added functionality for flexible tfa configuration
This commit is contained in:
parent
51ba7c8628
commit
4b1c7644af
@ -128,7 +128,7 @@ public class IPSecurity
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static bool MatchIPs(string requestIp, string restrictionIp)
|
public static bool MatchIPs(string requestIp, string restrictionIp)
|
||||||
{
|
{
|
||||||
var dividerIdx = restrictionIp.IndexOf('-');
|
var dividerIdx = restrictionIp.IndexOf('-');
|
||||||
if (dividerIdx > -1)
|
if (dividerIdx > -1)
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
//
|
//
|
||||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||||
|
|
||||||
using AuthenticationException = System.Security.Authentication.AuthenticationException;
|
using AuthenticationException = System.Security.Authentication.AuthenticationException;
|
||||||
using Constants = ASC.Core.Users.Constants;
|
using Constants = ASC.Core.Users.Constants;
|
||||||
|
|
||||||
@ -66,7 +66,8 @@ public class AuthenticationController : ControllerBase
|
|||||||
private readonly AuthContext _authContext;
|
private readonly AuthContext _authContext;
|
||||||
private readonly CookieStorage _cookieStorage;
|
private readonly CookieStorage _cookieStorage;
|
||||||
private readonly DbLoginEventsManager _dbLoginEventsManager;
|
private readonly DbLoginEventsManager _dbLoginEventsManager;
|
||||||
private readonly UserManagerWrapper _userManagerWrapper;
|
private readonly UserManagerWrapper _userManagerWrapper;
|
||||||
|
private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
|
||||||
|
|
||||||
public AuthenticationController(
|
public AuthenticationController(
|
||||||
UserManager userManager,
|
UserManager userManager,
|
||||||
@ -100,7 +101,8 @@ public class AuthenticationController : ControllerBase
|
|||||||
ApiContext apiContext,
|
ApiContext apiContext,
|
||||||
AuthContext authContext,
|
AuthContext authContext,
|
||||||
CookieStorage cookieStorage,
|
CookieStorage cookieStorage,
|
||||||
DbLoginEventsManager dbLoginEventsManager)
|
DbLoginEventsManager dbLoginEventsManager,
|
||||||
|
TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper)
|
||||||
{
|
{
|
||||||
_userManager = userManager;
|
_userManager = userManager;
|
||||||
_tenantManager = tenantManager;
|
_tenantManager = tenantManager;
|
||||||
@ -133,7 +135,8 @@ public class AuthenticationController : ControllerBase
|
|||||||
_authContext = authContext;
|
_authContext = authContext;
|
||||||
_cookieStorage = cookieStorage;
|
_cookieStorage = cookieStorage;
|
||||||
_dbLoginEventsManager = dbLoginEventsManager;
|
_dbLoginEventsManager = dbLoginEventsManager;
|
||||||
_userManagerWrapper = userManagerWrapper;
|
_userManagerWrapper = userManagerWrapper;
|
||||||
|
_tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -148,17 +151,17 @@ public class AuthenticationController : ControllerBase
|
|||||||
public AuthenticationTokenDto AuthenticateMeFromBodyWithCode(AuthRequestsDto inDto)
|
public AuthenticationTokenDto AuthenticateMeFromBodyWithCode(AuthRequestsDto inDto)
|
||||||
{
|
{
|
||||||
var tenant = _tenantManager.GetCurrentTenant().Id;
|
var tenant = _tenantManager.GetCurrentTenant().Id;
|
||||||
var user = GetUser(inDto, out _);
|
var user = GetUser(inDto, out _);
|
||||||
|
var sms = false;
|
||||||
|
|
||||||
var sms = false;
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
sms = true;
|
sms = true;
|
||||||
_smsManager.ValidateSmsCode(user, inDto.Code, true);
|
_smsManager.ValidateSmsCode(user, inDto.Code, true);
|
||||||
}
|
}
|
||||||
else if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
else if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
if (_tfaManager.ValidateAuthCode(user, inDto.Code, true, true))
|
if (_tfaManager.ValidateAuthCode(user, inDto.Code, true, true))
|
||||||
{
|
{
|
||||||
@ -212,7 +215,7 @@ public class AuthenticationController : ControllerBase
|
|||||||
bool viaEmail;
|
bool viaEmail;
|
||||||
var user = GetUser(inDto, out viaEmail);
|
var user = GetUser(inDto, out viaEmail);
|
||||||
|
|
||||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
|
if (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)
|
||||||
{
|
{
|
||||||
@ -234,7 +237,7 @@ public class AuthenticationController : ControllerBase
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
if (!TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
if (!TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
||||||
{
|
{
|
||||||
|
@ -43,6 +43,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
private readonly DisplayUserSettingsHelper _displayUserSettingsHelper;
|
private readonly DisplayUserSettingsHelper _displayUserSettingsHelper;
|
||||||
private readonly MessageTarget _messageTarget;
|
private readonly MessageTarget _messageTarget;
|
||||||
private readonly StudioSmsNotificationSettingsHelper _studioSmsNotificationSettingsHelper;
|
private readonly StudioSmsNotificationSettingsHelper _studioSmsNotificationSettingsHelper;
|
||||||
|
private readonly TfaAppAuthSettingsHelper _tfaAppAuthSettingsHelper;
|
||||||
private readonly InstanceCrypto _instanceCrypto;
|
private readonly InstanceCrypto _instanceCrypto;
|
||||||
private readonly Signature _signature;
|
private readonly Signature _signature;
|
||||||
private readonly SecurityContext _securityContext;
|
private readonly SecurityContext _securityContext;
|
||||||
@ -62,6 +63,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
DisplayUserSettingsHelper displayUserSettingsHelper,
|
DisplayUserSettingsHelper displayUserSettingsHelper,
|
||||||
MessageTarget messageTarget,
|
MessageTarget messageTarget,
|
||||||
StudioSmsNotificationSettingsHelper studioSmsNotificationSettingsHelper,
|
StudioSmsNotificationSettingsHelper studioSmsNotificationSettingsHelper,
|
||||||
|
TfaAppAuthSettingsHelper tfaAppAuthSettingsHelper,
|
||||||
SmsProviderManager smsProviderManager,
|
SmsProviderManager smsProviderManager,
|
||||||
IMemoryCache memoryCache,
|
IMemoryCache memoryCache,
|
||||||
InstanceCrypto instanceCrypto,
|
InstanceCrypto instanceCrypto,
|
||||||
@ -82,39 +84,49 @@ public class TfaappController : BaseSettingsController
|
|||||||
_displayUserSettingsHelper = displayUserSettingsHelper;
|
_displayUserSettingsHelper = displayUserSettingsHelper;
|
||||||
_messageTarget = messageTarget;
|
_messageTarget = messageTarget;
|
||||||
_studioSmsNotificationSettingsHelper = studioSmsNotificationSettingsHelper;
|
_studioSmsNotificationSettingsHelper = studioSmsNotificationSettingsHelper;
|
||||||
|
_tfaAppAuthSettingsHelper = tfaAppAuthSettingsHelper;
|
||||||
_instanceCrypto = instanceCrypto;
|
_instanceCrypto = instanceCrypto;
|
||||||
_signature = signature;
|
_signature = signature;
|
||||||
_securityContext = securityContext;
|
_securityContext = securityContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("tfaapp")]
|
[HttpGet("tfaapp")]
|
||||||
public IEnumerable<TfaSettingsRequestsDto> GetTfaSettings()
|
public IEnumerable<TfaSettingsDto> GetTfaSettings()
|
||||||
{
|
{
|
||||||
var result = new List<TfaSettingsRequestsDto>();
|
var result = new List<TfaSettingsDto>();
|
||||||
|
|
||||||
var SmsVisible = _studioSmsNotificationSettingsHelper.IsVisibleSettings();
|
var SmsVisible = StudioSmsNotificationSettingsHelper.IsVisibleSettings();
|
||||||
var SmsEnable = SmsVisible && _smsProviderManager.Enabled();
|
var SmsEnable = SmsVisible && _smsProviderManager.Enabled();
|
||||||
var TfaVisible = TfaAppAuthSettings.IsVisibleSettings;
|
var TfaVisible = TfaAppAuthSettingsHelper.IsVisibleSettings;
|
||||||
|
|
||||||
|
var tfaAppSettings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||||
|
var tfaSmsSettings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||||
|
|
||||||
if (SmsVisible)
|
if (SmsVisible)
|
||||||
{
|
{
|
||||||
result.Add(new TfaSettingsRequestsDto
|
result.Add(new TfaSettingsDto
|
||||||
{
|
{
|
||||||
Enabled = _studioSmsNotificationSettingsHelper.Enable,
|
Enabled = tfaSmsSettings.EnableSetting && _smsProviderManager.Enabled(),
|
||||||
Id = "sms",
|
Id = "sms",
|
||||||
Title = Resource.ButtonSmsEnable,
|
Title = Resource.ButtonSmsEnable,
|
||||||
Avaliable = SmsEnable
|
Avaliable = SmsEnable,
|
||||||
|
MandatoryUsers = tfaSmsSettings.MandatoryUsers,
|
||||||
|
MandatoryGroups = tfaSmsSettings.MandatoryGroups,
|
||||||
|
TrustedIps = tfaSmsSettings.TrustedIps
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TfaVisible)
|
if (TfaVisible)
|
||||||
{
|
{
|
||||||
result.Add(new TfaSettingsRequestsDto
|
result.Add(new TfaSettingsDto
|
||||||
{
|
{
|
||||||
Enabled = _settingsManager.Load<TfaAppAuthSettings>().EnableSetting,
|
Enabled = tfaAppSettings.EnableSetting,
|
||||||
Id = "app",
|
Id = "app",
|
||||||
Title = Resource.ButtonTfaAppEnable,
|
Title = Resource.ButtonTfaAppEnable,
|
||||||
Avaliable = true
|
Avaliable = true,
|
||||||
|
MandatoryUsers = tfaAppSettings.MandatoryUsers,
|
||||||
|
MandatoryGroups = tfaAppSettings.MandatoryGroups,
|
||||||
|
TrustedIps = tfaAppSettings.TrustedIps
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -135,7 +147,8 @@ public class TfaappController : BaseSettingsController
|
|||||||
public object TfaConfirmUrl()
|
public object TfaConfirmUrl()
|
||||||
{
|
{
|
||||||
var user = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
var user = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||||
if (_studioSmsNotificationSettingsHelper.IsVisibleSettings() && _studioSmsNotificationSettingsHelper.Enable)// && smsConfirm.ToLower() != "true")
|
|
||||||
|
if (StudioSmsNotificationSettingsHelper.IsVisibleSettings() && _studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))// && smsConfirm.ToLower() != "true")
|
||||||
{
|
{
|
||||||
var confirmType = string.IsNullOrEmpty(user.MobilePhone) ||
|
var confirmType = string.IsNullOrEmpty(user.MobilePhone) ||
|
||||||
user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated
|
user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated
|
||||||
@ -145,7 +158,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
return _commonLinkUtility.GetConfirmationEmailUrl(user.Email, confirmType);
|
return _commonLinkUtility.GetConfirmationEmailUrl(user.Email, confirmType);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TfaAppAuthSettings.IsVisibleSettings && _settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
if (TfaAppAuthSettingsHelper.IsVisibleSettings && _tfaAppAuthSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
var confirmType = TfaAppUserSettings.EnableForUser(_settingsManager, _authContext.CurrentAccount.ID)
|
var confirmType = TfaAppUserSettings.EnableForUser(_settingsManager, _authContext.CurrentAccount.ID)
|
||||||
? ConfirmType.TfaAuth
|
? ConfirmType.TfaAuth
|
||||||
@ -165,7 +178,6 @@ public class TfaappController : BaseSettingsController
|
|||||||
var result = false;
|
var result = false;
|
||||||
|
|
||||||
MessageAction action;
|
MessageAction action;
|
||||||
var settings = _settingsManager.Load<TfaAppAuthSettings>();
|
|
||||||
|
|
||||||
switch (inDto.Type)
|
switch (inDto.Type)
|
||||||
{
|
{
|
||||||
@ -180,13 +192,15 @@ public class TfaappController : BaseSettingsController
|
|||||||
throw new MethodAccessException();
|
throw new MethodAccessException();
|
||||||
}
|
}
|
||||||
|
|
||||||
_studioSmsNotificationSettingsHelper.Enable = true;
|
var smsSettings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||||
|
SetSettingsProperty(smsSettings);
|
||||||
|
_settingsManager.Save(smsSettings);
|
||||||
|
|
||||||
action = MessageAction.TwoFactorAuthenticationEnabledBySms;
|
action = MessageAction.TwoFactorAuthenticationEnabledBySms;
|
||||||
|
|
||||||
if (settings.EnableSetting)
|
if (_tfaAppAuthSettingsHelper.Enable)
|
||||||
{
|
{
|
||||||
settings.EnableSetting = false;
|
_tfaAppAuthSettingsHelper.Enable = false;
|
||||||
_settingsManager.Save(settings);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
result = true;
|
result = true;
|
||||||
@ -194,13 +208,15 @@ public class TfaappController : BaseSettingsController
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case "app":
|
case "app":
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings)
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings)
|
||||||
{
|
{
|
||||||
throw new Exception(Resource.TfaAppNotAvailable);
|
throw new Exception(Resource.TfaAppNotAvailable);
|
||||||
}
|
}
|
||||||
|
|
||||||
settings.EnableSetting = true;
|
var appSettings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||||
_settingsManager.Save(settings);
|
SetSettingsProperty(appSettings);
|
||||||
|
_settingsManager.Save(appSettings);
|
||||||
|
|
||||||
|
|
||||||
action = MessageAction.TwoFactorAuthenticationEnabledByTfaApp;
|
action = MessageAction.TwoFactorAuthenticationEnabledByTfaApp;
|
||||||
|
|
||||||
@ -214,10 +230,9 @@ public class TfaappController : BaseSettingsController
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
if (settings.EnableSetting)
|
if (_tfaAppAuthSettingsHelper.Enable)
|
||||||
{
|
{
|
||||||
settings.EnableSetting = false;
|
_tfaAppAuthSettingsHelper.Enable = false;
|
||||||
_settingsManager.Save(settings);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
if (_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() && _studioSmsNotificationSettingsHelper.Enable)
|
||||||
@ -237,6 +252,14 @@ public class TfaappController : BaseSettingsController
|
|||||||
|
|
||||||
_messageService.Send(action);
|
_messageService.Send(action);
|
||||||
return result;
|
return result;
|
||||||
|
|
||||||
|
void SetSettingsProperty<T>(TfaSettingsBase<T> settings) where T : class, ISettings<T>
|
||||||
|
{
|
||||||
|
settings.EnableSetting = true;
|
||||||
|
settings.TrustedIps = inDto.TrustedIps;
|
||||||
|
settings.MandatoryUsers = inDto.MandatoryUsers;
|
||||||
|
settings.MandatoryGroups = inDto.MandatoryGroups;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPut("tfaappwithlink")]
|
[HttpPut("tfaappwithlink")]
|
||||||
@ -257,7 +280,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
ApiContext.AuthByClaim();
|
ApiContext.AuthByClaim();
|
||||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||||
|
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings ||
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings ||
|
||||||
!_settingsManager.Load<TfaAppAuthSettings>().EnableSetting ||
|
!_settingsManager.Load<TfaAppAuthSettings>().EnableSetting ||
|
||||||
TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||||
{
|
{
|
||||||
@ -277,7 +300,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
{
|
{
|
||||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||||
|
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||||
{
|
{
|
||||||
throw new Exception(Resource.TfaAppNotAvailable);
|
throw new Exception(Resource.TfaAppNotAvailable);
|
||||||
}
|
}
|
||||||
@ -295,7 +318,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
{
|
{
|
||||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||||
|
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, currentUser.Id))
|
||||||
{
|
{
|
||||||
throw new Exception(Resource.TfaAppNotAvailable);
|
throw new Exception(Resource.TfaAppNotAvailable);
|
||||||
}
|
}
|
||||||
@ -323,7 +346,7 @@ public class TfaappController : BaseSettingsController
|
|||||||
throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied);
|
throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(_settingsManager, user.Id))
|
||||||
{
|
{
|
||||||
throw new Exception(Resource.TfaAppNotAvailable);
|
throw new Exception(Resource.TfaAppNotAvailable);
|
||||||
}
|
}
|
||||||
|
@ -30,6 +30,9 @@ public class TfaRequestsDto
|
|||||||
{
|
{
|
||||||
public string Type { get; set; }
|
public string Type { get; set; }
|
||||||
public Guid? Id { get; set; }
|
public Guid? Id { get; set; }
|
||||||
|
public List<string> TrustedIps { get; set; }
|
||||||
|
public List<Guid> MandatoryUsers { get; set; }
|
||||||
|
public List<Guid> MandatoryGroups { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public class TfaValidateRequestsDto
|
public class TfaValidateRequestsDto
|
||||||
|
@ -26,10 +26,13 @@
|
|||||||
|
|
||||||
namespace ASC.Web.Api.ApiModel.RequestsDto;
|
namespace ASC.Web.Api.ApiModel.RequestsDto;
|
||||||
|
|
||||||
public class TfaSettingsRequestsDto
|
public class TfaSettingsDto
|
||||||
{
|
{
|
||||||
public string Id { get; set; }
|
public string Id { get; set; }
|
||||||
public string Title { get; set; }
|
public string Title { get; set; }
|
||||||
public bool Enabled { get; set; }
|
public bool Enabled { get; set; }
|
||||||
public bool Avaliable { get; set; }
|
public bool Avaliable { get; set; }
|
||||||
|
public List<string> TrustedIps { get; set; }
|
||||||
|
public List<Guid> MandatoryUsers { get; set; }
|
||||||
|
public List<Guid> MandatoryGroups { get; set; }
|
||||||
}
|
}
|
@ -100,7 +100,7 @@ public class SmsManager
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_studioSmsNotificationSettingsHelper.Enable)
|
if (_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
await PutAuthCodeAsync(user, false);
|
await PutAuthCodeAsync(user, false);
|
||||||
}
|
}
|
||||||
@ -115,7 +115,7 @@ public class SmsManager
|
|||||||
throw new Exception(Resource.ErrorUserNotFound);
|
throw new Exception(Resource.ErrorUserNotFound);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() || !_studioSmsNotificationSettingsHelper.Enable)
|
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings() || !_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
throw new MethodAccessException();
|
throw new MethodAccessException();
|
||||||
}
|
}
|
||||||
@ -146,7 +146,7 @@ public class SmsManager
|
|||||||
public void ValidateSmsCode(UserInfo user, string code, bool isEntryPoint = false)
|
public void ValidateSmsCode(UserInfo user, string code, bool isEntryPoint = false)
|
||||||
{
|
{
|
||||||
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings()
|
if (!_studioSmsNotificationSettingsHelper.IsVisibleAndAvailableSettings()
|
||||||
|| !_studioSmsNotificationSettingsHelper.Enable)
|
|| !_studioSmsNotificationSettingsHelper.TfaEnabledForUser(user.Id))
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -26,26 +26,22 @@
|
|||||||
|
|
||||||
namespace ASC.Web.Studio.Core.SMS;
|
namespace ASC.Web.Studio.Core.SMS;
|
||||||
|
|
||||||
[Serializable]
|
public class StudioSmsNotificationSettings : TfaSettingsBase<StudioSmsNotificationSettings>
|
||||||
public class StudioSmsNotificationSettings : ISettings<StudioSmsNotificationSettings>
|
|
||||||
{
|
{
|
||||||
[JsonIgnore]
|
[JsonIgnore]
|
||||||
public Guid ID
|
public override Guid ID
|
||||||
{
|
{
|
||||||
get { return new Guid("{2802df61-af0d-40d4-abc5-a8506a5352ff}"); }
|
get { return new Guid("{2802df61-af0d-40d4-abc5-a8506a5352ff}"); }
|
||||||
}
|
}
|
||||||
|
|
||||||
public StudioSmsNotificationSettings GetDefault()
|
public override StudioSmsNotificationSettings GetDefault()
|
||||||
{
|
{
|
||||||
return new StudioSmsNotificationSettings { EnableSetting = false, };
|
return new StudioSmsNotificationSettings();
|
||||||
}
|
}
|
||||||
|
|
||||||
[JsonPropertyName("Enable")]
|
|
||||||
public bool EnableSetting { get; set; }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
[Scope]
|
[Scope]
|
||||||
public class StudioSmsNotificationSettingsHelper
|
public class StudioSmsNotificationSettingsHelper : TfaSettingsHelperBase
|
||||||
{
|
{
|
||||||
private readonly TenantExtra _tenantExtra;
|
private readonly TenantExtra _tenantExtra;
|
||||||
private readonly CoreBaseSettings _coreBaseSettings;
|
private readonly CoreBaseSettings _coreBaseSettings;
|
||||||
@ -54,11 +50,14 @@ public class StudioSmsNotificationSettingsHelper
|
|||||||
private readonly SmsProviderManager _smsProviderManager;
|
private readonly SmsProviderManager _smsProviderManager;
|
||||||
|
|
||||||
public StudioSmsNotificationSettingsHelper(
|
public StudioSmsNotificationSettingsHelper(
|
||||||
|
IHttpContextAccessor httpContextAccessor,
|
||||||
TenantExtra tenantExtra,
|
TenantExtra tenantExtra,
|
||||||
CoreBaseSettings coreBaseSettings,
|
CoreBaseSettings coreBaseSettings,
|
||||||
SetupInfo setupInfo,
|
SetupInfo setupInfo,
|
||||||
SettingsManager settingsManager,
|
SettingsManager settingsManager,
|
||||||
SmsProviderManager smsProviderManager)
|
SmsProviderManager smsProviderManager,
|
||||||
|
UserManager userManager)
|
||||||
|
: base(httpContextAccessor, userManager)
|
||||||
{
|
{
|
||||||
_tenantExtra = tenantExtra;
|
_tenantExtra = tenantExtra;
|
||||||
_coreBaseSettings = coreBaseSettings;
|
_coreBaseSettings = coreBaseSettings;
|
||||||
@ -67,7 +66,7 @@ public class StudioSmsNotificationSettingsHelper
|
|||||||
_smsProviderManager = smsProviderManager;
|
_smsProviderManager = smsProviderManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool IsVisibleSettings()
|
public static bool IsVisibleSettings()
|
||||||
{
|
{
|
||||||
return SetupInfo.IsVisibleSettings<StudioSmsNotificationSettings>();
|
return SetupInfo.IsVisibleSettings<StudioSmsNotificationSettings>();
|
||||||
}
|
}
|
||||||
@ -87,13 +86,28 @@ public class StudioSmsNotificationSettingsHelper
|
|||||||
&& !quota.Open);
|
&& !quota.Open);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public bool TfaEnabledForUser(Guid userGuid)
|
||||||
|
{
|
||||||
|
var settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||||
|
|
||||||
|
return TfaEnabledForUser(settings, userGuid);
|
||||||
|
}
|
||||||
|
|
||||||
public bool Enable
|
public bool Enable
|
||||||
{
|
{
|
||||||
get { return _settingsManager.Load<StudioSmsNotificationSettings>().EnableSetting && _smsProviderManager.Enabled(); }
|
get { return _settingsManager.Load<StudioSmsNotificationSettings>().EnableSetting && _smsProviderManager.Enabled(); }
|
||||||
set
|
set
|
||||||
{
|
{
|
||||||
var settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
StudioSmsNotificationSettings settings;
|
||||||
settings.EnableSetting = value;
|
if (value)
|
||||||
|
{
|
||||||
|
settings = _settingsManager.Load<StudioSmsNotificationSettings>();
|
||||||
|
settings.EnableSetting = value;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
settings = new StudioSmsNotificationSettings();
|
||||||
|
}
|
||||||
_settingsManager.Save(settings);
|
_settingsManager.Save(settings);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
97
web/ASC.Web.Core/Sms/TfaSettingsBase.cs
Normal file
97
web/ASC.Web.Core/Sms/TfaSettingsBase.cs
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
// (c) Copyright Ascensio System SIA 2010-2022
|
||||||
|
//
|
||||||
|
// This program is a free software product.
|
||||||
|
// You can redistribute it and/or modify it under the terms
|
||||||
|
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||||
|
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||||
|
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||||
|
// any third-party rights.
|
||||||
|
//
|
||||||
|
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||||
|
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||||
|
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||||
|
//
|
||||||
|
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||||
|
//
|
||||||
|
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||||
|
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||||
|
//
|
||||||
|
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||||
|
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||||
|
// trademark law for use of our trademarks.
|
||||||
|
//
|
||||||
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||||
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||||
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||||
|
|
||||||
|
|
||||||
|
using ASC.MessagingSystem;
|
||||||
|
|
||||||
|
namespace ASC.Web.Core.Sms;
|
||||||
|
public abstract class TfaSettingsBase<T> : ISettings<T> where T : ISettings<T>
|
||||||
|
{
|
||||||
|
[JsonPropertyName("Enable")]
|
||||||
|
public bool EnableSetting { get; set; }
|
||||||
|
|
||||||
|
public abstract Guid ID { get; }
|
||||||
|
|
||||||
|
[JsonPropertyName("TrustedIps")]
|
||||||
|
public List<string> TrustedIps { get; set; }
|
||||||
|
|
||||||
|
[JsonPropertyName("MandatoryUsers")]
|
||||||
|
public List<Guid> MandatoryUsers { get; set; }
|
||||||
|
|
||||||
|
[JsonPropertyName("MandatoryGroups")]
|
||||||
|
public List<Guid> MandatoryGroups { get; set; }
|
||||||
|
|
||||||
|
public abstract T GetDefault();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public abstract class TfaSettingsHelperBase
|
||||||
|
{
|
||||||
|
|
||||||
|
private readonly UserManager _userManager;
|
||||||
|
private readonly IHttpContextAccessor _httpContextAccessor;
|
||||||
|
|
||||||
|
public TfaSettingsHelperBase(
|
||||||
|
IHttpContextAccessor httpContextAccessor,
|
||||||
|
UserManager userManager)
|
||||||
|
{
|
||||||
|
_httpContextAccessor = httpContextAccessor;
|
||||||
|
_userManager = userManager;
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool TfaEnabledForUser<T>(TfaSettingsBase<T> settings,Guid userGuid) where T : ISettings<T>
|
||||||
|
{
|
||||||
|
if (!settings.EnableSetting)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach (var mandatory in settings.MandatoryGroups)
|
||||||
|
{
|
||||||
|
if (_userManager.IsUserInGroup(userGuid, mandatory))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach (var mandatory in settings.MandatoryUsers)
|
||||||
|
{
|
||||||
|
if (mandatory == userGuid)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var ips = MessageSettings.GetIP(_httpContextAccessor.HttpContext.Request);
|
||||||
|
|
||||||
|
if (settings.TrustedIps.Any(trustedIp => IPSecurity.IPSecurity.MatchIPs(ips, trustedIp)))
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
@ -26,23 +26,59 @@
|
|||||||
|
|
||||||
namespace ASC.Web.Studio.Core.TFA;
|
namespace ASC.Web.Studio.Core.TFA;
|
||||||
|
|
||||||
[Serializable]
|
public class TfaAppAuthSettings : TfaSettingsBase<TfaAppAuthSettings>
|
||||||
public class TfaAppAuthSettings : ISettings<TfaAppAuthSettings>
|
|
||||||
{
|
{
|
||||||
[JsonIgnore]
|
[JsonIgnore]
|
||||||
public Guid ID
|
public override Guid ID
|
||||||
{
|
{
|
||||||
get { return new Guid("{822CA059-AA8F-4588-BEE3-6CD2AA920CDB}"); }
|
get { return new Guid("{822CA059-AA8F-4588-BEE3-6CD2AA920CDB}"); }
|
||||||
}
|
}
|
||||||
|
|
||||||
public TfaAppAuthSettings GetDefault()
|
public override TfaAppAuthSettings GetDefault()
|
||||||
{
|
{
|
||||||
return new TfaAppAuthSettings { EnableSetting = false, };
|
return new TfaAppAuthSettings();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
[Scope]
|
||||||
|
public class TfaAppAuthSettingsHelper : TfaSettingsHelperBase
|
||||||
|
{
|
||||||
|
private readonly SettingsManager _settingsManager;
|
||||||
|
|
||||||
|
public TfaAppAuthSettingsHelper(
|
||||||
|
IHttpContextAccessor httpContextAccessor,
|
||||||
|
UserManager userManager,
|
||||||
|
SettingsManager settingsManager)
|
||||||
|
: base(httpContextAccessor, userManager)
|
||||||
|
{
|
||||||
|
_settingsManager = settingsManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
[JsonPropertyName("Enable")]
|
public bool TfaEnabledForUser(Guid userGuid)
|
||||||
public bool EnableSetting { get; set; }
|
{
|
||||||
|
var settings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||||
|
|
||||||
|
return TfaEnabledForUser(settings, userGuid);
|
||||||
|
}
|
||||||
|
|
||||||
|
public bool Enable
|
||||||
|
{
|
||||||
|
get { return _settingsManager.Load<TfaAppAuthSettings>().EnableSetting; }
|
||||||
|
set
|
||||||
|
{
|
||||||
|
TfaAppAuthSettings settings;
|
||||||
|
if (value)
|
||||||
|
{
|
||||||
|
settings = _settingsManager.Load<TfaAppAuthSettings>();
|
||||||
|
settings.EnableSetting = value;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
settings = new TfaAppAuthSettings();
|
||||||
|
}
|
||||||
|
_settingsManager.Save(settings);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static bool IsVisibleSettings
|
public static bool IsVisibleSettings
|
||||||
{
|
{
|
||||||
|
@ -95,7 +95,7 @@ public class TfaManager
|
|||||||
|
|
||||||
public bool ValidateAuthCode(UserInfo user, string code, bool checkBackup = true, bool isEntryPoint = false)
|
public bool ValidateAuthCode(UserInfo user, string code, bool checkBackup = true, bool isEntryPoint = false)
|
||||||
{
|
{
|
||||||
if (!TfaAppAuthSettings.IsVisibleSettings
|
if (!TfaAppAuthSettingsHelper.IsVisibleSettings
|
||||||
|| !_settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
|| !_settingsManager.Load<TfaAppAuthSettings>().EnableSetting)
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user