geolba/tethys.backend
geolba/tethys.backend
2
0
Fork 2
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

- added backup codes for 2 factor authentication
Some checks failed
CI Pipeline / japa-tests (push) Failing after 58s
Details

Browse source 
- npm updates
- coverage validation: elevation ust be positive, depth must be negative
- vinejs-provider.js: get enabled extensions from database, not via validOptions.extnames
- vue components for backup codes: e.g.: PersonalSettings.vue
- validate spaital coverage in leaflet map: draw.component.vue, map.component.vue
- add backup code authentication into Login.vue
- preset to use no preferred reviewer: Release.vue
- 2 new vinejs validation rules: file_scan.ts and file-length.ts
This commit is contained in:
Kaimbacher 2024-07-08 13:52:20 +02:00
parent ac473b1e72
commit 005df2e454
32 changed files with 1416 additions and 526 deletions
Download patch file Download diff file Expand all files Collapse all files

46
app/Controllers/Http/Api/UserController.ts
View file

@ -1,11 +1,11 @@
import type { HttpContext } from '@adonisjs/core/http';
// import TotpSecret from 'App/Models/TotpSecret';
import User from '#models/user';
import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
import { StatusCodes } from 'http-status-codes';
import { InvalidArgumentException } from 'node-exceptions';
import { TotpState } from '#contracts/enums';
import BackupCodeStorage, { SecureRandom } from '#services/backup_code_storage';
import BackupCode from '#models/backup_code';
// Here we are generating secret and recovery codes for the user thats enabling 2FA and storing them to our database.
export default class UserController {
@ -28,15 +28,20 @@ export default class UserController {
case TotpState.STATE_DISABLED:
// user.twoFactorSecret = null;
// user.twoFactorRecoveryCodes = null;
user.twoFactorSecret = "";
user.twoFactorRecoveryCodes = [""];
await BackupCode.deleteCodes(user);
user.twoFactorSecret = '';
// user.twoFactorRecoveryCodes = [''];
await user.save();
user.state = TotpState.STATE_DISABLED;
await user.save();
let storage = new BackupCodeStorage(new SecureRandom());
let backupState = await storage.getBackupCodesState(user);
return response.status(StatusCodes.OK).json({
state: TotpState.STATE_DISABLED,
backupState: backupState,
});
case TotpState.STATE_CREATED:
user.twoFactorSecret = TwoFactorAuthProvider.generateSecret(user);
@ -56,8 +61,8 @@ export default class UserController {
if (!code) {
throw new InvalidArgumentException('code is missing');
}
const success = await TwoFactorAuthProvider.enable(user, code)
const success = await TwoFactorAuthProvider.enable(user, code);
return response.status(StatusCodes.OK).json({
state: success ? TotpState.STATE_ENABLED : TotpState.STATE_CREATED,
});
@ -79,4 +84,31 @@ export default class UserController {
// recoveryCodes: user.twoFactorRecoveryCodes,
// });
// }
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @return JSONResponse
*/
public async createCodes({ auth, response }: HttpContext) {
// $user = $this->userSession->getUser();
const user = (await User.find(auth.user?.id)) as User;
// let codes = TwoFactorAuthProvider.generateRecoveryCodes();
let storage = new BackupCodeStorage(new SecureRandom());
// $codes = $this->storage->createCodes($user);
const codes = await storage.createCodes(user);
let backupState = await storage.getBackupCodesState(user);
// return new JSONResponse([
// 'codes' => $codes,
// 'state' => $this->storage->getBackupCodesState($user),
// ]);
return response.status(StatusCodes.OK).json({
codes: codes,
// state: success ? TotpState.STATE_ENABLED : TotpState.STATE_CREATED,
backupState: backupState, //storage.getBackupCodesState(user),
});
}
}

66
app/Controllers/Http/Auth/AuthController.ts
View file

@ -1,8 +1,10 @@
import type { HttpContext } from '@adonisjs/core/http';
import User from '#models/user';
import BackupCode from '#models/backup_code';
// import Hash from '@ioc:Adonis/Core/Hash';
// import InvalidCredentialException from 'App/Exceptions/InvalidCredentialException';
import { authValidator } from '#validators/auth';
import hash from '@adonisjs/core/services/hash';
import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
// import { Authenticator } from '@adonisjs/auth';
@ -31,22 +33,22 @@ export default class AuthController {
// await auth.use('web').attempt(email, plainPassword);
// const user = await auth.use('web').verifyCredentials(email, password);
const user = await User.verifyCredentials(email, password)
const user = await User.verifyCredentials(email, password);
if (user.isTwoFactorEnabled) {
// session.put("login.id", user.id);
// return view.render("pages/two-factor-challenge");
session.flash('user_id', user.id);
return response.redirect().back();
// let state = LoginState.STATE_VALIDATED;
// return response.status(StatusCodes.OK).json({
// state: state,
// new_user_id: user.id,
// });
}
}
await auth.use('web').login(user);
} catch (error) {
// if login fails, return vague form message and redirect back
@ -59,10 +61,9 @@ export default class AuthController {
}
public async twoFactorChallenge({ request, session, auth, response }: HttpContext) {
const { code, recoveryCode, login_id } = request.only(['code', 'recoveryCode', 'login_id']);
// const user = await User.query().where('id', session.get('login.id')).firstOrFail();
const { code, backup_code, login_id } = request.only(['code', 'backup_code', 'login_id']);
const user = await User.query().where('id', login_id).firstOrFail();
if (code) {
const isValid = await TwoFactorAuthProvider.validate(user, code);
if (isValid) {
@ -70,17 +71,46 @@ export default class AuthController {
await auth.use('web').login(user);
response.redirect('/apps/dashboard');
} else {
session.flash('message', 'Your tow factor code is incorrect');
session.flash('message', 'Your two-factor code is incorrect');
return response.redirect().back();
}
} else if (backup_code) {
const codes: BackupCode[] = await user.getBackupCodes();
// const verifiedBackupCodes = await Promise.all(
// codes.map(async (backupCode) => {
// let isVerified = await hash.verify(backupCode.code, backup_code);
// if (isVerified) {
// return backupCode;
// }
// }),
// );
// const backupCodeToDelete = verifiedBackupCodes.find(Boolean);
let backupCodeToDelete = null;
for (const backupCode of codes) {
const isVerified = await hash.verify(backupCode.code, backup_code);
if (isVerified) {
backupCodeToDelete = backupCode;
break;
}
}
if (backupCodeToDelete) {
if (backupCodeToDelete.used === false) {
backupCodeToDelete.used = true;
await backupCodeToDelete.save();
console.log(`BackupCode with id ${backupCodeToDelete.id} has been marked as used.`);
await auth.use('web').login(user);
response.redirect('/apps/dashboard');
} else {
session.flash('message', 'BackupCode already used');
return response.redirect().back();
}
} else {
session.flash('message', 'BackupCode not found');
return response.redirect().back();
}
} else if (recoveryCode) {
const codes = user?.twoFactorRecoveryCodes ?? [];
if (codes.includes(recoveryCode)) {
user.twoFactorRecoveryCodes = codes.filter((c) => c !== recoveryCode);
await user.save();
await auth.use('web').login(user);
response.redirect('/apps/dashboard');
}
}
}
}

6
app/Controllers/Http/Auth/UserController.ts
View file

@ -5,6 +5,7 @@ import TwoFactorAuthProvider from '#app/services/TwoFactorAuthProvider';
import hash from '@adonisjs/core/services/hash';
// import { schema, rules } from '@adonisjs/validator';
import vine from '@vinejs/vine';
import BackupCodeStorage, { SecureRandom } from '#services/backup_code_storage';
// Here we are generating secret and recovery codes for the user thats enabling 2FA and storing them to our database.
export default class UserController {
@ -19,10 +20,15 @@ export default class UserController {
// const id = request.param('id');
// const user = await User.query().where('id', id).firstOrFail();
let storage = new BackupCodeStorage(new SecureRandom());
// const codes= user.isTwoFactorEnabled? (await user.getBackupCodes()).map((role) => role.code) : [];
let backupState = await storage.getBackupCodesState(user);
return inertia.render('Auth/AccountInfo', {
user: user,
twoFactorEnabled: user.isTwoFactorEnabled,
// code: await TwoFactorAuthProvider.generateQrCode(user),
backupState: backupState,
});
}

12
app/Controllers/Http/Submitter/DatasetController.ts
View file

@ -327,13 +327,13 @@ export default class DatasetController {
x_max: vine.number(),
y_min: vine.number(),
y_max: vine.number(),
elevation_absolut: vine.number().optional(),
elevation_min: vine.number().optional().requiredIfExists('elevation_max'),
elevation_max: vine.number().optional().requiredIfExists('elevation_min'),
elevation_absolut: vine.number().positive().optional(),
elevation_min: vine.number().positive().optional().requiredIfExists('elevation_max'),
elevation_max: vine.number().positive().optional().requiredIfExists('elevation_min'),
// type: vine.enum(Object.values(DescriptionTypes)),
depth_absolut: vine.number().optional(),
depth_min: vine.number().optional().requiredIfExists('depth_max'),
depth_max: vine.number().optional().requiredIfExists('depth_min'),
depth_absolut: vine.number().negative().optional(),
depth_min: vine.number().negative().optional().requiredIfExists('depth_max'),
depth_max: vine.number().negative().optional().requiredIfExists('depth_min'),
}),
references: vine
.array(