 $text['label-totp_description']['ko-kr'] = "인증 코드를 입력하세요.";

+$text['label-password_description']['en-us'] = "Enter your password.";
+$text['label-password_description']['en-gb'] = "Enter your password.";
+$text['label-password_description']['ar-eg'] = "ادخل رقمك السري.";
+$text['label-password_description']['de-at'] = "Geben Sie Ihr Passwort ein.";
+$text['label-password_description']['de-ch'] = "Geben Sie Ihr Passwort ein.";
+$text['label-password_description']['de-de'] = "Geben Sie Ihr Passwort ein.";
+$text['label-password_description']['el-gr'] = "Εισάγετε τον κωδικό σας.";
+$text['label-password_description']['es-cl'] = "Ingresa tu contraseña.";
+$text['label-password_description']['es-mx'] = "Ingresa tu contraseña.";
+$text['label-password_description']['fr-ca'] = "Tapez votre mot de passe.";
+$text['label-password_description']['fr-fr'] = "Tapez votre mot de passe.";
+$text['label-password_description']['he-il'] = "הכנס את הסיסמה שלך.";
+$text['label-password_description']['it-it'] = "Inserisci la tua password.";
+$text['label-password_description']['nl-nl'] = "Voer uw wachtwoord in.";
+$text['label-password_description']['pl-pl'] = "Wprowadź hasło.";
+$text['label-password_description']['pt-br'] = "Coloque sua senha.";
+$text['label-password_description']['pt-pt'] = "Coloque sua senha.";
+$text['label-password_description']['ro-ro'] = "Introduceți parola.";
+$text['label-password_description']['ru-ru'] = "Введите ваш пароль.";
+$text['label-password_description']['sv-se'] = "Ange ditt lösenord.";
+$text['label-password_description']['uk-ua'] = "Введіть ваш пароль.";
+$text['label-password_description']['tr-tr'] = "Şifrenizi girin.";
+$text['label-password_description']['zh-cn'] = "輸入您的密碼。";
+$text['label-password_description']['ja-jp'] = "パスワードを入力してください。";
+$text['label-password_description']['ko-kr'] = "비밀번호를 입력하세요.";
+
 $text['description-totp']['en-us'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login.";
 $text['description-totp']['en-gb'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login.";
 $text['description-totp']['ar-eg'] = "امسح الرمز ضوئيًا باستخدام تطبيق المصادقة أو مدير كلمات المرور. ثم استخدمه لإنشاء الرمز المميز لتسجيل الدخول.";
--- a/core/authentication/resources/classes/authentication.php
+++ b/core/authentication/resources/classes/authentication.php
@ -1,4 +1,28 @@
 <?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/

 /**
 * authentication
@ -69,10 +93,10 @@ class authentication {
 					$object = new $class_name();
 					$object->domain_name = $this->domain_name;
 					$object->domain_uuid = $this->domain_uuid;
-					if ($plugin == 'database' && isset($this->key)) {
+					if ($name == 'database' && isset($this->key)) {
 						$object->key = $this->key;
 					}
-					if ($plugin == 'database' && isset($this->username)) {
+					if ($name == 'database' && isset($this->username)) {
 						$object->username = $this->username;
 						$object->password = $this->password;
 					}
--- a/core/authentication/resources/classes/plugins/database.php
+++ b/core/authentication/resources/classes/plugins/database.php
@ -1,4 +1,28 @@
 <?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/

 /**
 * plugin_database
@ -83,6 +107,11 @@ class plugin_database {
 					$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 					$view->assign("login_logo_source", $settings['theme']['logo']);
 					$view->assign("message_delay", $settings['theme']['message_delay']);
+					if (!empty($_SESSION['username'])) {
+						$view->assign("login_password_description", $text['label-password_description']);
+						$view->assign("username", $_SESSION['username']);
+						$view->assign("button_cancel", $text['button-cancel']);
+					}

 				//messages
 					$view->assign('messages', message::html(true, '		'));
@ -277,4 +306,4 @@ class plugin_database {
 	}
 }

-?>
+?>
--- a/core/authentication/resources/classes/plugins/email.php
+++ b/core/authentication/resources/classes/plugins/email.php
@ -1,4 +1,28 @@
 <?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/

 /**
 * plugin_email
@ -75,7 +99,10 @@ class plugin_email {
 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("button_login", $text['button-login']);
-				$view->assign("button_cancel", $text['button-cancel']);
+				if (!empty($_SESSION['username'])) {
+					$view->assign("username", $_SESSION['username']);
+					$view->assign("button_cancel", $text['button-cancel']);
+				}

 				//show the views
 				$content = $view->render('username.htm');
@ -256,12 +283,10 @@ class plugin_email {
 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("button_verify", $text['label-verify']);
-				$view->assign("button_cancel", $text['button-cancel']);
-
-				//debug information
-				//echo "<pre>\n";
-				//print_r($text);
-				//echo "</pre>\n";
+				if (!empty($_SESSION['username'])) {
+					$view->assign("username", $_SESSION['username']);
+					$view->assign("button_cancel", $text['button-cancel']);
+				}

 				//show the views
 				$content = $view->render('email.htm');
@ -273,7 +298,7 @@ class plugin_email {
 			if (isset($_POST['authentication_code'])) {

 				//check if the authentication code has expired. if expired return false
-				if ($_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
+				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
 					//authentication code expired
 					$result["plugin"] = "email";
 					$result["domain_name"] = $_SESSION["domain_name"];
@ -286,7 +311,7 @@ class plugin_email {
 				}

 				//get the user details
-				$sql = "select user_uuid, user_email, contact_uuid, user_email_secret\n";
+				$sql = "select user_uuid, user_email, contact_uuid\n";
 				$sql .= "from v_users\n";
 				$sql .= "where (\n";
 				$sql .= "	username = :username\n";
@ -303,17 +328,19 @@ class plugin_email {
 				$this->user_uuid = $row['user_uuid'];
 				$this->user_email = $row['user_email'];
 				$this->contact_uuid = $row['contact_uuid'];
-				$this->user_email_secret = $row['user_email_secret'];
 				unset($parameters);

 				//validate the code
-				if ($_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
+				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
 					$auth_valid = true;
 				}
 				else {
 					$auth_valid = false;
 				}

+				//clear posted authentication code
+				unset($_POST['authentication_code']);
+
 				//get the user details
 				if ($auth_valid) {
 					//get user data from the database
@ -327,7 +354,6 @@ class plugin_email {
 					$parameters['user_uuid'] = $_SESSION["user_uuid"];
 					$database = new database;
 					$row = $database->select($sql, $parameters, 'row');
-					//view_array($row);
 					unset($parameters);

 					//set a few session variables
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@ -1,4 +1,28 @@
 <?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <markjcrane@fusionpbx.com>
+	Portions created by the Initial Developer are Copyright (C) 2008-2023
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <markjcrane@fusionpbx.com>
+*/

 /**
 * plugin_totp
@ -81,8 +105,11 @@ class plugin_totp {
 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("button_login", $text['button-login']);
-				$view->assign("button_cancel", $text['button-cancel']);
 				$view->assign("favicon", $settings['theme']['favicon']);
+				if (!empty($_SESSION['username'])) {
+					$view->assign("username", $_SESSION['username']);
+					$view->assign("button_cancel", $text['button-cancel']);
+				}

 				//show the views
 				$content = $view->render('username.htm');
@ -175,7 +202,10 @@ class plugin_totp {
 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
 				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("favicon", $settings['theme']['favicon']);
-				$view->assign("button_cancel", $text['button-cancel']);
+				if (!empty($_SESSION['username'])) {
+					$view->assign("username", $_SESSION['username']);
+					$view->assign("button_cancel", $text['button-cancel']);
+				}

 				//show the views
 				if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
@ -284,6 +314,9 @@ class plugin_totp {
 					$auth_valid = false;
 				}

+				//clear posted authentication code
+				unset($_POST['authentication_code']);
+
 				//get the user details
 				if ($auth_valid) {
 					//get user data from the database
@ -298,14 +331,13 @@ class plugin_totp {
 					$parameters['user_uuid'] = $_SESSION["user_uuid"];
 					$database = new database;
 					$row = $database->select($sql, $parameters, 'row');
-					//view_array($row);
 					unset($parameters);
 				}
 				else {
 					//destroy session
 					session_unset();
 					session_destroy();
-					//$_SESSION['authentication']['plugin']
+
 					//send http 403
 					header('HTTP/1.0 403 Forbidden', true, 403);

--- a/core/authentication/resources/views/email.htm
+++ b/core/authentication/resources/views/email.htm
@ -21,8 +21,10 @@
 					</div>
 					<div>
 						<input type='submit' name='' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_verify}' />
-						<br /><br />
-						<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
+						{if !empty($username)}
+							<br /><br />
+							<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
+						{/if}
 					</div>
 				</form>
 			</div>
--- a/core/authentication/resources/views/login.htm
+++ b/core/authentication/resources/views/login.htm
@ -64,12 +64,22 @@
 			<div id='default_login'>
 				<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}' /></a><br />
 				<form method='post' name='frm' action='{$login_destination_url}'>
-					<div>
-						<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}" /><br />
+					<div class='login_text'>
+						{if !empty($username)}
+							{$login_password_description}
+							<br /><br />
+							<input type='hidden' name='username' id='username' value="{$username}" />
+						{else}
+							<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}" /><br />
+						{/if}
 						<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}" /><br />
 					</div>
 					<div>
 						<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
+						{if !empty($username)}
+							<br /><br />
+							<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
+						{/if}
 					</div>
 				</form>
 			</div>
--- a/core/authentication/resources/views/username.htm
+++ b/core/authentication/resources/views/username.htm
@ -19,8 +19,10 @@
 					</div>
 					<div>
 						<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
-						<br /><br />
-						<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
+						{if !empty($username)}
+							<br /><br />
+							<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
+						{/if}
 					</div>
 				</form>
 			</div>