Skip to content

Commit dcd54db

Browse files
lippserdjrauh01
authored andcommitted
wip
1 parent 70f2982 commit dcd54db

4 files changed

Lines changed: 28 additions & 1 deletion

File tree

application/controllers/AuthenticationController.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,8 +91,13 @@ public function loginAction()
9191
->sendResponse();
9292
exit;
9393
}
94+
// FORM DOES NOT REDIRECT, IF USER HAS 2FA ENABLED and token hasn't been challenged
9495
$form->handleRequest();
9596
}
97+
// if ($user->has2FA() && irgendwas_mit_session()) {
98+
// // 2 FA form erstellen und zeigen und handeln
99+
// in der session speichern ob der token gepasst hat
100+
// }
96101
$this->view->form = $form;
97102
$this->view->defaultTitle = $this->translate('Icinga Web 2 Login');
98103
$this->view->requiresSetup = $requiresSetup;

application/forms/Authentication/LoginForm.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,18 @@ public function onSuccess()
161161

162162
// Call provided AuthenticationHook(s) after successful login
163163
AuthenticationHook::triggerLogin($user);
164+
165+
// If user has 2FA enabled and the token hasn't been validated, redirect to login again, so that
166+
// the token is challenged.
167+
$redirect = $this->getElement('redirect');
168+
$old = $redirect->getValue();
169+
$new = [];
170+
if ($old) {
171+
$new['redirect'] = $old;
172+
}
173+
$redirect->setValue(Url::fromPath('authentication/login', $new)->getRelativeUrl());
174+
return true;
175+
164176
$this->getResponse()->setRerenderLayout(true);
165177
return true;
166178
}

library/Icinga/Authentication/Auth.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,13 +88,19 @@ public function getAuthChain()
8888
*/
8989
public function isAuthenticated()
9090
{
91+
// return false just for testing. isAuthenticated must return false if the user is authentiacted but has 2FA enabled and the token hasn't been challenged yet.
92+
return false;
93+
9194
if ($this->user !== null) {
9295
return true;
9396
}
9497
$this->authenticateFromSession();
9598
if ($this->user === null && ! $this->authExternal()) {
9699
return false;
97100
}
101+
102+
// real 2fa check from above must happen here
103+
98104
return true;
99105
}
100106

@@ -130,6 +136,7 @@ public function setAuthenticated(User $user, $persist = true)
130136
$this->persistCurrentUser();
131137
}
132138

139+
// don't log if 2fa hasn't been challenged yet
133140
AuditHook::logActivity('login', 'User logged in');
134141
}
135142

@@ -452,5 +459,7 @@ public function setupUser(User $user)
452459
// Load the user's roles
453460
$admissionLoader = new AdmissionLoader();
454461
$admissionLoader->applyRoles($user);
462+
463+
// Set 2FA status from the user preferences in the user obect
455464
}
456465
}

library/Icinga/User/Preferences/PreferencesStore.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -282,8 +282,9 @@ protected function update(array $preferences, string $section): void
282282
}
283283
} catch (Exception $e) {
284284
throw new NotWritableError(
285-
'Cannot update preferences for user %s in database',
285+
'Cannot update preferences for user %s in database: %s',
286286
$this->getUser()->getUsername(),
287+
$e->getMessage(),
287288
$e
288289
);
289290
}

0 commit comments

Comments
 (0)