added functionality for flexible tfa configuration
This commit is contained in:
parent
51ba7c8628
commit
4b1c7644af
@ -128,7 +128,7 @@ public class IPSecurity
|
||||
return false;
|
||||
}
|
||||
|
||||
private static bool MatchIPs(string requestIp, string restrictionIp)
|
||||
public static bool MatchIPs(string requestIp, string restrictionIp)
|
||||
{
|
||||
var dividerIdx = restrictionIp.IndexOf('-');
|
||||
if (dividerIdx > -1)
|
||||
|
@ -22,8 +22,8 @@
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using AuthenticationException = System.Security.Authentication.AuthenticationException;
|
||||
using Constants = ASC.Core.Users.Constants;
|
||||
|
||||
@ -66,7 +66,8 @@ public class AuthenticationController : ControllerBase
|
||||
private readonly AuthContext _authContext;
|
||||
private readonly CookieStorage _cookieStorage;
|
||||
private readonly DbLoginEventsManager _dbLoginEventsManager;
|
||||
private readonly UserManagerWrapper _userManagerWrapper;
|
||||
private readonly UserManagerWrapper _userManagerWrapper;
|
||||
private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
|
||||
|
||||
public AuthenticationController(
|
||||
UserManager userManager,
|
||||
@ -100,7 +101,8 @@ public class AuthenticationController : ControllerBase
|
||||
ApiContext apiContext,
|
||||
AuthContext authContext,
|
||||
CookieStorage cookieStorage,
|
||||
DbLoginEventsManager dbLoginEventsManager)
|
||||
DbLoginEventsManager dbLoginEventsManager,
|
||||
TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper)
|
||||
{
|
||||
_userManager = userManager;
|
||||
_tenantManager = tenantManager;
|
||||
@ -133,7 +135,8 @@ public class AuthenticationController : ControllerBase
|
||||
_authContext = authContext;
|
||||
_cookieStorage = cookieStorage;
|
||||
_dbLoginEventsManager = dbLoginEventsManager;
|
||||
_userManagerWrapper = userManagerWrapper;
|
||||
_userManagerWrapper = userManagerWrapper;
|
||||
_tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
|
||||
}
|
||||
|
||||
|
||||
@ -148,17 +151,17 @@ public class AuthenticationController : ControllerBase
|
||||
public AuthenticationTokenDto AuthenticateMeFromBodyWithCode(AuthRequestsDto inDto)
|
||||
{
|
||||
var tenant = _tenantManager.GetCurrentTenant().Id;
|
||||
var user = GetUser(inDto, out _);
|
||||
var user = GetUser(inDto, out _);
|
||||
var sms = false;
|
||||
|
||||
var sms = false;
|
||||
try
|
||||
{
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
sms = true;
|
||||
_smsManager.ValidateSmsCode(user, inDto.Code, true);
|
||||
}
|
||||
else if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
||||
else if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
if (_tfaManager.ValidateAuthCode(user, inDto.Code, true, true))
|
||||
{
|
||||
@ -212,7 +215,7 @@ public class AuthenticationController : ControllerBase
|
||||
bool viaEmail;
|
||||
var user = GetUser(inDto, out viaEmail);
|
||||
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
|
||||
{
|
||||
@ -234,7 +237,7 @@ public class AuthenticationController : ControllerBase
|
||||
};
|
||||
}
|
||||
|
||||
if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
||||
if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
if (!TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
||||
{
|
||||
|
@ -43,6 +43,7 @@ public class TfaappController : BaseSettingsController
|
||||
private readonly DisplayUserSettingsHelper _displayUserSettingsHelper;
|
||||
private readonly MessageTarget _messageTarget;
|
||||
private readonly StudioSmsNotificationSettingsHelper _studioSmsNotificationSettingsHelper;
|
||||
private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
|
||||
private readonly InstanceCrypto _instanceCrypto;
|
||||
private readonly Signature _signature;
|
||||
private readonly SecurityContext _securityContext;
|
||||
@ -62,6 +63,7 @@ public class TfaappController : BaseSettingsController
|
||||
DisplayUserSettingsHelper displayUserSettingsHelper,
|
||||
MessageTarget messageTarget,
|
||||
StudioSmsNotificationSettingsHelper studioSmsNotificationSettingsHelper,
|
||||
TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper,
|
||||
SmsProviderManager smsProviderManager,
|
||||
IMemoryCache memoryCache,
|
||||
InstanceCrypto instanceCrypto,
|
||||
@ -82,39 +84,49 @@ public class TfaappController : BaseSettingsController
|
||||
_displayUserSettingsHelper = displayUserSettingsHelper;
|
||||
_messageTarget = messageTarget;
|
||||
_studioSmsNotificationSettingsHelper = studioSmsNotificationSettingsHelper;
|
||||
_tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
|
||||
_instanceCrypto = instanceCrypto;
|
||||
_signature = signature;
|
||||
_securityContext = securityContext;
|
||||
}
|
||||
|
||||
[HttpGet("tfaapp")]
|
||||
public IEnumerable<TfaSettingsRequestsDto> GetTfaSettings()
|
||||
public IEnumerable<TfaSettingsDto> GetTfaSettings()
|
||||
{
|
||||
var result = new List<TfaSettingsRequestsDto>();
|
||||
var result = new List<TfaSettingsDto>();
|
||||
|
||||
var SmsVisible = _studioSmsNotificationSettingsHelper.IsVisibleSettings();
|
||||
var SmsVisible = StudioSmsNotificationSettingsHelper.IsVisibleSettings();
|
||||
var SmsEnable = SmsVisible && _smsProviderManager.Enabled();
|
||||
var TfaVisible = TfaAppAuthSettings.IsVisibleSettings;
|
||||
var TfaVisible = TfaAppAuthSettingsHelper.IsVisibleSettings;
|
||||
|
||||
var tfaAppSettings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||
var tfaSmsSettings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||
|
||||
if (SmsVisible)
|
||||
{
|
||||
result.Add(new TfaSettingsRequestsDto
|
||||
result.Add(new TfaSettingsDto
|
||||
{
|
||||
Enabled = _studioSmsNotificationSettingsHelper.Enable,
|
||||
Enabled = tfaSmsSettings.EnableSetting && _smsProviderManager.Enabled(),
|
||||
Id = "sms",
|
||||
Title = Resource.ButtonSmsEnable,
|
||||
Avaliable = SmsEnable
|
||||
Avaliable = SmsEnable,
|
||||
MandatoryUsers = tfaSmsSettings.MandatoryUsers,
|
||||
MandatoryGroups = tfaSmsSettings.MandatoryGroups,
|
||||
TrustedIps = tfaSmsSettings.TrustedIps
|
||||
});
|
||||
}
|
||||
|
||||
if (TfaVisible)
|
||||
{
|
||||
result.Add(new TfaSettingsRequestsDto
|
||||
result.Add(new TfaSettingsDto
|
||||
{
|
||||
Enabled = _settingsManager.Load<TfaAppAuthSettings>().EnableSetting,
|
||||
Enabled = tfaAppSettings.EnableSetting,
|
||||
Id = "app",
|
||||
Title = Resource.ButtonTfaAppEnable,
|
||||
Avaliable = true
|
||||
Avaliable = true,
|
||||
MandatoryUsers = tfaAppSettings.MandatoryUsers,
|
||||
MandatoryGroups = tfaAppSettings.MandatoryGroups,
|
||||
TrustedIps = tfaAppSettings.TrustedIps
|
||||
});
|
||||
}
|
||||
|
||||
@ -135,7 +147,8 @@ public class TfaappController : BaseSettingsController
|
||||
public object TfaConfirmUrl()
|
||||
{
|
||||
var user = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleSettings() && _studioSmsNotificationSettingsHelper.Enable)// && smsConfirm.ToLower() != "true")
|
||||
|
||||
if (StudioSmsNotificationSettingsHelper.IsVisibleSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))// && smsConfirm.ToLower() != "true")
|
||||
{
|
||||
var confirmType = string.IsNullOrEmpty(user.MobilePhone) ||
|
||||
user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated
|
||||
@ -145,7 +158,7 @@ public class TfaappController : BaseSettingsController
|
||||
return _commonLinkUtility.GetConfirmationEmailUrl(user.Email, confirmType);
|
||||
}
|
||||
|
||||
if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
||||
if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
var confirmType = TfaAppUserSettings.EnableForUser(_settingsManager, _authContext.CurrentAccount.ID)
|
||||
? ConfirmType.TfaAuth
|
||||
@ -165,7 +178,6 @@ public class TfaappController : BaseSettingsController
|
||||
var result = false;
|
||||
|
||||
MessageAction action;
|
||||
var settings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||
|
||||
switch (inDto.Type)
|
||||
{
|
||||
@ -180,13 +192,15 @@ public class TfaappController : BaseSettingsController
|
||||
throw new MethodAccessException();
|
||||
}
|
||||
|
||||
_studioSmsNotificationSettingsHelper.Enable = true;
|
||||
var smsSettings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||
SetSettingsProperty(smsSettings);
|
||||
_settingsManager.Save(smsSettings);
|
||||
|
||||
action = MessageAction.TwoFactorAuthenticationEnabledBySms;
|
||||
|
||||
if (settings.EnableSetting)
|
||||
if (_tfaAppAuthSettingsHelper.Enable)
|
||||
{
|
||||
settings.EnableSetting = false;
|
||||
_settingsManager.Save(settings);
|
||||
_tfaAppAuthSettingsHelper.Enable = false;
|
||||
}
|
||||
|
||||
result = true;
|
||||
@ -194,13 +208,15 @@ public class TfaappController : BaseSettingsController
|
||||
break;
|
||||
|
||||
case "app":
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings)
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings)
|
||||
{
|
||||
throw new Exception(Resource.TfaAppNotAvailable);
|
||||
}
|
||||
|
||||
settings.EnableSetting = true;
|
||||
_settingsManager.Save(settings);
|
||||
var appSettings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||
SetSettingsProperty(appSettings);
|
||||
_settingsManager.Save(appSettings);
|
||||
|
||||
|
||||
action = MessageAction.TwoFactorAuthenticationEnabledByTfaApp;
|
||||
|
||||
@ -214,10 +230,9 @@ public class TfaappController : BaseSettingsController
|
||||
break;
|
||||
|
||||
default:
|
||||
if (settings.EnableSetting)
|
||||
if (_tfaAppAuthSettingsHelper.Enable)
|
||||
{
|
||||
settings.EnableSetting = false;
|
||||
_settingsManager.Save(settings);
|
||||
_tfaAppAuthSettingsHelper.Enable = false;
|
||||
}
|
||||
|
||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
||||
@ -237,6 +252,14 @@ public class TfaappController : BaseSettingsController
|
||||
|
||||
_messageService.Send(action);
|
||||
return result;
|
||||
|
||||
void SetSettingsProperty<T>(TfaSettingsBase<T> settings) where T : class, ISettings<T>
|
||||
{
|
||||
settings.EnableSetting = true;
|
||||
settings.TrustedIps = inDto.TrustedIps;
|
||||
settings.MandatoryUsers = inDto.MandatoryUsers;
|
||||
settings.MandatoryGroups = inDto.MandatoryGroups;
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPut("tfaappwithlink")]
|
||||
@ -257,7 +280,7 @@ public class TfaappController : BaseSettingsController
|
||||
ApiContext.AuthByClaim();
|
||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings ||
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings ||
|
||||
!_settingsManager.Load<TfaAppAuthSettings>().EnableSetting ||
|
||||
TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||
{
|
||||
@ -277,7 +300,7 @@ public class TfaappController : BaseSettingsController
|
||||
{
|
||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||
{
|
||||
throw new Exception(Resource.TfaAppNotAvailable);
|
||||
}
|
||||
@ -295,7 +318,7 @@ public class TfaappController : BaseSettingsController
|
||||
{
|
||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||
{
|
||||
throw new Exception(Resource.TfaAppNotAvailable);
|
||||
}
|
||||
@ -323,7 +346,7 @@ public class TfaappController : BaseSettingsController
|
||||
throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied);
|
||||
}
|
||||
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
||||
{
|
||||
throw new Exception(Resource.TfaAppNotAvailable);
|
||||
}
|
||||
|
@ -30,6 +30,9 @@ public class TfaRequestsDto
|
||||
{
|
||||
public string Type { get; set; }
|
||||
public Guid? Id { get; set; }
|
||||
public List<string> TrustedIps { get; set; }
|
||||
public List<Guid> MandatoryUsers { get; set; }
|
||||
public List<Guid> MandatoryGroups { get; set; }
|
||||
}
|
||||
|
||||
public class TfaValidateRequestsDto
|
||||
|
@ -26,10 +26,13 @@
|
||||
|
||||
namespace ASC.Web.Api.ApiModel.RequestsDto;
|
||||
|
||||
public class TfaSettingsRequestsDto
|
||||
public class TfaSettingsDto
|
||||
{
|
||||
public string Id { get; set; }
|
||||
public string Title { get; set; }
|
||||
public bool Enabled { get; set; }
|
||||
public bool Avaliable { get; set; }
|
||||
public List<string> TrustedIps { get; set; }
|
||||
public List<Guid> MandatoryUsers { get; set; }
|
||||
public List<Guid> MandatoryGroups { get; set; }
|
||||
}
|
@ -100,7 +100,7 @@ public class SmsManager
|
||||
}
|
||||
}
|
||||
|
||||
if (_studioSmsNotificationSettingsHelper.Enable)
|
||||
if (_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
await PutAuthCodeAsync(user, false);
|
||||
}
|
||||
@ -115,7 +115,7 @@ public class SmsManager
|
||||
throw new Exception(Resource.ErrorUserNotFound);
|
||||
}
|
||||
|
||||
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() || !_studioSmsNotificationSettingsHelper.Enable)
|
||||
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() || !_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
throw new MethodAccessException();
|
||||
}
|
||||
@ -146,7 +146,7 @@ public class SmsManager
|
||||
public void ValidateSmsCode(UserInfo user, string code, bool isEntryPoint = false)
|
||||
{
|
||||
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings()
|
||||
|| !_studioSmsNotificationSettingsHelper.Enable)
|
||||
|| !_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
@ -26,26 +26,22 @@
|
||||
|
||||
namespace ASC.Web.Studio.Core.SMS;
|
||||
|
||||
[Serializable]
|
||||
public class StudioSmsNotificationSettings : ISettings<StudioSmsNotificationSettings>
|
||||
public class StudioSmsNotificationSettings : TfaSettingsBase<StudioSmsNotificationSettings>
|
||||
{
|
||||
[JsonIgnore]
|
||||
public Guid ID
|
||||
public override Guid ID
|
||||
{
|
||||
get { return new Guid("{2802df61-af0d-40d4-abc5-a8506a5352ff}"); }
|
||||
}
|
||||
|
||||
public StudioSmsNotificationSettings GetDefault()
|
||||
public override StudioSmsNotificationSettings GetDefault()
|
||||
{
|
||||
return new StudioSmsNotificationSettings { EnableSetting = false, };
|
||||
return new StudioSmsNotificationSettings();
|
||||
}
|
||||
|
||||
[JsonPropertyName("Enable")]
|
||||
public bool EnableSetting { get; set; }
|
||||
}
|
||||
|
||||
[Scope]
|
||||
public class StudioSmsNotificationSettingsHelper
|
||||
public class StudioSmsNotificationSettingsHelper : TfaSettingsHelperBase
|
||||
{
|
||||
private readonly TenantExtra _tenantExtra;
|
||||
private readonly CoreBaseSettings _coreBaseSettings;
|
||||
@ -54,11 +50,14 @@ public class StudioSmsNotificationSettingsHelper
|
||||
private readonly SmsProviderManager _smsProviderManager;
|
||||
|
||||
public StudioSmsNotificationSettingsHelper(
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
TenantExtra tenantExtra,
|
||||
CoreBaseSettings coreBaseSettings,
|
||||
SetupInfo setupInfo,
|
||||
SettingsManager settingsManager,
|
||||
SmsProviderManager smsProviderManager)
|
||||
SmsProviderManager smsProviderManager,
|
||||
UserManager userManager)
|
||||
: base(httpContextAccessor, userManager)
|
||||
{
|
||||
_tenantExtra = tenantExtra;
|
||||
_coreBaseSettings = coreBaseSettings;
|
||||
@ -67,7 +66,7 @@ public class StudioSmsNotificationSettingsHelper
|
||||
_smsProviderManager = smsProviderManager;
|
||||
}
|
||||
|
||||
public bool IsVisibleSettings()
|
||||
public static bool IsVisibleSettings()
|
||||
{
|
||||
return SetupInfo.IsVisibleSettings<StudioSmsNotificationSettings>();
|
||||
}
|
||||
@ -87,13 +86,28 @@ public class StudioSmsNotificationSettingsHelper
|
||||
&& !quota.Open);
|
||||
}
|
||||
|
||||
public bool TfaEnabledForUser(Guid userGuid)
|
||||
{
|
||||
var settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||
|
||||
return TfaEnabledForUser(settings, userGuid);
|
||||
}
|
||||
|
||||
public bool Enable
|
||||
{
|
||||
get { return _settingsManager.Load<StudioSmsNotificationSettings>().EnableSetting && _smsProviderManager.Enabled(); }
|
||||
set
|
||||
{
|
||||
var settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||
settings.EnableSetting = value;
|
||||
StudioSmsNotificationSettings settings;
|
||||
if (value)
|
||||
{
|
||||
settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||
settings.EnableSetting = value;
|
||||
}
|
||||
else
|
||||
{
|
||||
settings = new StudioSmsNotificationSettings();
|
||||
}
|
||||
_settingsManager.Save(settings);
|
||||
}
|
||||
}
|
||||
|
97
web/ASC.Web.Core/Sms/TfaSettingsBase.cs
Normal file
97
web/ASC.Web.Core/Sms/TfaSettingsBase.cs
Normal file
@ -0,0 +1,97 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
|
||||
using ASC.MessagingSystem;
|
||||
|
||||
namespace ASC.Web.Core.Sms;
|
||||
public abstract class TfaSettingsBase<T> : ISettings<T> where T : ISettings<T>
|
||||
{
|
||||
[JsonPropertyName("Enable")]
|
||||
public bool EnableSetting { get; set; }
|
||||
|
||||
public abstract Guid ID { get; }
|
||||
|
||||
[JsonPropertyName("TrustedIps")]
|
||||
public List<string> TrustedIps { get; set; }
|
||||
|
||||
[JsonPropertyName("MandatoryUsers")]
|
||||
public List<Guid> MandatoryUsers { get; set; }
|
||||
|
||||
[JsonPropertyName("MandatoryGroups")]
|
||||
public List<Guid> MandatoryGroups { get; set; }
|
||||
|
||||
public abstract T GetDefault();
|
||||
}
|
||||
|
||||
|
||||
public abstract class TfaSettingsHelperBase
|
||||
{
|
||||
|
||||
private readonly UserManager _userManager;
|
||||
private readonly IHttpContextAccessor _httpContextAccessor;
|
||||
|
||||
public TfaSettingsHelperBase(
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
UserManager userManager)
|
||||
{
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
_userManager = userManager;
|
||||
}
|
||||
|
||||
public bool TfaEnabledForUser<T>(TfaSettingsBase<T> settings,Guid userGuid) where T : ISettings<T>
|
||||
{
|
||||
if (!settings.EnableSetting)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach (var mandatory in settings.MandatoryGroups)
|
||||
{
|
||||
if (_userManager.IsUserInGroup(userGuid, mandatory))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
foreach (var mandatory in settings.MandatoryUsers)
|
||||
{
|
||||
if (mandatory == userGuid)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
var ips = MessageSettings.GetIP(_httpContextAccessor.HttpContext.Request);
|
||||
|
||||
if (settings.TrustedIps.Any(trustedIp => IPSecurity.IPSecurity.MatchIPs(ips, trustedIp)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
@ -26,23 +26,59 @@
|
||||
|
||||
namespace ASC.Web.Studio.Core.TFA;
|
||||
|
||||
[Serializable]
|
||||
public class TfaAppAuthSettings : ISettings<TfaAppAuthSettings>
|
||||
public class TfaAppAuthSettings : TfaSettingsBase<TfaAppAuthSettings>
|
||||
{
|
||||
[JsonIgnore]
|
||||
public Guid ID
|
||||
public override Guid ID
|
||||
{
|
||||
get { return new Guid("{822CA059-AA8F-4588-BEE3-6CD2AA920CDB}"); }
|
||||
}
|
||||
|
||||
public TfaAppAuthSettings GetDefault()
|
||||
public override TfaAppAuthSettings GetDefault()
|
||||
{
|
||||
return new TfaAppAuthSettings { EnableSetting = false, };
|
||||
return new TfaAppAuthSettings();
|
||||
}
|
||||
}
|
||||
|
||||
[Scope]
|
||||
public class TfaAppAuthSettingsHelper : TfaSettingsHelperBase
|
||||
{
|
||||
private readonly SettingsManager _settingsManager;
|
||||
|
||||
public TfaAppAuthSettingsHelper(
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
UserManager userManager,
|
||||
SettingsManager settingsManager)
|
||||
: base(httpContextAccessor, userManager)
|
||||
{
|
||||
_settingsManager = settingsManager;
|
||||
}
|
||||
|
||||
[JsonPropertyName("Enable")]
|
||||
public bool EnableSetting { get; set; }
|
||||
public bool TfaEnabledForUser(Guid userGuid)
|
||||
{
|
||||
var settings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||
|
||||
return TfaEnabledForUser(settings, userGuid);
|
||||
}
|
||||
|
||||
public bool Enable
|
||||
{
|
||||
get { return _settingsManager.Load<TfaAppAuthSettings>().EnableSetting; }
|
||||
set
|
||||
{
|
||||
TfaAppAuthSettings settings;
|
||||
if (value)
|
||||
{
|
||||
settings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||
settings.EnableSetting = value;
|
||||
}
|
||||
else
|
||||
{
|
||||
settings = new TfaAppAuthSettings();
|
||||
}
|
||||
_settingsManager.Save(settings);
|
||||
}
|
||||
}
|
||||
|
||||
public static bool IsVisibleSettings
|
||||
{
|
||||
|
@ -95,7 +95,7 @@ public class TfaManager
|
||||
|
||||
public bool ValidateAuthCode(UserInfo user, string code, bool checkBackup = true, bool isEntryPoint = false)
|
||||
{
|
||||
if (!TfaAppAuthSettings.IsVisibleSettings
|
||||
if (!TfaAppAuthSettingsHelper.IsVisibleSettings
|
||||
|| !_settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
||||
{
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user