diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-03-18 06:04:12 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-18 06:04:12 +0300 |
commit | f0c246cb3a4db3021da7552f6779d56613799414 (patch) | |
tree | 42ddf7a9c2e086df78ffc40dfc23af74f8dd3a39 /plugins/TwoFactorAuth | |
parent | e493fee87c983e02001a7d9438cefe58141a38af (diff) |
App specific token_auths (#15410)
* some initial work
* add security page
* backing up some code
* more functionality
* adjust more UI parts
* adjust more code
* more tweaks
* add todo note
* few tweaks
* make sure date is in right format
* fix not existing column
* few fixes
* available hashes
* use different hash algo so tests run on php 5
* fix name of aglorithm
* trying to fix some tests
* another try to fix some tests
* more fixes
* more fixes
* few fixes
* update template
* fix some tests
* fix test
* fixing some tests
* various test fixes
* more fixes
* few more tests
* more tests
* various tweaks
* add translations
* add some ui tests
* fix selector
* tweaks
* trying to fix some ui tests
* fallback to regular authentication if needed
* fix call authenticate on null
* fix user settings
* fix some tests
* few fixes
* fix more ui tests
* update schema
* Update plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js
Co-Authored-By: Stefan Giehl <stefan@matomo.org>
* fix maps are not showing data
* trying to fix some tests
* set correct token
* trying to fix tracking failure
* minor tweaks and fixes
* fix more tests
* fix screenshot test
* trigger event so brute force logic is executed
* test no fallback to actual authentication
* allow fallback
* apply review feedback
* fix some tests
* fix tests
* make sure location values from query params are limited properly before attempting a db insert
* make sure plugin uninstall migration reloads plugins, make sure 4.0.0-b1 migration removes unique index that is no longer used, use defaults extra file in SqlDump to get test to run on travis
* Fix UI tests.
* update expected screenshot
Co-authored-by: Stefan Giehl <stefan@matomo.org>
Co-authored-by: diosmosis <diosmosis@users.noreply.github.com>
Diffstat (limited to 'plugins/TwoFactorAuth')
6 files changed, 28 insertions, 22 deletions
diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php index bb37cd5a64..cb9dedf7ab 100644 --- a/plugins/TwoFactorAuth/Controller.php +++ b/plugins/TwoFactorAuth/Controller.php @@ -148,7 +148,7 @@ class Controller extends \Piwik\Plugin\Controller $this->twoFa->disable2FAforUser(Piwik::getCurrentUserLogin()); $this->passwordVerify->forgetVerifiedPassword(); - $this->redirectToIndex('UsersManager', 'userSettings', null, null, null, array( + $this->redirectToIndex('UsersManager', 'userSecurity', null, null, null, array( 'disableNonce' => false )); } diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php index 9b86925b36..f5d17aff94 100644 --- a/plugins/TwoFactorAuth/TwoFactorAuth.php +++ b/plugins/TwoFactorAuth/TwoFactorAuth.php @@ -32,9 +32,9 @@ class TwoFactorAuth extends \Piwik\Plugin 'AssetManager.getJavaScriptFiles' => 'getJsFiles', 'AssetManager.getStylesheetFiles' => 'getStylesheetFiles', 'API.UsersManager.deleteUser.end' => 'deleteRecoveryCodes', - 'API.UsersManager.getTokenAuth.end' => 'onApiGetTokenAuth', + 'API.UsersManager.createAppSpecificTokenAuth.end' => 'onCreateAppSpecificTokenAuth', 'Request.dispatch.end' => array('function' => 'onRequestDispatchEnd', 'after' => true), - 'Template.userSettings.afterTokenAuth' => 'render2FaUserSettings', + 'Template.userSecurity.afterPassword' => 'render2FaUserSettings', 'Login.authenticate.processSuccessfulSession.end' => 'onSuccessfulSession' ); } @@ -107,7 +107,7 @@ class TwoFactorAuth extends \Piwik\Plugin return !empty($user); } - public function onApiGetTokenAuth($returnedValue, $params) + public function onCreateAppSpecificTokenAuth($returnedValue, $params) { if (!SettingsPiwik::isMatomoInstalled()) { return; diff --git a/plugins/TwoFactorAuth/templates/setupFinished.twig b/plugins/TwoFactorAuth/templates/setupFinished.twig index 456e8f5189..02dec629f1 100644 --- a/plugins/TwoFactorAuth/templates/setupFinished.twig +++ b/plugins/TwoFactorAuth/templates/setupFinished.twig @@ -6,6 +6,6 @@ </h2> <h3>{{ 'TwoFactorAuth_SetupFinishedSubtitle'|translate }}</h3> <p><br /> - <a class="btn" href="{{ linkTo({'module': 'UsersManager', 'action': 'userSettings'}) }}">{{ 'General_Continue'|translate }}</a></p> + <a class="btn" href="{{ linkTo({'module': 'UsersManager', 'action': 'userSecurity'}) }}">{{ 'General_Continue'|translate }}</a></p> </div> {% endblock %} diff --git a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php index f5b047ced5..181595f582 100644 --- a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php +++ b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php @@ -82,7 +82,7 @@ class TwoFactorFixture extends Fixture if ($this->userWith2Fa === $user) { $userModel = new Model(); - $userModel->updateUserTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b'); + $userModel->addTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b', 'twofa test', Date::now()->getDatetime()); } } diff --git a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php index 797620443c..1df67e1e36 100644 --- a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php +++ b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php @@ -69,53 +69,59 @@ class TwoFactorAuthTest extends IntegrationTestCase unset($_GET['authCode']); } - public function test_onApiGetTokenAuth_canAuthenticateWhenUserNotUsesTwoFA() + public function test_onCreateAppSpecificTokenAuth_canAuthenticateWhenUserNotUsesTwoFA() { - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWithout2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } - public function test_onApiGetTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled() + public function test_onCreateAppSpecificTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled() { - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5('invalidPAssword') + 'md5Password' => md5('invalidPAssword'), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } - public function test_onApiGetTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly() + public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly() { $this->expectException(\Exception::class); $this->expectExceptionMessage('TwoFactorAuth_MissingAuthCodeAPI'); - Request::processRequest('UsersManager.getTokenAuth', array( + Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( + 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); } - public function test_onApiGetTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly() + public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly() { $this->expectException(\Exception::class); $this->expectExceptionMessage('TwoFactorAuth_InvalidAuthCode'); $_GET['authCode'] = '111222'; - Request::processRequest('UsersManager.getTokenAuth', array( + Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); } - public function test_onApiGetTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication() + public function test_onCreateAppSpecificTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication() { $_GET['authCode'] = $this->generateValidAuthCode($this->user2faSecret); - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } diff --git a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js index 368ec0632f..cdfcb10c95 100644 --- a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js +++ b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js @@ -13,7 +13,7 @@ describe("TwoFactorAuth", function () { this.fixture = "Piwik\\Plugins\\TwoFactorAuth\\tests\\Fixtures\\TwoFactorFixture"; var generalParams = 'idSite=1&period=day&date=2010-01-03', - userSettings = '?module=UsersManager&action=userSettings&' + generalParams, + userSettings = '?module=UsersManager&action=userSecurity&' + generalParams, logoutUrl = '?module=Login&action=logout&period=day&date=yesterday'; |