leonardo/yii2-usuario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

force 2fa for group of users (#456)

Browse Source 
Authored-by: Antonio Cordeddu <coranto@yetopen.com>
This commit is contained in:
Antonio Cordeddu
2022-08-10 09:22:35 +02:00
committed by GitHub
parent 43b2d76ec6
commit a0ad86d53d
39 changed files with 409 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
composer.json
View File

@ -79,6 +79,9 @@
},
"fxp-asset": {
"enabled": false
},
"allow-plugins": {
"yiisoft/yii2-composer": true
}
},
"conflict": {

18
docs/installation/configuration-options.md
View File

@ -12,6 +12,24 @@ Setting this attribute will allow users to configure their login process with tw
By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow
a bigger period so to avoid out of sync issues.
#### twoFactorAuthenticationForcedPermissions (type: `array`, default: `[]`)
The list of permissions for which two factor authentication is mandatory. In order to perform the check in every action you must configure a filter into your config file like this:
use Da\User\Filter\TwoFactorAuthenticationEnforceFilter;
...
'on beforeAction' => function() {
Yii::$app->controller->attachBehavior(
'enforceTwoFactorAuthentication',[
'class' => TwoFactorAuthenticationEnforceFilter::class,
'except' => ['login', 'logout', 'account', 'two-factor', 'two-factor-enable'],
]
);
},
...
This will redirect the user to their account page until the two factor authentication is enabled.
#### enableGdprCompliance (type: `boolean`, default: `false`)
Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability.

27
src/User/Controller/SecurityController.php
View File

@ -1,6 +1,6 @@
<?php
/*
/**
* This file is part of the 2amigos/yii2-usuario project.
*
* (c) 2amigOS! <http://2amigos.us/>
@ -116,10 +116,14 @@ class SecurityController extends Controller
return $this->goHome();
}
/** @var LoginForm $form */
/**
* @var LoginForm $form
*/
$form = $this->make(LoginForm::class);
/** @var FormEvent $event */
/**
* @var FormEvent $event
*/
$event = $this->make(FormEvent::class, [$form]);
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
@ -135,9 +139,10 @@ class SecurityController extends Controller
if ($form->load(Yii::$app->request->post())) {
if ($this->module->enableTwoFactorAuthentication && $form->validate()) {
if ($form->getUser()->auth_tf_enabled) {
Yii::$app->session->set('credentials', ['login' => $form->login, 'pwd' => $form->password]);
$user = $form->getUser();
if ($user->auth_tf_enabled) {
Yii::$app->session->set('credentials', ['login' => $form->login, 'pwd' => $form->password]);
return $this->redirect(['confirm']);
}
}
@ -153,11 +158,8 @@ class SecurityController extends Controller
return $this->goBack();
}
else
{
$this->trigger(FormEvent::EVENT_FAILED_LOGIN, $event);
}
}
return $this->render(
'login',
@ -179,13 +181,17 @@ class SecurityController extends Controller
}
$credentials = Yii::$app->session->get('credentials');
/** @var LoginForm $form */
/**
* @var LoginForm $form
*/
$form = $this->make(LoginForm::class);
$form->login = $credentials['login'];
$form->password = $credentials['pwd'];
$form->setScenario('2fa');
/** @var FormEvent $event */
/**
* @var FormEvent $event
*/
$event = $this->make(FormEvent::class, [$form]);
if (Yii::$app->request->isAjax && $form->load(Yii::$app->request->post())) {
@ -245,4 +251,5 @@ class SecurityController extends Controller
$this->make(SocialNetworkAccountConnectService::class, [$this, $client])->run();
}
}

101
src/User/Controller/SettingsController.php
View File

@ -1,6 +1,6 @@
<?php
/*
/**
* This file is part of the 2amigos/yii2-usuario project.
*
* (c) 2amigOS! <http://2amigos.us/>
@ -119,7 +119,7 @@ class SettingsController extends Controller
'allow' => true,
'actions' => ['confirm'],
'roles' => ['?', '@'],
],
]
],
],
];
@ -138,7 +138,11 @@ class SettingsController extends Controller
$profile->link('user', Yii::$app->user->identity);
}
/** @var ProfileEvent $event */
/**
*
*
* @var ProfileEvent $event
*/
$event = $this->make(ProfileEvent::class, [$profile]);
$this->make(AjaxRequestModelValidator::class, [$profile])->validate();
@ -170,9 +174,11 @@ class SettingsController extends Controller
if (!$this->module->enableGdprCompliance) {
throw new NotFoundHttpException();
}
return $this->render('privacy', [
return $this->render(
'privacy', [
'module' => $this->module
]);
]
);
}
/**
@ -189,7 +195,11 @@ class SettingsController extends Controller
if (!$this->module->enableGdprCompliance) {
throw new NotFoundHttpException();
}
/** @var GdprDeleteForm $form */
/**
*
*
* @var GdprDeleteForm $form
*/
$form = $this->make(GdprDeleteForm::class);
$user = $form->getUser();
@ -211,21 +221,25 @@ class SettingsController extends Controller
$security = $this->make(SecurityHelper::class);
$anonymReplacement = $this->module->gdprAnonymizePrefix . $user->id;
$user->updateAttributes([
$user->updateAttributes(
[
'email' => $anonymReplacement . "@example.com",
'username' => $anonymReplacement,
'gdpr_deleted' => 1,
'blocked_at' => time(),
'auth_key' => $security->generateRandomString()
]);
$user->profile->updateAttributes([
]
);
$user->profile->updateAttributes(
[
'public_email' => $anonymReplacement . "@example.com",
'name' => $anonymReplacement,
'gravatar_email' => $anonymReplacement . "@example.com",
'location' => $anonymReplacement,
'website' => $anonymReplacement . ".tld",
'bio' => Yii::t('usuario', 'Deleted by GDPR request')
]);
]
);
}
$this->trigger(GdprEvent::EVENT_AFTER_DELETE, $event);
@ -234,14 +248,20 @@ class SettingsController extends Controller
return $this->goHome();
}
return $this->render('gdpr-delete', [
return $this->render(
'gdpr-delete', [
'model' => $form,
]);
]
);
}
public function actionGdprConsent()
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = Yii::$app->user->identity;
if ($user->gdpr_consent) {
return $this->redirect(['profile']);
@ -249,30 +269,37 @@ class SettingsController extends Controller
$model = new DynamicModel(['gdpr_consent']);
$model->addRule('gdpr_consent', 'boolean');
$model->addRule('gdpr_consent', 'default', ['value' => 0, 'skipOnEmpty' => false]);
$model->addRule('gdpr_consent', 'compare', [
$model->addRule(
'gdpr_consent', 'compare', [
'compareValue' => true,
'message' => Yii::t('usuario', 'Your consent is required to work with this site'),
'when' => function () {
return $this->module->enableGdprCompliance;
},
]);
]
);
if ($model->load(Yii::$app->request->post()) && $model->validate()) {
$user->updateAttributes([
$user->updateAttributes(
[
'gdpr_consent' => 1,
'gdpr_consent_date' => time(),
]);
]
);
return $this->redirect(['profile']);
}
return $this->render('gdpr-consent', [
return $this->render(
'gdpr-consent', [
'model' => $model,
'gdpr_consent_hint' => $this->module->getConsentMessage(),
]);
]
);
}
/**
* Exports the data from the current user in a mechanical readable format (csv). Properties exported can be defined
* in the module configuration.
*
* @throws NotFoundHttpException if gdpr compliance is not enabled
* @throws \Exception
* @throws \Throwable
@ -317,7 +344,11 @@ class SettingsController extends Controller
public function actionAccount()
{
/** @var SettingsForm $form */
/**
*
*
* @var SettingsForm $form
*/
$form = $this->make(SettingsForm::class);
$event = $this->make(UserEvent::class, [$form->getUser()]);
@ -384,7 +415,11 @@ class SettingsController extends Controller
throw new NotFoundHttpException(Yii::t('usuario', 'Not found'));
}
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = Yii::$app->user->identity;
$event = $this->make(UserEvent::class, [$user]);
Yii::$app->user->logout();
@ -400,7 +435,11 @@ class SettingsController extends Controller
public function actionTwoFactor($id)
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
@ -416,7 +455,11 @@ class SettingsController extends Controller
{
Yii::$app->response->format = Response::FORMAT_JSON;
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
@ -443,7 +486,11 @@ class SettingsController extends Controller
public function actionTwoFactorDisable($id)
{
/** @var User $user */
/**
*
*
* @var User $user
*/
$user = $this->userQuery->whereId($id)->one();
if (null === $user) {
@ -473,7 +520,11 @@ class SettingsController extends Controller
*/
protected function disconnectSocialNetwork($id)
{
/** @var SocialNetworkAccount $account */
/**
*
*
* @var SocialNetworkAccount $account
*/
$account = $this->socialNetworkAccountQuery->whereId($id)->one();
if ($account === null) {

50
src/User/Filter/TwoFactorAuthenticationEnforceFilter.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/*
* This file is part of the 2amigos/yii2-usuario project.
*
* (c) 2amigOS! <http://2amigos.us/>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Da\User\Filter;
use Da\User\Model\User;
use Da\User\Module;
use Yii;
use yii\base\ActionFilter;
use Da\User\Traits\AuthManagerAwareTrait;
class TwoFactorAuthenticationEnforceFilter extends ActionFilter
{
use AuthManagerAwareTrait;
public function beforeAction($action)
{
/** @var Module $module */
$module = Yii::$app->getModule('user');
$enableTwoFactorAuthentication = $module->enableTwoFactorAuthentication;
// If enableTwoFactorAuthentication is set to false do nothing
if (!$enableTwoFactorAuthentication) {
return parent::beforeAction($action);
}
if (Yii::$app->user->isGuest) {
// Not our business
return parent::beforeAction($action);
}
$permissions = $module->twoFactorAuthenticationForcedPermissions;
$itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id));
if(!empty(array_intersect($permissions, $itemsByUser))){
Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it'));
return Yii::$app->response->redirect(['/user/settings/account'])->send();
}
return parent::beforeAction($action);
}
}

4
src/User/Module.php
View File

@ -81,6 +81,10 @@ class Module extends BaseModule
* @var bool whether to enable two factor authentication or not
*/
public $enableTwoFactorAuthentication = false;
/**
* @var array list of permissions for which two factor authentication is mandatory
*/
public $twoFactorAuthenticationForcedPermissions = [];
/**
* @var int cycles of key generation are set on 30 sec. To avoid sync issues, increased validity up to 60 sec.
* @see http://2fa-library.readthedocs.io/en/latest/

6
src/User/resources/i18n/ca/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/da/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/de-DU/usuario.php
View File

@ -278,5 +278,8 @@ return [
'Submit' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@Eine Nachricht wurde an Deine E-Mail Adresse gesendet@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

14
src/User/resources/i18n/de/usuario.php
View File

@ -22,6 +22,7 @@ return [
'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.' => 'Eine Nachricht wurde an Ihre E-Mail-Adresse gesendet. Sie enthält einen Bestätigungslink, den Sie anklicken müssen, um die Registrierung abzuschließen.',
'A new confirmation link has been sent' => 'Ein neuer Bestätigungslink wurde versendet',
'A password will be generated automatically if not provided' => 'Leer lassen, um automatisch ein Passwort zu generieren',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => 'Gemäß der europäischen Datenschutzgrundverordnung (DSGVO) benötigen wir Ihre Zustimmung, um mit Ihren personenbezogenen Daten zu arbeiten.',
'Account' => 'Konto',
'Account confirmation' => 'Kontobestätigung',
'Account details' => 'Kontodetails',
@ -82,6 +83,7 @@ return [
'Credentials will be sent to the user by email' => 'Die Zugangsdaten werden dem Nutzer per E-Mail versendet',
'Current password' => 'Aktuelles Passwort',
'Current password is not valid' => 'Das aktuelle Passwort ist nicht korrekt',
'Data privacy' => 'Datenschutz',
'Data processing consent' => 'Zustimmung zur Datenverarbeitung',
'Delete' => 'Löschen',
'Delete account' => 'Konto Löschen',
@ -187,6 +189,7 @@ return [
'Sign in' => 'Anmelden',
'Sign up' => 'Registrieren',
'Something went wrong' => 'Etwas ist schief gelaufen',
'Submit' => 'Absenden',
'Switch identities is disabled.' => 'Identitäten wechseln ist deaktiviert.',
'Thank you for signing up on {0}' => 'Danke für ihre Registrierung auf {0}',
'Thank you, registration is now complete.' => 'Danke, ihre Registrierung ist nun abgeschlossen.',
@ -221,6 +224,7 @@ return [
'Unable to update block status.' => 'Konnte den Block-Status nicht ändern',
'Unblock' => 'Freischalten',
'Unconfirmed' => 'Unbestätigt',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => 'Leider können Sie nicht mit dieser Seite arbeiten, ohne uns die Zustimmung zur Verarbeitung Ihrer Daten zu geben.',
'Update' => 'Bearbeiten',
'Update assignments' => 'Zuweisung ändern',
'Update permission' => 'Berechtigung ändern',
@ -264,6 +268,7 @@ return [
'Your account on {0} has been created' => 'Ihr Konto auf {0} wurde erstellt',
'Your confirmation token is invalid or expired' => 'Ihr Bestätigungstoken ist falsch oder abgelaufen',
'Your consent is required to register' => 'Sie müssen Ihre Zustimmung registrieren',
'Your consent is required to work with this site' => 'Ihre Zustimmung ist erforderlich, um mit dieser Website zu arbeiten',
'Your email address has been changed' => 'Ihre E-Mail-Adresse wurde geändert',
'Your password has expired, you must change it now' => 'Ihr Passwort ist abgelaufen, Sie müssen es jetzt ändern',
'Your personal information has been removed' => 'Ihre persönlichen Daten wurden gelöscht',
@ -272,9 +277,8 @@ return [
'{0, date, MMM dd, YYYY HH:mm}' => '{0, date, dd. MMM YYYY, HH:mm}',
'{0, date, MMMM dd, YYYY HH:mm}' => '{0, date, dd. MMMM YYYY, HH:mm}',
'{0} cannot be blank.' => '{0} darf nicht leer sein.',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => 'Gemäß der europäischen Datenschutzgrundverordnung (DSGVO) benötigen wir Ihre Zustimmung, um mit Ihren personenbezogenen Daten zu arbeiten.',
'Data privacy' => 'Datenschutz',
'Submit' => 'Absenden',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => 'Leider können Sie nicht mit dieser Seite arbeiten, ohne uns die Zustimmung zur Verarbeitung Ihrer Daten zu geben.',
'Your consent is required to work with this site' => 'Ihre Zustimmung ist erforderlich, um mit dieser Website zu arbeiten',
'Information' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/es/usuario.php
View File

@ -277,7 +277,10 @@ return [
'{0, date, MMMM dd, YYYY HH:mm}' => '{0, date, dd MMMM, YYYY HH:mm}',
'{0} cannot be blank.' => '{0} no puede estar vacío.',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'An email has been sent with instructions for resetting your password' => '@@Se ha enviado un correo electrónico con instrucciones para restablecer su contraseña@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
'Two factor authentication protects you against stolen credentials' => '@@La autenticación de dos factores le protege del robo de credenciales@@',
];

7
src/User/resources/i18n/et/usuario.php
View File

@ -109,6 +109,7 @@ return [
'Gravatar email' => 'Gravatari e-posti aadress',
'Hello' => 'Tere',
'Here you can download your personal data in a comma separated values format.' => 'Siit saad alla laadida sinuga seotud andmed CSV formaadis.',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => 'Nõusutn oma isikuandmete töötlemise ning küpsiste kasutamisega, et selle lehe kasutamiset hõlbustada. Lisainfot loe lehelt {privacyPolicy}.',
'If you already registered, sign in and connect this account on settings page' => 'Kui oled juba registreerunud, logi sisse ja ühenda see konto oma seadete lehel',
'If you cannot click the link, please try pasting the text into your browser' => 'Kui sa ei saa lingil klikkida, proovi see kleepida oma brausri aadressireale',
'If you did not make this request you can ignore this email' => 'Kui sa ei ole seda päringut tellinud, siis võid seda kirja ignoreerida',
@ -264,6 +265,7 @@ return [
'Your password has expired, you must change it now' => 'Sinu parool on aegunud, pead seda uuendama.',
'Your personal information has been removed' => 'Sinu isiklikud andmed on kustutatud',
'Your profile has been updated' => 'Sinu profiil on uuendatud',
'privacy policy' => 'privaatsuspoliitika',
'{0} cannot be blank.' => '{0} ei või olla tühi.',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
'Authentication rule class {0} can not be instantiated' => '',
@ -274,8 +276,9 @@ return [
'VKontakte' => '',
'Yandex' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => 'Nõusutn oma isikuandmete töötlemise ning küpsiste kasutamisega, et selle lehe kasutamiset hõlbustada. Lisainfot loe lehelt {privacyPolicy}.',
'privacy policy' => 'privaatsuspoliitika',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/fa-IR/usuario.php
View File

@ -193,6 +193,7 @@ return [
'Export my data' => '',
'Force password change at next login' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'Impersonate this user' => '',
'In order to finish your registration, we need you to enter following fields' => '',
'Invalid password' => '',
@ -274,7 +275,12 @@ return [
'Your consent is required to work with this site' => '',
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'An email has been sent with instructions for resetting your password' => '@@ایمیلی حاوی راهنمایی برای تنظیم مجدد رمز عبور به شما ارسال شد@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
'Registration ip' => '@@ای پی ثبت نام@@',
];

6
src/User/resources/i18n/fi/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

7
src/User/resources/i18n/fr/usuario.php
View File

@ -110,6 +110,7 @@ return [
'Gravatar email' => 'Email gravatar',
'Hello' => 'Bonjour',
'Here you can download your personal data in a comma separated values format.' => 'Ici vous pouvez télécharger vos données personnelles dans un format avec les données séparées par des virgules',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => 'J\'accepte le traitement de mes données personnelles et l\'utilisation de cookies pour faciliter le fonctionnement de ce site. Pour plus d\'information, lisez notre {privacyPolicy}',
'If you already registered, sign in and connect this account on settings page' => 'Si vous êtes déjà inscrit, connectez-vous et liez ce compte dans la page des réglages',
'If you cannot click the link, please try pasting the text into your browser' => 'Si vous ne parvenez pas à cliquer sur le lien, veuillez essayer de coller le texte dans votre navigateur',
'If you did not make this request you can ignore this email' => 'Si vous n\'avez pas fait cette demande, vous pouvez ignorer cet email',
@ -268,6 +269,7 @@ return [
'Your password has expired, you must change it now' => 'Votre mot de passe a expiré, vous devez le renouveler maintenant',
'Your personal information has been removed' => 'Vos données personnelles ont été supprimées',
'Your profile has been updated' => 'Votre profil a été mis à jour',
'privacy policy' => 'politique de confidentialité',
'{0, date, MMMM dd, YYYY HH:mm}' => '{0, date, dd MMMM YYYY HH:mm}',
'{0} cannot be blank.' => '{0} ne peut être vide.',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
@ -275,7 +277,8 @@ return [
'Submit' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => 'J\'accepte le traitement de mes données personnelles et l\'utilisation de cookies pour faciliter le fonctionnement de ce site. Pour plus d\'information, lisez notre {privacyPolicy}',
'privacy policy' => 'politique de confidentialité',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/hr/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/hu/usuario.php
View File

@ -278,14 +278,17 @@ return [
'Two factor authentication protects you in case of stolen credentials' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@Üzenet érkezett az e-mail címedre.@@',
'An email has been sent with instructions for resetting your password' => '@@E-mailt küldtek a jelszó visszaállításával kapcsolatos utasításokkal@@',
'Awesome, almost there. ' => '@@Hurrá, majdnem kész.@@',
'Disable Two-Factor Auth' => '@@Letiltja a kétütemű hitelesítést@@',
'Enable Two-factor auth' => '@@Engedélyezze a kétütemű hitelesítést@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'I aggree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Aggregálom a személyes adataim feldolgozását és a cookie-k használatát a webhely működésének megkönnyítése érdekében. További információért olvassa el a {privacyPolicy}@@',
'Invalid two-factor code' => '@@Érvénytelen kétütemű kód@@',
'Last login' => '@@Utolsó bejelentkezés@@',
'Now you can resume the login process' => '@@@@',
'This will disable two-factor auth. Are you sure?' => '@@Ez letiltja a kétütemű hitelesítést. biztos vagy ebben?@@',
'Two Factor Authentication' => '@@Két tényező hitelesítés@@',
'Two factor authentication protects you against stolen credentials' => '@@Két tényező-hitelesítés megvédi az ellopott hitelesítő adatokat@@',

4
src/User/resources/i18n/it/usuario.php
View File

@ -209,7 +209,7 @@ return [
'Two Factor Authentication (2FA)' => 'Autenticazione a due fattori (2FA)',
'Two factor authentication code' => 'Codice di autenticazione a due fattori',
'Two factor authentication has been disabled.' => 'Autenticazione a due fattori disabilitata.',
'Two factor authentication protects you in case of stolen credentials' => 'L\'autenticazione a due fattura ti protegge in caso di furto di credenziali',
'Two factor authentication protects you in case of stolen credentials' => 'L\'autenticazione a due fattori ti protegge in caso di furto di credenziali',
'Two factor authentication successfully enabled.' => 'Autenticazione a due fattori abilitata con successo.',
'Unable to confirm user. Please, try again.' => 'Impossibile confermare l\'utente, per favore ritenta.',
'Unable to create an account.' => 'Impossibile creare l\'account.',
@ -274,9 +274,11 @@ return [
'Your password has expired, you must change it now' => 'La tua password è scaduta, devi cambiarla',
'Your personal information has been removed' => 'I tuoi dati personali sono stati rimossi',
'Your profile has been updated' => 'Il tuo profilo è stato aggiornato',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => 'Il tuo ruolo richiede l\'autenticazione a due fattori, non potrai usare l\'applicazione finché non l\'avrai abilitata',
'privacy policy' => 'politica della privacy',
'{0, date, MMM dd, YYYY HH:mm}' => '{0, date, MMM dd, YYYY HH:mm}',
'{0, date, MMMM dd, YYYY HH:mm}' => '{0, date, dd MMMM YYYY HH:mm}',
'{0} cannot be blank.' => '{0} non può essere vuoto.',
'An email has been sent with instructions for resetting your password' => '@@È stata inviata un\'email con le istruzioni per azzerare la tua password@@',
'Now you can resume the login process' => '@@Ora puoi riprendere il processo di autenticazione@@',
];

6
src/User/resources/i18n/kk/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/lt/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/nl/usuario.php
View File

@ -278,17 +278,20 @@ return [
'Two factor authentication protects you in case of stolen credentials' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@Een bericht werd naar jouw emailadres verzonden@@',
'An email has been sent with instructions for resetting your password' => '@@Er werd een email verstuurd met instructies om jouw wachtwoord te resetten@@',
'Awesome, almost there. ' => '@@Super, bijna klaar.@@',
'Class "{0}" does not exist' => '@@Class "{0} bestaat niet@@',
'Disable Two-Factor Auth' => '@@Tweetraps authenticatie uitschakelen@@',
'Enable Two-factor auth' => '@@Tweetraps authenticatie inschakelen@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'I aggree processing of my personal data and the use of cookies
to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Ik ga akkoord dat mijn persoonlijke data en cookies worden verwerkt voor het gebruik van deze website. Voor meer informatie lees onze {privacyPolicy}@@',
'I aggree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Ik ga akkoord dat mijn persoonlijke data en cookies worden verwerkt voor het gebruik van deze website. Voor meer informatie lees onze {privacyPolicy}@@',
'Invalid two-factor code' => '@@Ongeldige tweetraps authenticatie code@@',
'Last login' => '@@Laatste login@@',
'Now you can resume the login process' => '@@@@',
'Registration ip' => '@@Registratie IP@@',
'Rule class can not be instantiated' => '@@Registratie IP@@',
'Rule class must extend "yii\\rbac\\Rule"' => '@@Regel klasse moet worden uitgebreid met "yii\\rbac\\Rule"@@',

3
src/User/resources/i18n/pl/usuario.php
View File

@ -278,11 +278,14 @@ return [
'Two factor authentication protects you in case of stolen credentials' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'An email has been sent with instructions for resetting your password' => '@@Email z instrukcją resetowania hasła został wysłany@@',
'Disable Two-Factor Auth' => '@@Wyłącz uwierzytelnianie dwuetapowe@@',
'Enable Two-factor auth' => '@@Włącz uwierzytelnianie dwuetapowe@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Invalid two-factor code' => '@@Nieprawidłowy kod uwierzytelniania dwuetapowego@@',
'Last login' => '@@Data ostatniego logowania@@',
'Now you can resume the login process' => '@@@@',
'This will disable two-factor auth. Are you sure?' => '@@To wyłączy uwierzytelnianie dwuetapowe. Czy jesteś pewny?@@',
'Two Factor Authentication' => '@@Uwierzytelnianie dwuetapowe@@',
'Two factor authentication protects you against stolen credentials' => '@@Uwierzytelnianie dwuetapowe chroni Cię przed kradzieżą danych logowania@@',

3
src/User/resources/i18n/pt-BR/usuario.php
View File

@ -278,17 +278,20 @@ return [
'Two factor authentication protects you in case of stolen credentials' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@Uma mensagem foi enviada para o seu endereço de e-mail.@@',
'An email has been sent with instructions for resetting your password' => '@@Um e-mail foi enviado com instruções para redefinir sua senha@@',
'Awesome, almost there. ' => '@@Incrível, quase lá.@@',
'Class "{0}" does not exist' => '@@A classe "{0}" não existe@@',
'Disable Two-Factor Auth' => '@@Desabilitar autenticação em dois fatores@@',
'Enable Two-factor auth' => '@@Habilitar autenticação em dois fatores@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'I aggree processing of my personal data and the use of cookies
to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Concordo com o processamento de meus dados pessoais e o uso de cookies para facilitar a operação deste site. Para mais informações, leia nosso {privacyPolicy}@@',
'I aggree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Concordo com o processamento de meus dados pessoais e o uso de cookies para facilitar a operação deste site. Para mais informações, leia nosso {privacyPolicy}@@',
'Invalid two-factor code' => '@@Código de dois fatores inválido@@',
'Last login' => '@@Último login@@',
'Now you can resume the login process' => '@@@@',
'Registration ip' => '@@IP de registro@@',
'Rule class can not be instantiated' => '@@A classe de regras não pode ser instanciada@@',
'Rule class must extend "yii\\rbac\\Rule"' => '@@A classe de regras deve estender de "yii\\rbac\\Rule"@@',

4
src/User/resources/i18n/pt-PT/usuario.php
View File

@ -276,5 +276,9 @@ return [
'Website' => '',
'Yandex' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/ro/usuario.php
View File

@ -278,16 +278,19 @@ return [
'Two factor authentication protects you in case of stolen credentials' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@A fost trimis un mesaj la adresa dvs. de e-mail.@@',
'An email has been sent with instructions for resetting your password' => '@@A fost trimis un e-mail cu instrucțiuni pentru resetarea parolei@@',
'Awesome, almost there. ' => '@@Minunat, aproape gata.@@',
'Disable Two-Factor Auth' => '@@Dezactivați autentificarea cu două factori@@',
'Enable Two-factor auth' => '@@Activați Auth@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'I aggree processing of my personal data and the use of cookies
to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Am agregat prelucrarea datelor mele personale și utilizarea cookie-urilor pentru a facilita funcționarea acestui site. Pentru mai multe informații, citiți {privacyPolicy}@@',
'I aggree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Am agregat prelucrarea datelor mele personale și utilizarea cookie-urilor pentru a facilita funcționarea acestui site. Pentru mai multe informații, citiți {privacyPolicy}@@',
'Invalid two-factor code' => '@@Cod de două factori nevalid@@',
'Last login' => '@@Ultima logare@@',
'Now you can resume the login process' => '@@@@',
'This will disable two-factor auth. Are you sure?' => '@@Aceasta va dezactiva auth-ul cu două factori. Esti sigur?@@',
'Two Factor Authentication' => '@@Două autentificare cu factori@@',
'Two factor authentication protects you against stolen credentials' => '@@Autentificarea cu două factori vă protejează împotriva acreditărilor furate@@',

3
src/User/resources/i18n/ru/usuario.php
View File

@ -278,14 +278,17 @@ return [
'Submit' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@Сообщение было отправлено на вашу электронную почту@@',
'An email has been sent with instructions for resetting your password' => '@@Вам отправлено письмо с инструкциями по смене пароля@@',
'Awesome, almost there. ' => '@@Замечательно, почти готово!@@',
'Class "{0}" does not exist' => '@@Класс "{0}" не найден@@',
'Disable Two-Factor Auth' => '@@Отключить двухфакторную авторизацию@@',
'Enable Two-factor auth' => '@@Включить двухфакторную авторизацию@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Invalid two-factor code' => '@@Неверный код двухфакторной авторизации@@',
'Last login' => '@@Последний вход@@',
'Now you can resume the login process' => '@@@@',
'Registration ip' => '@@IP при регистрации@@',
'Rule class can not be instantiated' => '@@Класс правила не может быть создан@@',
'Rule class must extend "yii\\rbac\\Rule"' => '@@Класс правила должен наследоваться от "yii\\rbac\\Rule"@@',

6
src/User/resources/i18n/th/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/tr-TR/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

3
src/User/resources/i18n/uk/usuario.php
View File

@ -278,15 +278,18 @@ return [
'Submit' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'A message has been sent to your email address. ' => '@@На вашу електронну адресу надіслано повідомлення@@',
'An email has been sent with instructions for resetting your password' => '@@Лист з інструкціями по зміні пароля надіслано на електронну адресу@@',
'Awesome, almost there. ' => '@@Чудово, майже все.@@',
'Class "{0}" does not exist' => '@@Клас "{0}" не існує@@',
'Disable Two-Factor Auth' => '@@Вимкнути двофакторну аутентифікацію@@',
'Enable Two-factor auth' => '@@Увімкнути двофакторну аутентифікацію@@',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'I aggree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '@@Я даю згоду на обробку моїх персональних даних та на використання cookie даним сайтом. Для більш детальної інформації ознайомтесь з {privacyPolicy}@@',
'Invalid two-factor code' => '@@Невірний код двофакторної авторизації@@',
'Last login' => '@@Останній вхід@@',
'Now you can resume the login process' => '@@@@',
'Registration ip' => '@@IP реєстрації@@',
'Rule class can not be instantiated' => '@@Клас Правила не може бути ініційований@@',
'Rule class must extend "yii\\rbac\\Rule"' => '@@Клас Правила має розширювати "yii\\rbac\\Rule"@@',

6
src/User/resources/i18n/vi/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

6
src/User/resources/i18n/zh-CN/usuario.php
View File

@ -112,6 +112,7 @@ return [
'Gravatar email' => '',
'Hello' => '',
'Here you can download your personal data in a comma separated values format.' => '',
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}' => '',
'If you already registered, sign in and connect this account on settings page' => '',
'If you cannot click the link, please try pasting the text into your browser' => '',
'If you did not make this request you can ignore this email' => '',
@ -273,6 +274,11 @@ return [
'Your password has expired, you must change it now' => '',
'Your personal information has been removed' => '',
'Your profile has been updated' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'privacy policy' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
'{0, date, MMMM dd, YYYY HH:mm}' => '',
'{0} cannot be blank.' => '',
'Every user having your role has two factor authentication mandatory, you must enable it' => '@@@@',
'Now you can resume the login process' => '@@@@',
];

10
tests/_app/config/test.php
View File

@ -1,5 +1,7 @@
<?php
use Da\User\Filter\TwoFactorAuthenticationEnforceFilter;
return [
'id' => 'yii2-user-tests',
'basePath' => dirname(__DIR__),
@ -47,4 +49,12 @@ return [
],
],
'params' => [],
'on beforeAction' => function() {
Yii::$app->controller->attachBehavior(
'enforceTwoFactorAuthentication',[
'class' => TwoFactorAuthenticationEnforceFilter::class,
'except' => ['login', 'logout','account','two-factor', 'two-factor-enable'],
]
);
},
];

11
tests/_fixtures/AssignmentFixture.php Normal file
View File

@ -0,0 +1,11 @@
<?php
namespace tests\_fixtures;
use yii\test\ActiveFixture;
class AssignmentFixture extends ActiveFixture
{
public $modelClass = 'Da\User\Model\Assignment';
public $tableName = 'auth_assignment';
}

11
tests/_fixtures/PermissionFixture.php Normal file
View File

@ -0,0 +1,11 @@
<?php
namespace tests\_fixtures;
use yii\test\ActiveFixture;
class PermissionFixture extends ActiveFixture
{
public $modelClass = 'Da\User\Model\Permission';
public $tableName = 'auth_item';
}

8
tests/_fixtures/data/auth_assignment.php Normal file
View File

@ -0,0 +1,8 @@
<?php
return [
'auth_assignment' => [
'item_name' => 'admin',
'user_id' => '1',
],
];

9
tests/_fixtures/data/auth_item.php Normal file
View File

@ -0,0 +1,9 @@
<?php
return [
'auth_item' => [
'name' => 'admin',
'type' => 1,
'description' => 'test admin',
],
];

13
tests/_fixtures/data/user.php
View File

@ -73,4 +73,17 @@ return [
'updated_at' => $time,
'confirmed_at' => $time,
],
'user_with_2fa_enabled' => [
'id' => 7,
'username' => 'user2fa',
'email' => 'user2faenabled@example.com',
'password_hash' => '$2y$13$qY.ImaYBppt66qez6B31QO92jc5DYVRzo5NxM1ivItkW74WsSG6Ui',
'auth_key' => '39HU0m5lpjWtqstFVGFjj6lFb7UZDeRq',
'auth_tf_key' => '',
'auth_tf_enabled' => true,
'created_at' => $time,
'updated_at' => $time,
'confirmed_at' => $time,
'gdpr_consent' => false,
],
];

55
tests/functional/TwoFactorAuthenticationCept.php Normal file
View File

@ -0,0 +1,55 @@
<?php
/**
* @var Codeception\Scenario
*/
use tests\_fixtures\UserFixture;
use tests\_fixtures\PermissionFixture;
use tests\_fixtures\AssignmentFixture;
use tests\_fixtures\ProfileFixture;
$I = new FunctionalTester($scenario);
$I->wantTo('ensure that two factor authentication check works');
$I->haveFixtures(['user' => UserFixture::className()]);
$I->haveFixtures(['permission' => PermissionFixture::className()]);
$I->haveFixtures(['assignment' => AssignmentFixture::className()]);
$I->amGoingTo('try to login with user having two factor authentication enabled');
Yii::$app->getModule('user')->enableTwoFactorAuthentication = true;
$I->amOnRoute('/user/security/login');
$user = $I->grabFixture('user', 'user_with_2fa_enabled');
$I->fillField('#loginform-login', $user->email);
$I->fillField('#loginform-password', 'qwerty');
$I->click('Sign in');
$I->expectTo('See form to insert two factor authentication code');
$I->see('Two factor authentication code');
$I->amGoingTo('try to login with user permission admin, having two factor authentication disabled');
Yii::$app->getModule('user')->enableTwoFactorAuthentication = true;
Yii::$app->getModule('user')->twoFactorAuthenticationForcedPermissions = ['admin'];
$I->haveFixtures(['user' => UserFixture::className(), 'profile' => ProfileFixture::className()]);
$I->amOnRoute('/user/security/login');
$user = $I->grabFixture('user', 'user');
$I->fillField('#loginform-login', $user->email);
$I->fillField('#loginform-password', 'qwerty');
$I->click('Sign in');
$I->expectTo('The user must be forced to enable two factor authentication');
$I->see('Your role requires 2FA, you won\'t be able to use the application until you enable it');
Yii::$app->user->logout();
$I->amGoingTo('try to login with correct credentials when two factor authentication is disabled on the module');
Yii::$app->getModule('user')->enableTwoFactorAuthentication = false;
$I->amOnRoute('/user/security/login');
$I->amGoingTo('try to login with correct credentials');
$user = $I->grabFixture('user', 'user');
$I->fillField('#loginform-login', $user->email);
$I->fillField('#loginform-password', 'qwerty');
$I->click('Sign in');
$I->dontSee('Login');
$I->see('Logout');