From 444b2ec0eca99f9969aecb5305514537e957ff26 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 13 Nov 2020 15:34:54 +0100 Subject: [PATCH] Add proper success messages for TOTP --- .../TotpMultifactorMethod.class.php | 42 ++++++++++++++++++- wcfsetup/install/lang/de.xml | 2 + wcfsetup/install/lang/en.xml | 2 + 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php index d0be8faf7c..5279a6d4f2 100644 --- a/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php +++ b/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php @@ -52,6 +52,18 @@ class TotpMultifactorMethod implements IMultifactorMethod { * @inheritDoc */ public function createManagementForm(IFormDocument $form, ?Setup $setup, $returnData = null): void { + if ($returnData !== null) { + \assert(\is_array($returnData)); + \assert( + isset($returnData['action']) && + ($returnData['action'] === 'add' || $returnData['action'] === 'delete') + ); + \assert(isset($returnData['deviceName'])); + $form->successMessage('wcf.user.security.multifactor.totp.success.'.$returnData['action'], [ + 'deviceName' => $returnData['deviceName'], + ]); + } + $form->addDefaultButton(false); $newDeviceContainer = NewDeviceContainer::create() ->label('wcf.user.security.multifactor.totp.newDevice') @@ -136,7 +148,7 @@ class TotpMultifactorMethod implements IMultifactorMethod { /** * @inheritDoc */ - public function processManagementForm(IFormDocument $form, Setup $setup): void { + public function processManagementForm(IFormDocument $form, Setup $setup): array { $formData = $form->getData(); \assert( @@ -145,6 +157,19 @@ class TotpMultifactorMethod implements IMultifactorMethod { ); if (!empty($formData['delete'])) { + // Fetch deviceName for success message. + $sql = "SELECT deviceName + FROM wcf".WCF_N."_user_multifactor_totp + WHERE setupID = ? + AND deviceID = ?"; + $statement = WCF::getDB()->prepareStatement($sql); + $statement->execute([ + $setup->getId(), + $formData['delete'], + ]); + $deviceName = $statement->fetchSingleColumn(); + + // Remove the device. $sql = "DELETE FROM wcf".WCF_N."_user_multifactor_totp WHERE setupID = ? AND deviceID = ?"; @@ -154,6 +179,7 @@ class TotpMultifactorMethod implements IMultifactorMethod { $formData['delete'], ]); + // Check the contract that the last device may not be removed. $sql = "SELECT COUNT(*) FROM wcf".WCF_N."_user_multifactor_totp WHERE setupID = ?"; @@ -165,9 +191,16 @@ class TotpMultifactorMethod implements IMultifactorMethod { if (!$statement->fetchSingleColumn()) { throw new \LogicException('Unreachable'); } + + return [ + 'action' => 'delete', + 'deviceName' => $deviceName, + ]; } else { $defaultName = WCF::getLanguage()->getDynamicVariable('wcf.user.security.multifactor.totp.deviceName.default'); + $deviceName = $formData['data']['deviceName'] ?: $defaultName; + $sql = "INSERT INTO wcf".WCF_N."_user_multifactor_totp (setupID, deviceID, deviceName, secret, minCounter, createTime) VALUES (?, ?, ?, ?, ?, ?)"; @@ -175,11 +208,16 @@ class TotpMultifactorMethod implements IMultifactorMethod { $statement->execute([ $setup->getId(), Hex::encode(\random_bytes(16)), - $formData['data']['deviceName'] ?: $defaultName, + $deviceName, $formData['data']['secret'], $formData['data']['code']['minCounter'], \TIME_NOW, ]); + + return [ + 'action' => 'add', + 'deviceName' => $deviceName, + ]; } } diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index ee7e82bdb4..7f23700924 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -4867,10 +4867,12 @@ Die E-Mail-Adresse des neuen Benutzers lautet: {@$user->email}
  • {if LANGUAGE_USE_INFORMAL_VARIANT}Scanne{else}Scannen Sie{/if} den QR-Code in der App.
  • {if LANGUAGE_USE_INFORMAL_VARIANT}Gib{else}Geben Sie{/if} den durch die App generierten 6-stelligen Einmalcode ein.
  • ]]> + {$deviceName} wurde erfolgreich hinterlegt.]]> {$deviceName} entfernen. Verwenden Sie bitte die Übersicht in der Benutzerkonto-Sicherheit, wenn Sie die Mehrfaktor-Authentifizierung deaktivieren möchten.]]> + {$deviceName} wurde erfolgreich entfernt.]]> diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 203dc377a8..69aeb13db6 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -4864,10 +4864,12 @@ Open the link below to access the user profile:
  • Scan the QR code within the app.
  • Enter the 6 digit one time code generated by the app.
  • ]]> + {$deviceName} has successfully been added.]]> {$deviceName} if you want to switch phones. Use the Overview in Account Security if you want to disable multi-factor authentication.]]> + {$deviceName} has successfully been removed.]]>
    -- 2.20.1