From cccbf540dd890af78fdf58d9ab1233221e9d9244 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Wed, 13 Jul 2022 19:48:11 +0300 Subject: [PATCH 01/12] Web: People: ResetApplicationDialog: fix redirect and close --- .../src/components/dialogs/ResetApplicationDialog/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js index e9b1365842..37024dfbf9 100644 --- a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js +++ b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js @@ -13,11 +13,11 @@ class ResetApplicationDialogComponent extends React.Component { } resetApp = async () => { - const { resetTfaApp, history, id } = this.props; - + const { resetTfaApp, id, onClose } = this.props; + onClose && onClose(); try { const res = await resetTfaApp(id); - if (res) history.push(res); + if (res) window.location = res; } catch (e) { toastr.error(e); } From 42b4d8a59ece61daca17675eb54375547ea1f740 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Wed, 13 Jul 2022 21:00:42 +0300 Subject: [PATCH 02/12] Web: Common: check password settings --- packages/asc-web-common/store/AuthStore.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/asc-web-common/store/AuthStore.js b/packages/asc-web-common/store/AuthStore.js index 7ed6702ee1..334449edf4 100644 --- a/packages/asc-web-common/store/AuthStore.js +++ b/packages/asc-web-common/store/AuthStore.js @@ -53,6 +53,8 @@ class AuthStore { if (this.isAuthenticated && !skipModules) { this.userStore.user && requests.push(this.moduleStore.init()); + !this.settingsStore.passwordSettings && + requests.push(this.settingsStore.getPortalPasswordSettings()); } return Promise.all(requests); From dfcc00995ab3373196ee7299df1f40a00c7a0b1f Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Wed, 13 Jul 2022 21:52:09 +0300 Subject: [PATCH 03/12] Web: People: fix redirect tfa reset --- .../src/components/dialogs/ResetApplicationDialog/index.js | 5 +++-- .../Client/src/pages/Profile/Section/Body/index.js | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js index 37024dfbf9..c3a2c96eb5 100644 --- a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js +++ b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js @@ -13,11 +13,11 @@ class ResetApplicationDialogComponent extends React.Component { } resetApp = async () => { - const { resetTfaApp, id, onClose } = this.props; + const { resetTfaApp, id, onClose, logout } = this.props; onClose && onClose(); try { const res = await resetTfaApp(id); - if (res) window.location = res; + if (res) logout(true, res); } catch (e) { toastr.error(e); } @@ -71,6 +71,7 @@ ResetApplicationDialog.propTypes = { onClose: PropTypes.func.isRequired, resetTfaApp: PropTypes.func.isRequired, id: PropTypes.string.isRequired, + logout: PropTypes.func.isRequired, }; export default ResetApplicationDialog; diff --git a/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js b/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js index 8d62544257..9a1c941a51 100644 --- a/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js +++ b/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js @@ -569,6 +569,7 @@ class SectionBodyContent extends React.PureComponent { onClose={this.toggleResetAppDialogVisible} resetTfaApp={this.props.resetTfaApp} id={profile.id} + logout={this.props.logout} /> )} {backupCodesDialogVisible && ( @@ -588,7 +589,7 @@ class SectionBodyContent extends React.PureComponent { export default withRouter( inject(({ auth, peopleStore }) => { - const { isAdmin, userStore, settingsStore, tfaStore } = auth; + const { isAdmin, userStore, settingsStore, tfaStore, logout } = auth; const { user: viewer, changeTheme } = userStore; const { @@ -649,6 +650,7 @@ export default withRouter( changeTheme, selectedTheme: viewer.theme, setIsLoading: loadingStore.setIsLoading, + logout, }; })( observer( From 1f01c06185bf6345d3f22531d2e7a8ae0a7d0cde Mon Sep 17 00:00:00 2001 From: pavelbannov Date: Thu, 14 Jul 2022 12:57:57 +0300 Subject: [PATCH 04/12] Tfa: added tfaappwithlink --- web/ASC.Web.Api/Api/Settings/TfaappController.cs | 11 +++++++++++ web/ASC.Web.Core/CookiesManager.cs | 2 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/web/ASC.Web.Api/Api/Settings/TfaappController.cs b/web/ASC.Web.Api/Api/Settings/TfaappController.cs index df1941ee16..66a6f97ada 100644 --- a/web/ASC.Web.Api/Api/Settings/TfaappController.cs +++ b/web/ASC.Web.Api/Api/Settings/TfaappController.cs @@ -235,6 +235,17 @@ public class TfaappController : BaseSettingsController return result; } + [HttpPut("tfaappwithlink")] + public async Task TfaSettingsLink(TfaRequestsDto inDto) + { + if (await TfaSettings(inDto)) + { + return TfaConfirmUrl(); + } + + return string.Empty; + } + [HttpGet("tfaapp/setup")] [Authorize(AuthenticationSchemes = "confirm", Roles = "TfaActivation")] public SetupCode TfaAppGenerateSetupCode() diff --git a/web/ASC.Web.Core/CookiesManager.cs b/web/ASC.Web.Core/CookiesManager.cs index c60d3e6ad6..fdb6e1ebb2 100644 --- a/web/ASC.Web.Core/CookiesManager.cs +++ b/web/ASC.Web.Core/CookiesManager.cs @@ -261,8 +261,6 @@ public class CookiesManager _tenantCookieSettingsHelper.SetForTenant(tenant.Id, settings); await _dbLoginEventsManager.LogOutAllActiveConnectionsForTenant(tenant.Id); - - AuthenticateMeAndSetCookies(tenant.Id, _securityContext.CurrentAccount.ID, MessageAction.LoginSuccess); } public string AuthenticateMeAndSetCookies(int tenantId, Guid userId, MessageAction action, bool session = false) From 379ed6045890ea85789ccc360105f625c1b7e4ff Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Thu, 14 Jul 2022 14:43:29 +0300 Subject: [PATCH 05/12] Web: Common: fix set tfa api --- packages/asc-web-common/api/settings/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/asc-web-common/api/settings/index.js b/packages/asc-web-common/api/settings/index.js index ecedbfcaf2..14cefbb01c 100644 --- a/packages/asc-web-common/api/settings/index.js +++ b/packages/asc-web-common/api/settings/index.js @@ -376,7 +376,7 @@ export function getTfaSettings() { export function setTfaSettings(type) { return request({ method: "put", - url: "/settings/tfaapp", + url: "/settings/tfaappwithlink", data: { type: type }, }); } From fb162af624e257b73bde99bf0bd649f35deb35ad Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Thu, 14 Jul 2022 14:43:50 +0300 Subject: [PATCH 06/12] Web: Client: Settings: use new tfa api --- .../Settings/categories/security/access-portal/tfa.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/web/ASC.Web.Client/src/components/pages/Settings/categories/security/access-portal/tfa.js b/web/ASC.Web.Client/src/components/pages/Settings/categories/security/access-portal/tfa.js index f26f4dd540..099852303f 100644 --- a/web/ASC.Web.Client/src/components/pages/Settings/categories/security/access-portal/tfa.js +++ b/web/ASC.Web.Client/src/components/pages/Settings/categories/security/access-portal/tfa.js @@ -94,17 +94,16 @@ const TwoFactorAuth = (props) => { setIsSaving(true); try { - await setTfaSettings(type); + const res = await setTfaSettings(type); toastr.success(t("SuccessfullySaveSettingsMessage")); saveToSessionStorage("defaultTfaSettings", type); setIsSaving(false); setShowReminder(false); - if (type !== "none") { + if (res) { setIsInit(false); - const link = await getTfaConfirmLink(); - history.push(link.replace(window.location.origin, "")); + history.push(res.replace(window.location.origin, "")); } } catch (error) { toastr.error(error); @@ -117,7 +116,6 @@ const TwoFactorAuth = (props) => { setShowReminder(false); }; - if (isMobile && !isInit && !isLoading) { return ; } From a48dbeaeaee598e84fc72486a0571b644947f579 Mon Sep 17 00:00:00 2001 From: pavelbannov Date: Thu, 14 Jul 2022 14:58:49 +0300 Subject: [PATCH 07/12] fix tfaapp/validate --- web/ASC.Web.Api/Api/Settings/TfaappController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/ASC.Web.Api/Api/Settings/TfaappController.cs b/web/ASC.Web.Api/Api/Settings/TfaappController.cs index 66a6f97ada..c4528ba976 100644 --- a/web/ASC.Web.Api/Api/Settings/TfaappController.cs +++ b/web/ASC.Web.Api/Api/Settings/TfaappController.cs @@ -119,7 +119,7 @@ public class TfaappController : BaseSettingsController } [HttpPost("tfaapp/validate")] - [Authorize(AuthenticationSchemes = "confirm", Roles = "TfaActivation,Everyone")] + [Authorize(AuthenticationSchemes = "confirm", Roles = "TfaActivation,TfaAuth,Everyone")] public bool TfaValidateAuthCode(TfaValidateRequestsDto inDto) { ApiContext.AuthByClaim(); From ec80b996e7e4429a001472ee674be73a42f09ee2 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Thu, 14 Jul 2022 15:27:48 +0300 Subject: [PATCH 08/12] Web: Common: add confirmKey for validate tfa --- packages/asc-web-common/api/settings/index.js | 10 +++++++--- packages/asc-web-common/store/TfaStore.js | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/asc-web-common/api/settings/index.js b/packages/asc-web-common/api/settings/index.js index 14cefbb01c..19df9888dd 100644 --- a/packages/asc-web-common/api/settings/index.js +++ b/packages/asc-web-common/api/settings/index.js @@ -424,17 +424,21 @@ export function getTfaSecretKeyAndQR(confirmKey = null) { return request(options); } -export function validateTfaCode(code) { +export function validateTfaCode(code, confirmKey = null) { const data = { code, }; - return request({ + const options = { method: "post", url: "/settings/tfaapp/validate", skipLogout: true, data, - }); + }; + + if (confirmKey) options.headers = { confirm: confirmKey }; + + return request(options); } export function getBackupStorage() { diff --git a/packages/asc-web-common/store/TfaStore.js b/packages/asc-web-common/store/TfaStore.js index 02c3902326..8aeda4b698 100644 --- a/packages/asc-web-common/store/TfaStore.js +++ b/packages/asc-web-common/store/TfaStore.js @@ -54,8 +54,8 @@ class TfaStore { return api.user.loginWithTfaCode(userName, passwordHash, code); }; - loginWithCodeAndCookie = async (code) => { - return api.settings.validateTfaCode(code); + loginWithCodeAndCookie = async (code, confirmKey = null) => { + return api.settings.validateTfaCode(code, confirmKey); }; getBackupCodes = async () => { From 5005bfec3d88c12bc6f47c6a0e10402347f20ed7 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Thu, 14 Jul 2022 15:28:14 +0300 Subject: [PATCH 09/12] Web: Client: Confirm: use confirmHeader --- .../components/pages/Confirm/sub-components/tfaActivation.js | 3 ++- .../src/components/pages/Confirm/sub-components/tfaAuth.js | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaActivation.js b/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaActivation.js index 99e8f4d237..26e5d8d1fc 100644 --- a/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaActivation.js +++ b/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaActivation.js @@ -89,6 +89,7 @@ const TfaActivationForm = withLoader((props) => { const onSubmit = async () => { try { const { user, hash } = (location && location.state) || {}; + const { linkData } = props; setIsLoading(true); @@ -96,7 +97,7 @@ const TfaActivationForm = withLoader((props) => { const url = await loginWithCode(user, hash, code); history.push(url || "/"); } else { - const url = await loginWithCodeAndCookie(code); + const url = await loginWithCodeAndCookie(code, linkData.confirmHeader); history.push(url || "/"); } } catch (e) { diff --git a/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaAuth.js b/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaAuth.js index a445322e73..d4ad72bd51 100644 --- a/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaAuth.js +++ b/web/ASC.Web.Client/src/components/pages/Confirm/sub-components/tfaAuth.js @@ -60,6 +60,7 @@ const TfaAuthForm = withLoader((props) => { const onSubmit = async () => { try { const { user, hash } = (location && location.state) || {}; + const { linkData } = props; setIsLoading(true); @@ -67,7 +68,7 @@ const TfaAuthForm = withLoader((props) => { const url = await loginWithCode(user, hash, code); history.push(url || "/"); } else { - const url = await loginWithCodeAndCookie(code); + const url = await loginWithCodeAndCookie(code, linkData.confirmHeader); history.push(url || "/"); } } catch (e) { From aa17b6d882abe36cbb82377b7d5220d040c454d0 Mon Sep 17 00:00:00 2001 From: pavelbannov Date: Thu, 14 Jul 2022 16:18:23 +0300 Subject: [PATCH 10/12] fix --- web/ASC.Web.Api/Api/Settings/TfaappController.cs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/web/ASC.Web.Api/Api/Settings/TfaappController.cs b/web/ASC.Web.Api/Api/Settings/TfaappController.cs index c4528ba976..e63c4725d9 100644 --- a/web/ASC.Web.Api/Api/Settings/TfaappController.cs +++ b/web/ASC.Web.Api/Api/Settings/TfaappController.cs @@ -44,8 +44,9 @@ public class TfaappController : BaseSettingsController private readonly MessageTarget _messageTarget; private readonly StudioSmsNotificationSettingsHelper _studioSmsNotificationSettingsHelper; private readonly InstanceCrypto _instanceCrypto; - private readonly Signature _signature; - + private readonly Signature _signature; + private readonly SecurityContext _securityContext; + public TfaappController( MessageService messageService, StudioNotifyService studioNotifyService, @@ -64,7 +65,8 @@ public class TfaappController : BaseSettingsController SmsProviderManager smsProviderManager, IMemoryCache memoryCache, InstanceCrypto instanceCrypto, - Signature signature, + Signature signature, + SecurityContext securityContext, IHttpContextAccessor httpContextAccessor) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { _smsProviderManager = smsProviderManager; @@ -81,7 +83,8 @@ public class TfaappController : BaseSettingsController _messageTarget = messageTarget; _studioSmsNotificationSettingsHelper = studioSmsNotificationSettingsHelper; _instanceCrypto = instanceCrypto; - _signature = signature; + _signature = signature; + _securityContext = securityContext; } [HttpGet("tfaapp")] @@ -123,7 +126,8 @@ public class TfaappController : BaseSettingsController public bool TfaValidateAuthCode(TfaValidateRequestsDto inDto) { ApiContext.AuthByClaim(); - var user = _userManager.GetUsers(_authContext.CurrentAccount.ID); + var user = _userManager.GetUsers(_authContext.CurrentAccount.ID); + _securityContext.Logout(); return _tfaManager.ValidateAuthCode(user, inDto.Code); } From 3123ba79934055b25eba90644c8dccb956c6c302 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Wed, 20 Jul 2022 00:49:11 +0300 Subject: [PATCH 11/12] Web: People: fix redirect --- .../dialogs/ResetApplicationDialog/index.js | 15 ++++++++------- .../src/pages/Profile/Section/Body/index.js | 1 - 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js index e48b0e5478..4ed7b0c49e 100644 --- a/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js +++ b/products/ASC.People/Client/src/components/dialogs/ResetApplicationDialog/index.js @@ -4,6 +4,7 @@ import ModalDialog from "@appserver/components/modal-dialog"; import Button from "@appserver/components/button"; import Text from "@appserver/components/text"; import { withTranslation } from "react-i18next"; +import { withRouter } from "react-router"; import ModalDialogContainer from "../ModalDialogContainer"; import toastr from "studio/toastr"; @@ -13,11 +14,11 @@ class ResetApplicationDialogComponent extends React.Component { } resetApp = async () => { - const { resetTfaApp, id, onClose, logout } = this.props; + const { resetTfaApp, id, onClose, history } = this.props; onClose && onClose(); try { const res = await resetTfaApp(id); - if (res) logout(true, res); + if (res) history.push(res.replace(window.location.origin, "")); } catch (e) { toastr.error(e); } @@ -60,17 +61,17 @@ class ResetApplicationDialogComponent extends React.Component { } } -const ResetApplicationDialog = withTranslation([ - "ResetApplicationDialog", - "Common", -])(ResetApplicationDialogComponent); +const ResetApplicationDialog = withRouter( + withTranslation(["ResetApplicationDialog", "Common"])( + ResetApplicationDialogComponent + ) +); ResetApplicationDialog.propTypes = { visible: PropTypes.bool.isRequired, onClose: PropTypes.func.isRequired, resetTfaApp: PropTypes.func.isRequired, id: PropTypes.string.isRequired, - logout: PropTypes.func.isRequired, }; export default ResetApplicationDialog; diff --git a/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js b/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js index 9a1c941a51..0174fd656e 100644 --- a/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js +++ b/products/ASC.People/Client/src/pages/Profile/Section/Body/index.js @@ -569,7 +569,6 @@ class SectionBodyContent extends React.PureComponent { onClose={this.toggleResetAppDialogVisible} resetTfaApp={this.props.resetTfaApp} id={profile.id} - logout={this.props.logout} /> )} {backupCodesDialogVisible && ( From df26c82593bd77c157ea762222f1cae6a3f0a923 Mon Sep 17 00:00:00 2001 From: Viktor Fomin Date: Wed, 20 Jul 2022 09:56:24 +0300 Subject: [PATCH 12/12] Tfa: fix reset cookie --- .../Api/Settings/TfaappController.cs | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/web/ASC.Web.Api/Api/Settings/TfaappController.cs b/web/ASC.Web.Api/Api/Settings/TfaappController.cs index e63c4725d9..9ba2699c14 100644 --- a/web/ASC.Web.Api/Api/Settings/TfaappController.cs +++ b/web/ASC.Web.Api/Api/Settings/TfaappController.cs @@ -44,9 +44,9 @@ public class TfaappController : BaseSettingsController private readonly MessageTarget _messageTarget; private readonly StudioSmsNotificationSettingsHelper _studioSmsNotificationSettingsHelper; private readonly InstanceCrypto _instanceCrypto; - private readonly Signature _signature; - private readonly SecurityContext _securityContext; - + private readonly Signature _signature; + private readonly SecurityContext _securityContext; + public TfaappController( MessageService messageService, StudioNotifyService studioNotifyService, @@ -65,7 +65,7 @@ public class TfaappController : BaseSettingsController SmsProviderManager smsProviderManager, IMemoryCache memoryCache, InstanceCrypto instanceCrypto, - Signature signature, + Signature signature, SecurityContext securityContext, IHttpContextAccessor httpContextAccessor) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { @@ -83,8 +83,8 @@ public class TfaappController : BaseSettingsController _messageTarget = messageTarget; _studioSmsNotificationSettingsHelper = studioSmsNotificationSettingsHelper; _instanceCrypto = instanceCrypto; - _signature = signature; - _securityContext = securityContext; + _signature = signature; + _securityContext = securityContext; } [HttpGet("tfaapp")] @@ -126,7 +126,7 @@ public class TfaappController : BaseSettingsController public bool TfaValidateAuthCode(TfaValidateRequestsDto inDto) { ApiContext.AuthByClaim(); - var user = _userManager.GetUsers(_authContext.CurrentAccount.ID); + var user = _userManager.GetUsers(_authContext.CurrentAccount.ID); _securityContext.Logout(); return _tfaManager.ValidateAuthCode(user, inDto.Code); } @@ -241,12 +241,12 @@ public class TfaappController : BaseSettingsController [HttpPut("tfaappwithlink")] public async Task TfaSettingsLink(TfaRequestsDto inDto) - { - if (await TfaSettings(inDto)) - { - return TfaConfirmUrl(); - } - + { + if (await TfaSettings(inDto)) + { + return TfaConfirmUrl(); + } + return string.Empty; } @@ -311,10 +311,10 @@ public class TfaappController : BaseSettingsController } [HttpPut("tfaappnewapp")] - public object TfaAppNewApp(TfaRequestsDto inDto) + public async Task TfaAppNewApp(TfaRequestsDto inDto) { var id = inDto?.Id ?? Guid.Empty; - var isMe = id.Equals(Guid.Empty) || id.Equals(_authContext.CurrentAccount.ID); + var isMe = id.Equals(Guid.Empty) || id.Equals(_authContext.CurrentAccount.ID); var user = _userManager.GetUsers(id); @@ -338,6 +338,7 @@ public class TfaappController : BaseSettingsController if (isMe) { + await _cookiesManager.ResetTenantCookie(); return _commonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.TfaActivation); }