* [MOD] Improved plugins data handling by encrypting the plugin's data

nuxsmin · nuxsmin · commit 85f0fcc3c96d · 2019-01-30T00:04:05.000+01:00
Signed-off-by: nuxsmin &lt;nuxsmin@syspass.org&gt;
diff --git a/src/lib/Controllers/AuthenticatorController.php b/src/lib/Controllers/AuthenticatorController.php
@@ -193,10 +193,13 @@ private function checkPin($pin, AuthenticatorData $authenticatorData)
      * @param AuthenticatorData $authenticatorData
      *
      * @return bool
+     * @throws \Defuse\Crypto\Exception\CryptoException
      * @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
      * @throws \SP\Core\Exceptions\ConstraintException
+     * @throws \SP\Core\Exceptions\NoSuchPropertyException
      * @throws \SP\Core\Exceptions\QueryException
      * @throws \SP\Repositories\NoSuchItemException
+     * @throws \SP\Services\ServiceException
      */
     private function save2FAStatus(AuthenticatorData $authenticatorData)
     {
@@ -211,9 +214,7 @@ private function save2FAStatus(AuthenticatorData $authenticatorData)
             $authenticatorData->setDate(time());
             $authenticatorData->setRecoveryCodes($this->authenticatorService->generateRecoveryCodes());
 
-            $this->plugin->setDataForId($this->userData->getId(), $authenticatorData);
-
-            $this->authenticatorService->savePluginUserData($authenticatorData);
+            $this->plugin->saveData($this->userData->getId(), $authenticatorData);
 
             return $this->returnJsonResponse(
                 JsonResponse::JSON_SUCCESS,
@@ -404,9 +405,10 @@ protected function initialize()
         $this->authenticatorService = $this->dic->get(AuthenticatorService::class);
         $this->pluginContext = $this->dic->get(PluginContext::class);
         $this->trackService = $this->dic->get(TrackService::class);
-        $this->plugin = $this->dic->get(PluginManager::class)
-            ->getPlugin(Plugin::PLUGIN_NAME);
         $this->userData = $this->session->getUserData();
         $this->trackRequest = $this->trackService->getTrackRequest(__CLASS__);
+
+        $pluginManager = $this->dic->get(PluginManager::class);
+        $this->plugin = $pluginManager->getPlugin(Plugin::PLUGIN_NAME, true);
     }
 }
diff --git a/src/lib/Controllers/AuthenticatorLoginController.php b/src/lib/Controllers/AuthenticatorLoginController.php
@@ -52,6 +52,7 @@ final class AuthenticatorLoginController extends ControllerBase
      *
      * @throws \DI\DependencyException
      * @throws \DI\NotFoundException
+     * @throws \SP\Core\Exceptions\SessionTimeout
      * @throws \SP\Services\Auth\AuthException
      */
     public function indexAction()
diff --git a/src/lib/Controllers/PreferencesController.php b/src/lib/Controllers/PreferencesController.php
@@ -27,6 +27,7 @@
 use Psr\Container\ContainerInterface;
 use SP\Core\Context\ContextInterface;
 use SP\Core\Events\Event;
+use SP\Modules\Web\Plugins\Authenticator\Models\AuthenticatorData;
 use SP\Modules\Web\Plugins\Authenticator\Services\AuthenticatorService;
 use SP\Modules\Web\Plugins\Authenticator\Util\PluginContext;
 use SP\Mvc\Controller\ExtensibleTabControllerInterface;
@@ -109,27 +110,29 @@ protected function getSecurityTab()
             // Datos del usuario de la sesión
             $userData = $this->context->getUserData();
 
+            /** @var AuthenticatorData $authenticatorData */
             $authenticatorData = $this->plugin->getData();
 
             $qrCode = '';
 
+            if ($authenticatorData !== null) {
+                $template->assign('chk2FAEnabled', $authenticatorData->isTwofaEnabled());
+                $template->assign('expireDays', $authenticatorData->getExpireDays());
+            } else {
+                $authenticatorData = new AuthenticatorData();
+                $template->assign('chk2FAEnabled', false);
+            }
+
+            $this->pluginContext->setUserData($authenticatorData);
+
             if (!$authenticatorData->isTwofaEnabled()) {
                 $authenticatorData->setIV(AuthenticatorService::makeInitializationKey());
 
-                $this->pluginContext->setUserData($authenticatorData);
-
-//                $qrCode = $this->authenticatorService->getQrCodeFromUrl($userData->getLogin(), $authenticatorData->getIV());
                 $qrCode = $this->authenticatorService->getQrCodeFromServer($userData->getLogin(), $authenticatorData->getIV());
-            } elseif ($authenticatorData->isTwofaEnabled()
-                && $authenticatorData->getUserId() > 0
-            ) {
-                $this->pluginContext->setUserData($authenticatorData);
             }
 
             $template->assign('qrCode', $qrCode);
             $template->assign('userId', $userData->getId());
-            $template->assign('chk2FAEnabled', $authenticatorData->isTwofaEnabled());
-            $template->assign('expireDays', $authenticatorData->getExpireDays());
             $template->assign('route', 'authenticator/save');
             $template->assign('viewCodesRoute', 'authenticator/showRecoveryCodes');
         } catch (\Exception $e) {
diff --git a/src/lib/Plugin.php b/src/lib/Plugin.php
@@ -36,7 +36,6 @@
 use SP\Mvc\Controller\ExtensibleTabControllerInterface;
 use SP\Plugin\PluginBase;
 use SP\Plugin\PluginOperation;
-use SP\Repositories\NoSuchItemException;
 use SplSubject;
 
 /**
@@ -54,10 +53,6 @@ class Plugin extends PluginBase
      * @var ContainerInterface
      */
     private $dic;
-    /**
-     * @var PluginOperation
-     */
-    private $pluginOperation;
     /**
      * @var SessionContext
      */
@@ -109,12 +104,12 @@ public function updateEvent($eventType, Event $event)
     {
         switch ($eventType) {
             case 'show.userSettings':
-                /** @var ExtensibleTabControllerInterface $source */
-                $source = $event->getSource(ExtensibleTabControllerInterface::class);
-
                 $this->loadData();
-                (new PreferencesController($source, $this, $this->dic))
-                    ->setUp();
+                (new PreferencesController(
+                    $event->getSource(ExtensibleTabControllerInterface::class),
+                    $this,
+                    $this->dic)
+                )->setUp();
                 break;
             case 'login.finish':
                 $this->loadData();
@@ -133,12 +128,8 @@ private function loadData()
                 $this->session->getUserData()->getId(),
                 AuthenticatorData::class
             );
-        } catch (NoSuchItemException $e) {
-            $this->data = new AuthenticatorData();
         } catch (\Exception $e) {
             processException($e);
-
-            $this->data = new AuthenticatorData();
         }
     }
 
@@ -153,7 +144,9 @@ private function checkLogin(Event $event)
     {
         $pluginContext = $this->dic->get(PluginContext::class);
 
-        if ($this->data !== null && $this->data->isTwofaEnabled()) {
+        if ($this->data !== null
+            && $this->data->isTwofaEnabled()
+        ) {
             $pluginContext->setTwoFApass(false);
             $this->session->setAuthCompleted(false);
 
@@ -257,23 +250,6 @@ public function getName()
         return self::PLUGIN_NAME;
     }
 
-    /**
-     * Establecer los datos de un Id
-     *
-     * @param                   $id
-     * @param AuthenticatorData $authenticatorData
-     *
-     * @return Plugin
-     * @throws \SP\Core\Exceptions\ConstraintException
-     * @throws \SP\Core\Exceptions\QueryException
-     */
-    public function setDataForId($id, AuthenticatorData $authenticatorData)
-    {
-        $this->pluginOperation->update($id, $authenticatorData);
-
-        return $this;
-    }
-
     /**
      * Eliminar los datos de un Id
      *
@@ -285,15 +261,15 @@ public function setDataForId($id, AuthenticatorData $authenticatorData)
      */
     public function deleteDataForId($id)
     {
-        $this->pluginOperation->delete($id);
+        $this->pluginOperation->delete((int)$id);
     }
 
     /**
-     * @param mixed $pluginOperation
+     * onLoad
      */
-    public function onLoad(PluginOperation $pluginOperation)
+    public function onLoad()
     {
-        $this->pluginOperation = $pluginOperation;
+        $this->loadData();
     }
 
     /**
diff --git a/src/lib/Services/AuthenticatorService.php b/src/lib/Services/AuthenticatorService.php
@@ -185,9 +185,11 @@ public function getQrCodeFromServer(string $login, string $iv)
      * @return string
      * @throws AuthenticatorException
      * @throws EnvironmentIsBrokenException
+     * @throws \Defuse\Crypto\Exception\CryptoException
      * @throws \SP\Core\Exceptions\ConstraintException
+     * @throws \SP\Core\Exceptions\NoSuchPropertyException
      * @throws \SP\Core\Exceptions\QueryException
-     * @throws \SP\Repositories\NoSuchItemException
+     * @throws \SP\Services\ServiceException
      */
     public function pickRecoveryCode(AuthenticatorData $authenticatorData)
     {
@@ -220,34 +222,20 @@ public function pickRecoveryCode(AuthenticatorData $authenticatorData)
     }
 
     /**
-     * @param                   $codes
+     * @param array             $codes
      * @param AuthenticatorData $authenticatorData
      *
+     * @throws \Defuse\Crypto\Exception\CryptoException
      * @throws \SP\Core\Exceptions\ConstraintException
+     * @throws \SP\Core\Exceptions\NoSuchPropertyException
      * @throws \SP\Core\Exceptions\QueryException
-     * @throws \SP\Repositories\NoSuchItemException
+     * @throws \SP\Services\ServiceException
      */
     private function saveRecoveryCodes(array $codes, AuthenticatorData $authenticatorData)
     {
         $authenticatorData->setRecoveryCodes($codes);
         $authenticatorData->setLastRecoveryTime(time());
-        $this->savePluginUserData($authenticatorData);
-    }
-
-    /**
-     * Guardar datos del Plugin de un usuario
-     *
-     * @param AuthenticatorData $authenticatorData
-     *
-     * @return void
-     * @throws \SP\Core\Exceptions\ConstraintException
-     * @throws \SP\Core\Exceptions\QueryException
-     * @throws \SP\Repositories\NoSuchItemException
-     */
-    public function savePluginUserData(AuthenticatorData $authenticatorData)
-    {
-        $this->plugin->setDataForId($authenticatorData->getUserId(), $authenticatorData);
-        $this->plugin->saveData();
+        $this->plugin->saveData($authenticatorData->getUserId(), $authenticatorData);
     }
 
     /**
@@ -272,7 +260,7 @@ public function generateRecoveryCodes()
     /**
      * Eliminar los datos del Plugin de un usuario
      *
-     * @param $id
+     * @param int $id
      *
      * @return void
      * @throws \SP\Core\Exceptions\ConstraintException
@@ -283,7 +271,6 @@ public function generateRecoveryCodes()
     public function deletePluginUserData($id)
     {
         $this->plugin->deleteDataForId($id);
-        $this->plugin->saveData();
     }
 
     /**
@@ -328,19 +315,26 @@ public function checkVersion()
      * @param string            $code
      *
      * @return bool
+     * @throws \Defuse\Crypto\Exception\CryptoException
      * @throws \SP\Core\Exceptions\ConstraintException
+     * @throws \SP\Core\Exceptions\NoSuchPropertyException
      * @throws \SP\Core\Exceptions\QueryException
-     * @throws \SP\Repositories\NoSuchItemException
+     * @throws \SP\Services\ServiceException
      */
     public function useRecoveryCode(AuthenticatorData $authenticatorData, $code)
     {
         $codes = $authenticatorData->getRecoveryCodes();
         $usedKey = array_search($code, $codes, true);
 
         if ($usedKey !== false) {
-            $this->saveRecoveryCodes(array_values(array_filter($codes, function ($key) use ($usedKey) {
-                return $key !== $usedKey;
-            }, ARRAY_FILTER_USE_KEY)), $authenticatorData);
+            $this->saveRecoveryCodes(
+                array_values(
+                    array_filter($codes,
+                        function ($key) use ($usedKey) {
+                            return $key !== $usedKey;
+                        }, ARRAY_FILTER_USE_KEY)
+                ),
+                $authenticatorData);
 
             return true;
         }
@@ -352,6 +346,6 @@ protected function initialize()
     {
         $this->extensionChecker = $this->dic->get(PhpExtensionChecker::class);
         $this->plugin = $this->dic->get(PluginManager::class)
-            ->getPluginInfo(Plugin::PLUGIN_NAME);
+            ->getPlugin(Plugin::PLUGIN_NAME);
     }
 }
diff --git a/src/themes/material-blue/views/userpreferences/preferences-security.inc b/src/themes/material-blue/views/userpreferences/preferences-security.inc
@@ -40,7 +40,7 @@ $chk2FAEnabled = $_getvar('chk2FAEnabled');
                 <label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="2faenabled">
                     <input type="checkbox" id="2faenabled"
                            class="mdl-switch__input mdl-color-text--indigo-400"
-                           name="2faenabled" <?php echo $_getvar('chk2FAEnabled') ? 'checked' : ''; ?>/>
+                           name="2faenabled" <?php echo $chk2FAEnabled ? 'checked' : ''; ?>/>
                     <span class="mdl-switch__label"><?php echo _t('authenticator', 'Enable'); ?></span>
                 </label>
 
diff --git a/version.json b/version.json
@@ -1,6 +1,6 @@
 {
   "Authenticator": {
-    "version": "2.0.1",
-    "build": "19010601"
+    "version": "2.1.0",
+    "build": "19012201"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ final class AuthenticatorLoginController extends ControllerBase`
`52`	`52`	`*`
`53`	`53`	`* @throws \DI\DependencyException`
`54`	`54`	`* @throws \DI\NotFoundException`
	`55`	`+ * @throws \SP\Core\Exceptions\SessionTimeout`
`55`	`56`	`* @throws \SP\Services\Auth\AuthException`
`56`	`57`	`*/`
`57`	`58`	`public function indexAction()`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Authenticator": {`
`3`		`- "version": "2.0.1",`
`4`		`- "build": "19010601"`
	`3`	`+ "version": "2.1.0",`
	`4`	`+ "build": "19012201"`
`5`	`5`	`}`
`6`	`6`	`}`