search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Portuguese)
[phpmyadmin.git] / src / TwoFactor.php
blob2b77f92392485405d8194b4fd15e49dd229fcdfd
1 <?php
2 /**
3 * Two authentication factor handling
4 */
5
6 declare(strict_types=1);
7
8 namespace PhpMyAdmin;
9
10 use BaconQrCode\Renderer\ImageRenderer;
11 use CodeLts\U2F\U2FServer\U2FServer;
12 use PhpMyAdmin\ConfigStorage\Relation;
13 use PhpMyAdmin\Http\ServerRequest;
14 use PhpMyAdmin\Plugins\TwoFactor\Application;
15 use PhpMyAdmin\Plugins\TwoFactor\Invalid;
16 use PhpMyAdmin\Plugins\TwoFactor\Key;
17 use PhpMyAdmin\Plugins\TwoFactorPlugin;
18 use PragmaRX\Google2FAQRCode\Google2FA;
19 use XMLWriter;
20
21 use function array_merge;
22 use function class_exists;
23 use function extension_loaded;
24 use function in_array;
25 use function is_array;
26 use function is_bool;
27 use function is_string;
28 use function ucfirst;
29
30 /**
31 * Two factor authentication wrapper class
32 */
33 class TwoFactor
34 {
35 /**
36 * @var mixed[]
37 * @psalm-var array{backend: string, settings: mixed[], type?: 'session'|'db'}
38 */
39 public array $config;
40
41 protected bool $writable;
42
43 protected TwoFactorPlugin $backend;
44
45 /** @var string[] */
46 protected array $available;
47
48 private UserPreferences $userPreferences;
49
50 /**
51 * Creates new TwoFactor object
52 *
53 * @param string $user User name
54 */
55 public function __construct(public string $user)
56 {
57 $dbi = DatabaseInterface::getInstance();
58
59 $this->userPreferences = new UserPreferences($dbi, new Relation($dbi), new Template());
60 $this->available = $this->getAvailableBackends();
61 $this->config = $this->readConfig();
62 $this->writable = $this->config['type'] === 'db';
63 $this->backend = $this->getBackendForCurrentUser();
64 }
65
66 /**
67 * Reads the configuration
68 *
69 * @psalm-return array{backend: string, settings: mixed[], type: 'session'|'db'}
70 */
71 public function readConfig(): array
72 {
73 $result = [];
74 $config = $this->userPreferences->load();
75 if (isset($config['config_data']['2fa']) && is_array($config['config_data']['2fa'])) {
76 $result = $config['config_data']['2fa'];
77 }
78
79 $backend = '';
80 if (isset($result['backend']) && is_string($result['backend'])) {
81 $backend = $result['backend'];
82 }
83
84 $settings = [];
85 if (isset($result['settings']) && is_array($result['settings'])) {
86 $settings = $result['settings'];
87 }
88
89 return ['backend' => $backend, 'settings' => $settings, 'type' => $config['type']];
90 }
91
92 public function isWritable(): bool
93 {
94 return $this->writable;
95 }
96
97 public function getBackend(): TwoFactorPlugin
98 {
99 return $this->backend;
100 }
101
102 /** @return string[] */
103 public function getAvailable(): array
104 {
105 return $this->available;
106 }
107
108 public function showSubmit(): bool
109 {
110 return $this->backend::$showSubmit;
111 }
112
113 /**
114 * Returns list of available backends
115 *
116 * @return string[]
117 */
118 public function getAvailableBackends(): array
119 {
120 $result = [];
121 $config = Config::getInstance();
122 if ($config->config->debug->simple2fa) {
123 $result[] = 'simple';
124 }
125
126 if (
127 class_exists(Google2FA::class)
128 && class_exists(ImageRenderer::class)
129 && (class_exists(XMLWriter::class) || extension_loaded('imagick'))
130 ) {
131 $result[] = 'application';
132 }
133
134 $result[] = 'WebAuthn';
135
136 if (class_exists(U2FServer::class)) {
137 $result[] = 'key';
138 }
139
140 return $result;
141 }
142
143 /**
144 * Returns list of missing dependencies
145 *
146 * @return array<int, array{class: string, dep: string}>
147 */
148 public function getMissingDeps(): array
149 {
150 $result = [];
151 if (! class_exists(Google2FA::class)) {
152 $result[] = ['class' => Application::getName(), 'dep' => 'pragmarx/google2fa-qrcode'];
153 }
154
155 if (! class_exists(ImageRenderer::class)) {
156 $result[] = ['class' => Application::getName(), 'dep' => 'bacon/bacon-qr-code'];
157 }
158
159 if (! class_exists(U2FServer::class)) {
160 $result[] = ['class' => Key::getName(), 'dep' => 'code-lts/u2f-php-server'];
161 }
162
163 return $result;
164 }
165
166 /**
167 * Returns class name for given name
168 *
169 * @param string $name Backend name
170 *
171 * @psalm-return class-string<TwoFactorPlugin>
172 */
173 public function getBackendClass(string $name): string
174 {
175 $result = TwoFactorPlugin::class;
176 if (in_array($name, $this->available, true)) {
177 /** @psalm-var class-string<TwoFactorPlugin> $result */
178 $result = 'PhpMyAdmin\\Plugins\\TwoFactor\\' . ucfirst($name);
179 } elseif ($name !== '') {
180 $result = Invalid::class;
181 }
182
183 return $result;
184 }
185
186 /**
187 * Returns backend for current user
188 */
189 public function getBackendForCurrentUser(): TwoFactorPlugin
190 {
191 $name = $this->getBackendClass($this->config['backend']);
192
193 return new $name($this);
194 }
195
196 /**
197 * Checks authentication, returns true on success
198 *
199 * @param bool $skipSession Skip session cache
200 */
201 public function check(ServerRequest $request, bool $skipSession = false): bool
202 {
203 if ($skipSession) {
204 return $this->backend->check($request);
205 }
206
207 if (! isset($_SESSION['two_factor_check']) || ! is_bool($_SESSION['two_factor_check'])) {
208 $_SESSION['two_factor_check'] = $this->backend->check($request);
209 }
210
211 return $_SESSION['two_factor_check'];
212 }
213
214 /**
215 * Renders user interface to enter two-factor authentication
216 *
217 * @return string HTML code
218 */
219 public function render(ServerRequest $request): string
220 {
221 return $this->backend->getError() . $this->backend->render($request);
222 }
223
224 /**
225 * Renders user interface to configure two-factor authentication
226 *
227 * @return string HTML code
228 */
229 public function setup(ServerRequest $request): string
230 {
231 return $this->backend->getError() . $this->backend->setup($request);
232 }
233
234 /**
235 * Saves current configuration.
236 *
237 * @return true|Message
238 */
239 public function save(): bool|Message
240 {
241 return $this->userPreferences->persistOption('2fa', $this->config, null);
242 }
243
244 /**
245 * Changes two-factor authentication settings
246 *
247 * The object might stay in partially changed setup
248 * if configuration fails.
249 *
250 * @param string $name Backend name
251 */
252 public function configure(ServerRequest $request, string $name): bool
253 {
254 $this->config = ['backend' => $name, 'settings' => []];
255 if ($name === '') {
256 $cls = $this->getBackendClass($name);
257 $this->backend = new $cls($this);
258 } else {
259 if (! in_array($name, $this->available, true)) {
260 return false;
261 }
262
263 $cls = $this->getBackendClass($name);
264 $this->backend = new $cls($this);
265 if (! $this->backend->configure($request)) {
266 return false;
267 }
268 }
269
270 $result = $this->save();
271 if ($result !== true) {
272 echo $result->getDisplay();
273 }
274
275 return true;
276 }
277
278 /**
279 * Returns array with all available backends
280 *
281 * @return array<int, array{id: mixed, name: mixed, description: mixed}>
282 */
283 public function getAllBackends(): array
284 {
285 $all = array_merge([''], $this->available);
286 $backends = [];
287 foreach ($all as $name) {
288 $cls = $this->getBackendClass($name);
289 $backends[] = ['id' => $cls::$id, 'name' => $cls::getName(), 'description' => $cls::getDescription()];
290 }
291
292 return $backends;
293 }
294 }
phpMyAdmin