few bugfixes, fido/u2f still WIP
This commit is contained in:
@@ -255,8 +255,11 @@ abstract class Request {
|
||||
$this->success = $req->execute(["method" => self::getEndpoint()]);
|
||||
$this->lastError = $req->getLastError();
|
||||
if (!$this->success) {
|
||||
$res = $req->getResult();
|
||||
if (!$this->context->getUser()) {
|
||||
$this->result["loggedIn"] = false;
|
||||
} else if (isset($res["twoFactorToken"])) {
|
||||
$this->result["twoFactorToken"] = $res["twoFactorToken"];
|
||||
}
|
||||
return false;
|
||||
}
|
||||
@@ -284,7 +287,7 @@ abstract class Request {
|
||||
// this should actually not occur, how to handle this case?
|
||||
$this->success = $success;
|
||||
}
|
||||
} catch (\Error $err) {
|
||||
} catch (\Throwable $err) {
|
||||
http_response_code(500);
|
||||
$this->createError($err->getMessage());
|
||||
$this->logger->error($err->getMessage());
|
||||
|
||||
@@ -61,7 +61,6 @@ namespace Core\API\TFA {
|
||||
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\TfaAPI;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Query\Insert;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\TwoFactor\AttestationObject;
|
||||
@@ -265,10 +264,7 @@ namespace Core\API\TFA {
|
||||
$settings = $this->context->getSettings();
|
||||
$relyingParty = $settings->getSiteName();
|
||||
$sql = $this->context->getSQL();
|
||||
|
||||
// TODO: for react development, localhost / HTTP_HOST is required, otherwise a DOMException is thrown
|
||||
$domain = parse_url($settings->getBaseUrl(), PHP_URL_HOST);
|
||||
// $domain = "localhost";
|
||||
|
||||
if (!$clientDataJSON || !$attestationObjectRaw) {
|
||||
$challenge = null;
|
||||
@@ -329,12 +325,13 @@ namespace Core\API\TFA {
|
||||
return $this->createError("Unsupported key type. Expected: -7");
|
||||
}
|
||||
|
||||
$twoFactorToken->authenticate();
|
||||
$this->success = $twoFactorToken->confirmKeyBased($sql, base64_encode($authData->getCredentialID()), $publicKey) !== false;
|
||||
$this->lastError = $sql->getLastError();
|
||||
|
||||
if ($this->success) {
|
||||
$this->result["twoFactorToken"] = $twoFactorToken->jsonSerialize();
|
||||
$this->context->invalidateSessions();
|
||||
$this->context->invalidateSessions(true);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -146,6 +146,7 @@ namespace Core\API\User {
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondIn;
|
||||
use Core\Driver\SQL\Expression\JsonArrayAgg;
|
||||
use Core\Objects\TwoFactor\KeyBasedTwoFactorToken;
|
||||
use ImagickException;
|
||||
use Core\Objects\Context;
|
||||
use Core\Objects\DatabaseEntity\GpgKey;
|
||||
@@ -374,6 +375,12 @@ namespace Core\API\User {
|
||||
$this->result["loggedIn"] = false;
|
||||
$userGroups = [];
|
||||
} else {
|
||||
|
||||
$twoFactorToken = $currentUser->getTwoFactorToken();
|
||||
if ($twoFactorToken instanceof KeyBasedTwoFactorToken && !$twoFactorToken->hasChallenge()) {
|
||||
$twoFactorToken->generateChallenge();
|
||||
}
|
||||
|
||||
$this->result["loggedIn"] = true;
|
||||
$userGroups = array_keys($currentUser->getGroups());
|
||||
$this->result["user"] = $currentUser->jsonSerialize();
|
||||
@@ -629,7 +636,7 @@ namespace Core\API\User {
|
||||
|
||||
$this->result["loggedIn"] = true;
|
||||
$this->result["user"] = $user->jsonSerialize();
|
||||
$this->result["session"] = $session->jsonSerialize();
|
||||
$this->result["session"] = $session->jsonSerialize(["expires", "csrfToken"]);
|
||||
$this->result["logoutIn"] = $session->getExpiresSeconds();
|
||||
$this->check2FA($tfaToken);
|
||||
$this->success = true;
|
||||
@@ -1310,6 +1317,7 @@ namespace Core\API\User {
|
||||
}
|
||||
|
||||
$settings = $this->context->getSettings();
|
||||
$siteName = htmlspecialchars($settings->getSiteName());
|
||||
$baseUrl = htmlspecialchars($settings->getBaseUrl());
|
||||
$token = htmlspecialchars(urlencode($token));
|
||||
$url = "$baseUrl/confirmGPG?token=$token";
|
||||
@@ -1317,14 +1325,12 @@ namespace Core\API\User {
|
||||
"you imported a GPG public key for end-to-end encrypted mail communication. " .
|
||||
"To confirm the key and verify, you own the corresponding private key, please click on the following link. " .
|
||||
"The link is active for one hour.<br><br>" .
|
||||
"<a href='$url'>$url</a><br>
|
||||
Best Regards<br>" .
|
||||
$settings->getSiteName() . " Administration";
|
||||
"<a href='$url'>$url</a><br>Best Regards<br>$siteName Administration";
|
||||
|
||||
$sendMail = new \Core\API\Mail\Send($this->context);
|
||||
$this->success = $sendMail->execute(array(
|
||||
"to" => $currentUser->getEmail(),
|
||||
"subject" => $settings->getSiteName() . " - Confirm GPG-Key",
|
||||
"subject" => "[$siteName] Confirm GPG-Key",
|
||||
"body" => $mailBody,
|
||||
"gpgFingerprint" => $gpgKey->getFingerprint()
|
||||
));
|
||||
|
||||
@@ -29,7 +29,7 @@ namespace Core\API\Visitors {
|
||||
class ProcessVisit extends VisitorsAPI {
|
||||
public function __construct(Context $context, bool $externalCall = false) {
|
||||
parent::__construct($context, $externalCall, array(
|
||||
"cookie" => new StringType("cookie")
|
||||
"cookie" => new StringType("cookie", 26)
|
||||
));
|
||||
$this->isPublic = false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user