blob: 617eb132cdcf5198ea143d790891c56d6badb0f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
<?php
return array(
'Piwik\Plugins\TwoFactorAuth\Dao\TwoFaSecretRandomGenerator' => DI\object('Piwik\Plugins\TwoFactorAuth\Dao\TwoFaSecretStaticGenerator'),
'Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeRandomGenerator' => DI\object('Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeStaticGenerator'),
'Piwik\Plugins\TwoFactorAuth\TwoFactorAuthentication' => DI\decorate(function ($previous) {
/** @var Piwik\Plugins\TwoFactorAuth\TwoFactorAuthentication $previous */
if (!\Piwik\SettingsPiwik::isMatomoInstalled()) {
return $previous;
}
$fakeCorrectAuthCode = \Piwik\Container\StaticContainer::get('test.vars.fakeCorrectAuthCode');
if (!empty($fakeCorrectAuthCode) && !\Piwik\Common::isPhpCliMode()) {
$staticSecret = new \Piwik\Plugins\TwoFactorAuth\Dao\TwoFaSecretStaticGenerator();
$secret = $staticSecret->generateSecret();
require_once PIWIK_DOCUMENT_ROOT . '/libs/Authenticator/TwoFactorAuthenticator.php';
$authenticator = new \TwoFactorAuthenticator();
$_GET['authcode'] = $authenticator->getCode($secret);
$_GET['authCode'] = $_GET['authcode'];
$_POST['authCode'] = $_GET['authcode'];
$_POST['authcode'] = $_GET['authcode'];
$_REQUEST['authcode'] = $_GET['authcode'];
$_REQUEST['authCode'] = $_GET['authcode'];
}
return $previous;
}),
'Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeDao' => DI\decorate(function ($previous) {
/** @var Piwik\Plugins\TwoFactorAuth\Dao\RecoveryCodeDao $previous */
if (!\Piwik\SettingsPiwik::isMatomoInstalled()) {
return $previous;
}
$restoreCodes = \Piwik\Container\StaticContainer::get('test.vars.restoreRecoveryCodes');
if (!empty($restoreCodes)) {
// we ensure this recovery code always works for those users
foreach (array('with2FA', 'with2FADisable') as $user) {
$previous->useRecoveryCode($user, '123456'); // we are using it first to make sure there is no duplicate
$previous->insertRecoveryCode($user, '123456');
}
}
return $previous;
}),
'Piwik\Plugins\TwoFactorAuth\SystemSettings' => DI\decorate(function ($previous) {
/** @var Piwik\Plugins\TwoFactorAuth\SystemSettings $previous */
if (!\Piwik\SettingsPiwik::isMatomoInstalled()) {
return $previous;
}
Piwik\Access::doAsSuperUser(function () use ($previous) {
$requireTwoFa = \Piwik\Container\StaticContainer::get('test.vars.requireTwoFa');
if (!empty($requireTwoFa)) {
$previous->twoFactorAuthRequired->setValue(1);
} else {
try {
$previous->twoFactorAuthRequired->setValue(0);
} catch (Exception $e) {
// may fail when matomo is trying to update or so
}
}
});
return $previous;
})
);
|
