Tim Düsterhus [Thu, 19 Nov 2020 10:39:18 +0000 (11:39 +0100)]
Tim Düsterhus [Wed, 18 Nov 2020 14:22:45 +0000 (15:22 +0100)]
Use multifactor prefix for formbuilder templates related to MFA
Tim Düsterhus [Wed, 18 Nov 2020 14:13:55 +0000 (15:13 +0100)]
Merge pull request #3730 from WoltLab/mfa-auth
Clean up the MF authentication flow
Tim Düsterhus [Wed, 18 Nov 2020 13:22:44 +0000 (14:22 +0100)]
Add SessionHandler::applyPendingUserChange()
Tim Düsterhus [Wed, 18 Nov 2020 13:16:35 +0000 (14:16 +0100)]
Set session's languageID in SessionHandler::changeUserAfterMultifactor()
Tim Düsterhus [Wed, 18 Nov 2020 11:16:30 +0000 (12:16 +0100)]
Add information box to multifactorAuthentication.tpl
Tim Düsterhus [Wed, 18 Nov 2020 10:51:56 +0000 (11:51 +0100)]
Add support for pending users to UserProfile::canSeeAvatar()
Tim Düsterhus [Wed, 18 Nov 2020 10:52:56 +0000 (11:52 +0100)]
Expose a userProfile object to the template in MFAuthenticationForm
Tim Düsterhus [Wed, 18 Nov 2020 11:15:30 +0000 (12:15 +0100)]
Add MultifactorAuthenticationAbortForm
Tim Düsterhus [Tue, 17 Nov 2020 11:04:43 +0000 (12:04 +0100)]
Make the MFA authentication look a bit nicer
Tim Düsterhus [Tue, 17 Nov 2020 10:17:00 +0000 (11:17 +0100)]
Disable the login dropdown in multifactorAuthentcation.tpl
Tim Düsterhus [Tue, 17 Nov 2020 10:10:41 +0000 (11:10 +0100)]
Support accessing the MultifactorAuthenticationForm when logged in
Tim Düsterhus [Tue, 17 Nov 2020 10:07:24 +0000 (11:07 +0100)]
Add support for redirectUrl to MultifactorAuthenticationForm
Tim Düsterhus [Tue, 17 Nov 2020 13:09:59 +0000 (14:09 +0100)]
Set multifactorActive = 1 in MultifactorMangeForm
Tim Düsterhus [Tue, 17 Nov 2020 09:26:11 +0000 (10:26 +0100)]
Merge transactions in MultifactorManageForm::save()
Tim Düsterhus [Tue, 17 Nov 2020 09:24:01 +0000 (10:24 +0100)]
Add MultifactorManageForm::generateBackupCodes()
Tim Düsterhus [Wed, 18 Nov 2020 12:53:05 +0000 (13:53 +0100)]
Merge pull request #3729 from WoltLab/mfa-email
Add EmailMultifactorMethod
Tim Düsterhus [Wed, 18 Nov 2020 11:52:26 +0000 (12:52 +0100)]
Improve phrasing for email MFA
Tim Düsterhus [Wed, 18 Nov 2020 11:51:21 +0000 (12:51 +0100)]
fixup! Add EmailMultifactorMethod
Tim Düsterhus [Wed, 18 Nov 2020 11:50:22 +0000 (12:50 +0100)]
Show the one time code within the mail's subject
Tim Düsterhus [Tue, 17 Nov 2020 10:14:15 +0000 (11:14 +0100)]
Force the setupId to be an int in MFAuthenticationForm
Tim Düsterhus [Tue, 17 Nov 2020 10:13:42 +0000 (11:13 +0100)]
Improve return type for Setup::getAllForUser()
Tim Düsterhus [Tue, 17 Nov 2020 14:19:55 +0000 (15:19 +0100)]
Add EmailMultifactorMethod
Tim Düsterhus [Tue, 17 Nov 2020 13:42:10 +0000 (14:42 +0100)]
Fix TOTP flood control
Tim Düsterhus [Tue, 17 Nov 2020 13:59:48 +0000 (14:59 +0100)]
Add Setup::getUser() method
Tim Düsterhus [Tue, 17 Nov 2020 15:15:56 +0000 (16:15 +0100)]
Fix use of informal German in TOTP's lastDevice phrase
Tim Düsterhus [Mon, 16 Nov 2020 16:33:51 +0000 (17:33 +0100)]
Merge pull request #3712 from WoltLab/mfa-setup
Add basic support for multi factor authentication
Tim Düsterhus [Mon, 16 Nov 2020 12:51:05 +0000 (13:51 +0100)]
Use the placeholder as the default device name
Tim Düsterhus [Mon, 16 Nov 2020 12:06:57 +0000 (13:06 +0100)]
Add SessionHandler::getPendingUserChange()
Tim Düsterhus [Fri, 13 Nov 2020 15:24:07 +0000 (16:24 +0100)]
Generate backup codes when setting up the first MFA method
Tim Düsterhus [Fri, 13 Nov 2020 14:40:02 +0000 (15:40 +0100)]
Disallow management of backup codes if they are not set up
Tim Düsterhus [Fri, 13 Nov 2020 14:34:54 +0000 (15:34 +0100)]
Add proper success messages for TOTP
Tim Düsterhus [Fri, 13 Nov 2020 13:42:27 +0000 (14:42 +0100)]
Add proper TOTP device management
Tim Düsterhus [Wed, 11 Nov 2020 14:59:19 +0000 (15:59 +0100)]
Add multifactor\Setup class for stronger typing
Tim Düsterhus [Wed, 11 Nov 2020 14:14:02 +0000 (15:14 +0100)]
Add helper methods to MultifactorManageForm
These will be required for a future commit, but they also improve readability.
Tim Düsterhus [Tue, 10 Nov 2020 14:19:39 +0000 (15:19 +0100)]
Clear MFA inputs if an invalid code is entered
It's not useful preserving an invalid code for the user.
Tim Düsterhus [Tue, 10 Nov 2020 14:07:27 +0000 (15:07 +0100)]
Improve UX when setting up TOTP
Tim Düsterhus [Tue, 10 Nov 2020 09:46:35 +0000 (10:46 +0100)]
Add flood control for multi-factor authentication
Tim Düsterhus [Tue, 10 Nov 2020 08:29:00 +0000 (09:29 +0100)]
Add MFA tables to update script
Tim Düsterhus [Tue, 10 Nov 2020 08:18:31 +0000 (09:18 +0100)]
Use 'Multi-Factor Authentication' in English phrasing
Tim Düsterhus [Mon, 9 Nov 2020 12:56:32 +0000 (13:56 +0100)]
Move the heavy TOTP lifting into unpack
Tim Düsterhus [Mon, 9 Nov 2020 12:41:59 +0000 (13:41 +0100)]
Add namespace to all functions and constants for multifactor forms
Tim Düsterhus [Mon, 9 Nov 2020 12:40:36 +0000 (13:40 +0100)]
Add namespace to all functions and constants for TotpMultifactorMethod
Tim Düsterhus [Mon, 9 Nov 2020 12:37:12 +0000 (13:37 +0100)]
Add namespace to all functions and constants for BackupMultifactorMethod
Tim Düsterhus [Mon, 9 Nov 2020 12:32:07 +0000 (13:32 +0100)]
Add default device name for TOTP
Tim Düsterhus [Fri, 6 Nov 2020 15:42:54 +0000 (16:42 +0100)]
Add barebones support for deleting TOTP devices
Tim Düsterhus [Fri, 6 Nov 2020 15:30:11 +0000 (16:30 +0100)]
Facelift adding TOTP devices
Tim Düsterhus [Fri, 6 Nov 2020 13:35:49 +0000 (14:35 +0100)]
Add multifactor language items
Tim Düsterhus [Fri, 6 Nov 2020 11:25:56 +0000 (12:25 +0100)]
Add authentication support to TotpMultifactorMethod
Tim Düsterhus [Fri, 6 Nov 2020 09:49:11 +0000 (10:49 +0100)]
Add QR code to __totpSecretField.tpl
Tim Düsterhus [Fri, 6 Nov 2020 08:38:27 +0000 (09:38 +0100)]
Add MultifactorAuthenticationForm
Tim Düsterhus [Thu, 5 Nov 2020 15:22:50 +0000 (16:22 +0100)]
Add SessionHandler::changeUserAfterMultifactor()
Tim Düsterhus [Thu, 5 Nov 2020 13:42:58 +0000 (14:42 +0100)]
Add support for adding devices to TotpMultifactorMethod
Tim Düsterhus [Thu, 5 Nov 2020 10:03:31 +0000 (11:03 +0100)]
Implement getStatusText() for the `backup` multifactor method
Tim Düsterhus [Thu, 5 Nov 2020 09:59:31 +0000 (10:59 +0100)]
Add MultifactorManageForm
Tim Düsterhus [Mon, 2 Nov 2020 14:04:40 +0000 (15:04 +0100)]
Add User::getEnabledMultifactorMethods()
Tim Düsterhus [Mon, 2 Nov 2020 14:11:41 +0000 (15:11 +0100)]
Add com.woltlab.wcf.multifactor.backup object type
Tim Düsterhus [Mon, 2 Nov 2020 13:55:08 +0000 (14:55 +0100)]
Add IMultifactorMethod
Tim Düsterhus [Mon, 2 Nov 2020 13:41:30 +0000 (14:41 +0100)]
Integrate multifactor into AccountSecurityPage
Tim Düsterhus [Mon, 2 Nov 2020 13:32:58 +0000 (14:32 +0100)]
Add wcf1_user_multifactor
Tim Düsterhus [Mon, 2 Nov 2020 13:28:58 +0000 (14:28 +0100)]
Add com.woltlab.wcf.multifactor.totp objectType
Tim Düsterhus [Mon, 2 Nov 2020 13:26:52 +0000 (14:26 +0100)]
Add com.woltlab.wcf.multifactor objectTypeDefinition
Tim Düsterhus [Mon, 9 Nov 2020 13:13:28 +0000 (14:13 +0100)]
Multifactor Authentication: Integration branch
Tim Düsterhus [Tue, 10 Nov 2020 14:14:20 +0000 (15:14 +0100)]
Add parent for AccountSecurity in page.xml
Tim Düsterhus [Tue, 10 Nov 2020 08:29:25 +0000 (09:29 +0100)]
Add missing import to update_com.woltlab.wcf_5.4_db.php
Alexander Ebert [Mon, 9 Nov 2020 18:14:20 +0000 (19:14 +0100)]
Merge pull request #3709 from WoltLab/54-typescript-i18n
Convert i18n modules to TypeScript
Alexander Ebert [Mon, 9 Nov 2020 18:13:54 +0000 (19:13 +0100)]
Merge pull request #3705 from WoltLab/54-typescript-upload
Convert `Ui/File/Upload` to TypeScript
Alexander Ebert [Mon, 9 Nov 2020 18:13:16 +0000 (19:13 +0100)]
Merge pull request #3706 from WoltLab/54-remove-enquire
Remove enquire.js
Tim Düsterhus [Mon, 9 Nov 2020 16:04:53 +0000 (17:04 +0100)]
Remove extra space after class attribute in form builder containers
Tim Düsterhus [Mon, 9 Nov 2020 13:45:33 +0000 (14:45 +0100)]
Add proper return types to CryptoUtil
Tim Düsterhus [Mon, 9 Nov 2020 13:43:20 +0000 (14:43 +0100)]
Use constant time encoding in CryptoUtil
Tim Düsterhus [Mon, 9 Nov 2020 14:24:24 +0000 (15:24 +0100)]
Fix diff problem matcher
Matthias Schmidt [Mon, 9 Nov 2020 13:10:31 +0000 (14:10 +0100)]
Merge branch '5.3'
Matthias Schmidt [Mon, 9 Nov 2020 13:08:28 +0000 (14:08 +0100)]
Merge branch '5.2' into 5.3
Matthias Schmidt [Mon, 9 Nov 2020 13:08:14 +0000 (14:08 +0100)]
Fix deleting obsolete nodes in form builder dependeny manager
Matthias Schmidt [Mon, 9 Nov 2020 12:43:58 +0000 (13:43 +0100)]
Remove obsolete code for update from 2.1 to 3.0 (#3710)
See
96ad3d1dfbda38394a8a31b6fff5839428719106
WoltLab [Mon, 9 Nov 2020 12:41:51 +0000 (12:41 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Mon, 9 Nov 2020 12:00:02 +0000 (13:00 +0100)]
Fix WCFSetup
Alexander Ebert [Sun, 8 Nov 2020 18:19:49 +0000 (19:19 +0100)]
Merge branch '5.2' into 5.3
Alexander Ebert [Sun, 8 Nov 2020 18:19:34 +0000 (19:19 +0100)]
Merge branch '3.1' into 5.2
Alexander Ebert [Sun, 8 Nov 2020 18:19:17 +0000 (19:19 +0100)]
Obsolete exclusion of the old ACP catpcha
This route does not exist anymore since WoltLab Suite 3.0.
Alexander Ebert [Sun, 8 Nov 2020 18:04:00 +0000 (19:04 +0100)]
Convert `Language/Text` to TypeScript
Alexander Ebert [Sun, 8 Nov 2020 14:04:17 +0000 (15:04 +0100)]
Convert `Language/Input` to TypeScript
Alexander Ebert [Sat, 7 Nov 2020 23:40:23 +0000 (00:40 +0100)]
Convert `Language/Chooser` to TypeScript
Alexander Ebert [Sat, 7 Nov 2020 18:57:18 +0000 (19:57 +0100)]
Remove enquire.js
Alexander Ebert [Sat, 7 Nov 2020 18:32:48 +0000 (19:32 +0100)]
Convert `Ui/File/Upload` to TypeScript
Matthias Schmidt [Sat, 7 Nov 2020 11:53:50 +0000 (12:53 +0100)]
Add button form field and is not clicked condition
* Add button form field
Close #3693
* Add public method to submit `Ui/Dialog`
* Support additional submit buttons in `Form/Builder/Dialog`
* Support `ButtonFormField` in AJAX forms
* Fix identifier of data processor in `ButtonFormField`
* Fix data processor for `ButtonFormField`
* Add condition for form builder buttons not being clicked
* Simplify button form field-related TypeScript code
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
* Add missing semicolon
* Unify condition to checked if form field button has been clicked
Co-authored-by: Alexander Ebert <ebert@woltlab.com>
Matthias Schmidt [Sat, 7 Nov 2020 09:17:01 +0000 (10:17 +0100)]
Merge branch '5.3'
Matthias Schmidt [Sat, 7 Nov 2020 09:15:35 +0000 (10:15 +0100)]
Merge branch '5.2' into 5.3
Matthias Schmidt [Sat, 7 Nov 2020 09:15:20 +0000 (10:15 +0100)]
Fix deleting obsolete nodes in form builder dependeny manager
Alexander Ebert [Fri, 6 Nov 2020 17:13:33 +0000 (18:13 +0100)]
Merge pull request #3700 from WoltLab/54-typescript-comment
Convert the comment (response) modules to TypeScript
Alexander Ebert [Fri, 6 Nov 2020 16:44:33 +0000 (17:44 +0100)]
Use `WeakSet` to track elements
Alexander Ebert [Fri, 6 Nov 2020 16:41:36 +0000 (17:41 +0100)]
Merge pull request #3697 from WoltLab/promote-owner-remove
Remove the owner group promotion functionality
Tim Düsterhus [Fri, 6 Nov 2020 08:45:05 +0000 (09:45 +0100)]
Remove the owner group promotion functionality
By now every instance should have an owner group.
Tim Düsterhus [Fri, 6 Nov 2020 16:22:07 +0000 (17:22 +0100)]
Fix filenames of 5.3 -> 5.4 update scripts
Joshua Rüsweg [Fri, 6 Nov 2020 16:00:10 +0000 (17:00 +0100)]
Use constant time encoding / decoding of security critical code (#3699)
* Use `Hex::decode` to convert hex2bin
Previously we used the internal PHP function `hex2bin` which has the problem with cache-timing leaks. The Hex class converts the given string without cache-timing leaks.
* Use `Hex::encode` to convert bin2hex
Previously we used the internal PHP function `bin2hex` which has the problem with cache-timing leaks. The Hex class converts the given string without cache-timing leaks.
Alexander Ebert [Fri, 6 Nov 2020 15:54:50 +0000 (16:54 +0100)]
Convert `Ui/Comment/Response/Edit` to TypeScript
Alexander Ebert [Fri, 6 Nov 2020 14:52:55 +0000 (15:52 +0100)]
Convert `Ui/Comment/Response/Add` to TypeScript
Matthias Schmidt [Fri, 6 Nov 2020 14:24:44 +0000 (15:24 +0100)]
Move types dev dependencies to normal dependencies
Matthias Schmidt [Fri, 6 Nov 2020 13:45:07 +0000 (14:45 +0100)]
Fix storing ids in `Ui/Dialog` elements
See
b6b1bdd4461e8a841b3d0aff02043aef5acceb3a