Merge pull request #50 from silinternational/develop

warn users of depleting codes

Author: longrunningprocess

README.md

@@ -53,21 +53,11 @@ public function safeUp()
             [ 3  , 1      ,'$2y$10$rA5MdrbEcmbCiqtAgPXnYeBCEKc.AnylPArnamyu.x4DS/A0/0/4i', MySqlDateTime::now()], // 77802769
             [ 4  , 1      ,'$2y$10$JsiRI/W/FLfZzJLPj8umKeXP.rvsOW4aYQO5mOEOwGkBPpKhKWT2K', MySqlDateTime::now()], // 01970541
             [ 5  , 1      ,'$2y$10$NWw0.DPBSm.bjQoSck8xbeqJgENUhE/WazmHmsEtWoxs/UKaIdkUq', MySqlDateTime::now()], // 37771076
-            [ 6  , 1      ,'$2y$10$KE2849CaFCh4FNy61QfZfO5.3KIakJ0Ri.diDYrTA6DY5FUcUkiTS', MySqlDateTime::now()], // 39178450
-            [ 7  , 1      ,'$2y$10$RqIdEzZ0t9dN6XEbCv9saeR91jmhhnAU0IygG2vbkToJtnjVvPOA.', MySqlDateTime::now()], // 01813404
-            [ 8  , 1      ,'$2y$10$iiokti/0BscHBdId9GMDeeycdJUbhu3CySBptid4WjlT3ByYSITkq', MySqlDateTime::now()], // 00416843
-            [ 9  , 1      ,'$2y$10$cICT0MhQ81/dEWYK/kY/LO2VMYvkoqd1/euP5OG7u5V6FRrSBEY6i', MySqlDateTime::now()], // 90068701
-            [ 10 , 1      ,'$2y$10$OzQeTZlUGLOa0Q6Wm2zViuqV4CLzlkJxu8Sjli/v.JI0oYzj.B7um', MySqlDateTime::now()], // 35775442
-            [ 11 , 4      ,'$2y$10$j/V6zcotFES8MkVmgRaiMe2E6DV1qjmO8UhUoJQD0/.p6LhZddGn2', MySqlDateTime::now()], // 94923279
-            [ 12 , 4      ,'$2y$10$If6srqyKGBag/x.nPDBeau9bjNR1RZgxqRVKhdRhJk2PkbOn5rKNS', MySqlDateTime::now()], // 82743523
-            [ 13 , 4      ,'$2y$10$rA5MdrbEcmbCiqtAgPXnYeBCEKc.AnylPArnamyu.x4DS/A0/0/4i', MySqlDateTime::now()], // 77802769
-            [ 14 , 4      ,'$2y$10$JsiRI/W/FLfZzJLPj8umKeXP.rvsOW4aYQO5mOEOwGkBPpKhKWT2K', MySqlDateTime::now()], // 01970541
-            [ 15 , 4      ,'$2y$10$NWw0.DPBSm.bjQoSck8xbeqJgENUhE/WazmHmsEtWoxs/UKaIdkUq', MySqlDateTime::now()], // 37771076
-            [ 16 , 4      ,'$2y$10$KE2849CaFCh4FNy61QfZfO5.3KIakJ0Ri.diDYrTA6DY5FUcUkiTS', MySqlDateTime::now()], // 39178450
-            [ 17 , 4      ,'$2y$10$RqIdEzZ0t9dN6XEbCv9saeR91jmhhnAU0IygG2vbkToJtnjVvPOA.', MySqlDateTime::now()], // 01813404
-            [ 18 , 4      ,'$2y$10$iiokti/0BscHBdId9GMDeeycdJUbhu3CySBptid4WjlT3ByYSITkq', MySqlDateTime::now()], // 00416843
-            [ 19 , 4      ,'$2y$10$cICT0MhQ81/dEWYK/kY/LO2VMYvkoqd1/euP5OG7u5V6FRrSBEY6i', MySqlDateTime::now()], // 90068701
-            [ 20 , 4      ,'$2y$10$OzQeTZlUGLOa0Q6Wm2zViuqV4CLzlkJxu8Sjli/v.JI0oYzj.B7um', MySqlDateTime::now()], // 35775442
+            [ 6  , 4      ,'$2y$10$j/V6zcotFES8MkVmgRaiMe2E6DV1qjmO8UhUoJQD0/.p6LhZddGn2', MySqlDateTime::now()], // 94923279
+            [ 7  , 4      ,'$2y$10$If6srqyKGBag/x.nPDBeau9bjNR1RZgxqRVKhdRhJk2PkbOn5rKNS', MySqlDateTime::now()], // 82743523
+            [ 8  , 4      ,'$2y$10$rA5MdrbEcmbCiqtAgPXnYeBCEKc.AnylPArnamyu.x4DS/A0/0/4i', MySqlDateTime::now()], // 77802769
+            [ 9  , 4      ,'$2y$10$JsiRI/W/FLfZzJLPj8umKeXP.rvsOW4aYQO5mOEOwGkBPpKhKWT2K', MySqlDateTime::now()], // 01970541
+            [ 10 , 4      ,'$2y$10$NWw0.DPBSm.bjQoSck8xbeqJgENUhE/WazmHmsEtWoxs/UKaIdkUq', MySqlDateTime::now()], // 37771076
         ]);
     }
 

development/idp4/m991231_235959_insert_mfa_test_users.php

@@ -132,6 +132,36 @@
 		"fr": "Votre compte nécessite une sécurité supplémentaire, vous devez configurer la vérification en deux étapes en ce moment",
 		"ko": "계정에 대한 추가 보안이 필요하므로 지금 2 단계 인증을 설정해야합니다."
 	},
+	"running_out_header": {
+		"en": "Almost out of printable codes",
+		"es": "Casi sin códigos imprimibles",
+		"fr": "Codes imprimables presque épuisés",
+		"ko": "인쇄 ​가능한 ​코드​가 거의 남지 않았습니다"
+	},
+	"running_out_info": {
+		"en": "You only have {numBackupCodesRemaining} more left.",
+		"es": "Solo tiene {numBackupCodesRemaining} más disponible.",
+		"fr": "Vous avez seulement {numBackupCodesRemaining} qui restent.",
+		"ko": "{numBackupCodesRemaining} 만 남았습니다."
+	},
+	"no_more_codes_header": {
+		"en": "Last printable code used",
+		"es": "Último código imprimible utilizado",
+		"fr": "Dernier code imprimable utilisé",
+		"ko": "​​마지막 인쇄 가능 코드가​​ ​사용되었습니다."
+	},
+	"has_options_besides_codes": {
+		"en": "Thankfully you do have other 2-Step Verification options set up but you should create more Printable codes if you plan to need them in the future.",
+		"es": "Afortunadamente, tiene otras opciones de verificación en dos pasos configuradas, pero debe crear más códigos imprimibles si planea necesitarlos en el futuro.",
+		"fr": "Heureusement, vous avez d'autres options de vérification en deux étapes, mais vous devriez créer plus de codes imprimables si vous prévoyez en avoir besoin à l'avenir.",
+		"ko": "다른 2 단계 인증 옵션​은​ 설정​ 되었으나​ ​인쇄 가능 코드가 나중에 ​필요할 ​것으로 ​예상되면​ 코드를 ​더 ​만들어야​ ​합니다."
+	},
+	"has_no_more_options": {
+		"en": "Since you do not have any other 2-Step Verification options set up at this time, you will need to get more Printable codes before another one is required.",
+		"es": "Como no tiene configuradas otras opciones de verificación en dos pasos en este momento, necesitará obtener más códigos imprimibles antes de que se requiera otro.",
+		"fr": "Comme aucune autre option de vérification en deux étapes n'est configurée pour l'instant, vous devez obtenir davantage de codes imprimables avant d'en avoir besoin d'un autre.",
+		"ko": "코드​가 요구되기 전에 인쇄 가능 코드를​ 더 가져와야​ ​합니다."
+	},
 	"use_others": {
 		"en": "More options",
 		"es": "Mas opciones",
@@ -192,6 +222,12 @@
 		"fr": "Essayer de nouveau",
 		"ko": "다시 시도"
 	},
+	"button_get_more": {
+		"en": "Get more",
+		"es": "Obtenga más",
+		"fr": "Avoir plus",
+		"ko": "더​ ​​가져오기"
+	},
 	"remember_this": {
 		"en": "Remember this browser for 30 days",
 		"es": "Recuerde esta navegador por 30 días",

dictionaries/mfa.definition.json

@@ -117,7 +117,7 @@ services:
       MYSQL_DATABASE: "silauth"
       MYSQL_USER: "user"
       MYSQL_PASSWORD: "pass"
-      ID_BROKER_ACCESS_TOKEN: "arc-cli-abc123"
+      ID_BROKER_ACCESS_TOKEN: "test-cli-abc123"
       ID_BROKER_ASSERT_VALID_IP: "false"
       ID_BROKER_BASE_URI: "http://broker"
       REMEMBER_ME_SECRET: "dummy"
@@ -151,8 +151,14 @@ services:
       MYSQL_PASSWORD: "pass"
       EMAIL_SERVICE_accessToken: "dummy"
       EMAIL_SERVICE_assertValidIp: "false"
-      EMAIL_SERVICE_baseUrl: "localhost"
-      API_ACCESS_KEYS: "arc-cli-abc123"
+      EMAIL_SERVICE_baseUrl: "dummy"
+      EMAILER_CLASS: Sil\SilIdBroker\Behat\Context\fakes\FakeEmailer
+      HELP_CENTER_URL: "https://example.org/help"
+      PASSWORD_FORGOT_URL: "https://example.org/forgot"
+      PASSWORD_PROFILE_URL: "https://example.org/profile"
+      SUPPORT_EMAIL: "support@example.org"
+      EMAIL_SIGNATURE: "one red pill, please"
+      API_ACCESS_KEYS: "test-cli-abc123"
       APP_ENV: "dev"
       MIGRATE_PW_FROM_LDAP: "false"
     command: ["bash", "-c", "whenavail brokerDb 3306 60 ./yii migrate --interactive=0 && ./run.sh"]

docker-compose.yml

@@ -32,7 +32,7 @@
 $colors = htmlentities($this->configuration->getValue('theme.color-scheme') ?: 'indigo-purple');
 ?>
 <link rel="stylesheet" href="material.<?= $colors ?>.1.2.1.min.css">
-<link rel="stylesheet" href="styles.2.2.3.css">
+<link rel="stylesheet" href="styles.2.2.4.css">
 
 <script async src="material.1.2.1.min.js"></script>
 

themes/material/common-head-elements.php

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title><?= $this->t('{material:mfa:title}') ?></title>
+
+    <?php include __DIR__ . '/../common-head-elements.php' ?>
+</head>
+<body class="gradient-bg">
+<div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+    <header class="mdl-layout__header">
+        <div class="mdl-layout__header-row">
+            <span class="mdl-layout-title">
+                <?= $this->t('{material:mfa:header}') ?>
+            </span>
+        </div>
+    </header>
+    <main class="mdl-layout__content" layout-children="column">
+        <form layout-children="column" method="post">
+            <div class="mdl-card mdl-shadow--8dp">
+                <div class="mdl-card__media white-bg margin" layout-children="column">
+                    <i class="mdl-color-text--red error material-icons mdl-typography--display-4">warning</i>
+                </div>
+
+                <div class="mdl-card__title center">
+                    <h1 class="mdl-card__title-text">
+                        <?= $this->t('{material:mfa:running_out_header}') ?>
+                    </h1>
+                </div>
+
+                <div class="mdl-card__title center" >
+                    <p class="mdl-card__subtitle-text">
+                        <?= $this->t('{material:mfa:running_out_info}', ['{numBackupCodesRemaining}' => (int)$this->data['numBackupCodesRemaining']]) ?>
+                    </p>
+                </div>
+
+                <div class="mdl-card__actions" layout-children="row">
+                    <button name="continue" class="mdl-button">
+                        <?= $this->t('{material:mfa:button_later}') ?>
+                    </button>
+
+                    <span flex></span>
+
+                    <button name="setUpMfa" class="mdl-button mdl-button--raised mdl-button--primary">
+                        <?= $this->t('{material:mfa:button_get_more}') ?>
+                    </button>
+                </div>
+            </div>
+        </form>
+    </main>
+</div>
+</body>
+</html>

themes/material/mfa/low-on-backup-codes.php

@@ -39,17 +39,15 @@
                     <?php
                     $url = $this->data['learnMoreUrl'] ?? null;
                     if (! empty($url)) {
-                        ?>
-                        <a href="<?= htmlentities($url) ?>" target="_blank"
-                           class="mdl-button mdl-button--primary margin">
-                            <?= $this->t('{material:mfa:button_learn_more}') ?>
-                        </a>
-                        <?php
+                    ?>
+                    <a href="<?= htmlentities($url) ?>" target="_blank" class="mdl-button mdl-button--primary margin">
+                        <?= $this->t('{material:mfa:button_learn_more}') ?>
+                    </a>
+                    <?php
                     }
                     ?>
 
-                    <button name="setUpMfa"
-                            class="mdl-button mdl-button--raised mdl-button--primary">
+                    <button name="setUpMfa" class="mdl-button mdl-button--raised mdl-button--primary">
                         <?= $this->t('{material:mfa:button_set_up}') ?>
                     </button>
                 </div>

themes/material/mfa/must-set-up-mfa.php

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title><?= $this->t('{material:mfa:title}') ?></title>
+
+    <?php include __DIR__ . '/../common-head-elements.php' ?>
+</head>
+<body class="gradient-bg">
+<div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+    <header class="mdl-layout__header">
+        <div class="mdl-layout__header-row">
+            <span class="mdl-layout-title">
+                <?= $this->t('{material:mfa:header}') ?>
+            </span>
+        </div>
+    </header>
+    <main class="mdl-layout__content" layout-children="column">
+        <form layout-children="column" method="post">
+            <div class="mdl-card mdl-shadow--8dp">
+                <div class="mdl-card__media white-bg margin" layout-children="column">
+                    <i class="mdl-color-text--red error material-icons mdl-typography--display-4">error</i>
+                </div>
+
+                <div class="mdl-card__title center">
+                    <h1 class="mdl-card__title-text">
+                        <?= $this->t('{material:mfa:no_more_codes_header}') ?>
+                    </h1>
+                </div>
+
+                <div class="mdl-card__title center" >
+                    <p class="mdl-card__subtitle-text">
+                        <?php if ($this->data['hasOtherMfaOptions']): ?>
+                        <?= $this->t('{material:mfa:has_options_besides_codes}') ?>
+                        <?php else: ?>
+                        <?= $this->t('{material:mfa:has_no_more_options}') ?>
+                        <?php endif; ?>
+                    </p>
+                </div>
+
+                <div class="mdl-card__actions" layout-children="row">
+                    <?php if ($this->data['hasOtherMfaOptions']): ?>
+                    <button name="continue" class="mdl-button">
+                        <?= $this->t('{material:mfa:button_later}') ?>
+                    </button>
+                    <?php endif; ?>
+
+                    <span flex></span>
+
+                    <button name="setUpMfa" class="mdl-button mdl-button--raised mdl-button--primary">
+                        <?= $this->t('{material:mfa:button_get_more}') ?>
+                    </button>
+                </div>
+            </div>
+        </form>
+    </main>
+</div>
+</body>
+</html>

themes/material/mfa/out-of-backup-codes.php

@@ -12,8 +12,7 @@ p {
   flex-direction: row;
   align-items: center;
 
-  /* make sure the children break nicely for different browser widths, e.g.,
-     tablet, phone, etc. */
+  /* make sure the children break nicely for different browser widths, e.g., tablet, phone, etc. */
   flex-wrap: wrap;
 }
 
@@ -50,6 +49,9 @@ form p.error > i {
   margin: 0 1em;
 }
 
+i.material-icons.mdl-typography--display-4 {
+  font-size: 112px; /* needed to override font-size established in material icons. */
+}
 .margin {
   margin: 1em;
 }
@@ -168,16 +170,15 @@ form p.error > i {
   color: blue;
 }
 
-/* The font-size in the mdl-textfield was overriding the one in
-   caption since it was defined later in the CSS but the font-size from
-   caption is what was needed here so more specificity required to override
-   it back */
+/* The font-size in the mdl-textfield was overriding the one in caption since 
+   it was defined later in the CSS but the font-size from caption is what was 
+   needed here so more specificity required to override it back */
 .mdl-textfield.mdl-typography--caption {
   font-size: 12px
 }
 
-/* special case where we want a button for all it's built-in characteristics, e.g., primary color,
-   but also want to set the text apart a bit. */
+/* special case where we want a button for all it's built-in characteristics, 
+   e.g., primary color, but also want to set the text apart a bit. */
 .mdl-button.mdl-typography--caption {
   text-transform: none;
   font-size: 12px