leonardo/yii2-usuario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

force 2fa for group of users (#456)

Browse Source 
Authored-by: Antonio Cordeddu <coranto@yetopen.com>
This commit is contained in:
Antonio Cordeddu
2022-08-10 09:22:35 +02:00
committed by GitHub
parent 43b2d76ec6
commit a0ad86d53d
39 changed files with 409 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/User/Controller/SecurityController.php
View File

@ -1,6 +1,6 @@
<?php
/*
/**
* This file is part of the 2amigos/yii2-usuario project.
*
* (c) 2amigOS! <http://2amigos.us/>
@ -116,17 +116,21 @@ class SecurityController extends Controller
return $this->goHome();
}
/** @var LoginForm $form */
/**
* @var LoginForm $form
*/
$form = $this->make(LoginForm::class);
/** @var FormEvent $event */
/**
* @var FormEvent $event
*/
$event = $this->make(FormEvent::class, [$form]);
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
Yii::$app->response->format = Response::FORMAT_JSON;
$errors = ActiveForm::validate($form);
if(empty($errors)) {
if (empty($errors)) {
return $errors;
}
$this->trigger(FormEvent::EVENT_FAILED_LOGIN, $event);
@ -135,9 +139,10 @@ class SecurityController extends Controller
if ($form->load(Yii::$app->request->post())) {
if ($this->module->enableTwoFactorAuthentication && $form->validate()) {
if ($form->getUser()->auth_tf_enabled) {
$user = $form->getUser();
if ($user->auth_tf_enabled) {
Yii::$app->session->set('credentials', ['login' => $form->login, 'pwd' => $form->password]);
return $this->redirect(['confirm']);
}
}
@ -153,10 +158,7 @@ class SecurityController extends Controller
return $this->goBack();
}
else
{
$this->trigger(FormEvent::EVENT_FAILED_LOGIN, $event);
}
$this->trigger(FormEvent::EVENT_FAILED_LOGIN, $event);
}
return $this->render(
@ -179,13 +181,17 @@ class SecurityController extends Controller
}
$credentials = Yii::$app->session->get('credentials');
/** @var LoginForm $form */
/**
* @var LoginForm $form
*/
$form = $this->make(LoginForm::class);
$form->login = $credentials['login'];
$form->password = $credentials['pwd'];
$form->setScenario('2fa');
/** @var FormEvent $event */
/**
* @var FormEvent $event
*/
$event = $this->make(FormEvent::class, [$form]);
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
@ -245,4 +251,5 @@ class SecurityController extends Controller
$this->make(SocialNetworkAccountConnectService::class, [$this, $client])->run();
}
}

105
src/User/Controller/SettingsController.php
View File

@ -1,6 +1,6 @@
<?php
/*
/**
* This file is part of the 2amigos/yii2-usuario project.
*
* (c) 2amigOS! <http://2amigos.us/>
@ -119,7 +119,7 @@ class SettingsController extends Controller
'allow' => true,
'actions' => ['confirm'],
'roles' => ['?', '@'],
],
]
],
],
];
@ -138,7 +138,11 @@ class SettingsController extends Controller
$profile->link('user', Yii::$app->user->identity);
}
/** @var ProfileEvent $event */
/**
*
*
* @var ProfileEvent $event
*/
$event = $this->make(ProfileEvent::class, [$profile]);
$this->make(AjaxRequestModelValidator::class, [$profile])->validate();
@ -170,9 +174,11 @@ class SettingsController extends Controller
if (!$this->module->enableGdprCompliance) {
throw new NotFoundHttpException();
}
return $this->render('privacy', [
return $this->render(
'privacy', [
'module' => $this->module
]);
]
);
}
/**
@ -189,7 +195,11 @@ class SettingsController extends Controller
if (!$this->module->enableGdprCompliance) {
throw new NotFoundHttpException();
}
/** @var GdprDeleteForm $form */
/**
*
*
* @var GdprDeleteForm $form
*/
$form = $this->make(GdprDeleteForm::class);
$user = $form->getUser();
@ -211,21 +221,25 @@ class SettingsController extends Controller
$security = $this->make(SecurityHelper::class);
$anonymReplacement = $this->module->gdprAnonymizePrefix . $user->id;
$user->updateAttributes([
$user->updateAttributes(
[
'email' => $anonymReplacement . "@example.com",
'username' => $anonymReplacement,
'gdpr_deleted' => 1,
'blocked_at' => time(),
'auth_key' => $security->generateRandomString()
]);
$user->profile->updateAttributes([
]
);
$user->profile->updateAttributes(
[
'public_email' => $anonymReplacement . "@example.com",
'name' => $anonymReplacement,
'gravatar_email' => $anonymReplacement . "@example.com",
'location' => $anonymReplacement,
'website' => $anonymReplacement . ".tld",
'bio' => Yii::t('usuario', 'Deleted by GDPR request')
]);
]
);
}
$this->trigger(GdprEvent::EVENT_AFTER_DELETE, $event);
@ -234,14 +248,20 @@ class SettingsController extends Controller
return $this->goHome();
}
return $this->render('gdpr-delete', [
return $this->render(
'gdpr-delete', [
'model' => $form,
]);
]
);
}
public function actionGdprConsent()
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = Yii::$app->user->identity;
if ($user->gdpr_consent) {
return $this->redirect(['profile']);
@ -249,30 +269,37 @@ class SettingsController extends Controller
$model = new DynamicModel(['gdpr_consent']);
$model->addRule('gdpr_consent', 'boolean');
$model->addRule('gdpr_consent', 'default', ['value' => 0, 'skipOnEmpty' => false]);
$model->addRule('gdpr_consent', 'compare', [
$model->addRule(
'gdpr_consent', 'compare', [
'compareValue' => true,
'message' => Yii::t('usuario', 'Your consent is required to work with this site'),
'when' => function () {
return $this->module->enableGdprCompliance;
},
]);
]
);
if ($model->load(Yii::$app->request->post()) && $model->validate()) {
$user->updateAttributes([
$user->updateAttributes(
[
'gdpr_consent' => 1,
'gdpr_consent_date' => time(),
]);
]
);
return $this->redirect(['profile']);
}
return $this->render('gdpr-consent', [
return $this->render(
'gdpr-consent', [
'model' => $model,
'gdpr_consent_hint' => $this->module->getConsentMessage(),
]);
]
);
}
/**
* Exports the data from the current user in a mechanical readable format (csv). Properties exported can be defined
* in the module configuration.
*
* @throws NotFoundHttpException if gdpr compliance is not enabled
* @throws \Exception
* @throws \Throwable
@ -317,7 +344,11 @@ class SettingsController extends Controller
public function actionAccount()
{
/** @var SettingsForm $form */
/**
*
*
* @var SettingsForm $form
*/
$form = $this->make(SettingsForm::class);
$event = $this->make(UserEvent::class, [$form->getUser()]);
@ -384,7 +415,11 @@ class SettingsController extends Controller
throw new NotFoundHttpException(Yii::t('usuario', 'Not found'));
}
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = Yii::$app->user->identity;
$event = $this->make(UserEvent::class, [$user]);
Yii::$app->user->logout();
@ -400,7 +435,11 @@ class SettingsController extends Controller
public function actionTwoFactor($id)
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
@ -416,7 +455,11 @@ class SettingsController extends Controller
{
Yii::$app->response->format = Response::FORMAT_JSON;
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
@ -443,9 +486,13 @@ class SettingsController extends Controller
public function actionTwoFactorDisable($id)
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
throw new NotFoundHttpException();
}
@ -464,7 +511,7 @@ class SettingsController extends Controller
}
/**
* @param $id
* @param $id
* @throws ForbiddenHttpException
* @throws NotFoundHttpException
* @throws \Exception
@ -473,7 +520,11 @@ class SettingsController extends Controller
*/
protected function disconnectSocialNetwork($id)
{
/** @var SocialNetworkAccount $account */
/**
*
*
* @var SocialNetworkAccount $account
*/
$account = $this->socialNetworkAccountQuery->whereId($id)->one();
if ($account === null) {