commit 07e21bb6c8d3ff5cad5f7e7c001bd66a361ef6c9
parent 46363578305baa19f5fe067e0244aa8e0a9c064d
Author: Jan Dankert <devnull@localhost>
Date: Tue, 7 Nov 2017 21:30:48 +0100
Für Benutzer die Eigenschaft TOTP und HOTP für Einwegkennwörter speichern und anzeigen.
Diffstat:
8 files changed, 111 insertions(+), 68 deletions(-)
diff --git a/action/ProfileAction.class.php b/action/ProfileAction.class.php
@@ -28,7 +28,7 @@ class ProfileAction extends Action
{
public $security = SECURITY_USER;
- var $user;
+ private $user;
var $defaultSubAction = 'edit';
/**
@@ -50,6 +50,11 @@ class ProfileAction extends Action
$this->user->tel = $this->getRequestVar('tel' );
$this->user->desc = $this->getRequestVar('desc' );
$this->user->style = $this->getRequestVar('style' );
+ $this->user->language = $this->getRequestVar('language');
+ $this->user->timezone = $this->getRequestVar('timezone');
+ $this->user->hotp = $this->hasRequestVar('hotp' );
+ $this->user->totp = $this->hasRequestVar('totp' );
+
$this->setStyle( $this->user->style ); // Style sofort anwenden
Session::setUser( $this->user );
@@ -69,64 +74,6 @@ class ProfileAction extends Action
/**
- * Benutzer-Einstellungen anzeigen.
- * Diese Einstellungen werden im Cookie gespeichert.
- */
- function settingsView()
- {
- foreach( array('always_edit','ignore_ok_notices','timezone_offset','language') as $name )
- $this->setTemplateVar($name,Text::clean(isset($_COOKIE['or_'.$name])?$_COOKIE['or_'.$name]:'','abcdefghijklmnopqrstuvwxyz0123456789 .'));
-
- //Html::debug(Text::clean($_COOKIE['or_'.$name],'0123456789 .'));
- $timezone_list = array();
- //$timezone_list[ '' ] = 'SERVER ('.(date('Z')>=0?'+':'').intval(date('Z')/3600).':00)';
-
- global $conf;
- $tzlist = $conf['date']['timezone'];
- if ( !is_array($tzlist))$tzlist = array();
- foreach ($tzlist as $offset=>$name)
- $timezone_list[$offset] = $name.' ('.vorzeichen(intval($offset/60)).':00)'.($offset==date('Z')/60?' *':'');
-
- $this->setTemplateVar('timezone_list',$timezone_list);
- $languages = explode(',',$conf['i18n']['available']);
- foreach($languages as $id=>$name)
- {
- unset($languages[$id]);
- $languages[$name] = $name;
- }
- $this->setTemplateVar('language_list',$languages);
- }
-
-
-
- /**
- * Speichern der Benutzereinstellungen.
- */
- function settingsPost()
- {
- foreach( array('always_edit','ignore_ok_notices','timezone_offset','language') as $name )
- {
- // Prüfen, ob Checkbox aktiviert wurde.
- if ( $this->hasRequestVar($name))
- {
- // Cookie setzen
- setcookie('or_'.$name,$this->getRequestVar($name,OR_FILTER_ALPHANUM),time()+(60*60*24*30*12*2));
- $_COOKIE['or_'.$name] = $this->getRequestVar($name,OR_FILTER_ALPHANUM);
- }
- else
- {
- // Cookie loeschen
- setcookie('or_'.$name,'', time()-3600);
- unset($_COOKIE['or_'.$name]);
- }
- }
-
- $this->addNotice('user',$this->user->name,'SAVED','ok');
- }
-
-
-
- /**
* Anzeigen einer Maske zum Ändern des Kennwortes.
*/
function pwView()
@@ -258,9 +205,35 @@ class ProfileAction extends Action
*/
function editView()
{
- $this->setTemplateVars( $this->user->getProperties() );
+ $issuer = urlencode(config('application','operator'));
+ $account = $this->user->name.'@'.$_SERVER['SERVER_NAME'];
+
+ $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
+ $secret = $base32->encode(hex2bin($this->user->otpSecret));
+ $counter = $this->user->hotpCount;
+
+ $this->setTemplateVars( $this->user->getProperties() );
$this->setTemplateVar( 'allstyles',$this->user->getAvailableStyles() );
+
+ $this->setTemplateVar('timezone_list',timezone_identifiers_list() );
+
+ $languages = explode(',',config('i18n','available'));
+ foreach($languages as $id=>$name)
+ {
+ unset($languages[$id]);
+ $languages[$name] = $name;
+ }
+ $this->setTemplateVar('language_list',$languages);
+
+ $this->setTemplateVars(
+ $this->user->getProperties() +
+ array('totpSecretUrl' => "otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}",
+ 'hotpSecretUrl' => "otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}"
+ )
+ );
+
+
}
diff --git a/action/UserAction.class.php b/action/UserAction.class.php
@@ -52,6 +52,8 @@ class UserAction extends Action
$this->user->desc = $this->getRequestVar('desc' );
$this->user->language = $this->getRequestVar('language');
$this->user->timezone = $this->getRequestVar('timezone');
+ $this->user->hotp = $this->hasRequestVar('hotp' );
+ $this->user->totp = $this->hasRequestVar('totp' );
global $conf;
if ( @$conf['security']['user']['show_admin_mail'] )
diff --git a/language/de.ini.php b/language/de.ini.php
@@ -636,8 +636,8 @@ MENU_FILE_PROP_DESC =Eigenschaften dieser Datei editieren
MENU_FILE_PROP = Eigenschaften
MENU_FILE_PUB_DESC ="Datei veröffentlichen"
MENU_FILE_PUB ="Veröffentlichen"
-MENU_FILE_REMOVE =Datei löschen
-MENU_FILE_REMOVE =Löschen
+MENU_FILE_REMOVE=Datei löschen
+MENU_FILE_REMOVE=Löschen
MENU_FILE_RIGHTS =Berechtigungen
MENU_FILE_RIGHTS_DESC =Rechte dieser Datei ansehen
MENU_FILE_SHOW_DESC ="Diese Datei anzeigen"
@@ -754,6 +754,8 @@ MENU_MODEL_REMOVE =Entfernen
MENU_NAME="Name"
MENU_OPENID="Open-Id"
MENU_OTHER="Andere"
+MENU_ORDER="Reihenfolge"
+MENU_ORDER_DESC="Reihenfolge verändern"
MENU_PAGE_ACLFORM_DESC =Ein Recht zu dieser Seite hinzufügen
MENU_PAGE_ACLFORM =Hinzufügen
MENU_PAGE_CHANGETEMPLATE_DESC =Austausch der Seitenvorlage
@@ -831,6 +833,7 @@ MENU_PW = Kennwort
MENU_REGISTER_DESC ="Sie müssen registriert sein, um diese Anwendung nutzen zu können."
MENU_REGISTER ="Registrieren"
MENU_REMOVE="Löschen"
+MENU_REMOVE_DESC="Löschen"
MENU_RIGHTS = Berechtigungen
MENU_RIGHTS_DESC = "Berechtigungen anzeigen und bearbeiten"
MENU_RIGHTS_KEY = X
@@ -950,6 +953,8 @@ MENU_USER_RIGHTS_DESC="Alle Berechtigungen des Benutzers anzeigen"
MENU_USERS_DESC = "Bearbeiten der Mitgliedschaften von Benutzern in dieser Gruppe"
MENU_USERS = "Mitgliedschaften"
MENU_USERTIMELINE="Meine Änderungen"
+MENU_VALUE="Inhalt"
+MENU_VALUE_DESC="Inhalt"
MODE_EDIT = "Bearbeiten"
MODE_EDIT_CANCEL = "Abbrechen"
MODE_EDIT_CANCEL_DESC = "Eingaben verwerfen und die Bearbeitung abbrechen"
@@ -1188,4 +1193,8 @@ SELECT_PROJECT=Projekt auswählen
SELECT_LANGUAGE=Sprache auswählen
SELECT_MODEL=Variante auswählen
PWCHANGE_NOT_ALLOWED=Eine Kennwortänderung ist nicht möglich
-ERROR_IN_ELEMENT="Dieses Seitenelement konnte nicht erzeugt werden"-
\ No newline at end of file
+ERROR_IN_ELEMENT="Dieses Seitenelement konnte nicht erzeugt werden"
+
+USER_PASSWORD_EXPIRES=Kennwort läuft ab
+USER_HOTP=Zählerbasiertes Token als Zweifaktorauthentifizierung
+USER_TOTP=Zeitbasieres Token als Zweifaktorauthentifizierung
diff --git a/language/en.ini.php b/language/en.ini.php
@@ -1230,3 +1230,8 @@ SELECT_PROJECT=Select project
SELECT_LANGUAGE=Select language
SELECT_MODEL=Select model
PWCHANGE_NOT_ALLOWED=Password change is not available
+
+
+USER_PASSWORD_EXPIRES=Password expires
+USER_HOTP=Counter-based 2-factor authentification
+USER_TOTP=Time-based 2-factor authentification
diff --git a/model/User.class.php b/model/User.class.php
@@ -324,9 +324,9 @@ SQL
$this->timezone = $row['timezone'];
$this->lastLogin = $row['last_login'];
$this->otpSecret = $row['otp_secret'];
- $this->hotp = $row['hotp'];
+ $this->hotp = ($row['hotp']==1);
$this->hotpCount = $row['hotp_counter'];
- $this->totp = $row['totp'];
+ $this->totp = ($row['totp']==1);
$this->passwordExpires = $row['password_expires'];
$this->passwordAlgo = $row['password_algo'];
@@ -393,7 +393,9 @@ SQL
style ={style} ,
language = {language},
timezone = {timezone},
- is_admin = {isAdmin}
+ is_admin = {isAdmin},
+ totp = {totp},
+ hotp = {hotp}
WHERE id={userid}
SQL
);
@@ -407,6 +409,8 @@ SQL
$sql->setString ( 'language',$this->language);
$sql->setString ( 'timezone',$this->timezone);
$sql->setBoolean( 'isAdmin' ,$this->isAdmin );
+ $sql->setBoolean( 'totp' ,$this->totp );
+ $sql->setBoolean( 'hotp' ,$this->hotp );
$sql->setInt ( 'userid' ,$this->userid );
// Datenbankabfrage ausfuehren
diff --git a/themes/default/layout/perspective/profile.ini.php b/themes/default/layout/perspective/profile.ini.php
@@ -7,7 +7,7 @@ default = usertimeline
[content]
-views = profile:edit,profile:pw,profile:settings
+views = profile:edit,profile:pw
default = edit
modal = false
diff --git a/themes/default/templates/profile/edit.tpl.src.xml b/themes/default/templates/profile/edit.tpl.src.xml
@@ -63,6 +63,53 @@
default="config:interface/style/default"></selectbox>
</part>
</part>
+ <part class="line">
+ <part class="label">
+ <label for="timezone_offset">
+ <text key="timezone" />
+ </label>
+ </part>
+ <part class="input">
+ <selectbox name="timezone" list="timezone_list"
+ addempty="true"></selectbox>
+ </part>
+ </part>
+ <part class="line">
+ <part class="label">
+ <label for="">
+ <text key="language" />
+ </label>
+ </part>
+ <part class="input">
+ <selectbox name="language" list="language_list" addempty="true"></selectbox>
+ </part>
+ </part>
+ </group>
+ <group title="message:security">
+ <part class="line">
+ <part class="label">
+ <text text="message:user_password_expires" />
+ </part>
+ <part class="input">
+ <date date="var:passwordExpires" />
+ </part>
+ </part>
+ <part class="line">
+ <part class="label">
+ </part>
+ <part class="input">
+ <checkbox name="totp"/><label for="totp" key="user_totp"></label>
+ <qrcode value="var:totpSecretUrl" />
+ </part>
+ </part>
+ <part class="line">
+ <part class="label">
+ </part>
+ <part class="input">
+ <checkbox name="hotp"/><label for="hotp" key="user_hotp"></label>
+ <qrcode value="var:hotpSecretUrl" />
+ </part>
+ </part>
</group>
</form>
</output>
\ No newline at end of file
diff --git a/themes/default/templates/user/edit.tpl.src.xml b/themes/default/templates/user/edit.tpl.src.xml
@@ -126,6 +126,8 @@
<label for="otpsecret" key="user_totp"></label>
</part>
<part class="input">
+ <checkbox name="totp"/><label for="totp" key="user_totp"></label>
+
<text var="otpSecret"></text>
<qrcode value="var:totpSecretUrl" />
</part>
@@ -135,6 +137,8 @@
<label for="otpsecret" key="user_hotp"></label>
</part>
<part class="input">
+ <checkbox name="hotp"/><label for="hotp" key="user_hotp"></label>
+
<qrcode value="var:hotpSecretUrl" />
</part>
</part>