diff --git a/lam/lib/2factor.inc b/lam/lib/2factor.inc index 1bff3571..d05e8c6b 100644 --- a/lam/lib/2factor.inc +++ b/lam/lib/2factor.inc @@ -1,6 +1,7 @@ profile = $profile; + public function __construct(&$config) { + $this->config = $config; } /** @@ -99,7 +100,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider { */ private function authenticate($user, $password) { $curl = $this->getCurl(); - $url = $this->profile->twoFactorAuthenticationURL . "/auth"; + $url = $this->config->twoFactorAuthenticationURL . "/auth"; curl_setopt($curl, CURLOPT_URL, $url); $header = array('Accept: application/json'); curl_setopt($curl, CURLOPT_HTTPHEADER, $header); @@ -137,7 +138,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider { */ private function getCurl() { $curl = curl_init(); - if ($this->profile->twoFactorAuthenticationInsecure) { + if ($this->config->twoFactorAuthenticationInsecure) { curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); } @@ -154,7 +155,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider { */ private function getSerialsForUser($user, $token) { $curl = $this->getCurl(); - $url = $this->profile->twoFactorAuthenticationURL . "/token/?user=" . $user; + $url = $this->config->twoFactorAuthenticationURL . "/token/?user=" . $user; curl_setopt($curl, CURLOPT_URL, $url); $header = array('Authorization: ' . $token, 'Accept: application/json'); curl_setopt($curl, CURLOPT_HTTPHEADER, $header); @@ -192,7 +193,7 @@ class PrivacyIDEAProvider implements TwoFactorProvider { */ private function verify($token, $serial, $twoFactorInput) { $curl = $this->getCurl(); - $url = $this->profile->twoFactorAuthenticationURL . "/validate/check"; + $url = $this->config->twoFactorAuthenticationURL . "/validate/check"; curl_setopt($curl, CURLOPT_URL, $url); $options = array( 'pass' => $twoFactorInput, @@ -230,15 +231,20 @@ class TwoFactorProviderService { /** 2factor authentication via privacyIDEA */ const TWO_FACTOR_PRIVACYIDEA = 'privacyidea'; - private $profile; + private $config; /** * Constructor. * - * @param selfServiceProfile $profile profile + * @param selfServiceProfile|LAMConfig $configObj profile */ - public function __construct(&$profile) { - $this->profile = $profile; + public function __construct(&$configObj) { + if ($configObj instanceof selfServiceProfile) { + $this->config = $this->getConfigSelfService($configObj); + } + else { + $this->config = $this->getConfigAdmin($configObj); + } } /** @@ -249,10 +255,41 @@ class TwoFactorProviderService { * @throws \Exception unable to get provider */ public function getProvider() { - if ($this->profile->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) { - return new PrivacyIDEAProvider($this->profile); + if ($this->config->twoFactorAuthentication == TwoFactorProviderService::TWO_FACTOR_PRIVACYIDEA) { + return new PrivacyIDEAProvider($this->config); } - throw new \Exception('Invalid provider: ' . $this->profile->twoFactorAuthentication); + throw new \Exception('Invalid provider: ' . $this->config->twoFactorAuthentication); + } + + /** + * Returns the configuration from self service. + * + * @param selfServiceProfile $profile profile + * @return TwoFactorConfiguration configuration + */ + private function getConfigSelfService(&$profile) { + $config = new TwoFactorConfiguration(); + $config->twoFactorAuthentication = $profile->twoFactorAuthentication; + $config->twoFactorAuthenticationCaption = $profile->twoFactorAuthenticationCaption; + $config->twoFactorAuthenticationInsecure = $profile->twoFactorAuthenticationInsecure; + $config->twoFactorAuthenticationLabel = $profile->twoFactorAuthenticationLabel; + $config->twoFactorAuthenticationOptional = $profile->twoFactorAuthenticationOptional; + $config->twoFactorAuthenticationURL = $profile->twoFactorAuthenticationURL; + return $config; } } + +/** + * Configuration settings for 2-factor authentication. + * + * @author Roland Gruber + */ +class TwoFactorConfiguration { + public $twoFactorAuthentication = null; + public $twoFactorAuthenticationURL = null; + public $twoFactorAuthenticationInsecure = false; + public $twoFactorAuthenticationLabel = null; + public $twoFactorAuthenticationOptional = false; + public $twoFactorAuthenticationCaption = ''; +} diff --git a/lam/lib/config.inc b/lam/lib/config.inc index 8971d4f5..fa53aa01 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -2068,6 +2068,9 @@ class LAMConfig { * @return string $twoFactorAuthentication authentication type */ public function getTwoFactorAuthentication() { + if (empty($this->twoFactorAuthentication)) { + return TwoFactorProviderService::TWO_FACTOR_NONE; + } return $this->twoFactorAuthentication; } diff --git a/lam/templates/login.php b/lam/templates/login.php index f28e0477..2d8d8b40 100644 --- a/lam/templates/login.php +++ b/lam/templates/login.php @@ -1,4 +1,6 @@ getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) { + metaRefresh("./main.php"); + } + else { + $_SESSION['2factorRequired'] = true; + if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) { + $_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER']; + } + else { + $_SESSION['user2factor'] = $_POST['username']; + } + metaRefresh("./login2Factor.php"); + } die(); } else {