feat: compatible with ldap auth

2fa should be a extend security after base auth, but the origin implement breaks the LDAP auth
RexQian · Jan 3, 2017 · 2a97ded · 2a97ded
1 parent d7080f9
commit 2a97ded
Show file tree

Hide file tree

Showing 35 changed files with 98 additions and 868 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 Gemfile.lock
+.idea/
diff --git a/app/controllers/otp_bot_controller.rb b/app/controllers/otp_bot_controller.rb
@@ -50,7 +50,6 @@ def reset_bot_webhook
   end
 
   def reset_telegram_authentications
-    auth_source = Redmine2FA::AuthSource::Telegram.first
-    User.where(auth_source_id: auth_source.id).update_all(auth_source_id: nil)
+    User.where(tfa_type: 'telegram').update_all(tfa_type: nil)
   end
 end
diff --git a/app/models/redmine_2fa/auth_source.rb b/app/models/redmine_2fa/auth_source.rb
diff --git a/app/models/redmine_2fa/auth_source/google_auth.rb b/app/models/redmine_2fa/auth_source/google_auth.rb
diff --git a/app/models/redmine_2fa/auth_source/sms.rb b/app/models/redmine_2fa/auth_source/sms.rb
diff --git a/app/models/redmine_2fa/auth_source/telegram.rb b/app/models/redmine_2fa/auth_source/telegram.rb
diff --git a/config/locales/zh.yml b/config/locales/zh.yml
@@ -0,0 +1,78 @@
+zh:
+  field_mobile_phone: '手机号'
+  field_ignore_2fa: '忽略二步验证'
+  link_2fa_reset: 重置二步验证
+  notice_2fa_reset: 二步验证已重置
+  redmine_2fa:
+    protocols:
+      telegram: 电话
+      sms: 短信
+      google_auth: Google认证器
+      none: 无二步验证
+    settings:
+      common:
+        title: 认证类型
+        required: 强制开启二步验证
+      telegram:
+        init:
+          header: Bot initialization
+          description_html: |
+            Initialization process:
+            <ul>
+              <li>setup bot web-hook</li>
+              <li>save bot name and bot id to system</li>
+            </ul>
+          button_text: Initialize bot
+        reset:
+          header: Bot deactivation
+          description_html: |
+            Bot deactivation:
+            <ul>
+              <li>reset bot web-hook</li>
+              <li>reset 2FA for users who use Telegram authentication</li>
+            </ul>
+          button_text: Deactivate bot
+      required: "required for this plugin"
+    second_authentications:
+      init:
+        instruction: 选择二步验证的类型
+        disable: "不使用"
+      next_button_html: 下一步 &#187;
+      google_auth:
+        instruction_html: |
+          <p>请按照
+            <a href="https://support.google.com/accounts/answer/1066447" target="_blank">链接</a>设置Google Authenticator.</p>
+          <p>在Google验证器中扫码下面的二维码</p>
+        next_step_instruction: 完成扫码后点击"下一步"
+      telegram:
+        instruction_html: |
+          %{bot_name} will send you authentication codes. Pleas activate it.<br>
+          Follow the <a href="https://telegram.me/%{bot_name}" target="_blank">link</a> and say "/start" to bot. Then follow the bot instruction.
+      sms:
+        instruction: Please enter mobile phone number for SMS.
+        mobile_phone_hint_html: 'enter all digits <br>includes country code. <br>Example for Russia: 79256879854'
+        mobile_phone_submit: "Get code"
+        confirm_hint: enter code gotten by SMS
+        confirm_submit: Confirm
+
+    otp_bot:
+      init:
+        success: Bot successfully initialzied
+        error:
+          wrong_token: Wrong token
+          api_error: Telegram Bot API service anavailable
+        reset:
+          success: Bot successfully deactivated
+
+    telegram_auth:
+      message: 'Redmine "%{app_title}" auth code: %{code}. Expired at %{expiration_time}.'
+
+    auth_code: '验证码'
+    resend:
+      link: '重发验证码'
+      instruction_html: 'Code sent. Code resending  possible after 5 seconds <span id="otpCodeResendTimer">%{timeout}</span>.'
+    notice:
+      auth_code:
+        invalid: '验证码错误'
+        resent_again: 'Authorization code sent again'
+        limit_exceeded_failed_attempts: 'Limit exceeded of failed attempts. New authorization code sent'
diff --git a/db/migrate/002_change_auth_source_limit.rb b/db/migrate/002_change_auth_source_limit.rb
diff --git a/db/migrate/006_add_auth_sources.rb b/db/migrate/006_add_auth_sources.rb
diff --git a/db/migrate/009_add_tfa_type_to_users.rb b/db/migrate/009_add_tfa_type_to_users.rb
@@ -0,0 +1,5 @@
+class AddTfaTypeToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :tfa_type, :string, :default => nil
+  end
+end
diff --git a/init.rb b/init.rb
@@ -3,7 +3,6 @@
 require 'redmine_2fa'
 ActionDispatch::Callbacks.to_prepare do
   %w( /app/models/redmine_2fa/*.rb
-      /app/models/redmine_2fa/auth_source/*.rb
       /lib/redmine_2fa/patches/account_controller_patch/*.rb
       /lib/redmine_2fa/*.rb
       /lib/redmine_2fa/code_sender/*.rb
@@ -16,7 +15,7 @@
 
 Redmine::Plugin.register :redmine_2fa do
   name 'Redmine 2FA'
-  version '1.3.1'
+  version '1.4.1'
   url 'https://github.com/centosadmin/redmine_2fa'
   description 'Two-factor authorization for Redmine'
   author 'Centos-admin.ru'

diff --git a/lib/redmine_2fa/code_sender.rb b/lib/redmine_2fa/code_sender.rb
@@ -16,10 +16,10 @@ def send_code
     private
 
     def define_sender
-      case user&.auth_source&.auth_method_name
-      when 'Telegram'
+      case user&.tfa_type
+      when 'telegram'
         CodeSender::TelegramSender.new(user)
-      when 'SMS'
+      when 'sms'
         CodeSender::SMSSender.new(user)
       else
         CodeSender::NullSender.new

diff --git a/lib/redmine_2fa/patches/account_controller_patch/confirm_methods.rb b/lib/redmine_2fa/patches/account_controller_patch/confirm_methods.rb
@@ -19,7 +19,7 @@ def confirm_2fa
               reset_otp_session
               successful_authentication(@user)
             else
-              update_auth_source
+              update_tfa_type
               Redmine2FA::CodeSender.new(@user).send_code
               render 'account/otp'
             end
@@ -52,19 +52,8 @@ def set_user_from_session
             end
           end
 
-          def update_auth_source
-            @user.update_columns(auth_source_id: auth_source.id) if auth_source
-          end
-
-          def auth_source
-            return unless Redmine2FA.active_protocols.include?(protocol)
-            @auth_source ||= "Redmine2FA::AuthSource::#{auth_source_class}".constantize.first
-          end
-
-          def auth_source_class
-            { 'sms' => 'SMS',
-              'telegram' => 'Telegram',
-              'google_auth' => 'GoogleAuth' }[protocol]
+          def update_tfa_type
+            @user.update!(tfa_type, protocol)
           end
 
           def protocol

diff --git a/lib/redmine_2fa/patches/user_patch.rb b/lib/redmine_2fa/patches/user_patch.rb
@@ -3,7 +3,7 @@ module Patches
     module UserPatch
       def self.included(base)
         base.send(:include, InstanceMethods)
-        base.safe_attributes 'mobile_phone', 'ignore_2fa'
+        base.safe_attributes 'mobile_phone', 'ignore_2fa', 'tfa_type'
         base.validates_format_of :mobile_phone, with: /\A\d*\z/, allow_blank: true
 
         base.class_eval do
@@ -16,6 +16,7 @@ def self.included(base)
       end
 
       module InstanceMethods
+
         def update_hashed_password_with_otp_auth
           if two_factor_authenticable?
             salt_password(password) if password
@@ -29,21 +30,21 @@ def two_factor_authenticable?
         end
 
         def sms_authenticable?
-          auth_source&.auth_method_name == 'SMS'
+          self.tfa_type == 'sms'
         end
 
         def telegram_authenticable?
-          auth_source&.auth_method_name == 'Telegram'
+          self.tfa_type == 'telegram'
         end
 
         def google_authenticable?
-          auth_source&.auth_method_name == 'Google Auth'
+          self.tfa_type == 'google_auth'
         end
 
         def reset_second_auth
           otp_regenerate_secret
-          self.auth_source_id = nil
           self.ignore_2fa = false
+          self.tfa_type = nil
           save!
         end
 

diff --git a/test/fixtures/auth_sources.yml b/test/fixtures/auth_sources.yml
diff --git a/test/fixtures/vcr_cassettes/init.yml b/test/fixtures/vcr_cassettes/init.yml