Initial commit
This commit is contained in:
		
							
								
								
									
										298
									
								
								pma/libraries/classes/TwoFactor.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										298
									
								
								pma/libraries/classes/TwoFactor.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,298 @@ | ||||
| <?php | ||||
| /** | ||||
|  * Two authentication factor handling | ||||
|  */ | ||||
|  | ||||
| declare(strict_types=1); | ||||
|  | ||||
| namespace PhpMyAdmin; | ||||
|  | ||||
| use PhpMyAdmin\Plugins\TwoFactor\Application; | ||||
| use PhpMyAdmin\Plugins\TwoFactor\Invalid; | ||||
| use PhpMyAdmin\Plugins\TwoFactor\Key; | ||||
| use PhpMyAdmin\Plugins\TwoFactorPlugin; | ||||
| use PragmaRX\Google2FAQRCode\Google2FA; | ||||
| use Samyoul\U2F\U2FServer\U2FServer; | ||||
| use function array_merge; | ||||
| use function class_exists; | ||||
| use function in_array; | ||||
| use function ucfirst; | ||||
|  | ||||
| /** | ||||
|  * Two factor authentication wrapper class | ||||
|  */ | ||||
| class TwoFactor | ||||
| { | ||||
|     /** @var string */ | ||||
|     public $user; | ||||
|  | ||||
|     /** @var array */ | ||||
|     public $config; | ||||
|  | ||||
|     /** @var bool */ | ||||
|     protected $writable; | ||||
|  | ||||
|     /** @var TwoFactorPlugin */ | ||||
|     protected $backend; | ||||
|  | ||||
|     /** @var array */ | ||||
|     protected $available; | ||||
|  | ||||
|     /** @var UserPreferences */ | ||||
|     private $userPreferences; | ||||
|  | ||||
|     /** | ||||
|      * Creates new TwoFactor object | ||||
|      * | ||||
|      * @param string $user User name | ||||
|      */ | ||||
|     public function __construct($user) | ||||
|     { | ||||
|         global $dbi; | ||||
|  | ||||
|         $dbi->initRelationParamsCache(); | ||||
|  | ||||
|         $this->userPreferences = new UserPreferences(); | ||||
|         $this->user = $user; | ||||
|         $this->available = $this->getAvailableBackends(); | ||||
|         $this->config = $this->readConfig(); | ||||
|         $this->writable = ($this->config['type'] === 'db'); | ||||
|         $this->backend = $this->getBackendForCurrentUser(); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Reads the configuration | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public function readConfig() | ||||
|     { | ||||
|         $result = []; | ||||
|         $config = $this->userPreferences->load(); | ||||
|         if (isset($config['config_data']['2fa'])) { | ||||
|             $result = $config['config_data']['2fa']; | ||||
|         } | ||||
|         $result['type'] = $config['type']; | ||||
|         if (! isset($result['backend'])) { | ||||
|             $result['backend'] = ''; | ||||
|         } | ||||
|         if (! isset($result['settings'])) { | ||||
|             $result['settings'] = []; | ||||
|         } | ||||
|  | ||||
|         return $result; | ||||
|     } | ||||
|  | ||||
|     public function isWritable(): bool | ||||
|     { | ||||
|         return $this->writable; | ||||
|     } | ||||
|  | ||||
|     public function getBackend(): TwoFactorPlugin | ||||
|     { | ||||
|         return $this->backend; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getAvailable(): array | ||||
|     { | ||||
|         return $this->available; | ||||
|     } | ||||
|  | ||||
|     public function showSubmit(): bool | ||||
|     { | ||||
|         $backend = $this->backend; | ||||
|  | ||||
|         return $backend::$showSubmit; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Returns list of available backends | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getAvailableBackends() | ||||
|     { | ||||
|         $result = []; | ||||
|         if ($GLOBALS['cfg']['DBG']['simple2fa']) { | ||||
|             $result[] = 'simple'; | ||||
|         } | ||||
|         if (class_exists(Google2FA::class)) { | ||||
|             $result[] = 'application'; | ||||
|         } | ||||
|         if (class_exists(U2FServer::class)) { | ||||
|             $result[] = 'key'; | ||||
|         } | ||||
|  | ||||
|         return $result; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Returns list of missing dependencies | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getMissingDeps() | ||||
|     { | ||||
|         $result = []; | ||||
|         if (! class_exists(Google2FA::class)) { | ||||
|             $result[] = [ | ||||
|                 'class' => Application::getName(), | ||||
|                 'dep' => 'pragmarx/google2fa-qrcode', | ||||
|             ]; | ||||
|         } | ||||
|         if (! class_exists('BaconQrCode\Renderer\Image\Png')) { | ||||
|             $result[] = [ | ||||
|                 'class' => Application::getName(), | ||||
|                 'dep' => 'bacon/bacon-qr-code', | ||||
|             ]; | ||||
|         } | ||||
|         if (! class_exists(U2FServer::class)) { | ||||
|             $result[] = [ | ||||
|                 'class' => Key::getName(), | ||||
|                 'dep' => 'samyoul/u2f-php-server', | ||||
|             ]; | ||||
|         } | ||||
|  | ||||
|         return $result; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Returns class name for given name | ||||
|      * | ||||
|      * @param string $name Backend name | ||||
|      * | ||||
|      * @return string | ||||
|      */ | ||||
|     public function getBackendClass($name) | ||||
|     { | ||||
|         $result = TwoFactorPlugin::class; | ||||
|         if (in_array($name, $this->available)) { | ||||
|             $result = 'PhpMyAdmin\\Plugins\\TwoFactor\\' . ucfirst($name); | ||||
|         } elseif (! empty($name)) { | ||||
|             $result = Invalid::class; | ||||
|         } | ||||
|  | ||||
|         return $result; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Returns backend for current user | ||||
|      * | ||||
|      * @return TwoFactorPlugin | ||||
|      */ | ||||
|     public function getBackendForCurrentUser() | ||||
|     { | ||||
|         $name = $this->getBackendClass($this->config['backend']); | ||||
|  | ||||
|         return new $name($this); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Checks authentication, returns true on success | ||||
|      * | ||||
|      * @param bool $skip_session Skip session cache | ||||
|      * | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function check($skip_session = false) | ||||
|     { | ||||
|         if ($skip_session) { | ||||
|             return $this->backend->check(); | ||||
|         } | ||||
|         if (empty($_SESSION['two_factor_check'])) { | ||||
|             $_SESSION['two_factor_check'] = $this->backend->check(); | ||||
|         } | ||||
|  | ||||
|         return $_SESSION['two_factor_check']; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Renders user interface to enter two-factor authentication | ||||
|      * | ||||
|      * @return string HTML code | ||||
|      */ | ||||
|     public function render() | ||||
|     { | ||||
|         return $this->backend->getError() . $this->backend->render(); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Renders user interface to configure two-factor authentication | ||||
|      * | ||||
|      * @return string HTML code | ||||
|      */ | ||||
|     public function setup() | ||||
|     { | ||||
|         return $this->backend->getError() . $this->backend->setup(); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Saves current configuration. | ||||
|      * | ||||
|      * @return true|Message | ||||
|      */ | ||||
|     public function save() | ||||
|     { | ||||
|         return $this->userPreferences->persistOption('2fa', $this->config, null); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Changes two-factor authentication settings | ||||
|      * | ||||
|      * The object might stay in partially changed setup | ||||
|      * if configuration fails. | ||||
|      * | ||||
|      * @param string $name Backend name | ||||
|      * | ||||
|      * @return bool | ||||
|      */ | ||||
|     public function configure($name) | ||||
|     { | ||||
|         $this->config = ['backend' => $name]; | ||||
|         if ($name === '') { | ||||
|             $cls = $this->getBackendClass($name); | ||||
|             $this->config['settings'] = []; | ||||
|             $this->backend = new $cls($this); | ||||
|         } else { | ||||
|             if (! in_array($name, $this->available)) { | ||||
|                 return false; | ||||
|             } | ||||
|             $cls = $this->getBackendClass($name); | ||||
|             $this->config['settings'] = []; | ||||
|             $this->backend = new $cls($this); | ||||
|             if (! $this->backend->configure()) { | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|         $result = $this->save(); | ||||
|         if ($result !== true) { | ||||
|             echo $result->getDisplay(); | ||||
|         } | ||||
|  | ||||
|         return true; | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|      * Returns array with all available backends | ||||
|      * | ||||
|      * @return array | ||||
|      */ | ||||
|     public function getAllBackends() | ||||
|     { | ||||
|         $all = array_merge([''], $this->available); | ||||
|         $backends = []; | ||||
|         foreach ($all as $name) { | ||||
|             $cls = $this->getBackendClass($name); | ||||
|             $backends[] = [ | ||||
|                 'id' => $cls::$id, | ||||
|                 'name' => $cls::getName(), | ||||
|                 'description' => $cls::getDescription(), | ||||
|             ]; | ||||
|         } | ||||
|  | ||||
|         return $backends; | ||||
|     } | ||||
| } | ||||
		Reference in New Issue
	
	Block a user