From 40a76b1edab648481e32773c42db68ec3f982b1c Mon Sep 17 00:00:00 2001 From: Wenceslaus Dsilva Date: Thu, 25 May 2023 21:01:42 +0530 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=9B=20fix(2FA):=20Two=20Factor=20A?= =?UTF-8?q?uthentication=20-=20Filter=20-=20Blocks=20even=20when=20two=20f?= =?UTF-8?q?actor=20authentication=20is=20enabled=20=F0=9F=90=9B=20fix(emai?= =?UTF-8?q?l):=20add=20error=20logging=20when=20email=20sending=20fails=20?= =?UTF-8?q?=F0=9F=94=92=20chore(2FA):=20fix=20TwoFactorEmailValidator=20to?= =?UTF-8?q?=20pass=20user=20as=20an=20array=20The=20TwoFactorAuthenticatio?= =?UTF-8?q?nEnforceFilter=20was=20blocking=20users=20even=20when=20two=20f?= =?UTF-8?q?actor=20authentication=20was=20enabled.=20The=20filter=20now=20?= =?UTF-8?q?checks=20if=20the=20user=20has=20two=20factor=20authentication?= =?UTF-8?q?=20enabled=20before=20blocking=20them.=20The=20MailService=20no?= =?UTF-8?q?w=20logs=20an=20error=20when=20email=20sending=20fails.=20The?= =?UTF-8?q?=20TwoFactorEmailValidator=20now=20passes=20the=20user=20as=20a?= =?UTF-8?q?n=20array=20to=20the=20TwoFactorEmailCodeGeneratorService.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + src/User/Filter/TwoFactorAuthenticationEnforceFilter.php | 4 +++- src/User/Service/MailService.php | 8 +++++++- src/User/Validator/TwoFactorEmailValidator.php | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5716b649..7833d501 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## dev +- Fix: Two Factor Authentication - Filter - Blocks even when two factor authentication is enabled - Fix: update Dutch (nl) translations (squio) - Enh: possibility to limit the depth of the recursion when getting user ids from roles (mp1509) diff --git a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php index bcb09dc8..537e1c48 100644 --- a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php +++ b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php @@ -38,8 +38,10 @@ public function beforeAction($action) } $permissions = $module->twoFactorAuthenticationForcedPermissions; + + $user = Yii::$app->user->identity; $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id)); - if (!empty(array_intersect($permissions, $itemsByUser))) { + if (!empty(array_intersect($permissions, $itemsByUser)) && !$user->auth_tf_enabled) { Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it')); return Yii::$app->response->redirect(['/user/settings/account'])->send(); } diff --git a/src/User/Service/MailService.php b/src/User/Service/MailService.php index 39b52ee2..0e9ac491 100644 --- a/src/User/Service/MailService.php +++ b/src/User/Service/MailService.php @@ -83,11 +83,17 @@ public function getType() */ public function run() { - return $this->mailer + + $result = $this->mailer ->compose(['html' => $this->view, 'text' => "text/{$this->view}"], $this->params) ->setFrom($this->from) ->setTo($this->to) ->setSubject($this->subject) ->send(); + + if (!$result) { + Yii::error("Email sending failed to '{$this->to}'.", 'mailer'); + } + return $result; } } diff --git a/src/User/Validator/TwoFactorEmailValidator.php b/src/User/Validator/TwoFactorEmailValidator.php index 37bedcef..9466a05e 100644 --- a/src/User/Validator/TwoFactorEmailValidator.php +++ b/src/User/Validator/TwoFactorEmailValidator.php @@ -111,6 +111,6 @@ public function getUnsuccessLoginMessage($codeDurationTime) */ public function generateCode() { - return $this->make(TwoFactorEmailCodeGeneratorService::class, $this->user)->run(); + return $this->make(TwoFactorEmailCodeGeneratorService::class, [$this->user])->run(); } } From 4b1536f9348cf0bdf0a549f4da4cc008d04c5396 Mon Sep 17 00:00:00 2001 From: Wenceslaus Dsilva Date: Sun, 24 Sep 2023 16:10:44 +0530 Subject: [PATCH 2/2] fix(TwoFactorAuthenticationEnforceFilter.php): use $user variable instead of accessing Yii::$app->user->identity multiple times for better readability and performance fix(MailService.php): remove unnecessary whitespace before $this->mailer to improve code formatting --- src/User/Filter/TwoFactorAuthenticationEnforceFilter.php | 2 +- src/User/Service/MailService.php | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php index 537e1c48..f0d07092 100644 --- a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php +++ b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php @@ -40,7 +40,7 @@ public function beforeAction($action) $permissions = $module->twoFactorAuthenticationForcedPermissions; $user = Yii::$app->user->identity; - $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id)); + $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser($user->id)); if (!empty(array_intersect($permissions, $itemsByUser)) && !$user->auth_tf_enabled) { Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it')); return Yii::$app->response->redirect(['/user/settings/account'])->send(); diff --git a/src/User/Service/MailService.php b/src/User/Service/MailService.php index 0e9ac491..4e99d443 100644 --- a/src/User/Service/MailService.php +++ b/src/User/Service/MailService.php @@ -83,8 +83,7 @@ public function getType() */ public function run() { - - $result = $this->mailer + $result = $this->mailer ->compose(['html' => $this->view, 'text' => "text/{$this->view}"], $this->params) ->setFrom($this->from) ->setTo($this->to)