LDAPAccountManager/lam/templates/login2Factor.php

<?php
namespace LAM\LOGIN;
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
use \htmlResponsiveRow;
use \htmlGroup;
use \htmlOutputText;
use \htmlSpacer;
use \htmlSelect;
use \htmlInputField;
use \htmlButton;
/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2017 - 2019  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
* This page redirects to the correct start page after checking 2nd factor.
*
* @package main
* @author Roland Gruber
*/

/** config object */
include_once '../lib/config.inc';

// start session
startSecureSession();

setlanguage();

$config = $_SESSION['config'];
$password = $_SESSION['ldap']->getPassword();
$user = $_SESSION['ldap']->getUserName();

// get serials
try {
	$service = new TwoFactorProviderService($config);
	$provider = $service->getProvider();
	$serials = $provider->getSerials($user, $password);
}
catch (\Exception $e) {
	logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());
	metaRefresh("login.php?2factor=error");
	die();
}

$twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel();
$twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig;

if (sizeof($serials) == 0) {
	if ($config->getTwoFactorAuthenticationOptional()) {
		unset($_SESSION['2factorRequired']);
		metaRefresh("main.php");
		die();
	}
	else {
		metaRefresh("login.php?2factor=noToken");
		die();
	}
}

if (isset($_POST['logout'])) {
	// destroy session
	session_destroy();
	unset($_SESSION);
	// redirect to login page
	metaRefresh("login.php");
	exit();
}

if (isset($_POST['submit']) || isset($_POST['sig_response'])) {
	$twoFactorInput = isset($_POST['2factor']) ? $_POST['2factor'] : null;
	$serial = isset($_POST['serial']) ? $_POST['serial'] : null;
	if (!$provider->hasCustomInputForm() && (empty($twoFactorInput) || !in_array($serial, $serials))) {
		$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));
	}
	else {
		$twoFactorValid = false;
		try {
			$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);
		}
		catch (\Exception $e) {
			logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());
		}
		if ($twoFactorValid) {
			unset($_SESSION['2factorRequired']);
			metaRefresh("main.php");
			die();
		}
		else {
			$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));
		}
	}
}

echo $_SESSION['header'];
printHeaderContents(_("Login"), '..');
?>
</head>
<body class="admin">
<?php

// include all JavaScript files
printJsIncludes('..');
?>

	<table border=0 width="100%" class="lamHeader ui-corner-all">
		<tr>
			<td align="left" height="30">
				<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>
			</td>
		<td align="right" height=20>
		</td>
		</tr>
	</table>

	<br><br>

	<form id="2faform" enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">
<?php
echo $config->getTwoFactorAuthenticationCaption();

?>
	<div class="centeredTable">
	<div class="roundedShadowBox limitWidth">
<?php

	$group = new htmlGroup();
	$row = new htmlResponsiveRow();
	// error
	if (!empty($errorMessage)) {
		$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);
		$row->add(new htmlSpacer('1em', '1em'), 12);
	}

	if (!$provider->hasCustomInputForm()) {
		// serial
		$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');
		$serialSelect = new htmlSelect('serial', $serials);
		$row->add($serialSelect, 12);
		// token
		$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');
		$twoFactorInput = new htmlInputField('2factor', '');
		$twoFactorInput->setFieldSize(null);
		$twoFactorInput->setIsPassword(true);
		$row->add($twoFactorInput, 12);
	}
	else {
		$provider->addCustomInput($row, $user);
	}

	// buttons
	$row->add(new htmlSpacer('1em', '1em'), 12);
	if ($provider->isShowSubmitButton()) {
		$submit = new htmlButton('submit', _("Submit"));
		$submit->setCSSClasses(array('fullwidth'));
		$row->add($submit, 12, 12, 12, 'fullwidth');
		$row->add(new htmlSpacer('0.5em', '0.5em'), 12);
	}
	$logout = new htmlButton('logout', _("Cancel"));
	$logout->setCSSClasses(array('fullwidth'));
	$row->add($logout, 12);
	$group->addElement($row);

	$tabindex = 1;
	addSecurityTokenToMetaHTML($group);
	parseHtml(null, $group, array(), false, $tabindex, 'user');

?>
	</div>
	</div>
	</form>
	<br><br>

	<script type="text/javascript">
		myElement = document.getElementsByName('2factor')[0];
		if (myElement) {
			myElement.focus();
		}
	</script>
</body>
</html>
2-factor 2017-02-11 21:07:38 +00:00			`<?php`
			`namespace LAM\LOGIN;`
			`use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;`
			`use \htmlResponsiveRow;`
			`use \htmlGroup;`
			`use \htmlOutputText;`
			`use \htmlSpacer;`
			`use \htmlSelect;`
			`use \htmlInputField;`
			`use \htmlButton;`
			`/*`

			`This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)`
removed decrypt_login() 2019-08-05 19:56:06 +00:00			`Copyright (C) 2017 - 2019 Roland Gruber`
2-factor 2017-02-11 21:07:38 +00:00
			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`

			`*/`

			`/**`
			`* This page redirects to the correct start page after checking 2nd factor.`
			`*`
			`* @package main`
			`* @author Roland Gruber`
			`*/`

			`/** config object */`
			`include_once '../lib/config.inc';`

			`// start session`
			`startSecureSession();`

			`setlanguage();`

			`$config = $_SESSION['config'];`
removed decrypt_login() 2019-08-05 19:56:06 +00:00			`$password = $_SESSION['ldap']->getPassword();`
login attribute for 2-factor 2019-08-11 07:39:47 +00:00			`$user = $_SESSION['ldap']->getUserName();`
2-factor 2017-02-11 21:07:38 +00:00
			`// get serials`
			`try {`
			`$service = new TwoFactorProviderService($config);`
			`$provider = $service->getProvider();`
			`$serials = $provider->getSerials($user, $password);`
			`}`
			`catch (\Exception $e) {`
			`logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());`
			`metaRefresh("login.php?2factor=error");`
			`die();`
			`}`

fixed issues with empty (#26) 2017-03-08 16:19:44 +00:00			`$twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel();`
			`$twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig;`
2-factor 2017-02-11 21:07:38 +00:00
			`if (sizeof($serials) == 0) {`
			`if ($config->getTwoFactorAuthenticationOptional()) {`
			`unset($_SESSION['2factorRequired']);`
			`metaRefresh("main.php");`
			`die();`
			`}`
			`else {`
			`metaRefresh("login.php?2factor=noToken");`
			`die();`
			`}`
			`}`

			`if (isset($_POST['logout'])) {`
			`// destroy session`
			`session_destroy();`
			`unset($_SESSION);`
			`// redirect to login page`
			`metaRefresh("login.php");`
			`exit();`
			`}`

Duo support 2019-08-13 15:03:30 +00:00			`if (isset($_POST['submit']) \|\| isset($_POST['sig_response'])) {`
			`$twoFactorInput = isset($_POST['2factor']) ? $_POST['2factor'] : null;`
			`$serial = isset($_POST['serial']) ? $_POST['serial'] : null;`
			`if (!$provider->hasCustomInputForm() && (empty($twoFactorInput) \|\| !in_array($serial, $serials))) {`
2-factor 2017-02-11 21:07:38 +00:00			`$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));`
			`}`
			`else {`
			`$twoFactorValid = false;`
			`try {`
			`$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);`
			`}`
			`catch (\Exception $e) {`
			`logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());`
			`}`
			`if ($twoFactorValid) {`
			`unset($_SESSION['2factorRequired']);`
			`metaRefresh("main.php");`
			`die();`
			`}`
			`else {`
			`$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));`
			`}`
			`}`
			`}`

use central function to include CSS/JS 2017-11-04 10:29:38 +00:00			`echo $_SESSION['header'];`
			`printHeaderContents(_("Login"), '..');`
2-factor 2017-02-11 21:07:38 +00:00			`?>`
			`</head>`
			`<body class="admin">`
			`<?php`

			`// include all JavaScript files`
use central function to include CSS/JS 2017-11-04 10:29:38 +00:00			`printJsIncludes('..');`
2-factor 2017-02-11 21:07:38 +00:00			`?>`

			`<table border=0 width="100%" class="lamHeader ui-corner-all">`
			`<tr>`
			`<td align="left" height="30">`
			`<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>`
			`</td>`
			`<td align="right" height=20>`
			`</td>`
			`</tr>`
			`</table>`

			`<br><br>`

webauthn 2019-11-28 20:19:44 +00:00			`<form id="2faform" enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">`
2-factor 2017-02-11 21:07:38 +00:00			`<?php`
			`echo $config->getTwoFactorAuthenticationCaption();`

			`?>`
			`<div class="centeredTable">`
			`<div class="roundedShadowBox limitWidth">`
			`<?php`

			`$group = new htmlGroup();`
			`$row = new htmlResponsiveRow();`
			`// error`
			`if (!empty($errorMessage)) {`
			`$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);`
			`$row->add(new htmlSpacer('1em', '1em'), 12);`
			`}`
Duo support 2019-08-13 15:03:30 +00:00
			`if (!$provider->hasCustomInputForm()) {`
			`// serial`
			`$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');`
			`$serialSelect = new htmlSelect('serial', $serials);`
			`$row->add($serialSelect, 12);`
			`// token`
			`$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');`
			`$twoFactorInput = new htmlInputField('2factor', '');`
			`$twoFactorInput->setFieldSize(null);`
			`$twoFactorInput->setIsPassword(true);`
			`$row->add($twoFactorInput, 12);`
			`}`
			`else {`
			`$provider->addCustomInput($row, $user);`
			`}`

			`// buttons`
2-factor 2017-02-11 21:07:38 +00:00			`$row->add(new htmlSpacer('1em', '1em'), 12);`
Duo 2019-08-13 15:29:02 +00:00			`if ($provider->isShowSubmitButton()) {`
			`$submit = new htmlButton('submit', _("Submit"));`
			`$submit->setCSSClasses(array('fullwidth'));`
			`$row->add($submit, 12, 12, 12, 'fullwidth');`
			`$row->add(new htmlSpacer('0.5em', '0.5em'), 12);`
			`}`
2-factor 2017-02-11 21:07:38 +00:00			`$logout = new htmlButton('logout', _("Cancel"));`
			`$logout->setCSSClasses(array('fullwidth'));`
			`$row->add($logout, 12);`
			`$group->addElement($row);`

			`$tabindex = 1;`
			`addSecurityTokenToMetaHTML($group);`
			`parseHtml(null, $group, array(), false, $tabindex, 'user');`

			`?>`
			`</div>`
			`</div>`
			`</form>`
			`<br><br>`

			`<script type="text/javascript">`
			`myElement = document.getElementsByName('2factor')[0];`
webauthn 2019-11-21 21:03:42 +00:00			`if (myElement) {`
			`myElement.focus();`
			`}`
2-factor 2017-02-11 21:07:38 +00:00			`</script>`
			`</body>`
			`</html>`