From 40a76b1edab648481e32773c42db68ec3f982b1c Mon Sep 17 00:00:00 2001 From: Wenceslaus Dsilva Date: Thu, 25 May 2023 21:01:42 +0530 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(2FA):=20Two=20Factor=20Authe?= =?UTF-8?q?ntication=20-=20Filter=20-=20Blocks=20even=20when=20two=20facto?= =?UTF-8?q?r=20authentication=20is=20enabled=20=F0=9F=90=9B=20fix(email):?= =?UTF-8?q?=20add=20error=20logging=20when=20email=20sending=20fails=20?= =?UTF-8?q?=F0=9F=94=92=20chore(2FA):=20fix=20TwoFactorEmailValidator=20to?= =?UTF-8?q?=20pass=20user=20as=20an=20array=20The=20TwoFactorAuthenticatio?= =?UTF-8?q?nEnforceFilter=20was=20blocking=20users=20even=20when=20two=20f?= =?UTF-8?q?actor=20authentication=20was=20enabled.=20The=20filter=20now=20?= =?UTF-8?q?checks=20if=20the=20user=20has=20two=20factor=20authentication?= =?UTF-8?q?=20enabled=20before=20blocking=20them.=20The=20MailService=20no?= =?UTF-8?q?w=20logs=20an=20error=20when=20email=20sending=20fails.=20The?= =?UTF-8?q?=20TwoFactorEmailValidator=20now=20passes=20the=20user=20as=20a?= =?UTF-8?q?n=20array=20to=20the=20TwoFactorEmailCodeGeneratorService.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + src/User/Filter/TwoFactorAuthenticationEnforceFilter.php | 4 +++- src/User/Service/MailService.php | 8 +++++++- src/User/Validator/TwoFactorEmailValidator.php | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5716b64..7833d50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## dev +- Fix: Two Factor Authentication - Filter - Blocks even when two factor authentication is enabled - Fix: update Dutch (nl) translations (squio) - Enh: possibility to limit the depth of the recursion when getting user ids from roles (mp1509) diff --git a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php index bcb09dc..537e1c4 100644 --- a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php +++ b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php @@ -38,8 +38,10 @@ class TwoFactorAuthenticationEnforceFilter extends ActionFilter } $permissions = $module->twoFactorAuthenticationForcedPermissions; + + $user = Yii::$app->user->identity; $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id)); - if (!empty(array_intersect($permissions, $itemsByUser))) { + if (!empty(array_intersect($permissions, $itemsByUser)) && !$user->auth_tf_enabled) { Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it')); return Yii::$app->response->redirect(['/user/settings/account'])->send(); } diff --git a/src/User/Service/MailService.php b/src/User/Service/MailService.php index 39b52ee..0e9ac49 100644 --- a/src/User/Service/MailService.php +++ b/src/User/Service/MailService.php @@ -83,11 +83,17 @@ class MailService implements ServiceInterface */ public function run() { - return $this->mailer + + $result = $this->mailer ->compose(['html' => $this->view, 'text' => "text/{$this->view}"], $this->params) ->setFrom($this->from) ->setTo($this->to) ->setSubject($this->subject) ->send(); + + if (!$result) { + Yii::error("Email sending failed to '{$this->to}'.", 'mailer'); + } + return $result; } } diff --git a/src/User/Validator/TwoFactorEmailValidator.php b/src/User/Validator/TwoFactorEmailValidator.php index 37bedce..9466a05 100644 --- a/src/User/Validator/TwoFactorEmailValidator.php +++ b/src/User/Validator/TwoFactorEmailValidator.php @@ -111,6 +111,6 @@ class TwoFactorEmailValidator extends TwoFactorCodeValidator */ public function generateCode() { - return $this->make(TwoFactorEmailCodeGeneratorService::class, $this->user)->run(); + return $this->make(TwoFactorEmailCodeGeneratorService::class, [$this->user])->run(); } }