mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-12-28 18:41:34 +08:00
Added Admin TOTP to admin security page
This commit is contained in:
parent
98aff451f5
commit
8ac116d0a4
6 changed files with 46 additions and 49 deletions
|
@ -195,20 +195,6 @@ class RemoteAdminFetch extends AbstractFetchRemote {
|
|||
this.defaultRequest(fCallback, 'AdminContactsTest', oData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {?Function} fCallback
|
||||
* @param {?} oData
|
||||
*/
|
||||
saveNewAdminPassword(fCallback, oData) {
|
||||
this.defaultRequest(fCallback, 'AdminPasswordUpdate', oData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {?Function} fCallback
|
||||
*/
|
||||
phpExtensions(fCallback) {
|
||||
this.defaultRequest(fCallback, 'AdminPHPExtensions');
|
||||
}
|
||||
}
|
||||
|
||||
export default new RemoteAdminFetch();
|
||||
|
|
|
@ -9,7 +9,7 @@ export class AboutAdminSettings /*extends AbstractViewSettings*/ {
|
|||
}
|
||||
|
||||
onBuild() {
|
||||
Remote.phpExtensions((iError, data) => iError || this.phpextensions(data.Result));
|
||||
Remote.defaultRequest((iError, data) => iError || this.phpextensions(data.Result), 'AdminPHPExtensions');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
|
|||
adminPasswordNew: '',
|
||||
adminPasswordNew2: '',
|
||||
adminPasswordNewError: false,
|
||||
adminTOTP: SettingsGet('AdminTOTP'),
|
||||
|
||||
adminPasswordUpdateError: false,
|
||||
adminPasswordUpdateSuccess: false,
|
||||
|
@ -91,7 +92,7 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
|
|||
this.adminPasswordUpdateError(false);
|
||||
this.adminPasswordUpdateSuccess(false);
|
||||
|
||||
Remote.saveNewAdminPassword((iError, data) => {
|
||||
Remote.defaultRequest((iError, data) => {
|
||||
if (iError) {
|
||||
this.adminPasswordUpdateError(true);
|
||||
} else {
|
||||
|
@ -103,10 +104,11 @@ export class SecurityAdminSettings /*extends AbstractViewSettings*/ {
|
|||
|
||||
this.weakPassword(!!data.Result.Weak);
|
||||
}
|
||||
}, {
|
||||
}, 'AdminPasswordUpdate', {
|
||||
'Login': this.adminLogin(),
|
||||
'Password': this.adminPassword(),
|
||||
'NewPassword': this.adminPasswordNew()
|
||||
'NewPassword': this.adminPasswordNew(),
|
||||
'TOTP': this.adminTOTP()
|
||||
});
|
||||
|
||||
return true;
|
||||
|
|
|
@ -873,7 +873,38 @@ class Actions
|
|||
$sLanguage = $oConfig->Get('webmail', 'language', 'en');
|
||||
$UserLanguageRaw = $this->detectUserLanguage($bAdmin);
|
||||
|
||||
if (!$bAdmin) {
|
||||
if ($bAdmin) {
|
||||
$aResult['Auth'] = $this->IsAdminLoggined(false);
|
||||
if ($aResult['Auth']) {
|
||||
$aResult['AdminDomain'] = APP_SITE;
|
||||
$aResult['AdminLogin'] = (string)$oConfig->Get('security', 'admin_login', '');
|
||||
$aResult['AdminTOTP'] = (string)$oConfig->Get('security', 'admin_totp', '');
|
||||
$aResult['UseTokenProtection'] = (bool)$oConfig->Get('security', 'csrf_protection', true);
|
||||
$aResult['EnabledPlugins'] = (bool)$oConfig->Get('plugins', 'enable', false);
|
||||
|
||||
$aResult['VerifySslCertificate'] = (bool)$oConfig->Get('ssl', 'verify_certificate', false);
|
||||
$aResult['AllowSelfSigned'] = (bool)$oConfig->Get('ssl', 'allow_self_signed', true);
|
||||
|
||||
$aResult['supportedPdoDrivers'] = \RainLoop\Common\PdoAbstract::getAvailableDrivers();
|
||||
|
||||
$aResult['ContactsEnable'] = (bool)$oConfig->Get('contacts', 'enable', false);
|
||||
$aResult['ContactsSync'] = (bool)$oConfig->Get('contacts', 'allow_sync', false);
|
||||
$aResult['ContactsPdoType'] = (string)$this->ValidateContactPdoType(\trim($this->Config()->Get('contacts', 'type', 'sqlite')));
|
||||
$aResult['ContactsPdoDsn'] = (string)$oConfig->Get('contacts', 'pdo_dsn', '');
|
||||
$aResult['ContactsPdoType'] = (string)$oConfig->Get('contacts', 'type', '');
|
||||
$aResult['ContactsPdoUser'] = (string)$oConfig->Get('contacts', 'pdo_user', '');
|
||||
$aResult['ContactsPdoPassword'] = (string)APP_DUMMY;
|
||||
|
||||
$aResult['WeakPassword'] = \is_file($passfile);
|
||||
|
||||
$aResult['PhpUploadSizes'] = array(
|
||||
'upload_max_filesize' => \ini_get('upload_max_filesize'),
|
||||
'post_max_size' => \ini_get('post_max_size')
|
||||
);
|
||||
}
|
||||
|
||||
$aResult['Capa'] = $this->Capa(true);
|
||||
} else {
|
||||
$oAccount = $this->getAccountFromToken(false);
|
||||
if ($oAccount) {
|
||||
$aResult['Auth'] = true;
|
||||
|
@ -986,36 +1017,6 @@ class Actions
|
|||
}
|
||||
|
||||
$aResult['Capa'] = $this->Capa(false, $oAccount);
|
||||
} else {
|
||||
$aResult['Auth'] = $this->IsAdminLoggined(false);
|
||||
if ($aResult['Auth']) {
|
||||
$aResult['AdminDomain'] = APP_SITE;
|
||||
$aResult['AdminLogin'] = (string)$oConfig->Get('security', 'admin_login', '');
|
||||
$aResult['UseTokenProtection'] = (bool)$oConfig->Get('security', 'csrf_protection', true);
|
||||
$aResult['EnabledPlugins'] = (bool)$oConfig->Get('plugins', 'enable', false);
|
||||
|
||||
$aResult['VerifySslCertificate'] = (bool)$oConfig->Get('ssl', 'verify_certificate', false);
|
||||
$aResult['AllowSelfSigned'] = (bool)$oConfig->Get('ssl', 'allow_self_signed', true);
|
||||
|
||||
$aResult['supportedPdoDrivers'] = \RainLoop\Common\PdoAbstract::getAvailableDrivers();
|
||||
|
||||
$aResult['ContactsEnable'] = (bool)$oConfig->Get('contacts', 'enable', false);
|
||||
$aResult['ContactsSync'] = (bool)$oConfig->Get('contacts', 'allow_sync', false);
|
||||
$aResult['ContactsPdoType'] = (string)$this->ValidateContactPdoType(\trim($this->Config()->Get('contacts', 'type', 'sqlite')));
|
||||
$aResult['ContactsPdoDsn'] = (string)$oConfig->Get('contacts', 'pdo_dsn', '');
|
||||
$aResult['ContactsPdoType'] = (string)$oConfig->Get('contacts', 'type', '');
|
||||
$aResult['ContactsPdoUser'] = (string)$oConfig->Get('contacts', 'pdo_user', '');
|
||||
$aResult['ContactsPdoPassword'] = (string)APP_DUMMY;
|
||||
|
||||
$aResult['WeakPassword'] = \is_file($passfile);
|
||||
|
||||
$aResult['PhpUploadSizes'] = array(
|
||||
'upload_max_filesize' => \ini_get('upload_max_filesize'),
|
||||
'post_max_size' => \ini_get('post_max_size')
|
||||
);
|
||||
}
|
||||
|
||||
$aResult['Capa'] = $this->Capa(true);
|
||||
}
|
||||
|
||||
$sStaticCache = $this->StaticCache();
|
||||
|
|
|
@ -248,6 +248,8 @@ trait Admin
|
|||
|
||||
$passfile = APP_PRIVATE_DATA.'admin_password.txt';
|
||||
|
||||
$oConfig->Set('security', 'admin_totp', $this->GetActionParam('TOTP', ''));
|
||||
|
||||
if ($oConfig->ValidatePassword($sPassword))
|
||||
{
|
||||
if (\strlen($sLogin))
|
||||
|
|
|
@ -42,6 +42,12 @@
|
|||
<input type="password" autocomplete="new-password" autocorrect="off" autocapitalize="off" spellcheck="false"
|
||||
data-bind="textInput: adminPasswordNew2" />
|
||||
</div>
|
||||
<div class="control-group">
|
||||
<label data-i18n="LOGIN/LABEL_TOTP"></label>
|
||||
<input type="text" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"
|
||||
pattern="[A-Z2-7]{16,}"
|
||||
data-bind="textInput: adminTOTP" />
|
||||
</div>
|
||||
<div class="control-group">
|
||||
<a class="btn" data-bind="command: saveNewAdminPasswordCommand, css: { 'btn-success': adminPasswordUpdateSuccess, 'btn-danger': adminPasswordUpdateError }">
|
||||
<i class="fontastic">🔑</i>
|
||||
|
|
Loading…
Reference in a new issue