Skip to content

Commit e9be991

Browse files
MauricioFauthMauricioFauth
authored
Merge pull request #18615 from MauricioFauth/2fa-request
Pass a ServerRequest object to the 2FA plugin
2 parents 945a2c2 + a2b8c17 commit e9be991

13 files changed

Lines changed: 108 additions & 116 deletions

File tree

libraries/classes/Application.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ public function handle(ServerRequest $request): Response|null
259259

260260
$this->connectToDatabaseServer($GLOBALS['dbi'], $authPlugin, $currentServer);
261261
$authPlugin->rememberCredentials();
262-
$authPlugin->checkTwoFactor();
262+
$authPlugin->checkTwoFactor($request);
263263

264264
/* Log success */
265265
Logging::logUser($this->config, $currentServer->user);

libraries/classes/Controllers/Preferences/TwoFactorController.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,20 +36,20 @@ public function __invoke(ServerRequest $request): void
3636
$twoFactor = new TwoFactor($GLOBALS['cfg']['Server']['user']);
3737

3838
if ($request->hasBodyParam('2fa_remove')) {
39-
if (! $twoFactor->check(true)) {
40-
$this->render('preferences/two_factor/confirm', ['form' => $twoFactor->render()]);
39+
if (! $twoFactor->check($request, true)) {
40+
$this->render('preferences/two_factor/confirm', ['form' => $twoFactor->render($request)]);
4141

4242
return;
4343
}
4444

45-
$twoFactor->configure('');
45+
$twoFactor->configure($request, '');
4646
$this->response->addHTML(
4747
Message::rawNotice(__('Two-factor authentication has been removed.'))->getDisplay(),
4848
);
4949
} elseif ($request->hasBodyParam('2fa_configure')) {
50-
if (! $twoFactor->configure($request->getParsedBodyParam('2fa_configure'))) {
50+
if (! $twoFactor->configure($request, $request->getParsedBodyParam('2fa_configure'))) {
5151
$this->render('preferences/two_factor/configure', [
52-
'form' => $twoFactor->setup(),
52+
'form' => $twoFactor->setup($request),
5353
'configure' => $request->getParsedBodyParam('2fa_configure'),
5454
]);
5555

libraries/classes/Plugins/AuthenticationPlugin.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99

1010
use PhpMyAdmin\Config;
1111
use PhpMyAdmin\Exceptions\SessionHandlerException;
12+
use PhpMyAdmin\Http\ServerRequest;
1213
use PhpMyAdmin\IpAllowDeny;
1314
use PhpMyAdmin\Logging;
1415
use PhpMyAdmin\Message;
@@ -301,12 +302,12 @@ public function checkRules(): void
301302
* Checks whether two factor authentication is active
302303
* for given user and performs it.
303304
*/
304-
public function checkTwoFactor(): void
305+
public function checkTwoFactor(ServerRequest $request): void
305306
{
306307
$twofactor = new TwoFactor($this->user);
307308

308309
/* Do we need to show the form? */
309-
if ($twofactor->check()) {
310+
if ($twofactor->check($request)) {
310311
return;
311312
}
312313

@@ -320,7 +321,7 @@ public function checkTwoFactor(): void
320321
__('You have enabled two factor authentication, please confirm your login.'),
321322
)->getDisplay());
322323
$response->addHTML($this->template->render('login/twofactor', [
323-
'form' => $twofactor->render(),
324+
'form' => $twofactor->render($request),
324325
'show_submit' => $twofactor->showSubmit(),
325326
]));
326327
$response->addHTML($this->template->render('login/footer'));

libraries/classes/Plugins/TwoFactor/Application.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
namespace PhpMyAdmin\Plugins\TwoFactor;
99

10+
use PhpMyAdmin\Http\ServerRequest;
1011
use PhpMyAdmin\Plugins\TwoFactorPlugin;
1112
use PhpMyAdmin\TwoFactor;
1213
use PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException;
@@ -53,7 +54,7 @@ public function getGoogle2fa(): Google2FA
5354
* @throws InvalidCharactersException
5455
* @throws SecretKeyTooShortException
5556
*/
56-
public function check(): bool
57+
public function check(ServerRequest $request): bool
5758
{
5859
$this->provided = false;
5960
if (! isset($_POST['2fa_code'])) {
@@ -70,7 +71,7 @@ public function check(): bool
7071
*
7172
* @return string HTML code
7273
*/
73-
public function render(): string
74+
public function render(ServerRequest $request): string
7475
{
7576
return $this->template->render('login/twofactor/application');
7677
}
@@ -80,7 +81,7 @@ public function render(): string
8081
*
8182
* @return string HTML code
8283
*/
83-
public function setup(): string
84+
public function setup(ServerRequest $request): string
8485
{
8586
$secret = $this->twofactor->config['settings']['secret'];
8687
$inlineUrl = $this->google2fa->getQRCodeInline(
@@ -103,15 +104,15 @@ public function setup(): string
103104
* @throws InvalidCharactersException
104105
* @throws SecretKeyTooShortException
105106
*/
106-
public function configure(): bool
107+
public function configure(ServerRequest $request): bool
107108
{
108109
if (! isset($_SESSION['2fa_application_key'])) {
109110
$_SESSION['2fa_application_key'] = $this->google2fa->generateSecretKey();
110111
}
111112

112113
$this->twofactor->config['settings']['secret'] = $_SESSION['2fa_application_key'];
113114

114-
$result = $this->check();
115+
$result = $this->check($request);
115116
if ($result) {
116117
unset($_SESSION['2fa_application_key']);
117118
}

libraries/classes/Plugins/TwoFactor/Invalid.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
namespace PhpMyAdmin\Plugins\TwoFactor;
99

10+
use PhpMyAdmin\Http\ServerRequest;
1011
use PhpMyAdmin\Plugins\TwoFactorPlugin;
1112

1213
/**
@@ -21,7 +22,7 @@ class Invalid extends TwoFactorPlugin
2122
/**
2223
* Checks authentication, returns true on success
2324
*/
24-
public function check(): bool
25+
public function check(ServerRequest $request): bool
2526
{
2627
return false;
2728
}
@@ -31,7 +32,7 @@ public function check(): bool
3132
*
3233
* @return string HTML code
3334
*/
34-
public function render(): string
35+
public function render(ServerRequest $request): string
3536
{
3637
return $this->template->render('login/twofactor/invalid');
3738
}

libraries/classes/Plugins/TwoFactor/Key.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99

1010
use CodeLts\U2F\U2FServer\U2FException;
1111
use CodeLts\U2F\U2FServer\U2FServer;
12+
use PhpMyAdmin\Http\ServerRequest;
1213
use PhpMyAdmin\Plugins\TwoFactorPlugin;
1314
use PhpMyAdmin\ResponseRenderer;
1415
use PhpMyAdmin\TwoFactor;
@@ -71,7 +72,7 @@ public function getRegistrations(): array
7172
/**
7273
* Checks authentication, returns true on success
7374
*/
74-
public function check(): bool
75+
public function check(ServerRequest $request): bool
7576
{
7677
$this->provided = false;
7778
if (! isset($_POST['u2f_authentication_response'], $_SESSION['authenticationRequest'])) {
@@ -117,17 +118,17 @@ public function loadScripts(): void
117118
*
118119
* @return string HTML code
119120
*/
120-
public function render(): string
121+
public function render(ServerRequest $request): string
121122
{
122-
$request = U2FServer::makeAuthentication(
123+
$authRequest = U2FServer::makeAuthentication(
123124
$this->getRegistrations(),
124125
$this->getAppId(true),
125126
);
126-
$_SESSION['authenticationRequest'] = $request;
127+
$_SESSION['authenticationRequest'] = $authRequest;
127128
$this->loadScripts();
128129

129130
return $this->template->render('login/twofactor/key', [
130-
'request' => json_encode($request),
131+
'request' => json_encode($authRequest),
131132
'is_https' => $GLOBALS['config']->isHttps(),
132133
]);
133134
}
@@ -143,7 +144,7 @@ public function render(): string
143144
* @throws RuntimeError
144145
* @throws SyntaxError
145146
*/
146-
public function setup(): string
147+
public function setup(ServerRequest $request): string
147148
{
148149
$registrationData = U2FServer::makeRegistration(
149150
$this->getAppId(true),
@@ -163,7 +164,7 @@ public function setup(): string
163164
/**
164165
* Performs backend configuration
165166
*/
166-
public function configure(): bool
167+
public function configure(ServerRequest $request): bool
167168
{
168169
$this->provided = false;
169170
if (! isset($_POST['u2f_registration_response'], $_SESSION['registrationRequest'])) {

libraries/classes/Plugins/TwoFactor/Simple.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
namespace PhpMyAdmin\Plugins\TwoFactor;
99

10+
use PhpMyAdmin\Http\ServerRequest;
1011
use PhpMyAdmin\Plugins\TwoFactorPlugin;
1112

1213
use function __;
@@ -23,7 +24,7 @@ class Simple extends TwoFactorPlugin
2324
/**
2425
* Checks authentication, returns true on success
2526
*/
26-
public function check(): bool
27+
public function check(ServerRequest $request): bool
2728
{
2829
return isset($_POST['2fa_confirm']);
2930
}
@@ -33,7 +34,7 @@ public function check(): bool
3334
*
3435
* @return string HTML code
3536
*/
36-
public function render(): string
37+
public function render(ServerRequest $request): string
3738
{
3839
return $this->template->render('login/twofactor/simple');
3940
}

libraries/classes/Plugins/TwoFactor/WebAuthn.php

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44

55
namespace PhpMyAdmin\Plugins\TwoFactor;
66

7-
use PhpMyAdmin\Application;
87
use PhpMyAdmin\Http\ServerRequest;
98
use PhpMyAdmin\Plugins\TwoFactorPlugin;
109
use PhpMyAdmin\ResponseRenderer;
@@ -39,8 +38,6 @@ class WebAuthn extends TwoFactorPlugin
3938

4039
private Server $server;
4140

42-
public ServerRequest|null $serverRequest = null;
43-
4441
public function __construct(TwoFactor $twofactor)
4542
{
4643
parent::__construct($twofactor);
@@ -72,18 +69,8 @@ public function setServer(Server $server): void
7269
$this->server = $server;
7370
}
7471

75-
private function getRequest(): ServerRequest
76-
{
77-
if ($this->serverRequest === null) {
78-
$this->serverRequest = Application::getRequest();
79-
}
80-
81-
return $this->serverRequest;
82-
}
83-
84-
public function render(): string
72+
public function render(ServerRequest $request): string
8573
{
86-
$request = $this->getRequest();
8774
$userHandle = sodium_base642bin($this->getUserHandleFromSettings(), SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);
8875
$requestOptions = $this->server->getCredentialRequestOptions(
8976
$this->twofactor->user,
@@ -101,10 +88,9 @@ public function render(): string
10188
);
10289
}
10390

104-
public function check(): bool
91+
public function check(ServerRequest $request): bool
10592
{
10693
$this->provided = false;
107-
$request = $this->getRequest();
10894
$authenticatorResponse = $request->getParsedBodyParam('webauthn_request_response', '');
10995
if ($authenticatorResponse === '' || ! isset($_SESSION['WebAuthnCredentialRequestOptions'])) {
11096
return false;
@@ -138,9 +124,8 @@ public function check(): bool
138124
return true;
139125
}
140126

141-
public function setup(): string
127+
public function setup(ServerRequest $request): string
142128
{
143-
$request = $this->getRequest();
144129
$userId = sodium_bin2base64(random_bytes(32), SODIUM_BASE64_VARIANT_ORIGINAL);
145130
$host = $request->getUri()->getHost();
146131
$creationOptions = $this->server->getCredentialCreationOptions($this->twofactor->user, $userId, $host);
@@ -154,10 +139,9 @@ public function setup(): string
154139
);
155140
}
156141

157-
public function configure(): bool
142+
public function configure(ServerRequest $request): bool
158143
{
159144
$this->provided = false;
160-
$request = $this->getRequest();
161145
$authenticatorResponse = $request->getParsedBodyParam('webauthn_creation_response', '');
162146
if ($authenticatorResponse === '' || ! isset($_SESSION['WebAuthnCredentialCreationOptions'])) {
163147
return false;

libraries/classes/Plugins/TwoFactorPlugin.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
namespace PhpMyAdmin\Plugins;
99

1010
use PhpMyAdmin\Core;
11+
use PhpMyAdmin\Http\ServerRequest;
1112
use PhpMyAdmin\Message;
1213
use PhpMyAdmin\Template;
1314
use PhpMyAdmin\TwoFactor;
@@ -67,7 +68,7 @@ public function getError(): string
6768
/**
6869
* Checks authentication, returns true on success
6970
*/
70-
public function check(): bool
71+
public function check(ServerRequest $request): bool
7172
{
7273
return true;
7374
}
@@ -77,7 +78,7 @@ public function check(): bool
7778
*
7879
* @return string HTML code
7980
*/
80-
public function render(): string
81+
public function render(ServerRequest $request): string
8182
{
8283
return '';
8384
}
@@ -87,15 +88,15 @@ public function render(): string
8788
*
8889
* @return string HTML code
8990
*/
90-
public function setup(): string
91+
public function setup(ServerRequest $request): string
9192
{
9293
return '';
9394
}
9495

9596
/**
9697
* Performs backend configuration
9798
*/
98-
public function configure(): bool
99+
public function configure(ServerRequest $request): bool
99100
{
100101
return true;
101102
}

0 commit comments

Comments
 (0)