mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
more type hints
This commit is contained in:
parent
4d6767cc37
commit
824ba906b1
@ -1,13 +1,11 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use OTPHP\TOTP;
|
|
||||||
use Endroid\QrCode\Builder\Builder;
|
use Endroid\QrCode\Builder\Builder;
|
||||||
use Endroid\QrCode\Encoding\Encoding;
|
use Endroid\QrCode\Encoding\Encoding;
|
||||||
use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
|
use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
|
||||||
use Endroid\QrCode\Label\Alignment\LabelAlignmentCenter;
|
|
||||||
use Endroid\QrCode\Label\Font\NotoSans;
|
|
||||||
use Endroid\QrCode\RoundBlockSizeMode\RoundBlockSizeModeMargin;
|
use Endroid\QrCode\RoundBlockSizeMode\RoundBlockSizeModeMargin;
|
||||||
use Endroid\QrCode\Writer\PngWriter;
|
use Endroid\QrCode\Writer\PngWriter;
|
||||||
|
use OTPHP\TOTP;
|
||||||
|
|
||||||
class TotpPf
|
class TotpPf
|
||||||
{
|
{
|
||||||
@ -67,7 +65,7 @@ class TotpPf
|
|||||||
*
|
*
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function usesTOTP($username): bool
|
public function usesTOTP(string $username): bool
|
||||||
{
|
{
|
||||||
if (!(Config::read('totp') == 'YES')) {
|
if (!(Config::read('totp') == 'YES')) {
|
||||||
return false;
|
return false;
|
||||||
@ -95,7 +93,7 @@ class TotpPf
|
|||||||
*
|
*
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function checkUserTOTP($username, $code): bool
|
public function checkUserTOTP(string $username, string $code): bool
|
||||||
{
|
{
|
||||||
$sql = "SELECT totp_secret FROM {$this->table} WHERE username = :username AND active = :active";
|
$sql = "SELECT totp_secret FROM {$this->table} WHERE username = :username AND active = :active";
|
||||||
|
|
||||||
@ -121,11 +119,11 @@ class TotpPf
|
|||||||
*
|
*
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function checkTOTP($secret, $username, $code): bool
|
public function checkTOTP(string $secret, string $username, string $code): bool
|
||||||
{
|
{
|
||||||
$totp = TOTP::create($secret);
|
$totp = TOTP::create($secret);
|
||||||
|
|
||||||
if ( $totp->now() == $code ) {
|
if ($totp->now() == $code) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
@ -139,7 +137,7 @@ class TotpPf
|
|||||||
* @return string TOTP_secret, empty if NULL
|
* @return string TOTP_secret, empty if NULL
|
||||||
* @throws \Exception if invalid user, or db update fails.
|
* @throws \Exception if invalid user, or db update fails.
|
||||||
*/
|
*/
|
||||||
public function getTOTP_secret($username, $password): string
|
public function getTOTP_secret(string $username, string $password): string
|
||||||
{
|
{
|
||||||
if (!$this->login->login($username, $password)) {
|
if (!$this->login->login($username, $password)) {
|
||||||
throw new \Exception(Config::Lang('pPassword_password_current_text_error'));
|
throw new \Exception(Config::Lang('pPassword_password_current_text_error'));
|
||||||
@ -170,7 +168,7 @@ class TotpPf
|
|||||||
* @return boolean true on success; false on failure
|
* @return boolean true on success; false on failure
|
||||||
* @throws \Exception if invalid user, or db update fails.
|
* @throws \Exception if invalid user, or db update fails.
|
||||||
*/
|
*/
|
||||||
public function changeTOTP_secret($username, $TOTP_secret, $password): bool
|
public function changeTOTP_secret(string $username, string $TOTP_secret, string $password): bool
|
||||||
{
|
{
|
||||||
list(/*NULL*/, $domain) = explode('@', $username);
|
list(/*NULL*/, $domain) = explode('@', $username);
|
||||||
|
|
||||||
@ -179,8 +177,8 @@ class TotpPf
|
|||||||
}
|
}
|
||||||
|
|
||||||
$set = array(
|
$set = array(
|
||||||
'totp_secret' => $TOTP_secret,
|
'totp_secret' => $TOTP_secret,
|
||||||
);
|
);
|
||||||
|
|
||||||
$result = db_update($this->table, 'username', $username, $set);
|
$result = db_update($this->table, 'username', $username, $set);
|
||||||
|
|
||||||
@ -202,9 +200,9 @@ class TotpPf
|
|||||||
|
|
||||||
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
||||||
$spec = array(
|
$spec = array(
|
||||||
0 => array("pipe", "r"), // stdin
|
0 => array("pipe", "r"), // stdin
|
||||||
1 => array("pipe", "w"), // stdout
|
1 => array("pipe", "w"), // stdout
|
||||||
);
|
);
|
||||||
|
|
||||||
$cmdarg1 = escapeshellarg($username);
|
$cmdarg1 = escapeshellarg($username);
|
||||||
$cmdarg2 = escapeshellarg($domain);
|
$cmdarg2 = escapeshellarg($domain);
|
||||||
@ -217,7 +215,7 @@ class TotpPf
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Write secret through pipe to command stdin.
|
// Write secret through pipe to command stdin.
|
||||||
fwrite($pipes[0], $TOTP_secret . "\0", 1+strlen($TOTP_secret));
|
fwrite($pipes[0], $TOTP_secret . "\0", 1 + strlen($TOTP_secret));
|
||||||
$output = stream_get_contents($pipes[1]);
|
$output = stream_get_contents($pipes[1]);
|
||||||
fclose($pipes[0]);
|
fclose($pipes[0]);
|
||||||
fclose($pipes[1]);
|
fclose($pipes[1]);
|
||||||
@ -270,18 +268,18 @@ class TotpPf
|
|||||||
flash_error(Config::Lang('pException_desc_empty_error'));
|
flash_error(Config::Lang('pException_desc_empty_error'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !$admin && strpos($Exception_user,'@') == false ) {
|
if (!$admin && strpos($Exception_user, '@') == false) {
|
||||||
$error += 1;
|
$error += 1;
|
||||||
flash_error(Config::Lang('pException_user_entire_domain_error'));
|
flash_error(Config::Lang('pException_user_entire_domain_error'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !($admin==2) && $Exception_user == null ) {
|
if (!($admin == 2) && $Exception_user == null) {
|
||||||
$error += 1;
|
$error += 1;
|
||||||
flash_error(Config::Lang('pException_user_global_error'));
|
flash_error(Config::Lang('pException_user_global_error'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$values = array('ip' => $Exception_ip, 'username' => $Exception_user, 'description' => $Exception_desc);
|
$values = ['ip' => $Exception_ip, 'username' => $Exception_user, 'description' => $Exception_desc];
|
||||||
|
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
// OK to insert/replace.
|
// OK to insert/replace.
|
||||||
@ -310,9 +308,9 @@ class TotpPf
|
|||||||
// If we have a mailbox_postpassword_script (dovecot only?)
|
// If we have a mailbox_postpassword_script (dovecot only?)
|
||||||
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
||||||
$spec = array(
|
$spec = array(
|
||||||
0 => array("pipe", "r"), // stdin
|
0 => array("pipe", "r"), // stdin
|
||||||
1 => array("pipe", "w"), // stdout
|
1 => array("pipe", "w"), // stdout
|
||||||
);
|
);
|
||||||
$cmdarg1 = escapeshellarg($username);
|
$cmdarg1 = escapeshellarg($username);
|
||||||
$cmdarg2 = escapeshellarg($Exception_ip);
|
$cmdarg2 = escapeshellarg($Exception_ip);
|
||||||
$command = "$cmd_pw $cmdarg1 $cmdarg2 2>&1";
|
$command = "$cmd_pw $cmdarg1 $cmdarg2 2>&1";
|
||||||
@ -338,12 +336,12 @@ class TotpPf
|
|||||||
* @return boolean true on success; false on failure
|
* @return boolean true on success; false on failure
|
||||||
* @throws \Exception if invalid user, or db update fails.
|
* @throws \Exception if invalid user, or db update fails.
|
||||||
*/
|
*/
|
||||||
public function deleteException($username, $Exception_id): bool
|
public function deleteException(string $username, int $id): bool
|
||||||
{
|
{
|
||||||
$exception = $this->getException($Exception_id);
|
$exception = $this->getException($id);
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
if (strpos($exception['username'],'@')) {
|
if (strpos($exception['username'], '@')) {
|
||||||
list($Exception_local_part, $Exception_domain) = explode('@', $exception['username']);
|
list($Exception_local_part, $Exception_domain) = explode('@', $exception['username']);
|
||||||
} else {
|
} else {
|
||||||
$Exception_domain = $exception['username'];
|
$Exception_domain = $exception['username'];
|
||||||
@ -358,12 +356,12 @@ class TotpPf
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if ( !$admin && strpos($exception['username'],'@') !== false ) {
|
if (!$admin && strpos($exception['username'], '@') !== false) {
|
||||||
$error += 1;
|
$error += 1;
|
||||||
throw new \Exception(Config::Lang('pException_user_entire_domain_error'));
|
throw new \Exception(Config::Lang('pException_user_entire_domain_error'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !($admin==2) && $exception['username'] == null ) {
|
if (!($admin == 2) && $exception['username'] == null) {
|
||||||
$error += 1;
|
$error += 1;
|
||||||
throw new \Exception(Config::Lang('pException_user_global_error'));
|
throw new \Exception(Config::Lang('pException_user_global_error'));
|
||||||
}
|
}
|
||||||
@ -384,9 +382,9 @@ class TotpPf
|
|||||||
// If we have a mailbox_postpassword_script (dovecot only?)
|
// If we have a mailbox_postpassword_script (dovecot only?)
|
||||||
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
// Use proc_open call to avoid safe_mode problems and to prevent showing plain password in process table
|
||||||
$spec = array(
|
$spec = array(
|
||||||
0 => array("pipe", "r"), // stdin
|
0 => array("pipe", "r"), // stdin
|
||||||
1 => array("pipe", "w"), // stdout
|
1 => array("pipe", "w"), // stdout
|
||||||
);
|
);
|
||||||
$cmdarg1 = escapeshellarg($username);
|
$cmdarg1 = escapeshellarg($username);
|
||||||
$cmdarg2 = escapeshellarg($exception['ip']);
|
$cmdarg2 = escapeshellarg($exception['ip']);
|
||||||
$command = "$cmd_pw $cmdarg1 $cmdarg2 2>&1";
|
$command = "$cmd_pw $cmdarg1 $cmdarg2 2>&1";
|
||||||
@ -420,10 +418,10 @@ class TotpPf
|
|||||||
*
|
*
|
||||||
* @return array of exceptions acting on this username
|
* @return array of exceptions acting on this username
|
||||||
*/
|
*/
|
||||||
public function getExceptionsFor($username): array
|
public function getExceptionsFor(string $username): array
|
||||||
{
|
{
|
||||||
list($local_part, $domain) = explode('@', $username);
|
list($local_part, $domain) = explode('@', $username);
|
||||||
return db_query_all("SELECT * FROM totp_exception_address WHERE username = :username OR username = :domain OR username IS NULL",['username' => $username, 'domain' => $domain]);
|
return db_query_all("SELECT * FROM totp_exception_address WHERE username = :username OR username = :domain OR username IS NULL", ['username' => $username, 'domain' => $domain]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -69,7 +69,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
|||||||
$fIp = $_POST['fIp'];
|
$fIp = $_POST['fIp'];
|
||||||
$fDesc = $_POST['fDesc'];
|
$fDesc = $_POST['fDesc'];
|
||||||
$fUser = $_POST['fUser'];
|
$fUser = $_POST['fUser'];
|
||||||
add_exception($username, $fPass, $fIp, $fDesc, $fUser, $admin, $totppf, $PALANG);
|
add_exception($username, $fPass, $fIp, $fDesc, $fUser, $totppf, $PALANG);
|
||||||
}
|
}
|
||||||
if (isset($_POST['fId']) && $_POST['fId'] != '') {
|
if (isset($_POST['fId']) && $_POST['fId'] != '') {
|
||||||
$fId = $_POST['fId'];
|
$fId = $_POST['fId'];
|
||||||
@ -113,8 +113,17 @@ $smarty->assign('smarty_template', 'totp-exceptions');
|
|||||||
$smarty->display('index.tpl');
|
$smarty->display('index.tpl');
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
function add_exception($username, $fPassword_current, $fException_ip, $fException_desc, $fException_user, $admin, $totppf, $PALANG)
|
* @param string $username - current user from $_SESSION
|
||||||
|
* @param string $fPassword_current - password for current user (to prevent user spoofing?)
|
||||||
|
* @param string $fException_ip - IP address
|
||||||
|
* @param string $fException_desc
|
||||||
|
* @param string $fException_user
|
||||||
|
* @param TotpPf $totppf
|
||||||
|
* @param array $PALANG
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
function add_exception(string $username, string $fPassword_current, string $fException_ip, string $fException_desc, string $fException_user, TotpPf $totppf,array $PALANG)
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if ($totppf->addException($username, $fPassword_current, $fException_ip, $fException_user, $fException_desc)) {
|
if ($totppf->addException($username, $fPassword_current, $fException_ip, $fException_user, $fException_desc)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user