From b5e5f4e8c84867b34ae6acbb9088797d46333e06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Wed, 1 Nov 2017 10:59:32 +0100 Subject: [PATCH] Simplify second factor auth API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We now only pass SecondFactor object to plugins, not individual parameters. Signed-off-by: Michal Čihař --- .../Plugins/SecondFactor/Application.php | 23 +++++++------- .../classes/Plugins/SecondFactor/Key.php | 31 +++++-------------- .../classes/Plugins/SecondFactorPlugin.php | 28 +++++------------ libraries/classes/SecondFactor.php | 29 ++++++++--------- test/classes/SecondFactorTest.php | 2 +- 5 files changed, 41 insertions(+), 72 deletions(-) diff --git a/libraries/classes/Plugins/SecondFactor/Application.php b/libraries/classes/Plugins/SecondFactor/Application.php index aa262969d6a5..6853eadd288e 100644 --- a/libraries/classes/Plugins/SecondFactor/Application.php +++ b/libraries/classes/Plugins/SecondFactor/Application.php @@ -8,6 +8,7 @@ namespace PhpMyAdmin\Plugins\SecondFactor; use PhpMyAdmin\Message; +use PhpMyAdmin\SecondFactor; use PhpMyAdmin\Template; use PhpMyAdmin\Plugins\SecondFactorPlugin; use PragmaRX\Google2FA\Google2FA; @@ -31,14 +32,16 @@ class Application extends SecondFactorPlugin /** * Creates object * - * @param string $user User name - * @param array $config Second factor configuration + * @param SecondFactor $second SecondFactor instance */ - public function __construct($user, $config) + public function __construct(SecondFactor $second) { - parent::__construct($user, $config); + parent::__construct($second); $this->_google2fa = new Google2FA(); $this->_google2fa->setWindow(8); + if (!isset($this->_second->config['settings']['secret'])) { + $this->_second->config['settings']['secret'] = ''; + } } /** @@ -53,8 +56,6 @@ public function __get($property) switch ($property) { case 'google2fa': return $this->_google2fa; - case 'config': - return $this->_config; } } @@ -66,12 +67,12 @@ public function __get($property) public function check() { $this->_provided = false; - if (!isset($_POST['2fa_code']) || !isset($this->_config['secret'])) { + if (!isset($_POST['2fa_code'])) { return false; } $this->_provided = true; return $this->_google2fa->verifyKey( - $this->_config['secret'], $_POST['2fa_code'] + $this->_second->config['settings']['secret'], $_POST['2fa_code'] ); } @@ -104,8 +105,8 @@ public function setup() } $inlineUrl = $this->_google2fa->getQRCodeInline( 'phpMyAdmin', - $this->_user, - $this->_config['secret'] + $this->_second->user, + $this->_second->config['settings']['secret'] ); return Template::get('login/second/application_configure')->render([ 'image' => $inlineUrl, @@ -122,7 +123,7 @@ public function configure() if (! isset($_SESSION['2fa_application_key'])) { $_SESSION['2fa_application_key'] = $this->_google2fa->generateSecretKey(); } - $this->_config['secret'] = $_SESSION['2fa_application_key']; + $this->_second->config['settings']['secret'] = $_SESSION['2fa_application_key']; $result = $this->check(); if ($result) { diff --git a/libraries/classes/Plugins/SecondFactor/Key.php b/libraries/classes/Plugins/SecondFactor/Key.php index aa296241504c..f04f607c49d0 100644 --- a/libraries/classes/Plugins/SecondFactor/Key.php +++ b/libraries/classes/Plugins/SecondFactor/Key.php @@ -10,6 +10,7 @@ use PhpMyAdmin\Core; use PhpMyAdmin\Message; use PhpMyAdmin\Response; +use PhpMyAdmin\SecondFactor; use PhpMyAdmin\Template; use PhpMyAdmin\Plugins\SecondFactorPlugin; use Samyoul\U2F\U2FServer\U2FServer; @@ -31,29 +32,13 @@ class Key extends SecondFactorPlugin /** * Creates object * - * @param string $user User name - * @param array $config Second factor configuration + * @param SecondFactor $second SecondFactor instance */ - public function __construct($user, $config) + public function __construct(SecondFactor $second) { - if (!isset($config['registrations'])) { - $config['registrations'] = []; - } - parent::__construct($user, $config); - } - - /** - * Get any property of this class - * - * @param string $property name of the property - * - * @return mixed|void if property exist, value of the relevant property - */ - public function __get($property) - { - switch ($property) { - case 'config': - return $this->_config; + parent::__construct($second); + if (!isset($this->_second->config['settings']['registrations'])) { + $this->_second->config['settings']['registrations'] = []; } } @@ -65,7 +50,7 @@ public function __get($property) public function getRegistrations() { $result = []; - foreach ($this->_config['registrations'] as $data) { + foreach ($this->_second->config['settings']['registrations'] as $data) { $reg = new \StdClass; $reg->keyHandle = $data['keyHandle']; $reg->publicKey = $data['publicKey']; @@ -207,7 +192,7 @@ public function configure() $registration = U2FServer::register( $_SESSION['registrationRequest'], $response ); - $this->_config['registrations'][] = [ + $this->_second->config['settings']['registrations'][] = [ 'keyHandle' => $registration->getKeyHandle(), 'publicKey' => $registration->getPublicKey(), 'certificate' => $registration->getCertificate(), diff --git a/libraries/classes/Plugins/SecondFactorPlugin.php b/libraries/classes/Plugins/SecondFactorPlugin.php index 8a8a534dedeb..fa22c580f5e7 100644 --- a/libraries/classes/Plugins/SecondFactorPlugin.php +++ b/libraries/classes/Plugins/SecondFactorPlugin.php @@ -7,6 +7,8 @@ */ namespace PhpMyAdmin\Plugins; +use PhpMyAdmin\SecondFactor; + /** * Second factor authentication plugin class * @@ -22,24 +24,18 @@ class SecondFactorPlugin public static $id = ''; /** - * @var string + * @var SecondFactor */ - protected $_user; - /** - * @var array - */ - protected $_config; + protected $_second; /** * Creates object * - * @param string $user User name - * @param array $config Second factor configuration + * @param SecondFactor $second SecondFactor instance */ - public function __construct($user, $config) + public function __construct(SecondFactor $second) { - $this->_user = $user; - $this->_config = $config; + $this->_second = $second; } /** @@ -82,16 +78,6 @@ public function configure() return true; } - /** - * Return current configuration - * - * @return array - */ - public function getConfig() - { - return $this->_config; - } - /** * Get user visible name * diff --git a/libraries/classes/SecondFactor.php b/libraries/classes/SecondFactor.php index 958b336ce004..cb24d31cc393 100644 --- a/libraries/classes/SecondFactor.php +++ b/libraries/classes/SecondFactor.php @@ -17,12 +17,12 @@ class SecondFactor /** * @var string */ - protected $_user; + public $user; /** * @var array */ - protected $_config; + public $config; /** * @var boolean @@ -46,10 +46,10 @@ class SecondFactor */ public function __construct($user) { - $this->_user = $user; + $this->user = $user; $this->_available = $this->getAvailable(); - $this->_config = $this->readConfig(); - $this->_writable = ($this->_config['type'] == 'db'); + $this->config = $this->readConfig(); + $this->_writable = ($this->config['type'] == 'db'); $this->_backend = $this->getBackend(); } @@ -91,8 +91,6 @@ public function __get($property) return $this->_available; case 'writable': return $this->_writable; - case 'config': - return $this->_config; } } @@ -139,8 +137,8 @@ public function getBackendClass($name) */ public function getBackend() { - $name = $this->getBackendClass($this->_config['backend']); - return new $name($this->_user, $this->_config['settings']); + $name = $this->getBackendClass($this->config['backend']); + return new $name($this); } /** @@ -193,29 +191,28 @@ public function setup() */ public function configure($name) { - $config = [ + $this->config = [ 'backend' => $name ]; if ($name === '') { $cls = $this->getBackendClass($name); - $this->_backend = new $cls($this->_user, []); - $config['settings'] = []; + $this->config['settings'] = []; + $this->_backend = new $cls($this); } else { if (! in_array($name, $this->_available)) { return false; } $cls = $this->getBackendClass($name); - $this->_backend = new $cls($this->_user, []); + $this->config['settings'] = []; + $this->_backend = new $cls($this); if (! $this->_backend->configure()) { return false; } - $config['settings'] = $this->_backend->getConfig(); } - $result = UserPreferences::persistOption('2fa', $config, null); + $result = UserPreferences::persistOption('2fa', $this->config, null); if ($result !== true) { $result->display(); } - $this->_config = $config['settings']; return true; } } diff --git a/test/classes/SecondFactorTest.php b/test/classes/SecondFactorTest.php index 4bac99a1f516..ce5e7183cce1 100644 --- a/test/classes/SecondFactorTest.php +++ b/test/classes/SecondFactorTest.php @@ -104,7 +104,7 @@ public function testApplication() /* Generate valid code */ $google2fa = $object->backend->google2fa; $_POST['2fa_code'] = $google2fa->oathHotp( - $object->backend->config['secret'], + $object->config['settings']['secret'], $google2fa->getTimestamp() ); $this->assertTrue($object->configure('application'));