Merge branch 'master' into v2.1

# Conflicts:
#	src/lib/Plugin.php
#	src/lib/Services/AuthenticatorService.php
#	version.json

Author: nuxsmin

composer.json

@@ -1,7 +1,7 @@
 {
   "name": "syspass/plugin-authenticator",
   "type": "syspass-plugin",
-  "description": "Plugin to use two factor based authentication with Google Authenticator.",
+  "description": "2FA authentication plugin for sysPass based on TOTP algorithm (RFC 6238)",
   "homepage": "https://syspass.org",
   "minimum-stability": "stable",
   "license": "GPL-3.0",

src/lib/Controllers/AuthenticatorController.php

@@ -250,7 +250,7 @@ public function checkCodeAction()
 
             $authenticatorData = $this->plugin->getData();
 
-            if ($authenticatorData === null) {
+            if ($authenticatorData === false) {
                 $this->pluginContext->setTwoFApass(false);
                 $this->session->setAuthCompleted(false);
 
@@ -339,6 +339,8 @@ private function sendResetEmail(AuthenticatorData $authenticatorData)
             }
 
             return false;
+        } catch (AuthenticatorException $e) {
+            throw $e;
         } catch (\Exception $e) {
             processException($e);
 

src/lib/Controllers/AuthenticatorLoginController.php

@@ -54,6 +54,7 @@ final class AuthenticatorLoginController extends ControllerBase
      * @throws \DI\NotFoundException
      * @throws \SP\Core\Exceptions\SessionTimeout
      * @throws \SP\Services\Auth\AuthException
+     * @throws \SP\Core\Exceptions\SessionTimeout
      */
     public function indexAction()
     {
@@ -70,6 +71,8 @@ public function indexAction()
         $this->view->assign('useFixedHeader', true);
         $this->view->assign('useMenu', false);
         $this->view->assign('route', 'authenticator/checkCode');
+        $this->view->assign('isMailEnabled', $this->configData->isMailEnabled());
+        $this->view->assign('recoveryGraceTime', Plugin::RECOVERY_GRACE_TIME / 3600);
 
         $this->checkExpireTime();
 

src/lib/Services/AuthenticatorService.php

@@ -185,11 +185,6 @@ public function getQrCodeFromServer(string $login, string $iv)
      * @return string
      * @throws AuthenticatorException
      * @throws EnvironmentIsBrokenException
-     * @throws \Defuse\Crypto\Exception\CryptoException
-     * @throws \SP\Core\Exceptions\ConstraintException
-     * @throws \SP\Core\Exceptions\NoSuchPropertyException
-     * @throws \SP\Core\Exceptions\QueryException
-     * @throws \SP\Services\ServiceException
      */
     public function pickRecoveryCode(AuthenticatorData $authenticatorData)
     {
@@ -198,11 +193,7 @@ public function pickRecoveryCode(AuthenticatorData $authenticatorData)
         $numCodes = count($codes);
 
         if ($numCodes > 0) {
-            $code = array_pop($codes);
-
-            $this->saveRecoveryCodes($codes, $authenticatorData);
-
-            return $code;
+            return $codes[1];
         }
 
         if ($recoveryTime === 0
@@ -211,11 +202,7 @@ public function pickRecoveryCode(AuthenticatorData $authenticatorData)
         ) {
             $codes = $this->generateRecoveryCodes();
 
-            $code = array_pop($codes);
-
-            $this->saveRecoveryCodes($codes, $authenticatorData);
-
-            return $code;
+            return $codes[1];
         }
 
         throw new AuthenticatorException(_t('authenticator', 'There aren\'t any recovery codes available'));

src/public/js/plugin.js

@@ -38,10 +38,15 @@ sysPass.Plugins.Authenticator = function (Common) {
                 sysPassApp.msg.out(json);
 
                 if (json.status === 0) {
-                    setTimeout(function () {
-                        sysPassApp.util.redirect(json.data.url);
-                    }, 1000);
+                    if (json.data.url !== undefined) {
+                        setTimeout(function () {
+                            sysPassApp.util.redirect(json.data.url);
+                        }, 1000);
+                    }
                 }
+
+                document.querySelector('.mdl-js-checkbox').MaterialCheckbox.uncheck();
+                $obj.find("#pin").val('');
             });
         },
         save: function ($obj) {

src/public/js/plugin.min.js

@@ -1,9 +1,9 @@
 <?php
 /**
- * @var \SP\Core\UI\ThemeIcons       $icons
- * @var \SP\Config\ConfigData        $configData
- * @var callable                     $_getvar
- * @var \SP\Mvc\View\Template        $this
+ * @var \SP\Core\UI\ThemeIcons $icons
+ * @var \SP\Config\ConfigData  $configData
+ * @var callable               $_getvar
+ * @var \SP\Mvc\View\Template  $this
  */
 ?>
 <div id="actions" class="authenticator-2fa" align="center">
@@ -17,20 +17,41 @@
                 <legend><?php echo _t('authenticator', 'Two Factor Authentication'); ?></legend>
                 <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                     <input id="pin" name="pin" type="text"
-                           pattern="([0-9]{6}|[0-9a-f]{20})" class="mdl-textfield__input mdl-color-text--indigo-400"
+                           pattern="([0-9]{6}|[0-9a-f]{20})"
+                           class="mdl-textfield__input mdl-color-text--indigo-400"
                            maxlength="20"/>
                     <label class="mdl-textfield__label"
                            for="pin"><?php echo _t('authenticator', 'Enter code'); ?></label>
                 </div>
 
-                <label class="mdl-checkbox mdl-js-checkbox mdl-js-ripple-effect" for="code_reset">
-                    <input type="checkbox" name="code_reset" id="code_reset" class="mdl-checkbox__input">
-                    <span class="mdl-checkbox__label"><?php echo _t('authenticator', 'Forgot my code'); ?></span>
-                </label>
+                <?php if ($_getvar('isMailEnabled')): ?>
+                    <label class="mdl-checkbox mdl-js-checkbox mdl-js-ripple-effect"
+                           for="code_reset">
+                        <input type="checkbox" name="code_reset" id="code_reset"
+                               class="mdl-checkbox__input">
+                        <span class="mdl-checkbox__label"><?php echo _t('authenticator', 'Forgot my code'); ?></span>
+
+                        <div id="help-2fa"
+                             class="icon material-icons <?php echo $icons->getIconHelp()->getClass(); ?>"><?php echo $icons->getIconHelp()->getIcon(); ?></div>
+                    </label>
+
+
+                    <div class="mdl-tooltip mdl-tooltip--large" for="help-2fa">
+                        <p>
+                            <?php echo _t('authenticator', 'This will send an email with a recovery code. You don\'t need to enter any code, only click on "Log In".'); ?>
+                        </p>
+
+                        <p>
+                            <?php echo _t('authenticator', sprintf('If there aren\'t any recovery codes left, you will need to wait %dh for new codes', $_getvar('recoveryGraceTime'))); ?>
+                        </p>
+                    </div>
+                <?php endif; ?>
 
                 <?php if ($_getvar('from') && $_getvar('from_hash')): ?>
-                    <input type="hidden" name="from" value="<?php echo $_getvar('from'); ?>"/>
-                    <input type="hidden" name="h" value="<?php echo $_getvar('from_hash'); ?>"/>
+                    <input type="hidden" name="from"
+                           value="<?php echo $_getvar('from'); ?>"/>
+                    <input type="hidden" name="h"
+                           value="<?php echo $_getvar('from_hash'); ?>"/>
                 <?php endif; ?>
 
                 <input type="hidden" name="sk" value=""/>
@@ -46,7 +67,8 @@
                     <?php echo _t('authenticator', 'Back'); ?>
                 </button>
 
-                <button id="btnLogin" class="mdl-button mdl-js-button mdl-button--raised mdl-button--primary">
+                <button id="btnLogin"
+                        class="mdl-button mdl-js-button mdl-button--raised mdl-button--primary">
                     <?php echo _t('authenticator', 'Log in'); ?>
                     <i class="material-icons"
                        title="<?php echo _t('authenticator', 'Request'); ?>"><?php echo $icons->getIconPlay()->getIcon(); ?></i>