mirror of
https://github.com/getnamingo/registry.git
synced 2025-08-04 00:31:50 +02:00
Many changes on user profile and login system
- Fixed #80 - Better UI - Fixed some bugs
This commit is contained in:
parent
5831b2d7db
commit
e032e7575b
10 changed files with 230 additions and 170 deletions
|
@ -7,6 +7,7 @@ use App\Controllers\Controller;
|
|||
use Respect\Validation\Validator as v;
|
||||
use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
use Pinga\Session;
|
||||
|
||||
/**
|
||||
* AuthController
|
||||
|
@ -59,7 +60,13 @@ class AuthController extends Controller
|
|||
global $container;
|
||||
$data = $request->getParsedBody();
|
||||
$db = $container->get('db');
|
||||
$is2FAEnabled = $db->selectValue('SELECT tfa_enabled, tfa_secret FROM users WHERE email = ?', [$data['email']]);
|
||||
$is2FAEnabled = $db->selectValue('SELECT tfa_enabled FROM users WHERE email = ?', [$data['email']]);
|
||||
$isWebaEnabled = $db->selectValue('SELECT auth_method FROM users WHERE email = ?', [$data['email']]);
|
||||
|
||||
if ($isWebaEnabled == 'webauthn') {
|
||||
$container->get('flash')->addMessage('error', 'WebAuthn enabled for this account');
|
||||
return $response->withHeader('Location', '/login')->withStatus(302);
|
||||
}
|
||||
|
||||
// If 2FA is enabled and no code is provided, redirect to 2FA code entry
|
||||
if($is2FAEnabled && !isset($data['code'])) {
|
||||
|
@ -219,7 +226,7 @@ class AuthController extends Controller
|
|||
// Send success response
|
||||
$user = $db->selectRow('SELECT * FROM users WHERE id = ?', [$user_id]);
|
||||
|
||||
Session::regenerate(true);
|
||||
session_regenerate_id();
|
||||
$_SESSION['auth_logged_in'] = true;
|
||||
$_SESSION['auth_user_id'] = $user['id'];
|
||||
$_SESSION['auth_email'] = $user['email'];
|
||||
|
@ -237,7 +244,7 @@ class AuthController extends Controller
|
|||
'users_audit',
|
||||
[
|
||||
'user_id' => $_SESSION['auth_user_id'],
|
||||
'user_event' => 'user.login',
|
||||
'user_event' => 'user.login.webauthn',
|
||||
'user_resource' => 'control.panel',
|
||||
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
|
||||
'user_ip' => get_client_ip(),
|
||||
|
|
|
@ -60,19 +60,15 @@ class ProfileController extends Controller
|
|||
[$userId]
|
||||
);
|
||||
$is_weba_activated = $db->select(
|
||||
'SELECT * FROM users_webauthn WHERE user_id = ?',
|
||||
[$userId]
|
||||
);
|
||||
$user_audit = $db->select(
|
||||
'SELECT * FROM users_audit WHERE user_id = ? ORDER BY event_time DESC',
|
||||
'SELECT * FROM users_webauthn WHERE user_id = ? ORDER BY created_at DESC LIMIT 5',
|
||||
[$userId]
|
||||
);
|
||||
if ($is_2fa_activated) {
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'userAudit' => $user_audit]);
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue]);
|
||||
} else if ($is_weba_activated) {
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'weba' => $is_weba_activated, 'userAudit' => $user_audit]);
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'weba' => $is_weba_activated]);
|
||||
} else {
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'userAudit' => $user_audit]);
|
||||
return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue]);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -203,10 +199,19 @@ class ProfileController extends Controller
|
|||
'sign_count' => $counter
|
||||
]
|
||||
);
|
||||
|
||||
$msg = 'registration success.';
|
||||
$db->update(
|
||||
'users',
|
||||
[
|
||||
'auth_method' => 'webauthn'
|
||||
],
|
||||
[
|
||||
'id' => $userId
|
||||
]
|
||||
);
|
||||
|
||||
$msg = 'Registration success.';
|
||||
if ($credential->rootValid === false) {
|
||||
$msg = 'registration ok, but certificate does not match any of the selected root ca.';
|
||||
$msg = 'Registration ok, but certificate does not match any of the selected root ca.';
|
||||
}
|
||||
|
||||
$return = new \stdClass();
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue