From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 18 Nov 2020 11:15:30 +0000 (+0100)
Subject: Add MultifactorAuthenticationAbortForm
X-Git-Tag: 5.4.0_Alpha_1~555^2~47^2~5
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=72c9c592feb6dd94f348ba65f2f305714076398d;p=GitHub%2FWoltLab%2FWCF.git

Add MultifactorAuthenticationAbortForm
---

diff --git a/wcfsetup/install/files/lib/form/MultifactorAuthenticationAbortForm.class.php b/wcfsetup/install/files/lib/form/MultifactorAuthenticationAbortForm.class.php
new file mode 100644
index 0000000000..5d16fa63e8
--- /dev/null
+++ b/wcfsetup/install/files/lib/form/MultifactorAuthenticationAbortForm.class.php
@@ -0,0 +1,85 @@
+<?php
+namespace wcf\form;
+use wcf\system\exception\PermissionDeniedException;
+use wcf\system\request\LinkHandler;
+use wcf\system\WCF;
+use wcf\util\HeaderUtil;
+
+/**
+ * Aborts the multi-factor authentication process.
+ *
+ * @author	Tim Duesterhus
+ * @copyright	2001-2020 WoltLab GmbH
+ * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package	WoltLabSuite\Core\Form
+ * @since	5.4
+ */
+class MultifactorAuthenticationAbortForm extends AbstractForm {
+	const AVAILABLE_DURING_OFFLINE_MODE = true;
+	
+	/**
+	 * @inheritDoc
+	 */
+	public $useTemplate = false;
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function readParameters() {
+		parent::readParameters();
+		
+		if (WCF::getUser()->userID) {
+			throw new PermissionDeniedException();
+		}
+		
+		$user = WCF::getSession()->getPendingUserChange();
+		if (!$user) {
+			$this->performRedirect();
+		}
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function save() {
+		parent::save();
+		
+		WCF::getSession()->clearPendingUserChange();
+		
+		$this->saved();
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function saved() {
+		parent::saved();
+		
+		$this->performRedirect();
+	}
+	
+	/**
+	 * Returns to the landing page otherwise.
+	 */
+	protected function performRedirect() {
+		HeaderUtil::delayedRedirect(
+			LinkHandler::getInstance()->getLink(),
+			WCF::getLanguage()->getDynamicVariable('wcf.user.security.multifactor.authentication.logout.success')
+		);
+		exit;
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function show() {
+		parent::show();
+		
+		// It is not expected to reach this place, because the form should
+		// never be accessed via a direct link.
+		// If we reach it nonetheless we simply redirect back to the authentication
+		// form which contains the proper button to perform the submission.
+		HeaderUtil::redirect(LinkHandler::getInstance()->getControllerLink(MultifactorAuthenticationForm::class));
+		exit;
+	}
+}
diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index f3d9111246..b63944f2a2 100644
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -734,6 +734,13 @@ final class SessionHandler extends SingletonFactory {
 		return $user;
 	}
 	
+	/**
+	 * Clears a pending user change, reverses the effects of changeUserAfterMultifactor().
+	 */
+	public function clearPendingUserChange(): void {
+		$this->unregister(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY);
+	}
+	
 	/**
 	 * Stores a new user object in this session, e.g. a user was guest because not
 	 * logged in, after the login his old session is used to store his full data.
diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 481c29115f..34b2e0f280 100644
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -4892,6 +4892,7 @@ Die E-Mail-Adresse des neuen Benutzers lautet: {@$user->email}
 		<item name="wcf.user.security.multifactor.backup.code"><![CDATA[Notfall-Code]]></item>
 		<item name="wcf.user.security.multifactor.backup.code.description"><![CDATA[Ein Notfall-Code besteht aus 20 Ziffern und ist nur einmal gültig.]]></item>
 		<item name="wcf.user.security.multifactor.totp.deviceName.description.auth"><![CDATA[Das Gerät, das den genutzten Éinmalcode generiert hat.]]></item>
+		<item name="wcf.user.security.multifactor.authentication.logout.success"><![CDATA[Die Mehrfaktor-Authentifizierung wurde erfolgreich abgebrochen.]]></item>
 	</category>
 	<category name="wcf.user.trophy">
 		<item name="wcf.user.trophy.trophyPoints"><![CDATA[Trophäen]]></item>
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 344f6e0020..a3013bb108 100644
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -4889,6 +4889,7 @@ Open the link below to access the user profile:
 		<item name="wcf.user.security.multifactor.backup.code"><![CDATA[Emergency Code]]></item>
 		<item name="wcf.user.security.multifactor.backup.code.description"><![CDATA[An emergency code consists of 20 digits and may only be used once.]]></item>
 		<item name="wcf.user.security.multifactor.totp.deviceName.description.auth"><![CDATA[The device that generated the used one time code.]]></item>
+		<item name="wcf.user.security.multifactor.authentication.logout.success"><![CDATA[The multi-factor authentication has successfully been aborted.]]></item>
 	</category>
 	<category name="wcf.user.trophy">
 		<item name="wcf.user.trophy.trophyPoints"><![CDATA[Trophies]]></item>