hocusfokus/hocusfokus-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade to 3.7.1

Browse Source
This commit is contained in:
Bastian Allgeier
2022-07-12 13:33:21 +02:00
parent 7931eb5e47
commit 1ad1eaf387
377 changed files with 63981 additions and 63824 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
kirby/src/Cms/Auth/Challenge.php
View File

@@ -16,48 +16,48 @@ use Kirby\Cms\User;
*/
abstract class Challenge
{
/**
* Checks whether the challenge is available
* for the passed user and purpose
*
* @param \Kirby\Cms\User $user User the code will be generated for
* @param string $mode Purpose of the code ('login', 'reset' or '2fa')
* @return bool
*/
abstract public static function isAvailable(User $user, string $mode): bool;
/**
* Checks whether the challenge is available
* for the passed user and purpose
*
* @param \Kirby\Cms\User $user User the code will be generated for
* @param string $mode Purpose of the code ('login', 'reset' or '2fa')
* @return bool
*/
abstract public static function isAvailable(User $user, string $mode): bool;
/**
* Generates a random one-time auth code and returns that code
* for later verification
*
* @param \Kirby\Cms\User $user User to generate the code for
* @param array $options Details of the challenge request:
* - 'mode': Purpose of the code ('login', 'reset' or '2fa')
* - 'timeout': Number of seconds the code will be valid for
* @return string|null The generated and sent code or `null` in case
* there was no code to generate by this algorithm
*/
abstract public static function create(User $user, array $options): ?string;
/**
* Generates a random one-time auth code and returns that code
* for later verification
*
* @param \Kirby\Cms\User $user User to generate the code for
* @param array $options Details of the challenge request:
* - 'mode': Purpose of the code ('login', 'reset' or '2fa')
* - 'timeout': Number of seconds the code will be valid for
* @return string|null The generated and sent code or `null` in case
* there was no code to generate by this algorithm
*/
abstract public static function create(User $user, array $options): ?string;
/**
* Verifies the provided code against the created one;
* default implementation that checks the code that was
* returned from the `create()` method
*
* @param \Kirby\Cms\User $user User to check the code for
* @param string $code Code to verify
* @return bool
*/
public static function verify(User $user, string $code): bool
{
$hash = $user->kirby()->session()->get('kirby.challenge.code');
if (is_string($hash) !== true) {
return false;
}
/**
* Verifies the provided code against the created one;
* default implementation that checks the code that was
* returned from the `create()` method
*
* @param \Kirby\Cms\User $user User to check the code for
* @param string $code Code to verify
* @return bool
*/
public static function verify(User $user, string $code): bool
{
$hash = $user->kirby()->session()->get('kirby.challenge.code');
if (is_string($hash) !== true) {
return false;
}
// normalize the formatting in the user-provided code
$code = str_replace(' ', '', $code);
// normalize the formatting in the user-provided code
$code = str_replace(' ', '', $code);
return password_verify($code, $hash);
}
return password_verify($code, $hash);
}
}

102
kirby/src/Cms/Auth/EmailChallenge.php
View File

@@ -18,60 +18,60 @@ use Kirby\Toolkit\Str;
*/
class EmailChallenge extends Challenge
{
/**
* Checks whether the challenge is available
* for the passed user and purpose
*
* @param \Kirby\Cms\User $user User the code will be generated for
* @param string $mode Purpose of the code ('login', 'reset' or '2fa')
* @return bool
*/
public static function isAvailable(User $user, string $mode): bool
{
return true;
}
/**
* Checks whether the challenge is available
* for the passed user and purpose
*
* @param \Kirby\Cms\User $user User the code will be generated for
* @param string $mode Purpose of the code ('login', 'reset' or '2fa')
* @return bool
*/
public static function isAvailable(User $user, string $mode): bool
{
return true;
}
/**
* Generates a random one-time auth code and returns that code
* for later verification
*
* @param \Kirby\Cms\User $user User to generate the code for
* @param array $options Details of the challenge request:
* - 'mode': Purpose of the code ('login', 'reset' or '2fa')
* - 'timeout': Number of seconds the code will be valid for
* @return string The generated and sent code
*/
public static function create(User $user, array $options): string
{
$code = Str::random(6, 'num');
/**
* Generates a random one-time auth code and returns that code
* for later verification
*
* @param \Kirby\Cms\User $user User to generate the code for
* @param array $options Details of the challenge request:
* - 'mode': Purpose of the code ('login', 'reset' or '2fa')
* - 'timeout': Number of seconds the code will be valid for
* @return string The generated and sent code
*/
public static function create(User $user, array $options): string
{
$code = Str::random(6, 'num');
// insert a space in the middle for easier readability
$formatted = substr($code, 0, 3) . ' ' . substr($code, 3, 3);
// insert a space in the middle for easier readability
$formatted = substr($code, 0, 3) . ' ' . substr($code, 3, 3);
// use the login templates for 2FA
$mode = $options['mode'];
if ($mode === '2fa') {
$mode = 'login';
}
// use the login templates for 2FA
$mode = $options['mode'];
if ($mode === '2fa') {
$mode = 'login';
}
$kirby = $user->kirby();
$kirby->email([
'from' => $kirby->option('auth.challenge.email.from', 'noreply@' . $kirby->url('index', true)->host()),
'fromName' => $kirby->option('auth.challenge.email.fromName', $kirby->site()->title()),
'to' => $user,
'subject' => $kirby->option(
'auth.challenge.email.subject',
I18n::translate('login.email.' . $mode . '.subject', null, $user->language())
),
'template' => 'auth/' . $mode,
'data' => [
'user' => $user,
'site' => $kirby->system()->title(),
'code' => $formatted,
'timeout' => round($options['timeout'] / 60)
]
]);
$kirby = $user->kirby();
$kirby->email([
'from' => $kirby->option('auth.challenge.email.from', 'noreply@' . $kirby->url('index', true)->host()),
'fromName' => $kirby->option('auth.challenge.email.fromName', $kirby->site()->title()),
'to' => $user,
'subject' => $kirby->option(
'auth.challenge.email.subject',
I18n::translate('login.email.' . $mode . '.subject', null, $user->language())
),
'template' => 'auth/' . $mode,
'data' => [
'user' => $user,
'site' => $kirby->system()->title(),
'code' => $formatted,
'timeout' => round($options['timeout'] / 60)
]
]);
return $code;
}
return $code;
}
}

354
kirby/src/Cms/Auth/Status.php
View File

@@ -19,201 +19,201 @@ use Kirby\Toolkit\Properties;
*/
class Status
{
use Properties;
use Properties;
/**
* Type of the active challenge
*
* @var string|null
*/
protected $challenge = null;
/**
* Type of the active challenge
*
* @var string|null
*/
protected $challenge = null;
/**
* Challenge type to use as a fallback
* when $challenge is `null`
*
* @var string|null
*/
protected $challengeFallback = null;
/**
* Challenge type to use as a fallback
* when $challenge is `null`
*
* @var string|null
*/
protected $challengeFallback = null;
/**
* Email address of the current/pending user
*
* @var string|null
*/
protected $email = null;
/**
* Email address of the current/pending user
*
* @var string|null
*/
protected $email = null;
/**
* Kirby instance for user lookup
*
* @var \Kirby\Cms\App
*/
protected $kirby;
/**
* Kirby instance for user lookup
*
* @var \Kirby\Cms\App
*/
protected $kirby;
/**
* Authentication status:
* `active|impersonated|pending|inactive`
*
* @var string
*/
protected $status;
/**
* Authentication status:
* `active|impersonated|pending|inactive`
*
* @var string
*/
protected $status;
/**
* Class constructor
*
* @param array $props
*/
public function __construct(array $props)
{
$this->setProperties($props);
}
/**
* Class constructor
*
* @param array $props
*/
public function __construct(array $props)
{
$this->setProperties($props);
}
/**
* Returns the authentication status
*
* @return string
*/
public function __toString(): string
{
return $this->status();
}
/**
* Returns the authentication status
*
* @return string
*/
public function __toString(): string
{
return $this->status();
}
/**
* Returns the type of the active challenge
*
* @param bool $automaticFallback If set to `false`, no faked challenge is returned;
* WARNING: never send the resulting `null` value to the
* user to avoid leaking whether the pending user exists
* @return string|null
*/
public function challenge(bool $automaticFallback = true): ?string
{
// never return a challenge type if the status doesn't match
if ($this->status() !== 'pending') {
return null;
}
/**
* Returns the type of the active challenge
*
* @param bool $automaticFallback If set to `false`, no faked challenge is returned;
* WARNING: never send the resulting `null` value to the
* user to avoid leaking whether the pending user exists
* @return string|null
*/
public function challenge(bool $automaticFallback = true): ?string
{
// never return a challenge type if the status doesn't match
if ($this->status() !== 'pending') {
return null;
}
if ($automaticFallback === false) {
return $this->challenge;
} else {
return $this->challenge ?? $this->challengeFallback;
}
}
if ($automaticFallback === false) {
return $this->challenge;
} else {
return $this->challenge ?? $this->challengeFallback;
}
}
/**
* Returns the email address of the current/pending user
*
* @return string|null
*/
public function email(): ?string
{
return $this->email;
}
/**
* Returns the email address of the current/pending user
*
* @return string|null
*/
public function email(): ?string
{
return $this->email;
}
/**
* Returns the authentication status
*
* @return string `active|impersonated|pending|inactive`
*/
public function status(): string
{
return $this->status;
}
/**
* Returns the authentication status
*
* @return string `active|impersonated|pending|inactive`
*/
public function status(): string
{
return $this->status;
}
/**
* Returns an array with all public status data
*
* @return array
*/
public function toArray(): array
{
return [
'challenge' => $this->challenge(),
'email' => $this->email(),
'status' => $this->status()
];
}
/**
* Returns an array with all public status data
*
* @return array
*/
public function toArray(): array
{
return [
'challenge' => $this->challenge(),
'email' => $this->email(),
'status' => $this->status()
];
}
/**
* Returns the currently logged in user
*
* @return \Kirby\Cms\User
*/
public function user()
{
// for security, only return the user if they are
// already logged in
if (in_array($this->status(), ['active', 'impersonated']) !== true) {
return null;
}
/**
* Returns the currently logged in user
*
* @return \Kirby\Cms\User
*/
public function user()
{
// for security, only return the user if they are
// already logged in
if (in_array($this->status(), ['active', 'impersonated']) !== true) {
return null;
}
return $this->kirby->user($this->email());
}
return $this->kirby->user($this->email());
}
/**
* Sets the type of the active challenge
*
* @param string|null $challenge
* @return $this
*/
protected function setChallenge(?string $challenge = null)
{
$this->challenge = $challenge;
return $this;
}
/**
* Sets the type of the active challenge
*
* @param string|null $challenge
* @return $this
*/
protected function setChallenge(?string $challenge = null)
{
$this->challenge = $challenge;
return $this;
}
/**
* Sets the challenge type to use as
* a fallback when $challenge is `null`
*
* @param string|null $challengeFallback
* @return $this
*/
protected function setChallengeFallback(?string $challengeFallback = null)
{
$this->challengeFallback = $challengeFallback;
return $this;
}
/**
* Sets the challenge type to use as
* a fallback when $challenge is `null`
*
* @param string|null $challengeFallback
* @return $this
*/
protected function setChallengeFallback(?string $challengeFallback = null)
{
$this->challengeFallback = $challengeFallback;
return $this;
}
/**
* Sets the email address of the current/pending user
*
* @param string|null $email
* @return $this
*/
protected function setEmail(?string $email = null)
{
$this->email = $email;
return $this;
}
/**
* Sets the email address of the current/pending user
*
* @param string|null $email
* @return $this
*/
protected function setEmail(?string $email = null)
{
$this->email = $email;
return $this;
}
/**
* Sets the Kirby instance for user lookup
*
* @param \Kirby\Cms\App $kirby
* @return $this
*/
protected function setKirby(App $kirby)
{
$this->kirby = $kirby;
return $this;
}
/**
* Sets the Kirby instance for user lookup
*
* @param \Kirby\Cms\App $kirby
* @return $this
*/
protected function setKirby(App $kirby)
{
$this->kirby = $kirby;
return $this;
}
/**
* Sets the authentication status
*
* @param string $status `active|impersonated|pending|inactive`
* @return $this
*/
protected function setStatus(string $status)
{
if (in_array($status, ['active', 'impersonated', 'pending', 'inactive']) !== true) {
throw new InvalidArgumentException([
'data' => ['argument' => '$props[\'status\']', 'method' => 'Status::__construct']
]);
}
/**
* Sets the authentication status
*
* @param string $status `active|impersonated|pending|inactive`
* @return $this
*/
protected function setStatus(string $status)
{
if (in_array($status, ['active', 'impersonated', 'pending', 'inactive']) !== true) {
throw new InvalidArgumentException([
'data' => ['argument' => '$props[\'status\']', 'method' => 'Status::__construct']
]);
}
$this->status = $status;
return $this;
}
$this->status = $status;
return $this;
}
}