dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Authentication - Fix MFA when all methods are enabled.

This commit is contained in:
fusionate 2023-06-24 21:18:39 +00:00
parent 123ac6e00a
commit aa7def54a6
No known key found for this signature in database
8 changed files with 178 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
core/authentication/app_languages.php
View File

@ -78,8 +78,8 @@ $text['label-email_description']['zh-cn'] = "检查您的电子邮件以获取
$text['label-email_description']['ja-jp'] = "メールで確認コードを確認してください。"; $text['label-email_description']['ja-jp'] = "メールで確認コードを確認してください。";
$text['label-email_description']['ko-kr'] = "이메일에서 확인 코드를 확인하세요."; $text['label-email_description']['ko-kr'] = "이메일에서 확인 코드를 확인하세요.";
$text['label-totp_description']['en-us'] = "Enter your verification code."; $text['label-totp_description']['en-us'] = "Enter your Authenticator code.";
$text['label-totp_description']['en-gb'] = "Enter your verification code."; $text['label-totp_description']['en-gb'] = "Enter your Authenticator code.";
$text['label-totp_description']['ar-eg'] = "أدخل رمز التحقق الخاص بك."; $text['label-totp_description']['ar-eg'] = "أدخل رمز التحقق الخاص بك.";
$text['label-totp_description']['de-at'] = "Geben Sie Ihren Bestätigungs-Code ein."; $text['label-totp_description']['de-at'] = "Geben Sie Ihren Bestätigungs-Code ein.";
$text['label-totp_description']['de-ch'] = "Geben Sie Ihren Bestätigungs-Code ein."; $text['label-totp_description']['de-ch'] = "Geben Sie Ihren Bestätigungs-Code ein.";
@ -104,6 +104,32 @@ $text['label-totp_description']['zh-cn'] = "輸入您的驗證碼。";
$text['label-totp_description']['ja-jp'] = "確認コードを入力してください。"; $text['label-totp_description']['ja-jp'] = "確認コードを入力してください。";
$text['label-totp_description']['ko-kr'] = "인증 코드를 입력하세요."; $text['label-totp_description']['ko-kr'] = "인증 코드를 입력하세요.";
$text['label-password_description']['en-us'] = "Enter your password.";
$text['label-password_description']['en-gb'] = "Enter your password.";
$text['label-password_description']['ar-eg'] = "ادخل رقمك السري.";
$text['label-password_description']['de-at'] = "Geben Sie Ihr Passwort ein.";
$text['label-password_description']['de-ch'] = "Geben Sie Ihr Passwort ein.";
$text['label-password_description']['de-de'] = "Geben Sie Ihr Passwort ein.";
$text['label-password_description']['el-gr'] = "Εισάγετε τον κωδικό σας.";
$text['label-password_description']['es-cl'] = "Ingresa tu contraseña.";
$text['label-password_description']['es-mx'] = "Ingresa tu contraseña.";
$text['label-password_description']['fr-ca'] = "Tapez votre mot de passe.";
$text['label-password_description']['fr-fr'] = "Tapez votre mot de passe.";
$text['label-password_description']['he-il'] = "הכנס את הסיסמה שלך.";
$text['label-password_description']['it-it'] = "Inserisci la tua password.";
$text['label-password_description']['nl-nl'] = "Voer uw wachtwoord in.";
$text['label-password_description']['pl-pl'] = "Wprowadź hasło.";
$text['label-password_description']['pt-br'] = "Coloque sua senha.";
$text['label-password_description']['pt-pt'] = "Coloque sua senha.";
$text['label-password_description']['ro-ro'] = "Introduceți parola.";
$text['label-password_description']['ru-ru'] = "Введите ваш пароль.";
$text['label-password_description']['sv-se'] = "Ange ditt lösenord.";
$text['label-password_description']['uk-ua'] = "Введіть ваш пароль.";
$text['label-password_description']['tr-tr'] = "Şifrenizi girin.";
$text['label-password_description']['zh-cn'] = "輸入您的密碼。";
$text['label-password_description']['ja-jp'] = "パスワードを入力してください。";
$text['label-password_description']['ko-kr'] = "비밀번호를 입력하세요.";
$text['description-totp']['en-us'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login."; $text['description-totp']['en-us'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login.";
$text['description-totp']['en-gb'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login."; $text['description-totp']['en-gb'] = "Scan the code with an authentication application or password manager. Then use it to generate the token for the login.";
$text['description-totp']['ar-eg'] = "امسح الرمز ضوئيًا باستخدام تطبيق المصادقة أو مدير كلمات المرور. ثم استخدمه لإنشاء الرمز المميز لتسجيل الدخول."; $text['description-totp']['ar-eg'] = "امسح الرمز ضوئيًا باستخدام تطبيق المصادقة أو مدير كلمات المرور. ثم استخدمه لإنشاء الرمز المميز لتسجيل الدخول.";

28
core/authentication/resources/classes/authentication.php
View File

@ -1,4 +1,28 @@
<?php <?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2023
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
/** /**
* authentication * authentication
@ -69,10 +93,10 @@ class authentication {
$object = new $class_name(); $object = new $class_name();
$object->domain_name = $this->domain_name; $object->domain_name = $this->domain_name;
$object->domain_uuid = $this->domain_uuid; $object->domain_uuid = $this->domain_uuid;
if ($plugin == 'database' && isset($this->key)) { if ($name == 'database' && isset($this->key)) {
$object->key = $this->key; $object->key = $this->key;
} }
if ($plugin == 'database' && isset($this->username)) { if ($name == 'database' && isset($this->username)) {
$object->username = $this->username; $object->username = $this->username;
$object->password = $this->password; $object->password = $this->password;
} }

29
core/authentication/resources/classes/plugins/database.php
View File

@ -1,4 +1,28 @@
<?php <?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2023
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
/** /**
* plugin_database * plugin_database
@ -83,6 +107,11 @@ class plugin_database {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("message_delay", $settings['theme']['message_delay']); $view->assign("message_delay", $settings['theme']['message_delay']);
if (!empty($_SESSION['username'])) {
$view->assign("login_password_description", $text['label-password_description']);
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
//messages //messages
$view->assign('messages', message::html(true, ' ')); $view->assign('messages', message::html(true, ' '));

46
core/authentication/resources/classes/plugins/email.php
View File

@ -1,4 +1,28 @@
<?php <?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2023
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
/** /**
* plugin_email * plugin_email
@ -75,7 +99,10 @@ class plugin_email {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("button_login", $text['button-login']); $view->assign("button_login", $text['button-login']);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']); $view->assign("button_cancel", $text['button-cancel']);
}
//show the views //show the views
$content = $view->render('username.htm'); $content = $view->render('username.htm');
@ -256,12 +283,10 @@ class plugin_email {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("button_verify", $text['label-verify']); $view->assign("button_verify", $text['label-verify']);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']); $view->assign("button_cancel", $text['button-cancel']);
}
//debug information
//echo "<pre>\n";
//print_r($text);
//echo "</pre>\n";
//show the views //show the views
$content = $view->render('email.htm'); $content = $view->render('email.htm');
@ -273,7 +298,7 @@ class plugin_email {
if (isset($_POST['authentication_code'])) { if (isset($_POST['authentication_code'])) {
//check if the authentication code has expired. if expired return false //check if the authentication code has expired. if expired return false
if ($_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) { if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
//authentication code expired //authentication code expired
$result["plugin"] = "email"; $result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"]; $result["domain_name"] = $_SESSION["domain_name"];
@ -286,7 +311,7 @@ class plugin_email {
} }
//get the user details //get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_email_secret\n"; $sql = "select user_uuid, user_email, contact_uuid\n";
$sql .= "from v_users\n"; $sql .= "from v_users\n";
$sql .= "where (\n"; $sql .= "where (\n";
$sql .= " username = :username\n"; $sql .= " username = :username\n";
@ -303,17 +328,19 @@ class plugin_email {
$this->user_uuid = $row['user_uuid']; $this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email']; $this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid']; $this->contact_uuid = $row['contact_uuid'];
$this->user_email_secret = $row['user_email_secret'];
unset($parameters); unset($parameters);
//validate the code //validate the code
if ($_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) { if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
$auth_valid = true; $auth_valid = true;
} }
else { else {
$auth_valid = false; $auth_valid = false;
} }
//clear posted authentication code
unset($_POST['authentication_code']);
//get the user details //get the user details
if ($auth_valid) { if ($auth_valid) {
//get user data from the database //get user data from the database
@ -327,7 +354,6 @@ class plugin_email {
$parameters['user_uuid'] = $_SESSION["user_uuid"]; $parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database; $database = new database;
$row = $database->select($sql, $parameters, 'row'); $row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters); unset($parameters);
//set a few session variables //set a few session variables

38
core/authentication/resources/classes/plugins/totp.php
View File

@ -1,4 +1,28 @@
<?php <?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2023
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
/** /**
* plugin_totp * plugin_totp
@ -81,8 +105,11 @@ class plugin_totp {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("button_login", $text['button-login']); $view->assign("button_login", $text['button-login']);
$view->assign("button_cancel", $text['button-cancel']);
$view->assign("favicon", $settings['theme']['favicon']); $view->assign("favicon", $settings['theme']['favicon']);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
//show the views //show the views
$content = $view->render('username.htm'); $content = $view->render('username.htm');
@ -175,7 +202,10 @@ class plugin_totp {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("favicon", $settings['theme']['favicon']); $view->assign("favicon", $settings['theme']['favicon']);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']); $view->assign("button_cancel", $text['button-cancel']);
}
//show the views //show the views
if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) { if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
@ -284,6 +314,9 @@ class plugin_totp {
$auth_valid = false; $auth_valid = false;
} }
//clear posted authentication code
unset($_POST['authentication_code']);
//get the user details //get the user details
if ($auth_valid) { if ($auth_valid) {
//get user data from the database //get user data from the database
@ -298,14 +331,13 @@ class plugin_totp {
$parameters['user_uuid'] = $_SESSION["user_uuid"]; $parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database; $database = new database;
$row = $database->select($sql, $parameters, 'row'); $row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters); unset($parameters);
} }
else { else {
//destroy session //destroy session
session_unset(); session_unset();
session_destroy(); session_destroy();
//$_SESSION['authentication']['plugin']
//send http 403 //send http 403
header('HTTP/1.0 403 Forbidden', true, 403); header('HTTP/1.0 403 Forbidden', true, 403);

2
core/authentication/resources/views/email.htm
View File

@ -21,8 +21,10 @@
</div> </div>
<div> <div>
<input type='submit' name='' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_verify}' /> <input type='submit' name='' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_verify}' />
{if !empty($username)}
<br /><br /> <br /><br />
<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a> <a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
{/if}
</div> </div>
</form> </form>
</div> </div>

12
core/authentication/resources/views/login.htm
View File

@ -64,12 +64,22 @@
<div id='default_login'> <div id='default_login'>
<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}' /></a><br /> <a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}' /></a><br />
<form method='post' name='frm' action='{$login_destination_url}'> <form method='post' name='frm' action='{$login_destination_url}'>
<div> <div class='login_text'>
{if !empty($username)}
{$login_password_description}
<br /><br />
<input type='hidden' name='username' id='username' value="{$username}" />
{else}
<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}" /><br /> <input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}" /><br />
{/if}
<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}" /><br /> <input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}" /><br />
</div> </div>
<div> <div>
<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' /> <input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
{if !empty($username)}
<br /><br />
<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
{/if}
</div> </div>
</form> </form>
</div> </div>

2
core/authentication/resources/views/username.htm
View File

@ -19,8 +19,10 @@
</div> </div>
<div> <div>
<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' /> <input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
{if !empty($username)}
<br /><br /> <br /><br />
<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a> <a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
{/if}
</div> </div>
</form> </form>
</div> </div>