archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-05 00:30:26 +00:00
Code Issues Projects Releases Wiki Activity

Added the ability to remove an MFA method

Browse source 
Includes testing to cover
This commit is contained in:
Dan Brown 2021-07-14 21:27:21 +01:00
parent 7c86c26cd0
commit f696aa5eea
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
8 changed files with 75 additions and 0 deletions
app
Actions
ActivityType.php
Auth/Access/Mfa
MfaValue.php
Http/Controllers/Auth
MfaController.php
resources
lang/en
activities.php
sass
_layout.scss
views/mfa
setup.blade.php
routes
web.php
tests/Auth
MfaConfigurationTest.php

1
app/Actions/ActivityType.php
View file

@ -52,4 +52,5 @@ class ActivityType
const AUTH_REGISTER = 'auth_register'; const AUTH_REGISTER = 'auth_register';
const MFA_SETUP_METHOD = 'mfa_setup_method'; const MFA_SETUP_METHOD = 'mfa_setup_method';
const MFA_REMOVE_METHOD = 'mfa_remove_method';
} }

8
app/Auth/Access/Mfa/MfaValue.php
View file

@ -21,6 +21,14 @@ class MfaValue extends Model
const METHOD_TOTP = 'totp'; const METHOD_TOTP = 'totp';
const METHOD_BACKUP_CODES = 'backup_codes'; const METHOD_BACKUP_CODES = 'backup_codes';
/**
* Get all the MFA methods available.
*/
public static function allMethods(): array
{
return [self::METHOD_TOTP, self::METHOD_BACKUP_CODES];
}
/** /**
* Upsert a new MFA value for the given user and method * Upsert a new MFA value for the given user and method
* using the provided value. * using the provided value.

19
app/Http/Controllers/Auth/MfaController.php
View file

@ -2,6 +2,8 @@
namespace BookStack\Http\Controllers\Auth; namespace BookStack\Http\Controllers\Auth;
use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\Mfa\MfaValue;
use BookStack\Http\Controllers\Controller; use BookStack\Http\Controllers\Controller;
class MfaController extends Controller class MfaController extends Controller
@ -18,4 +20,21 @@ class MfaController extends Controller
'userMethods' => $userMethods, 'userMethods' => $userMethods,
]); ]);
} }
/**
* Remove an MFA method for the current user.
* @throws \Exception
*/
public function remove(string $method)
{
if (in_array($method, MfaValue::allMethods())) {
$value = user()->mfaValues()->where('method', '=', $method)->first();
if ($value) {
$value->delete();
$this->logActivity(ActivityType::MFA_REMOVE_METHOD, $method);
}
}
return redirect('/mfa/setup');
}
} }

1
resources/lang/en/activities.php
View file

@ -49,6 +49,7 @@ return [
// MFA // MFA
'mfa_setup_method_notification' => 'Multi-factor method successfully configured', 'mfa_setup_method_notification' => 'Multi-factor method successfully configured',
'mfa_remove_method_notification' => 'Multi-factor method successfully removed',
// Other // Other
'commented_on' => 'commented on', 'commented_on' => 'commented on',

4
resources/sass/_layout.scss
View file

@ -181,6 +181,10 @@ body.flexbox {
display: inline-block !important; display: inline-block !important;
} }
.relative {
position: relative;
}
.hidden { .hidden {
display: none !important; display: none !important;
} }

22
resources/views/mfa/setup.blade.php
View file

@ -26,6 +26,17 @@
Already configured Already configured
</div> </div>
<a href="{{ url('/mfa/totp-generate') }}" class="button outline small">Reconfigure</a> <a href="{{ url('/mfa/totp-generate') }}" class="button outline small">Reconfigure</a>
<div component="dropdown" class="inline relative">
<button type="button" refs="dropdown@toggle" class="button outline small">Remove</button>
<div refs="dropdown@menu" class="dropdown-menu">
<p class="text-neg small px-m mb-xs">Are you sure you want to remove this multi-factor authentication method?</p>
<form action="{{ url('/mfa/remove/totp') }}" method="post">
{{ csrf_field() }}
{{ method_field('delete') }}
<button class="text-primary small delete">{{ trans('common.confirm') }}</button>
</form>
</div>
</div>
@else @else
<a href="{{ url('/mfa/totp-generate') }}" class="button outline">Setup</a> <a href="{{ url('/mfa/totp-generate') }}" class="button outline">Setup</a>
@endif @endif
@ -47,6 +58,17 @@
Already configured Already configured
</div> </div>
<a href="{{ url('/mfa/backup-codes-generate') }}" class="button outline small">Reconfigure</a> <a href="{{ url('/mfa/backup-codes-generate') }}" class="button outline small">Reconfigure</a>
<div component="dropdown" class="inline relative">
<button type="button" refs="dropdown@toggle" class="button outline small">Remove</button>
<div refs="dropdown@menu" class="dropdown-menu">
<p class="text-neg small px-m mb-xs">Are you sure you want to remove this multi-factor authentication method?</p>
<form action="{{ url('/mfa/remove/backup_codes') }}" method="post">
{{ csrf_field() }}
{{ method_field('delete') }}
<button class="text-primary small delete">{{ trans('common.confirm') }}</button>
</form>
</div>
</div>
@else @else
<a href="{{ url('/mfa/backup-codes-generate') }}" class="button outline">Setup</a> <a href="{{ url('/mfa/backup-codes-generate') }}" class="button outline">Setup</a>
@endif @endif

1
routes/web.php
View file

@ -230,6 +230,7 @@ Route::group(['middleware' => 'auth'], function () {
Route::post('/mfa/totp-confirm', 'Auth\MfaTotpController@confirm'); Route::post('/mfa/totp-confirm', 'Auth\MfaTotpController@confirm');
Route::get('/mfa/backup-codes-generate', 'Auth\MfaBackupCodesController@generate'); Route::get('/mfa/backup-codes-generate', 'Auth\MfaBackupCodesController@generate');
Route::post('/mfa/backup-codes-confirm', 'Auth\MfaBackupCodesController@confirm'); Route::post('/mfa/backup-codes-confirm', 'Auth\MfaBackupCodesController@confirm');
Route::delete('/mfa/remove/{method}', 'Auth\MfaController@remove');
}); });
// Social auth routes // Social auth routes

19
tests/Auth/MfaConfigurationTest.php
View file

@ -2,6 +2,7 @@
namespace Tests\Auth; namespace Tests\Auth;
use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\Mfa\MfaValue; use BookStack\Auth\Access\Mfa\MfaValue;
use BookStack\Auth\User; use BookStack\Auth\User;
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
@ -145,4 +146,22 @@ class MfaConfigurationTest extends TestCase
$resp->assertElementExists('[title="MFA Configured"] svg'); $resp->assertElementExists('[title="MFA Configured"] svg');
} }
public function test_remove_mfa_method()
{
$admin = $this->getAdmin();
MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
$this->assertEquals(1, $admin->mfaValues()->count());
$resp = $this->actingAs($admin)->get('/mfa/setup');
$resp->assertElementExists('form[action$="/mfa/remove/totp"]');
$resp = $this->delete("/mfa/remove/totp");
$resp->assertRedirect("/mfa/setup");
$resp = $this->followRedirects($resp);
$resp->assertSee('Multi-factor method successfully removed');
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count());
}
} }