App specific token_auths (#15410)

* some initial work

* add security page

* backing up some code

* more functionality

* adjust more UI parts

* adjust more code

* more tweaks

* add todo note

* few tweaks

* make sure date is in right format

* fix not existing column

* few fixes

* available hashes

* use different hash algo so tests run on php 5

* fix name of aglorithm

* trying to fix some tests

* another try to fix some tests

* more fixes

* more fixes

* few fixes

* update template

* fix some tests

* fix test

* fixing some tests

* various test fixes

* more fixes

* few more tests

* more tests

* various tweaks

* add translations

* add some ui tests

* fix selector

* tweaks

* trying to fix some ui tests

* fallback to regular authentication if needed

* fix call authenticate on null

* fix user settings

* fix some tests

* few fixes

* fix more ui tests

* update schema

* Update plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js

Co-Authored-By: Stefan Giehl <stefan@matomo.org>

* fix maps are not showing data

* trying to fix some tests

* set correct token

* trying to fix tracking failure

* minor tweaks and fixes

* fix more tests

* fix screenshot test

* trigger event so brute force logic is executed

* test no fallback to actual authentication

* allow fallback

* apply review feedback

* fix some tests

* fix tests

* make sure location values from query params are limited properly before attempting a db insert

* make sure plugin uninstall migration reloads plugins, make sure 4.0.0-b1 migration removes unique index that is no longer used, use defaults extra file in SqlDump to get test to run on travis

* Fix UI tests.

* update expected screenshot

Co-authored-by: Stefan Giehl <stefan@matomo.org>
Co-authored-by: diosmosis <diosmosis@users.noreply.github.com>

6 files changed, 28 insertions, 22 deletions

diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php
index bb37cd5a64..cb9dedf7ab 100644
--- a/plugins/TwoFactorAuth/Controller.php
+++ b/plugins/TwoFactorAuth/Controller.php
@@ -148,7 +148,7 @@ class Controller extends \Piwik\Plugin\Controller
             $this->twoFa->disable2FAforUser(Piwik::getCurrentUserLogin());
             $this->passwordVerify->forgetVerifiedPassword();
 
-            $this->redirectToIndex('UsersManager', 'userSettings', null, null, null, array(
+            $this->redirectToIndex('UsersManager', 'userSecurity', null, null, null, array(
                 'disableNonce' => false
             ));
         }
diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php
index 9b86925b36..f5d17aff94 100644
--- a/plugins/TwoFactorAuth/TwoFactorAuth.php
+++ b/plugins/TwoFactorAuth/TwoFactorAuth.php
@@ -32,9 +32,9 @@ class TwoFactorAuth extends \Piwik\Plugin
             'AssetManager.getJavaScriptFiles' => 'getJsFiles',
             'AssetManager.getStylesheetFiles' => 'getStylesheetFiles',
             'API.UsersManager.deleteUser.end' => 'deleteRecoveryCodes',
-            'API.UsersManager.getTokenAuth.end' => 'onApiGetTokenAuth',
+            'API.UsersManager.createAppSpecificTokenAuth.end' => 'onCreateAppSpecificTokenAuth',
             'Request.dispatch.end' => array('function' => 'onRequestDispatchEnd', 'after' => true),
-            'Template.userSettings.afterTokenAuth' => 'render2FaUserSettings',
+            'Template.userSecurity.afterPassword' => 'render2FaUserSettings',
             'Login.authenticate.processSuccessfulSession.end' => 'onSuccessfulSession'
         );
     }
@@ -107,7 +107,7 @@ class TwoFactorAuth extends \Piwik\Plugin
         return !empty($user);
     }
 
-    public function onApiGetTokenAuth($returnedValue, $params)
+    public function onCreateAppSpecificTokenAuth($returnedValue, $params)
     {
         if (!SettingsPiwik::isMatomoInstalled()) {
             return;
diff --git a/plugins/TwoFactorAuth/templates/setupFinished.twig b/plugins/TwoFactorAuth/templates/setupFinished.twig
index 456e8f5189..02dec629f1 100644
--- a/plugins/TwoFactorAuth/templates/setupFinished.twig
+++ b/plugins/TwoFactorAuth/templates/setupFinished.twig
@@ -6,6 +6,6 @@
         </h2>
         <h3>{{ 'TwoFactorAuth_SetupFinishedSubtitle'|translate }}</h3>
         <p><br />
-        <a class="btn" href="{{ linkTo({'module': 'UsersManager', 'action': 'userSettings'}) }}">{{ 'General_Continue'|translate }}</a></p>
+        <a class="btn" href="{{ linkTo({'module': 'UsersManager', 'action': 'userSecurity'}) }}">{{ 'General_Continue'|translate }}</a></p>
     </div>
 {% endblock %}
diff --git a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php
index f5b047ced5..181595f582 100644
--- a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php
+++ b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php
@@ -82,7 +82,7 @@ class TwoFactorFixture extends Fixture
 
             if ($this->userWith2Fa === $user) {
                 $userModel = new Model();
-                $userModel->updateUserTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b');
+                $userModel->addTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b', 'twofa test', Date::now()->getDatetime());
             }
         }
 
diff --git a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php
index 797620443c..1df67e1e36 100644
--- a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php
+++ b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php
@@ -69,53 +69,59 @@ class TwoFactorAuthTest extends IntegrationTestCase
         unset($_GET['authCode']);
     }
 
-    public function test_onApiGetTokenAuth_canAuthenticateWhenUserNotUsesTwoFA()
+    public function test_onCreateAppSpecificTokenAuth_canAuthenticateWhenUserNotUsesTwoFA()
     {
-        $token = Request::processRequest('UsersManager.getTokenAuth', array(
+        $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
             'userLogin' => $this->userWithout2Fa,
-            'md5Password' => md5($this->userPassword)
+            'md5Password' => md5($this->userPassword),
+            'description' => 'twofa test'
         ));
         $this->assertEquals(32, strlen($token));
     }
 
-    public function test_onApiGetTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled()
+    public function test_onCreateAppSpecificTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled()
     {
-        $token = Request::processRequest('UsersManager.getTokenAuth', array(
+        $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
             'userLogin' => $this->userWith2Fa,
-            'md5Password' => md5('invalidPAssword')
+            'md5Password' => md5('invalidPAssword'),
+            'description' => 'twofa test'
         ));
         $this->assertEquals(32, strlen($token));
     }
 
-    public function test_onApiGetTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly()
+    public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly()
     {
         $this->expectException(\Exception::class);
         $this->expectExceptionMessage('TwoFactorAuth_MissingAuthCodeAPI');
 
-        Request::processRequest('UsersManager.getTokenAuth', array(
+        Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
+
             'userLogin' => $this->userWith2Fa,
-            'md5Password' => md5($this->userPassword)
+            'md5Password' => md5($this->userPassword),
+            'description' => 'twofa test'
         ));
     }
 
-    public function test_onApiGetTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly()
+    public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly()
     {
         $this->expectException(\Exception::class);
         $this->expectExceptionMessage('TwoFactorAuth_InvalidAuthCode');
 
         $_GET['authCode'] = '111222';
-        Request::processRequest('UsersManager.getTokenAuth', array(
+        Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
             'userLogin' => $this->userWith2Fa,
-            'md5Password' => md5($this->userPassword)
+            'md5Password' => md5($this->userPassword),
+            'description' => 'twofa test'
         ));
     }
 
-    public function test_onApiGetTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication()
+    public function test_onCreateAppSpecificTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication()
     {
         $_GET['authCode'] = $this->generateValidAuthCode($this->user2faSecret);
-        $token = Request::processRequest('UsersManager.getTokenAuth', array(
+        $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array(
             'userLogin' => $this->userWith2Fa,
-            'md5Password' => md5($this->userPassword)
+            'md5Password' => md5($this->userPassword),
+            'description' => 'twofa test'
         ));
         $this->assertEquals(32, strlen($token));
     }
diff --git a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js
index 368ec0632f..cdfcb10c95 100644
--- a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js
+++ b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js
@@ -13,7 +13,7 @@ describe("TwoFactorAuth", function () {
     this.fixture = "Piwik\\Plugins\\TwoFactorAuth\\tests\\Fixtures\\TwoFactorFixture";
 
     var generalParams = 'idSite=1&period=day&date=2010-01-03',
-        userSettings = '?module=UsersManager&action=userSettings&' + generalParams,
+        userSettings = '?module=UsersManager&action=userSecurity&' + generalParams,
         logoutUrl = '?module=Login&action=logout&period=day&date=yesterday';