shared frontend, UserAPI invalidate sessions, bugfixes, stuff

This commit is contained in:
Roman 2023-02-09 23:55:30 +01:00
parent 8a09fc1f2d
commit 5acd13b945
15 changed files with 164 additions and 78 deletions

@ -76,15 +76,11 @@ namespace Core\API\Permission {
}
// user would have required groups, check for 2fa-state
if ($currentUser) {
$tfaToken = $currentUser->getTwoFactorToken();
if ($tfaToken && $tfaToken->isConfirmed() && !$tfaToken->isAuthenticated()) {
$this->lastError = '2FA-Authorization is required';
if ($currentUser && !$this->check2FA()) {
http_response_code(401);
return false;
}
}
}
return $this->success;
}

@ -5,6 +5,8 @@ namespace Core\API;
use Core\Driver\Logger\Logger;
use Core\Driver\SQL\Query\Insert;
use Core\Objects\Context;
use Core\Objects\DatabaseEntity\TwoFactorToken;
use Core\Objects\TwoFactor\KeyBasedTwoFactorToken;
use PhpMqtt\Client\MqttClient;
abstract class Request {
@ -126,6 +128,33 @@ abstract class Request {
protected abstract function _execute(): bool;
public static function getDefaultACL(Insert $insert): void { }
protected function check2FA(?TwoFactorToken $tfaToken = null): bool {
// do not require 2FA for verifying endpoints
if ($this instanceof \Core\API\Tfa\VerifyTotp || $this instanceof \Core\API\Tfa\VerifyKey) {
return true;
}
if ($tfaToken === null) {
$tfaToken = $this->context->getUser()?->getTwoFactorToken();
}
if ($tfaToken && $tfaToken->isConfirmed() && !$tfaToken->isAuthenticated()) {
if ($tfaToken instanceof KeyBasedTwoFactorToken && !$tfaToken->hasChallenge()) {
$tfaToken->generateChallenge();
}
$this->lastError = '2FA-Authorization is required';
$this->result["twoFactorToken"] = $tfaToken->jsonSerialize([
"type", "challenge", "authenticated", "confirmed", "credentialID"
]);
return false;
}
return true;
}
public final function execute($values = array()): bool {
$this->params = array_merge([], $this->defaultParams);
@ -196,17 +225,11 @@ abstract class Request {
$this->lastError = 'You are not logged in.';
http_response_code(401);
return false;
} else if ($session) {
$tfaToken = $session->getUser()->getTwoFactorToken();
if ($tfaToken && $tfaToken->isConfirmed() && !$tfaToken->isAuthenticated()) {
if (!($this instanceof \Core\API\Tfa\VerifyTotp) && !($this instanceof \Core\API\Tfa\VerifyKey)) {
$this->lastError = '2FA-Authorization is required';
} else if ($session && !$this->check2FA()) {
http_response_code(401);
return false;
}
}
}
}
// CSRF Token
if ($this->csrfTokenRequired && $session) {

@ -6,6 +6,8 @@ use Core\Driver\SQL\Expression\Count;
use Core\Driver\SQL\Expression\Distinct;
use Core\Driver\SQL\Query\Insert;
use Core\Objects\DatabaseEntity\Group;
use Core\Objects\DatabaseEntity\Route;
use Core\Objects\DatabaseEntity\User;
use DateTime;
use Core\Driver\SQL\Condition\Compare;
use Core\Driver\SQL\Condition\CondBool;
@ -20,26 +22,6 @@ class Stats extends Request {
parent::__construct($context, $externalCall, array());
}
private function getUserCount(): int {
$sql = $this->context->getSQL();
$res = $sql->select(new Count())->from("User")->execute();
$this->success = $this->success && ($res !== FALSE);
$this->lastError = $sql->getLastError();
return ($this->success ? intval($res[0]["count"]) : 0);
}
private function getPageCount(): int {
$sql = $this->context->getSQL();
$res = $sql->select(new Count())->from("Route")
->where(new CondBool("active"))
->execute();
$this->success = $this->success && ($res !== FALSE);
$this->lastError = $sql->getLastError();
return ($this->success ? intval($res[0]["count"]) : 0);
}
private function checkSettings(): bool {
$req = new \Core\API\Settings\Get($this->context);
$this->success = $req->execute(array("key" => "^(mail_enabled|recaptcha_enabled)$"));
@ -72,8 +54,9 @@ class Stats extends Request {
}
public function _execute(): bool {
$userCount = $this->getUserCount();
$pageCount = $this->getPageCount();
$sql = $this->context->getSQL();
$userCount = User::count($sql);
$pageCount = Route::count($sql, new CondBool("active"));
$req = new \Core\API\Visitors\Stats($this->context);
$this->success = $req->execute(array("type"=>"monthly"));
$this->lastError = $req->getLastError();

@ -189,6 +189,11 @@ namespace Core\API\TFA {
$sql = $this->context->getSQL();
$this->success = $twoFactorToken->confirm($sql) !== false;
$this->lastError = $sql->getLastError();
if ($this->success) {
$this->context->invalidateSessions(true);
}
return $this->success;
}
}
@ -315,6 +320,7 @@ namespace Core\API\TFA {
if ($this->success) {
$this->result["twoFactorToken"] = $twoFactorToken->jsonSerialize();
$this->context->invalidateSessions();
}
}

@ -222,7 +222,8 @@ namespace Core\API\User {
public function __construct(Context $context, $externalCall = false) {
parent::__construct($context, $externalCall,
self::getPaginationParameters(['id', 'name', 'email', 'groups', 'registeredAt'])
self::getPaginationParameters(['id', 'name', 'email', 'groups', 'registeredAt'],
'id', 'asc')
);
}
@ -253,8 +254,8 @@ namespace Core\API\User {
$groupNames = new Alias(
$sql->select(new JsonArrayAgg("name"))->from("Group")
->leftJoin("NM_Group_User", "NM_Group_User.group_id", "Group.id")
->whereEq("NM_Group_User.user_id", new Column("User.id")),
->leftJoin("NM_User_groups", "NM_User_groups.group_id", "Group.id")
->whereEq("NM_User_groups.user_id", new Column("User.id")),
"groups"
);
@ -588,15 +589,7 @@ namespace Core\API\User {
$this->result["user"] = $user->jsonSerialize();
$this->result["session"] = $session->jsonSerialize();
$this->result["logoutIn"] = $session->getExpiresSeconds();
if ($tfaToken && $tfaToken->isConfirmed()) {
if ($tfaToken instanceof KeyBasedTwoFactorToken) {
$tfaToken->generateChallenge();
}
$this->result["twoFactorToken"] = $tfaToken->jsonSerialize([
"type", "challenge", "authenticated", "confirmed", "credentialID"
]);
}
$this->check2FA($tfaToken);
$this->success = true;
}
} else {
@ -1116,6 +1109,7 @@ namespace Core\API\User {
if ($user->save($sql)) {
$this->logger->info("Issued password reset for user id=" . $user->getId());
$userToken->invalidate($sql);
$this->context->invalidateSessions(false);
return true;
} else {
return $this->createError("Error updating user details: " . $sql->getLastError());
@ -1152,6 +1146,7 @@ namespace Core\API\User {
}
$sql = $this->context->getSQL();
$updateFields = [];
$currentUser = $this->context->getUser();
if ($newUsername !== null) {
@ -1159,11 +1154,13 @@ namespace Core\API\User {
return false;
} else {
$currentUser->name = $newUsername;
$updateFields[] = "name";
}
}
if ($newFullName !== null) {
$currentUser->fullName = $newFullName;
$updateFields[] = "fullName";
}
if ($newPassword !== null || $newPasswordConfirm !== null) {
@ -1175,11 +1172,17 @@ namespace Core\API\User {
}
$currentUser->password = $this->hashPassword($newPassword);
$updateFields[] = "password";
}
}
$this->success = $currentUser->save($sql) !== false;
if (!empty($updateFields)) {
$this->success = $currentUser->save($sql, $updateFields) !== false;
$this->lastError = $sql->getLastError();
if ($this->success && in_array("password", $updateFields)) {
$this->context->invalidateSessions(true);
}
}
return $this->success;
}
}

@ -128,7 +128,6 @@ class CreateDatabase extends DatabaseScript {
$method = $reflectionClass->getName() . "::getDefaultACL";
$method($query);
}
if ($query->hasRows()) {
$queries[] = $query;
}

@ -106,9 +106,12 @@ class Settings {
public static function loadDefaults(): Settings {
$hostname = $_SERVER["SERVER_NAME"] ?? null;
if (empty($hostname)) {
$hostname = $_SERVER["HTTP_HOST"];
if (empty($hostname)) {
$hostname = "localhost";
}
}
$protocol = getProtocol();
$settings = new Settings();

@ -0,0 +1,34 @@
<?php
namespace Core\Driver\SQL\Expression;
use Core\Driver\SQL\Column\Column;
use Core\Driver\SQL\MySQL;
use Core\Driver\SQL\PostgreSQL;
use Core\Driver\SQL\SQL;
use Exception;
class JsonObjectAgg extends Expression {
private mixed $key;
private mixed $value;
public function __construct(mixed $key, mixed $value) {
$this->key = $key;
$this->value = $value;
}
public function getExpression(SQL $sql, array &$params): string {
$value = is_string($this->value) ? new Column($this->value) : $this->value;
$value = $sql->addValue($value, $params);
$key = is_string($this->key) ? new Column($this->key) : $this->key;
$key = $sql->addValue($key, $params);
if ($sql instanceof MySQL) {
return "JSON_OBJECTAGG($key, $value)";
} else if ($sql instanceof PostgreSQL) {
return "JSON_OBJECT_AGG($value)";
} else {
throw new Exception("JsonObjectAgg not implemented for driver type: " . get_class($sql));
}
}
}

@ -211,4 +211,16 @@ class Context {
public function getLanguage(): Language {
return $this->language;
}
public function invalidateSessions(bool $keepCurrent = true): bool {
$query = $this->sql->update("Session")
->set("active", false)
->whereEq("user_id", $this->user->getId());
if (!$keepCurrent && $this->session !== null) {
$query->whereNeq("id", $this->session->getId());
}
return $query->execute();
}
}

@ -36,6 +36,10 @@ class KeyBasedTwoFactorToken extends TwoFactorToken {
return $token;
}
public function hasChallenge(): bool {
return isset($this->challenge);
}
public function getChallenge(): string {
return $this->challenge;
}

@ -1,17 +1,22 @@
import {Link, Navigate, useNavigate} from "react-router-dom";
import {useCallback, useContext, useEffect} from "react";
import {useCallback, useContext, useEffect, useState} from "react";
import {LocaleContext} from "shared/locale";
import {DataColumn, DataTable, NumericColumn, StringColumn} from "shared/elements/data-table";
import {Button, IconButton} from "@material-ui/core";
import EditIcon from '@mui/icons-material/Edit';
import {Chip} from "@mui/material";
import AddIcon from "@mui/icons-material/Add";
import usePagination from "shared/hooks/pagination";
export default function UserListView(props) {
const api = props.api;
const showDialog = props.showDialog;
const {translate: L, requestModules, currentLocale} = useContext(LocaleContext);
const navigate = useNavigate();
const pagination = usePagination();
const [users, setUsers] = useState([]);
useEffect(() => {
requestModules(props.api, ["general", "account"], currentLocale).then(data => {
@ -21,15 +26,17 @@ export default function UserListView(props) {
});
}, [currentLocale]);
const onFetchUsers = useCallback(async (page, count, orderBy, sortOrder) => {
let res = await props.api.fetchUsers(page, count, orderBy, sortOrder);
const onFetchUsers = useCallback((page, count, orderBy, sortOrder) => {
api.fetchUsers(page, count, orderBy, sortOrder).then((res) => {
if (res.success) {
return Promise.resolve([res.users, res.pagination]);
setUsers(res.users);
pagination.update(res.pagination);
} else {
props.showDialog(res.msg, "Error fetching users");
showDialog(res.msg, "Error fetching users");
return null;
}
}, []);
});
}, [api, showDialog]);
const groupColumn = (() => {
let column = new DataColumn(L("account.groups"), "groups");
@ -80,9 +87,13 @@ export default function UserListView(props) {
{L("general.create_new")}
</Button>
</Link>
<DataTable className={"table table-striped"}
<DataTable
data={users}
pagination={pagination}
className={"table table-striped"}
fetchData={onFetchUsers}
placeholder={"No users to display"} columns={columnDefinitions} />
placeholder={"No users to display"}
columns={columnDefinitions} />
</div>
</div>
</div>

@ -49,6 +49,7 @@ export default class API {
let res = await response.json();
if (!res.success && res.msg === "You are not logged in.") {
this.loggedIn = false;
this.user = null;
}
return res;

@ -5,7 +5,7 @@ import React, {useCallback, useContext, useEffect, useState} from "react";
import "./data-table.css";
import {LocaleContext} from "../locale";
import clsx from "clsx";
import {Box, IconButton, TextField} from "@mui/material";
import {Box, IconButton, Select, TextField} from "@mui/material";
import {formatDate, formatDateTime} from "../util";
import CachedIcon from "@material-ui/icons/Cached";
@ -195,7 +195,7 @@ export class NumericColumn extends DataColumn {
}
renderData(L, entry, index) {
let number = super.renderData(L, entry).toString();
let number = super.renderData(L, entry, index).toString();
if (this.decimalDigits !== null) {
number = number.toFixed(this.decimalDigits);
@ -223,8 +223,8 @@ export class DateTimeColumn extends DataColumn {
}
renderData(L, entry, index) {
let date = super.renderData(L, entry);
return formatDateTime(L, date, this.precise);
let date = super.renderData(L, entry, index);
return date ? formatDateTime(L, date, this.precise) : "";
}
}
@ -234,8 +234,8 @@ export class DateColumn extends DataColumn {
}
renderData(L, entry, index) {
let date = super.renderData(L, entry);
return formatDate(L, date);
let date = super.renderData(L, entry, index);
return date ? formatDate(L, date) : "";
}
}
@ -245,7 +245,7 @@ export class BoolColumn extends DataColumn {
}
renderData(L, entry, index) {
let data = super.renderData(L, entry);
let data = super.renderData(L, entry, index);
return L(data ? "general.yes" : "general.no");
}
}
@ -260,9 +260,17 @@ export class InputColumn extends DataColumn {
renderData(L, entry, index) {
let value = super.renderData(L, entry, index);
let inputProps = typeof this.props === 'function' ? this.props(entry, index) : this.props;
if (this.type === 'text') {
return <TextField {...this.props} size={"small"} fullWidth={true}
return <TextField {...inputProps} size={"small"} fullWidth={true}
value={value} onChange={(e) => this.onChange(entry, index, e.target.value)} />
} else if (this.type === "select") {
let options = Object.entries(this.params.options || {}).map(([value, label]) =>
<option key={"option-" + value} value={value}>{label}</option>);
return <Select native {...inputProps} size={"small"} fullWidth={true} value={value}
onChange={(e) => this.onChange(entry, index, e.target.value)}>
{options}
</Select>
}
return <>[Invalid type: {this.type}]</>
@ -292,15 +300,19 @@ export class ControlsColumn extends DataColumn {
let props = {
...buttonProps,
key: "button-" + index,
onClick: (e) => { e.stopPropagation(); button.onClick(entry, index); },
}
// TODO: icon button!
if (button.hasOwnProperty("disabled")) {
props.disabled = typeof button.disabled === 'function'
? button.disabled(entry, index)
: button.disabled;
}
if (!props.disabled) {
props.onClick = (e) => { e.stopPropagation(); button.onClick(entry, index); }
}
if ((!button.hasOwnProperty("hidden")) ||
(typeof button.hidden === 'function' && !button.hidden(entry, index)) ||
(!button.hidden)) {

@ -7,7 +7,7 @@ import {
DialogContent,
DialogContentText,
DialogTitle,
Input, List, ListItem, TextField
Input, List, ListItem, Select, TextField
} from "@mui/material";
export default function Dialog(props) {

@ -7,7 +7,6 @@ export default function useAsyncSearch(callback, minLength = 1) {
const [results, setResults] = useState(null);
useEffect(() => {
console.log("searchString:", searchString);
if (minLength > 0 && (!searchString || searchString.length < minLength)) {
setResults([]);
return;