Add trusted browsers user setting module
- Add trusted browsers help section
This commit is contained in:
parent
54fa2e8f12
commit
5a949911ba
|
@ -72,3 +72,10 @@ We recommend generating a single app-specific password for each separate third-p
|
||||||
|
|
||||||
You can also revoke any and all app-specific password you generated this way.
|
You can also revoke any and all app-specific password you generated this way.
|
||||||
This may log you out of the third-party application(s) you used the revoked app-specific password to log in with.
|
This may log you out of the third-party application(s) you used the revoked app-specific password to log in with.
|
||||||
|
|
||||||
|
## Trusted browsers
|
||||||
|
|
||||||
|
As a convenience, during two-factor authentication it is possible to identify a browser as trusted.
|
||||||
|
This will skip all further two-factor authentication prompt on this browser.
|
||||||
|
|
||||||
|
You can remove any or all of these trusted browsers in the two-factor authentication settings.
|
||||||
|
|
|
@ -78,6 +78,11 @@ class Index extends BaseSettings
|
||||||
DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case 'trusted':
|
||||||
|
if ($has_secret) {
|
||||||
|
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||||
|
}
|
||||||
|
break;
|
||||||
case 'configure':
|
case 'configure':
|
||||||
if (!$verified) {
|
if (!$verified) {
|
||||||
DI::baseUrl()->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
DI::baseUrl()->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||||
|
@ -130,6 +135,7 @@ class Index extends BaseSettings
|
||||||
'$disable_label' => DI::l10n()->t('Disable two-factor authentication'),
|
'$disable_label' => DI::l10n()->t('Disable two-factor authentication'),
|
||||||
'$recovery_codes_label' => DI::l10n()->t('Show recovery codes'),
|
'$recovery_codes_label' => DI::l10n()->t('Show recovery codes'),
|
||||||
'$app_specific_passwords_label' => DI::l10n()->t('Manage app-specific passwords'),
|
'$app_specific_passwords_label' => DI::l10n()->t('Manage app-specific passwords'),
|
||||||
|
'$trusted_browsers_label' => DI::l10n()->t('Manage trusted browsers'),
|
||||||
'$configure_label' => DI::l10n()->t('Finish app configuration'),
|
'$configure_label' => DI::l10n()->t('Finish app configuration'),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
110
src/Module/Settings/TwoFactor/Trusted.php
Normal file
110
src/Module/Settings/TwoFactor/Trusted.php
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Friendica\Module\Settings\TwoFactor;
|
||||||
|
|
||||||
|
use Friendica\Core\Renderer;
|
||||||
|
use Friendica\DI;
|
||||||
|
use Friendica\Module\BaseSettings;
|
||||||
|
use Friendica\Security\TwoFactor;
|
||||||
|
use Friendica\Util\Temporal;
|
||||||
|
use UAParser\Parser;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manages users' two-factor trusted browsers in the 2fa_trusted_browsers table
|
||||||
|
*/
|
||||||
|
class Trusted extends BaseSettings
|
||||||
|
{
|
||||||
|
public static function init(array $parameters = [])
|
||||||
|
{
|
||||||
|
if (!local_user()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
|
||||||
|
|
||||||
|
if (!$verified) {
|
||||||
|
DI::baseUrl()->redirect('settings/2fa');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
|
||||||
|
notice(DI::l10n()->t('Please enter your password to access this page.'));
|
||||||
|
DI::baseUrl()->redirect('settings/2fa');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function post(array $parameters = [])
|
||||||
|
{
|
||||||
|
if (!local_user()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$trustedBrowserRepository = new TwoFactor\Repository\TrustedBrowser(DI::dba(), DI::logger());
|
||||||
|
|
||||||
|
if (!empty($_POST['action'])) {
|
||||||
|
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
|
||||||
|
|
||||||
|
switch ($_POST['action']) {
|
||||||
|
case 'remove_all' :
|
||||||
|
$trustedBrowserRepository->removeAllForUser(local_user());
|
||||||
|
info(DI::l10n()->t('Trusted browsers successfully removed.'));
|
||||||
|
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!empty($_POST['remove_id'])) {
|
||||||
|
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
|
||||||
|
|
||||||
|
if ($trustedBrowserRepository->removeForUser(local_user(), $_POST['remove_id'])) {
|
||||||
|
info(DI::l10n()->t('Trusted browser successfully removed.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static function content(array $parameters = []): string
|
||||||
|
{
|
||||||
|
parent::content($parameters);
|
||||||
|
|
||||||
|
$trustedBrowserRepository = new TwoFactor\Repository\TrustedBrowser(DI::dba(), DI::logger());
|
||||||
|
$trustedBrowsers = $trustedBrowserRepository->selectAllByUid(local_user());
|
||||||
|
|
||||||
|
$parser = Parser::create();
|
||||||
|
|
||||||
|
$trustedBrowserDisplay = array_map(function (TwoFactor\Model\TrustedBrowser $trustedBrowser) use ($parser) {
|
||||||
|
$dates = [
|
||||||
|
'created_ago' => Temporal::getRelativeDate($trustedBrowser->created),
|
||||||
|
'last_used_ago' => Temporal::getRelativeDate($trustedBrowser->last_used),
|
||||||
|
];
|
||||||
|
|
||||||
|
$result = $parser->parse($trustedBrowser->user_agent);
|
||||||
|
|
||||||
|
$uaData = [
|
||||||
|
'os' => $result->os->family,
|
||||||
|
'device' => $result->device->family,
|
||||||
|
'browser' => $result->ua->family,
|
||||||
|
];
|
||||||
|
|
||||||
|
return $trustedBrowser->toArray() + $dates + $uaData;
|
||||||
|
}, $trustedBrowsers->getArrayCopy());
|
||||||
|
|
||||||
|
return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/trusted_browsers.tpl'), [
|
||||||
|
'$form_security_token' => self::getFormSecurityToken('settings_2fa_trusted'),
|
||||||
|
'$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
|
||||||
|
|
||||||
|
'$title' => DI::l10n()->t('Two-factor Trusted Browsers'),
|
||||||
|
'$message' => DI::l10n()->t('Trusted browsers are individual browsers you chose to skip two-factor authentication to access Friendica. Please use this feature sparingly, as it can negate the benefit of two-factor authentication.'),
|
||||||
|
'$device_label' => DI::l10n()->t('Device'),
|
||||||
|
'$os_label' => DI::l10n()->t('OS'),
|
||||||
|
'$browser_label' => DI::l10n()->t('Browser'),
|
||||||
|
'$created_label' => DI::l10n()->t('Trusted'),
|
||||||
|
'$last_used_label' => DI::l10n()->t('Last Use'),
|
||||||
|
'$remove_label' => DI::l10n()->t('Remove'),
|
||||||
|
'$remove_all_label' => DI::l10n()->t('Remove All'),
|
||||||
|
|
||||||
|
'$trusted_browsers' => $trustedBrowserDisplay,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
}
|
|
@ -385,6 +385,7 @@ return [
|
||||||
'/recovery' => [Module\Settings\TwoFactor\Recovery::class, [R::GET, R::POST]],
|
'/recovery' => [Module\Settings\TwoFactor\Recovery::class, [R::GET, R::POST]],
|
||||||
'/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]],
|
'/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]],
|
||||||
'/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]],
|
'/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]],
|
||||||
|
'/trusted' => [Module\Settings\TwoFactor\Trusted::class, [R::GET, R::POST]],
|
||||||
],
|
],
|
||||||
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
|
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
|
||||||
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
|
'/display' => [Module\Settings\Display::class, [R::GET, R::POST]],
|
||||||
|
|
|
@ -30,6 +30,7 @@
|
||||||
{{if $has_secret && $verified}}
|
{{if $has_secret && $verified}}
|
||||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="recovery">{{$recovery_codes_label}}</button></p>
|
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="recovery">{{$recovery_codes_label}}</button></p>
|
||||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="app_specific">{{$app_specific_passwords_label}}</button></p>
|
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="app_specific">{{$app_specific_passwords_label}}</button></p>
|
||||||
|
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="trusted">{{$trusted_browsers_label}}</button></p>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
{{if $has_secret && !$verified}}
|
{{if $has_secret && !$verified}}
|
||||||
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="configure">{{$configure_label}}</button></p>
|
<p><button type="submit" name="action" id="confirm-submit-button" class="btn btn-primary confirm-button" value="configure">{{$configure_label}}</button></p>
|
||||||
|
|
48
view/templates/settings/twofactor/trusted_browsers.tpl
Normal file
48
view/templates/settings/twofactor/trusted_browsers.tpl
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
<div class="generic-page-wrapper">
|
||||||
|
<h1>{{$title}} <a href="help/Two-Factor-Authentication" title="{{$help_label}}" class="btn btn-default btn-sm"><i aria-hidden="true" class="fa fa-question fa-2x"></i></a></h1>
|
||||||
|
<div>{{$message nofilter}}</div>
|
||||||
|
|
||||||
|
<form action="settings/2fa/trusted?t={{$password_security_token}}" method="post">
|
||||||
|
<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
|
||||||
|
<table class="trusted-passwords table table-hover table-condensed table-striped">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>{{$device_label}}</th>
|
||||||
|
<th>{{$os_label}}</th>
|
||||||
|
<th>{{$browser_label}}</th>
|
||||||
|
<th>{{$created_label}}</th>
|
||||||
|
<th>{{$last_used_label}}</th>
|
||||||
|
<th><button type="submit" name="action" class="btn btn-primary btn-small" value="remove_all">{{$remove_all_label}}</button></th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{{foreach $trusted_browsers as $trusted_browser}}
|
||||||
|
<tr{{if $generated_trusted_browser && $trusted_browser.id == $generated_trusted_browser.id}} class="success"{{/if}}>
|
||||||
|
<td>
|
||||||
|
{{$trusted_browser.device}}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
{{$trusted_browser.os}}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
{{$trusted_browser.browser}}
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<span class="time" title="{{$trusted_browser.created}}" data-toggle="tooltip">
|
||||||
|
<time datetime="{{$trusted_browser.created}}">{{$trusted_browser.created_ago}}</time>
|
||||||
|
</span>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<span class="time" title="{{$trusted_browser.last_used}}" data-toggle="tooltip">
|
||||||
|
<time datetime="{{$trusted_browser.last_used}}">{{$trusted_browser.last_used_ago}}</time>
|
||||||
|
</span>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<button type="submit" name="remove_id" class="btn btn-default btn-small" value="{{$trusted_browser.cookie_hash}}">{{$remove_label}}</button>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{{/foreach}}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
</div>
|
Loading…
Reference in a new issue