EMS/web.ems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init web ems all

Browse Source
This commit is contained in:
agtuser
2024-09-27 17:13:36 +08:00
parent 81c97acbe9
commit 5cc56f8078
4263 changed files with 798779 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
phpMyAdmin/libraries/classes/Plugins/TwoFactor/Application.php Executable file
View File

@@ -0,0 +1,158 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Second authentication factor handling
*
* @package PhpMyAdmin
*/
namespace PhpMyAdmin\Plugins\TwoFactor;
use PhpMyAdmin\TwoFactor;
use PhpMyAdmin\Template;
use PhpMyAdmin\Plugins\TwoFactorPlugin;
use PragmaRX\Google2FA\Google2FA;
/**
* HOTP and TOTP based two-factor authentication
*
* Also known as Google, Authy, or OTP
*/
class Application extends TwoFactorPlugin
{
/**
* @var string
*/
public static $id = 'application';
protected $_google2fa;
/**
* Creates object
*
* @param TwoFactor $twofactor TwoFactor instance
*/
public function __construct(TwoFactor $twofactor)
{
parent::__construct($twofactor);
$this->_google2fa = new Google2FA();
$this->_google2fa->setWindow(8);
if (!isset($this->_twofactor->config['settings']['secret'])) {
$this->_twofactor->config['settings']['secret'] = '';
}
}
/**
* Get any property of this class
*
* @param string $property name of the property
*
* @return mixed|void if property exist, value of the relevant property
*/
public function __get($property)
{
switch ($property) {
case 'google2fa':
return $this->_google2fa;
}
}
/**
* Checks authentication, returns true on success
*
* @return boolean
*/
public function check()
{
$this->_provided = false;
if (!isset($_POST['2fa_code'])) {
return false;
}
$this->_provided = true;
return $this->_google2fa->verifyKey(
$this->_twofactor->config['settings']['secret'], $_POST['2fa_code']
);
}
/**
* Renders user interface to enter two-factor authentication
*
* @return string HTML code
*/
public function render()
{
return Template::get('login/twofactor/application')->render();
}
/**
* Renders user interface to configure two-factor authentication
*
* @return string HTML code
*/
public function setup()
{
$secret = $this->_twofactor->config['settings']['secret'];
$renderArray = ['secret' => $secret];
if (extension_loaded('gd')) {
$inlineUrl = $this->_google2fa->getQRCodeInline(
'phpMyAdmin (' . $this->getAppId(false) . ')',
$this->_twofactor->user,
$secret
);
$renderArray['image'] = $inlineUrl;
} else {
$inlineUrl = $this->_google2fa->getQRCodeUrl(
'phpMyAdmin (' . $this->getAppId(false) . ')',
$this->_twofactor->user,
$secret
);
trigger_error(
__(
'The gd PHP extension was not found.'
. ' The QRcode can not be displayed without the gd PHP extension.'
),
E_USER_WARNING
);
$renderArray['url'] = $inlineUrl;
}
return Template::get('login/twofactor/application_configure')->render($renderArray);
}
/**
* Performs backend configuration
*
* @return boolean
*/
public function configure()
{
if (! isset($_SESSION['2fa_application_key'])) {
$_SESSION['2fa_application_key'] = $this->_google2fa->generateSecretKey();
}
$this->_twofactor->config['settings']['secret'] = $_SESSION['2fa_application_key'];
$result = $this->check();
if ($result) {
unset($_SESSION['2fa_application_key']);
}
return $result;
}
/**
* Get user visible name
*
* @return string
*/
public static function getName()
{
return __('Authentication Application (2FA)');
}
/**
* Get user visible description
*
* @return string
*/
public static function getDescription()
{
return __('Provides authentication using HOTP and TOTP applications such as FreeOTP, Google Authenticator or Authy.');
}
}

65
phpMyAdmin/libraries/classes/Plugins/TwoFactor/Invalid.php Executable file
View File

@@ -0,0 +1,65 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Second authentication factor handling
*
* @package PhpMyAdmin
*/
namespace PhpMyAdmin\Plugins\TwoFactor;
use PhpMyAdmin\Plugins\TwoFactorPlugin;
use PhpMyAdmin\Template;
/**
* Invalid two-factor authentication showing that configured choice is not available.
*/
class Invalid extends TwoFactorPlugin
{
/**
* @var string
*/
public static $id = 'invalid';
public static $showSubmit = false;
/**
* Checks authentication, returns true on success
*
* @return boolean
*/
public function check()
{
return false;
}
/**
* Renders user interface to enter two-factor authentication
*
* @return string HTML code
*/
public function render()
{
return Template::get('login/twofactor/invalid')->render();
}
/**
* Get user visible name
*
* @return string
*/
public static function getName()
{
return 'Invalid two-factor authentication';
}
/**
* Get user visible description
*
* @return string
*/
public static function getDescription()
{
return 'Error fallback only!';
}
}

198
phpMyAdmin/libraries/classes/Plugins/TwoFactor/Key.php Executable file
View File

@@ -0,0 +1,198 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Second authentication factor handling
*
* @package PhpMyAdmin
*/
namespace PhpMyAdmin\Plugins\TwoFactor;
use PhpMyAdmin\Response;
use PhpMyAdmin\TwoFactor;
use PhpMyAdmin\Template;
use PhpMyAdmin\Plugins\TwoFactorPlugin;
use Samyoul\U2F\U2FServer\U2FServer;
use Samyoul\U2F\U2FServer\U2FException;
/**
* Hardware key based two-factor authentication
*
* Supports FIDO U2F tokens
*/
class Key extends TwoFactorPlugin
{
/**
* @var string
*/
public static $id = 'key';
/**
* Creates object
*
* @param TwoFactor $twofactor TwoFactor instance
*/
public function __construct(TwoFactor $twofactor)
{
parent::__construct($twofactor);
if (!isset($this->_twofactor->config['settings']['registrations'])) {
$this->_twofactor->config['settings']['registrations'] = [];
}
}
/**
* Returns array of U2F registration objects
*
* @return array
*/
public function getRegistrations()
{
$result = [];
foreach ($this->_twofactor->config['settings']['registrations'] as $index => $data) {
$reg = new \StdClass;
$reg->keyHandle = $data['keyHandle'];
$reg->publicKey = $data['publicKey'];
$reg->certificate = $data['certificate'];
$reg->counter = $data['counter'];
$reg->index = $index;
$result[] = $reg;
}
return $result;
}
/**
* Checks authentication, returns true on success
*
* @return boolean
*/
public function check()
{
$this->_provided = false;
if (!isset($_POST['u2f_authentication_response']) || !isset($_SESSION['authenticationRequest'])) {
return false;
}
$this->_provided = true;
try {
$response = json_decode($_POST['u2f_authentication_response']);
if (is_null($response)) {
return false;
}
$authentication = U2FServer::authenticate(
$_SESSION['authenticationRequest'],
$this->getRegistrations(),
$response
);
$this->_twofactor->config['settings']['registrations'][$authentication->index]['counter'] = $authentication->counter;
$this->_twofactor->save();
return true;
} catch (U2FException $e) {
$this->_message = $e->getMessage();
return false;
}
}
/**
* Loads needed javascripts into the page
*
* @return void
*/
public function loadScripts()
{
$response = Response::getInstance();
$scripts = $response->getHeader()->getScripts();
$scripts->addFile('vendor/u2f-api-polyfill.js');
$scripts->addFile('u2f.js');
}
/**
* Renders user interface to enter two-factor authentication
*
* @return string HTML code
*/
public function render()
{
$request = U2FServer::makeAuthentication(
$this->getRegistrations(),
$this->getAppId(true)
);
$_SESSION['authenticationRequest'] = $request;
$this->loadScripts();
return Template::get('login/twofactor/key')->render([
'request' => json_encode($request),
'is_https' => $GLOBALS['PMA_Config']->isHttps(),
]);
}
/**
* Renders user interface to configure two-factor authentication
*
* @return string HTML code
*/
public function setup()
{
$registrationData = U2FServer::makeRegistration(
$this->getAppId(true),
$this->getRegistrations()
);
$_SESSION['registrationRequest'] = $registrationData['request'];
$this->loadScripts();
return Template::get('login/twofactor/key_configure')->render([
'request' => json_encode($registrationData['request']),
'signatures' => json_encode($registrationData['signatures']),
'is_https' => $GLOBALS['PMA_Config']->isHttps(),
]);
}
/**
* Performs backend configuration
*
* @return boolean
*/
public function configure()
{
$this->_provided = false;
if (! isset($_POST['u2f_registration_response']) || ! isset($_SESSION['registrationRequest'])) {
return false;
}
$this->_provided = true;
try {
$response = json_decode($_POST['u2f_registration_response']);
if (is_null($response)) {
return false;
}
$registration = U2FServer::register(
$_SESSION['registrationRequest'], $response
);
$this->_twofactor->config['settings']['registrations'][] = [
'keyHandle' => $registration->getKeyHandle(),
'publicKey' => $registration->getPublicKey(),
'certificate' => $registration->getCertificate(),
'counter' => $registration->getCounter(),
];
return true;
} catch (U2FException $e) {
$this->_message = $e->getMessage();
return false;
}
}
/**
* Get user visible name
*
* @return string
*/
public static function getName()
{
return __('Hardware Security Key (FIDO U2F)');
}
/**
* Get user visible description
*
* @return string
*/
public static function getDescription()
{
return __('Provides authentication using hardware security tokens supporting FIDO U2F.');
}
}

64
phpMyAdmin/libraries/classes/Plugins/TwoFactor/Simple.php Executable file
View File

@@ -0,0 +1,64 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Second authentication factor handling
*
* @package PhpMyAdmin
*/
namespace PhpMyAdmin\Plugins\TwoFactor;
use PhpMyAdmin\Plugins\TwoFactorPlugin;
use PhpMyAdmin\Template;
/**
* Simple two-factor authentication auth asking just for confirmation.
*
* This has no practical use, but can be used for testing.
*/
class Simple extends TwoFactorPlugin
{
/**
* @var string
*/
public static $id = 'simple';
/**
* Checks authentication, returns true on success
*
* @return boolean
*/
public function check()
{
return isset($_POST['2fa_confirm']);
}
/**
* Renders user interface to enter two-factor authentication
*
* @return string HTML code
*/
public function render()
{
return Template::get('login/twofactor/simple')->render();
}
/**
* Get user visible name
*
* @return string
*/
public static function getName()
{
return __('Simple two-factor authentication');
}
/**
* Get user visible description
*
* @return string
*/
public static function getDescription()
{
return __('For testing purposes only!');
}
}