[Legacy] Two Factor

2025-08-29 01:10:42 +08:00 · 2024-10-08 15:44:19 +01:00 · 2024-10-08 15:44:19 +01:00 · 50e5c54c26
commit 50e5c54c26
parent e13fd5bce4
10 changed files with 91 additions and 8 deletions
--- a/composer.json
+++ b/composer.json
@ -45,6 +45,7 @@
    "doctrine/migrations": "^3.2",
    "doctrine/orm": "^2.17",
    "elasticsearch/elasticsearch": "^7.13",
+    "endroid/qr-code": "^5.0",
    "ezyang/htmlpurifier": "^4.10",
    "google/apiclient": "^2.7",
    "google/recaptcha": "^1.1",
@ -66,6 +67,10 @@
    "phpstan/phpdoc-parser": "^1.24",
    "psr/container": "^1.0",
    "psr/log": "^1.0",
+    "scheb/2fa-backup-code": "^6.12",
+    "scheb/2fa-bundle": "^6.12",
+    "scheb/2fa-google-authenticator": "^6.12",
+    "scheb/2fa-totp": "^6.12",
    "shivas/versioning-bundle": "^4.0",
    "slim/slim": "^3.8",
    "smarty/smarty": "^4",
--- a/public/legacy/include/language/en_us.lang.php
+++ b/public/legacy/include/language/en_us.lang.php
@ -2293,7 +2293,21 @@ $app_strings = array(
    'LBL_COLUMN_SELECTOR_HIDDEN_COLS' => 'HIDDEN',
    'LBL_COLUMN_SELECTOR_CLOSE_BUTTON' => 'Close',
    'LBL_COLUMN_SELECTOR_SAVE_BUTTON' => 'Save Changes',
-    'LBL_COLUMN_SELECTOR_MODAL_TITLE' => 'Choose Columns'
+    'LBL_COLUMN_SELECTOR_MODAL_TITLE' => 'Choose Columns',
+
+    // Two-Factor Authentication
+    'LBL_ENTER_2FA_CODE' => 'Provide the 6 digit code from authenticator app',
+    'LBL_ENABLE_2FA_LABEL' => 'Enable Two-Factor Authentication',
+    'LBL_BACKUP_CODES' => 'SuiteCRM Two Factor Backup Codes',
+    'LBL_BACKUP_CODES_INFO' => 'Backup codes are one time passcodes to use when you are unable to verify via your Authenticator app.',
+    'LBL_OTP_SETUP' => 'Use a OTP (one time password) authenticator on your mobile or computer to enable 2FA (Two-Factor Authentication)',
+    'LBL_QR_CODE_HELP' => "If you haven't already, please download an Authenticator Application (such as FreeOTP or Google Authenticator). Use that app to scan the QR code.",
+
+    'LBL_FACTOR_AUTH_DISABLE' => 'Two Factor Authentication was Disabled',
+    'LBL_FACTOR_AUTH_SUCCESS' => 'Two Factor Authentication was Successful',
+    'LBL_FACTOR_AUTH_FAIL' => "Two Factor Authentication failed. Try again.",
+
+    'LBL_VERIFY_2FA' => 'Verify Two-Factor Code',

 );

--- a/public/legacy/modules/Users/User.php
+++ b/public/legacy/modules/Users/User.php
@ -127,6 +127,10 @@ class User extends Person implements EmailInterface
     */
    public $factor_auth_interface;

+    public $totp_secret;
+
+    public $is_totp_enabled;
+
    /**
     * Normally a bean returns ID from save() method if it was
     * success and false (or maybe null) is something went wrong.
--- a/public/legacy/modules/Users/language/en_us.lang.php
+++ b/public/legacy/modules/Users/language/en_us.lang.php
@ -686,7 +686,6 @@ $mod_strings = array(
    'LBL_PROJECT_USERS_1_FROM_PROJECT_TITLE' => 'Project Users from Project Title',
    'LBL_ROLES' => 'Roles',
    'LBL_SECURITYGROUPS' => 'Security Groups',
-    'LBL_FACTOR_AUTH' => 'Two Factor Authentication:',
    'LBL_FACTOR_AUTH_INTERFACE' => 'Two Factor Authentication Interface:',
    'ERR_USER_FACTOR_SMTP_REQUIRED' => 'SMTP server settings required first.',
    'ERR_USER_FACTOR_CHANGE_DISABLED' => 'Current user is not able to change two factor authentication settings.',
@ -703,4 +702,11 @@ $mod_strings = array(
    'LNK_LIST_INBOUND_EMAIL_ACCOUNTS' => 'Inbound Email Accounts',
    'LNK_EXTERNAL_OAUTH_CONNECTIONS' => 'External OAuth Connections',

+    // 2FA
+    'LBL_FACTOR_AUTH' => 'Two Factor Authentication',
+    'LBL_DISABLED' => 'Disabled',
+    'LBL_ENABLED' => 'Enabled',
+    'LBL_ENABLE_2FA' => 'Enable 2FA',
+    'LBL_DISABLE_2FA' => 'Disable 2FA',
+
 ); // END STRINGS DEFS
--- a/public/legacy/modules/Users/metadata/editviewdefs.php
+++ b/public/legacy/modules/Users/metadata/editviewdefs.php
@ -69,7 +69,6 @@ $viewdefs['Users']['EditView'] = array(
                      ),
                ),
            array('photo'),
-            array(array('name' => 'factor_auth', 'label' => 'LBL_FACTOR_AUTH'),)
        ),
        'LBL_EMPLOYEE_INFORMATION' => array(
            array(array(
--- a/public/legacy/modules/Users/tpls/EditViewFooter.tpl
+++ b/public/legacy/modules/Users/tpls/EditViewFooter.tpl
@ -657,7 +657,42 @@
        </div>
    </div>
 </div>
-
+<div class="user-tab-content">
+    <div id="two-factor-auth">
+    <div class="authentication-row pb-1">
+            <div class="left-col label-txt">
+            <div>
+            {$MOD.LBL_STATUS}: {$STATUS}
+            </div>
+            <div class="edit-dotted-border"></div>
+        </div>
+    </div>
+    {if $CURRENT_USER}
+    {if !$TOTP_SECRET}
+    <div class="authentication-row">
+        <div class="left-col label-txt pt-1">
+            <div>{$MOD.LBL_FACTOR_AUTH}:</div>
+            <div class='dataField'>
+                <button type="button" class="btn btn-primary btn-sm" onclick="window.location.href = './#/profile-auth/2fa/enable'">{$MOD.LBL_ENABLE_2FA}</button>
+            </div>
+            <div class="edit-dotted-border"></div>
+        </div>
+    </div>
+    {/if}
+    {if $TOTP_SECRET}
+    <div class="authentication-row">
+        <div class="left-col label-txt pt-1">
+            <div>{$MOD.LBL_FACTOR_AUTH}:</div>
+            <div class='dataField'>
+                <button type="button" class="btn btn-primary btn-sm" onclick="window.location.href = '../profile-auth/2fa/disable'">{$MOD.LBL_DISABLE_2FA}</button>
+            </div>
+            <div class="edit-dotted-border"></div>
+        </div>
+    </div>
+    {/if}
+    {/if}
+    </div>
+</div>
 </div>

 <script type="text/javascript">
--- a/public/legacy/modules/Users/tpls/EditViewHeader.tpl
+++ b/public/legacy/modules/Users/tpls/EditViewHeader.tpl
@ -154,7 +154,8 @@ EditView_tabs.on('contentReady', function(e){
        <li><a id="tab5" href="#tab5" style='display:{$HIDE_FOR_GROUP_AND_PORTAL};'><em>{$MOD.LBL_EAPM_SUBPANEL_TITLE}</em></a></li>
        {/if}
 		<li><a id="tab6" href="#tab6" style='display:{$HIDE_FOR_GROUP_AND_PORTAL};'><em>{$MOD.LBL_LAYOUT_OPTIONS}</em></a></li>
-    </ul>
+		<li><a id="tab7" href="#tab7"><em>{$MOD.LBL_FACTOR_AUTH}</em></a></li>
+	</ul>
    <div class="yui-content user-tab-content">
    <div>
 <!-- BEGIN METADATA GENERATED CONTENT -->
--- a/public/legacy/modules/Users/vardefs.php
+++ b/public/legacy/modules/Users/vardefs.php
@ -747,7 +747,14 @@ $dictionary['User'] = array(
            'type' => 'enum',
            'options' => 'user_factor_auth_interface_dom',
        ),
-
+        'totp_secret' => array(
+            'name' => 'totp_secret',
+            'type' => 'varchar'
+        ),
+        'is_totp_enabled' => array(
+            'name' => 'is_totp_enabled',
+            'type' => 'bool'
+        )
    ),
    'indices' => array(
        array(
--- a/public/legacy/modules/Users/views/view.edit.php
+++ b/public/legacy/modules/Users/views/view.edit.php
@ -270,6 +270,16 @@ EOD
        $this->ss->assign('SUBTHEMES', $this->bean->getSubThemes());
        $this->ss->assign('SUBTHEME', $this->bean->getSubTheme());

+        $isTotpEnabled = (bool)$current_user->is_totp_enabled;
+        $status = $isTotpEnabled ? $mod_strings['LBL_ENABLED'] : $mod_strings['LBL_DISABLED'];
+
+        $this->ss->assign('TOTP_SECRET', $isTotpEnabled);
+        $this->ss->assign('STATUS', $status);
+
+        $isCurrentUser = $this->bean->id === $current_user->id;
+
+        $this->ss->assign('CURRENT_USER', $isCurrentUser);
+

        require_once('modules/Emails/EmailUI.php');
        $efocus = BeanFactory::newBean('Emails');
--- a/public/legacy/themes/suite8/css/suitep-base/userprofile.scss
+++ b/public/legacy/themes/suite8/css/suitep-base/userprofile.scss
@ -54,7 +54,8 @@ form.userprofile {
        }
    }
 }
-    #generate_password {
+    #generate_password,
+    #two-factor-auth {
        table {
            margin-top: 0.3em;
        }
@ -81,7 +82,8 @@ form.userprofile {
        h4 {
            display: none;
        }
-        .password-row {
+        .password-row,
+        .authentication-row {
            display: flex;
            .left-col {
                width: 50%;