Add trusted browsers user setting module
- Add trusted browsers help section
This commit is contained in:
parent
54fa2e8f12
commit
5a949911ba
|
|
@ -71,4 +71,11 @@ Just copy and paste it in your third-party app in the Friendica account password
|
|||
We recommend generating a single app-specific password for each separate third-party app you are using, using a meaningul description of the target app (like "Frienqa on my Fairphone 2").
|
||||
|
||||
You can also revoke any and all app-specific password you generated this way.
|
||||
This may log you out of the third-party application(s) you used the revoked app-specific password to log in with.
|
||||
This may log you out of the third-party application(s) you used the revoked app-specific password to log in with.
|
||||
|
||||
## Trusted browsers
|
||||
|
||||
As a convenience, during two-factor authentication it is possible to identify a browser as trusted.
|
||||
This will skip all further two-factor authentication prompt on this browser.
|
||||
|
||||
You can remove any or all of these trusted browsers in the two-factor authentication settings.
|
||||
|
|
|
|||
|
|
@ -78,6 +78,11 @@ class Index extends BaseSettings
|
|||
DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||
}
|
||||
break;
|
||||
case 'trusted':
|
||||
if ($has_secret) {
|
||||
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||
}
|
||||
break;
|
||||
case 'configure':
|
||||
if (!$verified) {
|
||||
DI::baseUrl()->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||
|
|
@ -130,6 +135,7 @@ class Index extends BaseSettings
|
|||
'$disable_label' => DI::l10n()->t('Disable two-factor authentication'),
|
||||
'$recovery_codes_label' => DI::l10n()->t('Show recovery codes'),
|
||||
'$app_specific_passwords_label' => DI::l10n()->t('Manage app-specific passwords'),
|
||||
'$trusted_browsers_label' => DI::l10n()->t('Manage trusted browsers'),
|
||||
'$configure_label' => DI::l10n()->t('Finish app configuration'),
|
||||
]);
|
||||
}
|
||||
|
|
|
|||
110
src/Module/Settings/TwoFactor/Trusted.php
Normal file
110
src/Module/Settings/TwoFactor/Trusted.php
Normal file
|
|
@ -0,0 +1,110 @@
|
|||
<?php
|
||||
|
||||
namespace Friendica\Module\Settings\TwoFactor;
|
||||
|
||||
use Friendica\Core\Renderer;
|
||||
use Friendica\DI;
|
||||
use Friendica\Module\BaseSettings;
|
||||
use Friendica\Security\TwoFactor;
|
||||
use Friendica\Util\Temporal;
|
||||
use UAParser\Parser;
|
||||
|
||||
/**
|
||||
* Manages users' two-factor trusted browsers in the 2fa_trusted_browsers table
|
||||
*/
|
||||
class Trusted extends BaseSettings
|
||||
{
|
||||
public static function init(array $parameters = [])
|
||||
{
|
||||
if (!local_user()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
|
||||
|
||||
if (!$verified) {
|
||||
DI::baseUrl()->redirect('settings/2fa');
|
||||
}
|
||||
|
||||
if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
|
||||
notice(DI::l10n()->t('Please enter your password to access this page.'));
|
||||
DI::baseUrl()->redirect('settings/2fa');
|
||||
}
|
||||
}
|
||||
|
||||
public static function post(array $parameters = [])
|
||||
{
|
||||
if (!local_user()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$trustedBrowserRepository = new TwoFactor\Repository\TrustedBrowser(DI::dba(), DI::logger());
|
||||
|
||||
if (!empty($_POST['action'])) {
|
||||
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
|
||||
|
||||
switch ($_POST['action']) {
|
||||
case 'remove_all' :
|
||||
$trustedBrowserRepository->removeAllForUser(local_user());
|
||||
info(DI::l10n()->t('Trusted browsers successfully removed.'));
|
||||
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($_POST['remove_id'])) {
|
||||
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
|
||||
|
||||
if ($trustedBrowserRepository->removeForUser(local_user(), $_POST['remove_id'])) {
|
||||
info(DI::l10n()->t('Trusted browser successfully removed.'));
|
||||
}
|
||||
|
||||
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public static function content(array $parameters = []): string
|
||||
{
|
||||
parent::content($parameters);
|
||||
|
||||
$trustedBrowserRepository = new TwoFactor\Repository\TrustedBrowser(DI::dba(), DI::logger());
|
||||
$trustedBrowsers = $trustedBrowserRepository->selectAllByUid(local_user());
|
||||
|
||||
$parser = Parser::create();
|
||||
|
||||
$trustedBrowserDisplay = array_map(function (TwoFactor\Model\TrustedBrowser $trustedBrowser) use ($parser) {
|
||||
$dates = [
|
||||
'created_ago' => Temporal::getRelativeDate($trustedBrowser->created),
|
||||
'last_used_ago' => Temporal::getRelativeDate($trustedBrowser->last_used),
|
||||
];
|
||||
|
||||
$result = $parser->parse($trustedBrowser->user_agent);
|
||||
|
||||
$uaData = [
|
||||
'os' => $result->os->family,
|
||||
'device' => $result->device->family,
|
||||
'browser' => $result->ua->family,
|
||||
];
|
||||
|
||||
return $trustedBrowser->toArray() + $dates + $uaData;
|
||||
}, $trustedBrowsers->getArrayCopy());
|
||||
|
||||
return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/trusted_browsers.tpl'), [
|
||||
'$form_security_token' => self::getFormSecurityToken('settings_2fa_trusted'),
|
||||
'$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
|
||||
|
||||
'$title' => DI::l10n()->t('Two-factor Trusted Browsers'),
|
||||
'$message' => DI::l10n()->t('Trusted browsers are individual browsers you chose to skip two-factor authentication to access Friendica. Please use this feature sparingly, as it can negate the benefit of two-factor authentication.'),
|
||||
'$device_label' => DI::l10n()->t('Device'),
|
||||
'$os_label' => DI::l10n()->t('OS'),
|
||||
'$browser_label' => DI::l10n()->t('Browser'),
|
||||
'$created_label' => DI::l10n()->t('Trusted'),
|
||||
'$last_used_label' => DI::l10n()->t('Last Use'),
|
||||
'$remove_label' => DI::l10n()->t('Remove'),
|
||||
'$remove_all_label' => DI::l10n()->t('Remove All'),
|
||||
|
||||
'$trusted_browsers' => $trustedBrowserDisplay,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
@ -385,6 +385,7 @@ return [
|
|||
'/recovery' => [Module\Settings\TwoFactor\Recovery::class, [R::GET, R::POST]],
|
||||
'/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]],
|
||||
'/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]],
|
||||
'/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
|
||||
],
|
||||
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
|
||||
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@
|
|||
{{if $has_secret && $verified}}
|
||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="recovery">{{$recovery_codes_label}}</button></p>
|
||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="app_specific">{{$app_specific_passwords_label}}</button></p>
|
||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="trusted">{{$trusted_browsers_label}}</button></p>
|
||||
{{/if}}
|
||||
{{if $has_secret && !$verified}}
|
||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="configure">{{$configure_label}}</button></p>
|
||||
|
|
|
|||
48
view/templates/settings/twofactor/trusted_browsers.tpl
Normal file
48
view/templates/settings/twofactor/trusted_browsers.tpl
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
<div class="generic-page-wrapper">
|
||||
<h1>{{$title}} <a href="help/Two-Factor-Authentication" title="{{$help_label}}" class="btn btn-default btn-sm"><i aria-hidden="true" class="fa fa-question fa-2x"></i></a></h1>
|
||||
<div>{{$message nofilter}}</div>
|
||||
|
||||
<form action="settings/2fa/trusted?t={{$password_security_token}}" method="post">
|
||||
<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
|
||||
<table class="trusted-passwords table table-hover table-condensed table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{$device_label}}</th>
|
||||
<th>{{$os_label}}</th>
|
||||
<th>{{$browser_label}}</th>
|
||||
<th>{{$created_label}}</th>
|
||||
<th>{{$last_used_label}}</th>
|
||||
<th><button type="submit" name="action" class="btn btn-primary btn-small" value="remove_all">{{$remove_all_label}}</button></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{{foreach $trusted_browsers as $trusted_browser}}
|
||||
<tr{{if $generated_trusted_browser && $trusted_browser.id == $generated_trusted_browser.id}} class="success"{{/if}}>
|
||||
<td>
|
||||
{{$trusted_browser.device}}
|
||||
</td>
|
||||
<td>
|
||||
{{$trusted_browser.os}}
|
||||
</td>
|
||||
<td>
|
||||
{{$trusted_browser.browser}}
|
||||
</td>
|
||||
<td>
|
||||
<span class="time" title="{{$trusted_browser.created}}" data-toggle="tooltip">
|
||||
<time datetime="{{$trusted_browser.created}}">{{$trusted_browser.created_ago}}</time>
|
||||
</span>
|
||||
</td>
|
||||
<td>
|
||||
<span class="time" title="{{$trusted_browser.last_used}}" data-toggle="tooltip">
|
||||
<time datetime="{{$trusted_browser.last_used}}">{{$trusted_browser.last_used_ago}}</time>
|
||||
</span>
|
||||
</td>
|
||||
<td>
|
||||
<button type="submit" name="remove_id" class="btn btn-default btn-small" value="{{$trusted_browser.cookie_hash}}">{{$remove_label}}</button>
|
||||
</td>
|
||||
</tr>
|
||||
{{/foreach}}
|
||||
</tbody>
|
||||
</table>
|
||||
</form>
|
||||
</div>
|
||||
Loading…
Reference in a new issue