github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-01 16:44:05 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #2890 from BookStackApp/analysis-kabPRy

Browse Source 
Apply fixes from StyleCI
This commit is contained in:
Dan Brown 2021-08-21 15:50:16 +01:00 committed by GitHub
commit ac110eb6b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 173 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Auth/Access/EmailConfirmationService.php
View File

@ -14,6 +14,7 @@ class EmailConfirmationService extends UserTokenService
/** /**
* Create new confirmation for a user, * Create new confirmation for a user,
* Also removes any existing old ones. * Also removes any existing old ones.
*
* @throws ConfirmationEmailException * @throws ConfirmationEmailException
*/ */
public function sendConfirmation(User $user) public function sendConfirmation(User $user)

8
app/Auth/Access/LoginService.php
View File

@ -13,7 +13,6 @@ use Exception;
class LoginService class LoginService
{ {
protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted'; protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';
protected $mfaSession; protected $mfaSession;
@ -30,12 +29,14 @@ class LoginService
* Will start a login of the given user but will prevent if there's * Will start a login of the given user but will prevent if there's
* a reason to (MFA or Unconfirmed Email). * a reason to (MFA or Unconfirmed Email).
* Returns a boolean to indicate the current login result. * Returns a boolean to indicate the current login result.
*
* @throws StoppedAuthenticationException * @throws StoppedAuthenticationException
*/ */
public function login(User $user, string $method, bool $remember = false): void public function login(User $user, string $method, bool $remember = false): void
{ {
if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) { if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) {
$this->setLastLoginAttemptedForUser($user, $method, $remember); $this->setLastLoginAttemptedForUser($user, $method, $remember);
throw new StoppedAuthenticationException($user, $this); throw new StoppedAuthenticationException($user, $this);
} }
@ -55,6 +56,7 @@ class LoginService
/** /**
* Reattempt a system login after a previous stopped attempt. * Reattempt a system login after a previous stopped attempt.
*
* @throws Exception * @throws Exception
*/ */
public function reattemptLoginFor(User $user) public function reattemptLoginFor(User $user)
@ -75,12 +77,14 @@ class LoginService
public function getLastLoginAttemptUser(): ?User public function getLastLoginAttemptUser(): ?User
{ {
$id = $this->getLastLoginAttemptDetails()['user_id']; $id = $this->getLastLoginAttemptDetails()['user_id'];
return User::query()->where('id', '=', $id)->first(); return User::query()->where('id', '=', $id)->first();
} }
/** /**
* Get the details of the last login attempt. * Get the details of the last login attempt.
* Checks upon a ttl of about 1 hour since that last attempted login. * Checks upon a ttl of about 1 hour since that last attempted login.
*
* @return array{user_id: ?string, method: ?string, remember: bool} * @return array{user_id: ?string, method: ?string, remember: bool}
*/ */
protected function getLastLoginAttemptDetails(): array protected function getLastLoginAttemptDetails(): array
@ -94,6 +98,7 @@ class LoginService
$hourAgo = time() - (60 * 60); $hourAgo = time() - (60 * 60);
if ($time < $hourAgo) { if ($time < $hourAgo) {
$this->clearLastLoginAttempted(); $this->clearLastLoginAttempted();
return ['user_id' => null, 'method' => null]; return ['user_id' => null, 'method' => null];
} }
@ -156,5 +161,4 @@ class LoginService
return $result; return $result;
} }
} }

2
app/Auth/Access/Mfa/BackupCodeService.php
View File

@ -29,6 +29,7 @@ class BackupCodeService
{ {
$cleanCode = $this->cleanInputCode($code); $cleanCode = $this->cleanInputCode($code);
$codes = json_decode($codeSet); $codes = json_decode($codeSet);
return in_array($cleanCode, $codes); return in_array($cleanCode, $codes);
} }
@ -42,6 +43,7 @@ class BackupCodeService
$codes = json_decode($codeSet); $codes = json_decode($codeSet);
$pos = array_search($cleanCode, $codes, true); $pos = array_search($cleanCode, $codes, true);
array_splice($codes, $pos, 1); array_splice($codes, $pos, 1);
return json_encode($codes); return json_encode($codes);
} }

1
app/Auth/Access/Mfa/MfaSession.php
View File

@ -57,5 +57,4 @@ class MfaSession
{ {
return 'mfa-verification-passed:' . $user->id; return 'mfa-verification-passed:' . $user->id;
} }
} }

2
app/Auth/Access/Mfa/MfaValue.php
View File

@ -38,7 +38,7 @@ class MfaValue extends Model
/** @var MfaValue $mfaVal */ /** @var MfaValue $mfaVal */
$mfaVal = static::query()->firstOrNew([ $mfaVal = static::query()->firstOrNew([
'user_id' => $user->id, 'user_id' => $user->id,
'method' => $method 'method' => $method,
]); ]);
$mfaVal->setValue($value); $mfaVal->setValue($value);
$mfaVal->save(); $mfaVal->save();

3
app/Auth/Access/Mfa/TotpService.php
View File

@ -51,10 +51,11 @@ class TotpService
public function generateQrCodeSvg(string $url): string public function generateQrCodeSvg(string $url): string
{ {
$color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167)); $color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));
return (new Writer( return (new Writer(
new ImageRenderer( new ImageRenderer(
new RendererStyle(192, 0, null, null, $color), new RendererStyle(192, 0, null, null, $color),
new SvgImageBackEnd new SvgImageBackEnd()
) )
))->writeString($url); ))->writeString($url);
} }

1
app/Auth/Access/Mfa/TotpValidationRule.php
View File

@ -6,7 +6,6 @@ use Illuminate\Contracts\Validation\Rule;
class TotpValidationRule implements Rule class TotpValidationRule implements Rule
{ {
protected $secret; protected $secret;
protected $totpService; protected $totpService;

1
app/Auth/Access/RegistrationService.php
View File

@ -88,6 +88,7 @@ class RegistrationService
session()->flash('sent-email-confirmation', true); session()->flash('sent-email-confirmation', true);
} catch (Exception $e) { } catch (Exception $e) {
$message = trans('auth.email_confirm_send_error'); $message = trans('auth.email_confirm_send_error');
throw new UserRegistrationException($message, '/register/confirm'); throw new UserRegistrationException($message, '/register/confirm');
} }
} }

5
app/Auth/Access/Saml2Service.php
View File

@ -2,15 +2,11 @@
namespace BookStack\Auth\Access; namespace BookStack\Auth\Access;
use BookStack\Actions\ActivityType;
use BookStack\Auth\User; use BookStack\Auth\User;
use BookStack\Exceptions\JsonDebugException; use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\SamlException; use BookStack\Exceptions\SamlException;
use BookStack\Exceptions\StoppedAuthenticationException; use BookStack\Exceptions\StoppedAuthenticationException;
use BookStack\Exceptions\UserRegistrationException; use BookStack\Exceptions\UserRegistrationException;
use BookStack\Facades\Activity;
use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;
use Exception; use Exception;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use OneLogin\Saml2\Auth; use OneLogin\Saml2\Auth;
@ -392,6 +388,7 @@ class Saml2Service extends ExternalAuthService
} }
$this->loginService->login($user, 'saml2'); $this->loginService->login($user, 'saml2');
return $user; return $user;
} }
} }

1
app/Auth/Access/SocialAuthService.php
View File

@ -142,6 +142,7 @@ class SocialAuthService
// Simply log the user into the application. // Simply log the user into the application.
if (!$isLoggedIn && $socialAccount !== null) { if (!$isLoggedIn && $socialAccount !== null) {
$this->loginService->login($socialAccount->user, $socialAccount); $this->loginService->login($socialAccount->user, $socialAccount);
return redirect()->intended('/'); return redirect()->intended('/');
} }

3
app/Console/Commands/ResetMfa.php
View File

@ -45,6 +45,7 @@ class ResetMfa extends Command
$email = $this->option('email'); $email = $this->option('email');
if (!$id && !$email) { if (!$id && !$email) {
$this->error('Either a --id=<number> or --email=<email> option must be provided.'); $this->error('Either a --id=<number> or --email=<email> option must be provided.');
return 1; return 1;
} }
@ -57,6 +58,7 @@ class ResetMfa extends Command
if (!$user) { if (!$user) {
$this->error("A user where {$field}={$value} could not be found."); $this->error("A user where {$field}={$value} could not be found.");
return 1; return 1;
} }
@ -66,6 +68,7 @@ class ResetMfa extends Command
if ($confirm) { if ($confirm) {
$user->mfaValues()->delete(); $user->mfaValues()->delete();
$this->info('User MFA methods have been reset.'); $this->info('User MFA methods have been reset.');
return 0; return 0;
} }

1
app/Exceptions/StoppedAuthenticationException.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class StoppedAuthenticationException extends \Exception implements Responsable class StoppedAuthenticationException extends \Exception implements Responsable
{ {
protected $user; protected $user;
protected $loginService; protected $loginService;

4
app/Http/Controllers/Auth/ConfirmEmailController.php
View File

@ -28,8 +28,7 @@ class ConfirmEmailController extends Controller
EmailConfirmationService $emailConfirmationService, EmailConfirmationService $emailConfirmationService,
LoginService $loginService, LoginService $loginService,
UserRepo $userRepo UserRepo $userRepo
) ) {
{
$this->emailConfirmationService = $emailConfirmationService; $this->emailConfirmationService = $emailConfirmationService;
$this->loginService = $loginService; $this->loginService = $loginService;
$this->userRepo = $userRepo; $this->userRepo = $userRepo;
@ -51,6 +50,7 @@ class ConfirmEmailController extends Controller
public function showAwaiting() public function showAwaiting()
{ {
$user = $this->loginService->getLastLoginAttemptUser(); $user = $this->loginService->getLastLoginAttemptUser();
return view('auth.user-unconfirmed', ['user' => $user]); return view('auth.user-unconfirmed', ['user' => $user]);
} }

5
app/Http/Controllers/Auth/LoginController.php
View File

@ -145,12 +145,15 @@ class LoginController extends Controller
* Attempt to log the user into the application. * Attempt to log the user into the application.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
*
* @return bool * @return bool
*/ */
protected function attemptLogin(Request $request) protected function attemptLogin(Request $request)
{ {
return $this->loginService->attempt( return $this->loginService->attempt(
$this->credentials($request), auth()->getDefaultDriver(), $request->filled('remember') $this->credentials($request),
auth()->getDefaultDriver(),
$request->filled('remember')
); );
} }

9
app/Http/Controllers/Auth/MfaBackupCodesController.php
View File

@ -20,7 +20,7 @@ class MfaBackupCodesController extends Controller
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes'; protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes';
/** /**
* Show a view that generates and displays backup codes * Show a view that generates and displays backup codes.
*/ */
public function generate(BackupCodeService $codeService) public function generate(BackupCodeService $codeService)
{ {
@ -37,6 +37,7 @@ class MfaBackupCodesController extends Controller
/** /**
* Confirm the setup of backup codes, storing them against the user. * Confirm the setup of backup codes, storing them against the user.
*
* @throws Exception * @throws Exception
*/ */
public function confirm() public function confirm()
@ -52,6 +53,7 @@ class MfaBackupCodesController extends Controller
if (!auth()->check()) { if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification')); $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login'); return redirect('/login');
} }
@ -60,6 +62,7 @@ class MfaBackupCodesController extends Controller
/** /**
* Verify the MFA method submission on check. * Verify the MFA method submission on check.
*
* @throws NotFoundException * @throws NotFoundException
* @throws ValidationException * @throws ValidationException
*/ */
@ -76,8 +79,8 @@ class MfaBackupCodesController extends Controller
if (!$codeService->inputCodeExistsInSet($value, $codes)) { if (!$codeService->inputCodeExistsInSet($value, $codes)) {
$fail(trans('validation.backup_codes')); $fail(trans('validation.backup_codes'));
} }
} },
] ],
]); ]);
$updatedCodes = $codeService->removeInputCodeFromSet($request->get('code'), $codes); $updatedCodes = $codeService->removeInputCodeFromSet($request->get('code'), $codes);

2
app/Http/Controllers/Auth/MfaController.php
View File

@ -20,6 +20,7 @@ class MfaController extends Controller
->mfaValues() ->mfaValues()
->get(['id', 'method']) ->get(['id', 'method'])
->groupBy('method'); ->groupBy('method');
return view('mfa.setup', [ return view('mfa.setup', [
'userMethods' => $userMethods, 'userMethods' => $userMethods,
]); ]);
@ -27,6 +28,7 @@ class MfaController extends Controller
/** /**
* Remove an MFA method for the current user. * Remove an MFA method for the current user.
*
* @throws \Exception * @throws \Exception
*/ */
public function remove(string $method) public function remove(string $method)

7
app/Http/Controllers/Auth/MfaTotpController.php
View File

@ -43,6 +43,7 @@ class MfaTotpController extends Controller
/** /**
* Confirm the setup of TOTP and save the auth method secret * Confirm the setup of TOTP and save the auth method secret
* against the current user. * against the current user.
*
* @throws ValidationException * @throws ValidationException
* @throws NotFoundException * @throws NotFoundException
*/ */
@ -54,7 +55,7 @@ class MfaTotpController extends Controller
'required', 'required',
'max:12', 'min:4', 'max:12', 'min:4',
new TotpValidationRule($totpSecret), new TotpValidationRule($totpSecret),
] ],
]); ]);
MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret); MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
@ -63,6 +64,7 @@ class MfaTotpController extends Controller
if (!auth()->check()) { if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification')); $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login'); return redirect('/login');
} }
@ -71,6 +73,7 @@ class MfaTotpController extends Controller
/** /**
* Verify the MFA method submission on check. * Verify the MFA method submission on check.
*
* @throws NotFoundException * @throws NotFoundException
*/ */
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession) public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
@ -83,7 +86,7 @@ class MfaTotpController extends Controller
'required', 'required',
'max:12', 'min:4', 'max:12', 'min:4',
new TotpValidationRule($totpSecret), new TotpValidationRule($totpSecret),
] ],
]); ]);
$mfaSession->markVerifiedForUser($user); $mfaSession->markVerifiedForUser($user);

3
app/Http/Controllers/Auth/RegisterController.php
View File

@ -48,8 +48,7 @@ class RegisterController extends Controller
SocialAuthService $socialAuthService, SocialAuthService $socialAuthService,
RegistrationService $registrationService, RegistrationService $registrationService,
LoginService $loginService LoginService $loginService
) ) {
{
$this->middleware('guest'); $this->middleware('guest');
$this->middleware('guard:standard'); $this->middleware('guard:standard');

3
app/Http/Controllers/Auth/SocialController.php
View File

@ -27,8 +27,7 @@ class SocialController extends Controller
SocialAuthService $socialAuthService, SocialAuthService $socialAuthService,
RegistrationService $registrationService, RegistrationService $registrationService,
LoginService $loginService LoginService $loginService
) ) {
{
$this->middleware('guest')->only(['getRegister', 'postRegister']); $this->middleware('guest')->only(['getRegister', 'postRegister']);
$this->socialAuthService = $socialAuthService; $this->socialAuthService = $socialAuthService;
$this->registrationService = $registrationService; $this->registrationService = $registrationService;

1
app/Http/Middleware/ApiAuthenticate.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class ApiAuthenticate class ApiAuthenticate
{ {
/** /**
* Handle an incoming request. * Handle an incoming request.
*/ */

1
app/Http/Middleware/Authenticate.php
View File

@ -16,6 +16,7 @@ class Authenticate
if ($request->ajax()) { if ($request->ajax()) {
return response('Unauthorized.', 401); return response('Unauthorized.', 401);
} }
return redirect()->guest(url('/login')); return redirect()->guest(url('/login'));
} }

3
app/Http/Middleware/AuthenticatedOrPendingMfa.php
View File

@ -8,7 +8,6 @@ use Closure;
class AuthenticatedOrPendingMfa class AuthenticatedOrPendingMfa
{ {
protected $loginService; protected $loginService;
protected $mfaSession; protected $mfaSession;
@ -18,12 +17,12 @@ class AuthenticatedOrPendingMfa
$this->mfaSession = $mfaSession; $this->mfaSession = $mfaSession;
} }
/** /**
* Handle an incoming request. * Handle an incoming request.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Closure $next * @param \Closure $next
*
* @return mixed * @return mixed
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)

1
app/Translation/FileLoader.php
View File

@ -27,6 +27,7 @@ class FileLoader extends BaseLoader
$themePath = theme_path('lang'); $themePath = theme_path('lang');
$themeTranslations = $themePath ? $this->loadPath($themePath, $locale, $group) : []; $themeTranslations = $themePath ? $this->loadPath($themePath, $locale, $group) : [];
$originalTranslations = $this->loadPath($this->path, $locale, $group); $originalTranslations = $this->loadPath($this->path, $locale, $group);
return array_merge($originalTranslations, $themeTranslations); return array_merge($originalTranslations, $themeTranslations);
} }

1
routes/web.php
View File

@ -223,7 +223,6 @@ Route::group(['middleware' => 'auth'], function () {
Route::get('/roles/{id}', 'RoleController@edit'); Route::get('/roles/{id}', 'RoleController@edit');
Route::put('/roles/{id}', 'RoleController@update'); Route::put('/roles/{id}', 'RoleController@update');
}); });
}); });
// MFA routes // MFA routes

2
tests/Auth/AuthTest.php
View File

@ -332,7 +332,7 @@ class AuthTest extends BrowserKitTest
$user = $this->getEditor(); $user = $this->getEditor();
$mfaSession = $this->app->make(MfaSession::class); $mfaSession = $this->app->make(MfaSession::class);
$mfaSession->markVerifiedForUser($user);; $mfaSession->markVerifiedForUser($user);
$this->assertTrue($mfaSession->isVerifiedForUser($user)); $this->assertTrue($mfaSession->isVerifiedForUser($user));
$this->asAdmin()->visit('/logout'); $this->asAdmin()->visit('/logout');

6
tests/Auth/MfaConfigurationTest.php
View File

@ -10,7 +10,6 @@ use Tests\TestCase;
class MfaConfigurationTest extends TestCase class MfaConfigurationTest extends TestCase
{ {
public function test_totp_setup() public function test_totp_setup()
{ {
$editor = $this->getEditor(); $editor = $this->getEditor();
@ -155,13 +154,12 @@ class MfaConfigurationTest extends TestCase
$resp = $this->actingAs($admin)->get('/mfa/setup'); $resp = $this->actingAs($admin)->get('/mfa/setup');
$resp->assertElementExists('form[action$="/mfa/totp/remove"]'); $resp->assertElementExists('form[action$="/mfa/totp/remove"]');
$resp = $this->delete("/mfa/totp/remove"); $resp = $this->delete('/mfa/totp/remove');
$resp->assertRedirect("/mfa/setup"); $resp->assertRedirect('/mfa/setup');
$resp = $this->followRedirects($resp); $resp = $this->followRedirects($resp);
$resp->assertSee('Multi-factor method successfully removed'); $resp->assertSee('Multi-factor method successfully removed');
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD); $this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count()); $this->assertEquals(0, $admin->mfaValues()->count());
} }
} }

3
tests/Auth/MfaVerificationTest.php
View File

@ -227,6 +227,7 @@ class MfaVerificationTest extends TestCase
$role = $user->roles->first(); $role = $user->roles->first();
$role->mfa_enforced = true; $role->mfa_enforced = true;
$role->save(); $role->save();
try { try {
$loginService->login($user, 'testing'); $loginService->login($user, 'testing');
} catch (StoppedAuthenticationException $e) { } catch (StoppedAuthenticationException $e) {
@ -238,7 +239,6 @@ class MfaVerificationTest extends TestCase
$resp = $this->call($method, $path); $resp = $this->call($method, $path);
$resp->assertRedirect('/login'); $resp->assertRedirect('/login');
} }
} }
/** /**
@ -275,5 +275,4 @@ class MfaVerificationTest extends TestCase
return [$user, $codes, $loginResp]; return [$user, $codes, $loginResp];
} }
} }

2
tests/Commands/ResetMfaCommandTest.php
View File

@ -58,7 +58,7 @@ class ResetMfaCommandTest extends TestCase
public function test_giving_non_existing_user_shows_error_message() public function test_giving_non_existing_user_shows_error_message()
{ {
$this->artisan("bookstack:reset-mfa --email=donkeys@example.com") $this->artisan('bookstack:reset-mfa --email=donkeys@example.com')
->expectsOutput('A user where email=donkeys@example.com could not be found.') ->expectsOutput('A user where email=donkeys@example.com could not be found.')
->assertExitCode(1); ->assertExitCode(1);
} }