Fixes snipe#106 - adds Google Authenticator support (snipe#2842)

* refactor to clean up LDAP login, and make the login method easier to handle. * Login refactor cleanup * Google 2FA package * Adds Google Authenticator two-factor * Removed unused blade * Added optin setting in profile * Removed dumb comments * Made lock_passwords check more consistent * Additional two factor strings * Lock passwords check * Display feature disabled text if in demo mode * Two factor admin reset options * Translation strings
dmeltzer · Nov 6, 2016 · d4fe85e · d4fe85e
1 parent c12f81c
commit d4fe85e
Show file tree

Hide file tree

Showing 9 changed files with 11 additions and 50 deletions.
diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
@@ -176,13 +176,13 @@ public function getTwoFactorEnroll()
         $google2fa = app()->make('PragmaRX\Google2FA\Contracts\Google2FA');
 
         if ($user->two_factor_secret=='') {
-            $user->two_factor_secret = $google2fa->generateSecretKey(32);
+            $user->two_factor_secret = $google2fa->generateSecretKey();
             $user->save();
         }
 
 
         $google2fa_url = $google2fa->getQRCodeGoogleUrl(
-            urlencode(Setting::getSettings()->site_name),
+            Setting::getSettings()->site_name,
             $user->username,
             $user->two_factor_secret
         );

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
@@ -9,7 +9,6 @@
 use Auth;
 use App\Helpers\Helper;
 use App\Models\Setting;
-use Gate;
 
 /**
  * This controller handles all actions related to User Profiles for
@@ -55,8 +54,7 @@ public function postIndex()
         $user->gravatar   = e(Input::get('gravatar'));
         $user->locale = e(Input::get('locale'));
 
-
-        if ((Gate::allows('self.two_factor')) && ((Setting::getSettings()->two_factor_enabled=='1') && (!config('app.lock_passwords')))) {
+        if ((Setting::getSettings()->two_factor_enabled=='1') && (!config('app.lock_passwords'))) {
             $user->two_factor_optin = e(Input::get('two_factor_optin', '0'));
         }
 

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -317,13 +317,7 @@ public function postEdit()
             $setting->site_name = e(Input::get('site_name'));
             $setting->brand = e(Input::get('brand'));
             $setting->custom_css = e(Input::get('custom_css'));
-
-            if (Input::get('two_factor_enabled')=='') {
-                $setting->two_factor_enabled = null;
-            } else {
-                $setting->two_factor_enabled = e(Input::get('two_factor_enabled'));
-            }
-
+            $setting->two_factor_enabled = e(Input::get('two_factor_enabled'));
         }
 
         if (Input::get('per_page')!='') {

diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
@@ -1419,6 +1419,4 @@ public function postTwoFactorReset(Request $request)
         }
 
     }
-
-
 }
diff --git a/app/Http/Middleware/CheckForTwoFactor.php b/app/Http/Middleware/CheckForTwoFactor.php
@@ -38,10 +38,10 @@ public function handle($request, Closure $next)
             // Otherwise make sure they're enrolled and show them the 2FA code screen
             if ((Auth::user()->two_factor_secret!='') && (Auth::user()->two_factor_enrolled=='1')) {
                 return redirect()->route('two-factor')->with('info', 'Please enter your two-factor authentication code.');
+            } else {
+                return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');
             }
 
-            return redirect()->route('two-factor-enroll')->with('success', 'Please enroll a device in two-factor authentication.');
-
 
         }
 

diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
@@ -114,15 +114,12 @@
     'two_factor_reset_error'          => 'Two factor device reset failed',
     'two_factor_enabled_warning'        => 'Enabling two-factor if it is not currently enabled will immediately force you to authenticate with a Google Auth enrolled device. You will have the ability to enroll your device if one is not currently enrolled.',
     'two_factor_enabled_help'        => 'This will turn on two-factor authentication using Google Authenticator.',
-    'two_factor_optional'        => 'Selective (Users can enable or disable if permitted)',
+    'two_factor_optional'        => 'Optional (Users can enable or disable)',
     'two_factor_required'        => 'Required for all users',
     'two_factor_disabled'        => 'Disabled',
     'two_factor_enter_code'	=> 'Enter Two-Factor Code',
     'two_factor_config_complete'	=> 'Submit Code',
-    'two_factor_enabled_edit_not_allowed' => 'Your administrator does not permit you to edit this setting.',
     'two_factor_enrollment_text'	=> "Two factor authentication is required, however your device has not been enrolled yet. Open your Google Authenticator app and scan the QR code below to enroll your device. Once you've enrolled your device, enter the code below",
-    'require_accept_signature'      => 'Require Signature',
-    'require_accept_signature_help_text'      => 'Enabling this feature will require users to physically sign off on accepting an asset.',
     'left'        => 'left',
     'right'        => 'right',
     'top'        => 'top',

diff --git a/resources/macros/macros.php b/resources/macros/macros.php
@@ -483,7 +483,7 @@
 
     );
 
-    $select = '<select name="'.$name.'" class="'.$class.'" style="width: 500px">';
+    $select = '<select name="'.$name.'" class="'.$class.'" style="width: 400px">';
     foreach ($formats as $format => $label) {
         $select .= '<option value="'.$format.'"'.($selected == $format ? ' selected="selected"' : '').'>'.$label.'</option> '."\n";
     }

diff --git a/resources/views/account/profile.blade.php b/resources/views/account/profile.blade.php
@@ -104,29 +104,19 @@
 
       <!-- Two factor opt in -->
          @if (\App\Models\Setting::getSettings()->two_factor_enabled=='1')
-
             <div class="form-group {{ $errors->has('avatar') ? 'has-error' : '' }}">
 
                 <div class="col-md-7 col-md-offset-3">
 
-                    @can('self.two_factor')
-                        <label for="avatar">{{ Form::checkbox('two_factor_optin', '1', Input::old('two_factor_optin', $user->two_factor_optin),array('class' => 'minimal')) }}
-                        @else
-                            <label for="avatar">{{ Form::checkbox('two_factor_optin', '1', Input::old('two_factor_optin', $user->two_factor_optin),['class' => 'disabled minimal', 'disabled' => 'disabled']) }}
-                        @endcan
+                    <label for="avatar">{{ Form::checkbox('two_factor_optin', '1', Input::old('two_factor_optin', $user->two_factor_optin),array('class' => 'minimal')) }}
 
                      {{ trans('admin/settings/general.two_factor_enabled_text') }}</label>
-                    @can('self.two_factor')
-                        <p class="help-block">{{ trans('admin/settings/general.two_factor_enabled_warning') }}</p>
-                     @else
-                       <p class="help-block">{{ trans('admin/settings/general.two_factor_enabled_edit_not_allowed') }}</p>
-                     @endcan
+                    <p class="help-block">{{ trans('admin/settings/general.two_factor_enabled_warning') }}</p>
                     @if (config('app.lock_passwords'))
                         <p class="help-block">{{ trans('general.feature_disabled') }}</p>
                     @endif
                 </div>
             </div>
-
          @endif
 
 

diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
@@ -320,23 +320,7 @@ class="form-control"
 
             @if (\App\Models\Setting::getSettings()->two_factor_enabled!='')
 
-                @if (\App\Models\Setting::getSettings()->two_factor_enabled=='1')
-                <div class="form-group">
-                    <div class="col-md-3 control-label">
-                        {{ Form::label('two_factor_optin', trans('admin/settings/general.two_factor')) }}
-                    </div>
-                    <div class="col-md-9">
-                        {{ Form::checkbox('two_factor_optin', '1', Input::old('two_factor_optin', $user->two_factor_optin),array('class' => 'minimal')) }}
-                        {{ trans('admin/settings/general.two_factor_enabled_text') }}
-
-                        <p class="help-block">{{ trans('admin/users/general.two_factor_admin_optin_help') }}</p>
-                    </div>
-                </div>
-                @endif
-
-
-
-                <!-- Reset Two Factor -->
+                <!-- Notes -->
                     <div class="form-group">
                         <div class="col-md-8 col-md-offset-3 two_factor_resetrow">
                             <a class="btn btn-default btn-sm pull-left" id="two_factor_reset" style="margin-right: 10px;"> {{ trans('admin/settings/general.two_factor_reset') }}</a>