From f0c246cb3a4db3021da7552f6779d56613799414 Mon Sep 17 00:00:00 2001 From: Thomas Steur Date: Wed, 18 Mar 2020 16:04:12 +1300 Subject: App specific token_auths (#15410) * some initial work * add security page * backing up some code * more functionality * adjust more UI parts * adjust more code * more tweaks * add todo note * few tweaks * make sure date is in right format * fix not existing column * few fixes * available hashes * use different hash algo so tests run on php 5 * fix name of aglorithm * trying to fix some tests * another try to fix some tests * more fixes * more fixes * few fixes * update template * fix some tests * fix test * fixing some tests * various test fixes * more fixes * few more tests * more tests * various tweaks * add translations * add some ui tests * fix selector * tweaks * trying to fix some ui tests * fallback to regular authentication if needed * fix call authenticate on null * fix user settings * fix some tests * few fixes * fix more ui tests * update schema * Update plugins/CoreHome/angularjs/widget-loader/widgetloader.directive.js Co-Authored-By: Stefan Giehl * fix maps are not showing data * trying to fix some tests * set correct token * trying to fix tracking failure * minor tweaks and fixes * fix more tests * fix screenshot test * trigger event so brute force logic is executed * test no fallback to actual authentication * allow fallback * apply review feedback * fix some tests * fix tests * make sure location values from query params are limited properly before attempting a db insert * make sure plugin uninstall migration reloads plugins, make sure 4.0.0-b1 migration removes unique index that is no longer used, use defaults extra file in SqlDump to get test to run on travis * Fix UI tests. * update expected screenshot Co-authored-by: Stefan Giehl Co-authored-by: diosmosis --- plugins/TwoFactorAuth/Controller.php | 2 +- plugins/TwoFactorAuth/TwoFactorAuth.php | 6 ++-- plugins/TwoFactorAuth/templates/setupFinished.twig | 2 +- .../tests/Fixtures/TwoFactorFixture.php | 2 +- .../tests/Integration/TwoFactorAuthTest.php | 36 +++++++++++++--------- .../TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js | 2 +- 6 files changed, 28 insertions(+), 22 deletions(-) (limited to 'plugins/TwoFactorAuth') diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php index bb37cd5a64..cb9dedf7ab 100644 --- a/plugins/TwoFactorAuth/Controller.php +++ b/plugins/TwoFactorAuth/Controller.php @@ -148,7 +148,7 @@ class Controller extends \Piwik\Plugin\Controller $this->twoFa->disable2FAforUser(Piwik::getCurrentUserLogin()); $this->passwordVerify->forgetVerifiedPassword(); - $this->redirectToIndex('UsersManager', 'userSettings', null, null, null, array( + $this->redirectToIndex('UsersManager', 'userSecurity', null, null, null, array( 'disableNonce' => false )); } diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php index 9b86925b36..f5d17aff94 100644 --- a/plugins/TwoFactorAuth/TwoFactorAuth.php +++ b/plugins/TwoFactorAuth/TwoFactorAuth.php @@ -32,9 +32,9 @@ class TwoFactorAuth extends \Piwik\Plugin 'AssetManager.getJavaScriptFiles' => 'getJsFiles', 'AssetManager.getStylesheetFiles' => 'getStylesheetFiles', 'API.UsersManager.deleteUser.end' => 'deleteRecoveryCodes', - 'API.UsersManager.getTokenAuth.end' => 'onApiGetTokenAuth', + 'API.UsersManager.createAppSpecificTokenAuth.end' => 'onCreateAppSpecificTokenAuth', 'Request.dispatch.end' => array('function' => 'onRequestDispatchEnd', 'after' => true), - 'Template.userSettings.afterTokenAuth' => 'render2FaUserSettings', + 'Template.userSecurity.afterPassword' => 'render2FaUserSettings', 'Login.authenticate.processSuccessfulSession.end' => 'onSuccessfulSession' ); } @@ -107,7 +107,7 @@ class TwoFactorAuth extends \Piwik\Plugin return !empty($user); } - public function onApiGetTokenAuth($returnedValue, $params) + public function onCreateAppSpecificTokenAuth($returnedValue, $params) { if (!SettingsPiwik::isMatomoInstalled()) { return; diff --git a/plugins/TwoFactorAuth/templates/setupFinished.twig b/plugins/TwoFactorAuth/templates/setupFinished.twig index 456e8f5189..02dec629f1 100644 --- a/plugins/TwoFactorAuth/templates/setupFinished.twig +++ b/plugins/TwoFactorAuth/templates/setupFinished.twig @@ -6,6 +6,6 @@

{{ 'TwoFactorAuth_SetupFinishedSubtitle'|translate }}


- {{ 'General_Continue'|translate }}

+ {{ 'General_Continue'|translate }}

{% endblock %} diff --git a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php index f5b047ced5..181595f582 100644 --- a/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php +++ b/plugins/TwoFactorAuth/tests/Fixtures/TwoFactorFixture.php @@ -82,7 +82,7 @@ class TwoFactorFixture extends Fixture if ($this->userWith2Fa === $user) { $userModel = new Model(); - $userModel->updateUserTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b'); + $userModel->addTokenAuth($user, 'c4ca4238a0b923820dcc509a6f75849b', 'twofa test', Date::now()->getDatetime()); } } diff --git a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php index 797620443c..1df67e1e36 100644 --- a/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php +++ b/plugins/TwoFactorAuth/tests/Integration/TwoFactorAuthTest.php @@ -69,53 +69,59 @@ class TwoFactorAuthTest extends IntegrationTestCase unset($_GET['authCode']); } - public function test_onApiGetTokenAuth_canAuthenticateWhenUserNotUsesTwoFA() + public function test_onCreateAppSpecificTokenAuth_canAuthenticateWhenUserNotUsesTwoFA() { - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWithout2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } - public function test_onApiGetTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled() + public function test_onCreateAppSpecificTokenAuth_returnsRandomTokenWhenNotAuthenticatedEvenWhen2FAenabled() { - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5('invalidPAssword') + 'md5Password' => md5('invalidPAssword'), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } - public function test_onApiGetTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly() + public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenMissingTokenWhenUsing2FaAndAuthenticatedCorrectly() { $this->expectException(\Exception::class); $this->expectExceptionMessage('TwoFactorAuth_MissingAuthCodeAPI'); - Request::processRequest('UsersManager.getTokenAuth', array( + Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( + 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); } - public function test_onApiGetTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly() + public function test_onCreateAppSpecificTokenAuth_throwsErrorWhenInvalidTokenWhenUsing2FaAndAuthenticatedCorrectly() { $this->expectException(\Exception::class); $this->expectExceptionMessage('TwoFactorAuth_InvalidAuthCode'); $_GET['authCode'] = '111222'; - Request::processRequest('UsersManager.getTokenAuth', array( + Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); } - public function test_onApiGetTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication() + public function test_onCreateAppSpecificTokenAuth_returnsCorrectTokenWhenProvidingCorrectAuthTokenOnAuthentication() { $_GET['authCode'] = $this->generateValidAuthCode($this->user2faSecret); - $token = Request::processRequest('UsersManager.getTokenAuth', array( + $token = Request::processRequest('UsersManager.createAppSpecificTokenAuth', array( 'userLogin' => $this->userWith2Fa, - 'md5Password' => md5($this->userPassword) + 'md5Password' => md5($this->userPassword), + 'description' => 'twofa test' )); $this->assertEquals(32, strlen($token)); } diff --git a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js index 368ec0632f..cdfcb10c95 100644 --- a/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js +++ b/plugins/TwoFactorAuth/tests/UI/TwoFactorAuth_spec.js @@ -13,7 +13,7 @@ describe("TwoFactorAuth", function () { this.fixture = "Piwik\\Plugins\\TwoFactorAuth\\tests\\Fixtures\\TwoFactorFixture"; var generalParams = 'idSite=1&period=day&date=2010-01-03', - userSettings = '?module=UsersManager&action=userSettings&' + generalParams, + userSettings = '?module=UsersManager&action=userSecurity&' + generalParams, logoutUrl = '?module=Login&action=logout&period=day&date=yesterday'; -- cgit v1.2.3