mirror of https://github.com/MISP/MISP
Merge branch 'develop' of github.com:MISP/MISP into develop
commit
ba9f9f4781
|
@ -649,21 +649,21 @@ class AppController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user accepted terms and conditions
|
// Check if user accepted terms and conditions
|
||||||
if (!$user['termsaccepted'] && !empty(Configure::read('MISP.terms_file')) && !$this->_isControllerAction(['users' => ['terms', 'logout', 'login', 'downloadTerms']])) {
|
if (!$user['termsaccepted'] && !empty(Configure::read('MISP.terms_file')) && !$this->_isControllerAction(['users' => ['terms', 'logout', 'login', 'downloadTerms', 'totp_new', 'email_otp']])) {
|
||||||
//if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.');
|
//if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.');
|
||||||
$this->redirect(array('controller' => 'users', 'action' => 'terms', 'admin' => false));
|
$this->redirect(array('controller' => 'users', 'action' => 'terms', 'admin' => false));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user must change password
|
// Check if user must change password
|
||||||
if ($user['change_pw'] && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login']])) {
|
if ($user['change_pw'] && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new', 'email_otp']])) {
|
||||||
//if ($this->_isRest()) throw new MethodNotAllowedException('Your user account is expecting a password change, please log in via the web interface and change it before proceeding.');
|
//if ($this->_isRest()) throw new MethodNotAllowedException('Your user account is expecting a password change, please log in via the web interface and change it before proceeding.');
|
||||||
$this->redirect(array('controller' => 'users', 'action' => 'change_pw', 'admin' => false));
|
$this->redirect(array('controller' => 'users', 'action' => 'change_pw', 'admin' => false));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user must read news
|
// Check if user must read news
|
||||||
if (!$this->_isControllerAction(['news' => ['index'], 'users' => ['terms', 'change_pw', 'login', 'logout']])) {
|
if (!$this->_isControllerAction(['news' => ['index'], 'users' => ['terms', 'change_pw', 'login', 'logout', 'totp_new', 'email_otp']])) {
|
||||||
$this->loadModel('News');
|
$this->loadModel('News');
|
||||||
$latestNewsCreated = $this->News->latestNewsTimestamp();
|
$latestNewsCreated = $this->News->latestNewsTimestamp();
|
||||||
if ($latestNewsCreated && $user['newsread'] < $latestNewsCreated) {
|
if ($latestNewsCreated && $user['newsread'] < $latestNewsCreated) {
|
||||||
|
|
|
@ -925,7 +925,7 @@ class ACLComponent extends Component
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
};
|
};
|
||||||
$this->dynamicChecks['otp_enabled'] = function (array $user) {
|
$this->dynamicChecks['otp_enabled'] = function ($user) {
|
||||||
if (Configure::read('Security.otp_disabled')) {
|
if (Configure::read('Security.otp_disabled')) {
|
||||||
throw new ForbiddenException('OTP has been disabled on this instance.');
|
throw new ForbiddenException('OTP has been disabled on this instance.');
|
||||||
}
|
}
|
||||||
|
|
|
@ -1214,6 +1214,7 @@ class UsersController extends AppController
|
||||||
$this->Auth->constructAuthenticate();
|
$this->Auth->constructAuthenticate();
|
||||||
}
|
}
|
||||||
// user has TOTP token, check creds and redirect to TOTP validation
|
// user has TOTP token, check creds and redirect to TOTP validation
|
||||||
|
if (!Configure::read('Security.otp_disabled')) {
|
||||||
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
|
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
|
||||||
$user = $this->Auth->identify($this->request, $this->response);
|
$user = $this->Auth->identify($this->request, $this->response);
|
||||||
if ($user && !$user['disabled']) {
|
if ($user && !$user['disabled']) {
|
||||||
|
@ -1223,6 +1224,7 @@ class UsersController extends AppController
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
// if instance requires email OTP
|
// if instance requires email OTP
|
||||||
if ($this->request->is('post') && Configure::read('Security.email_otp_enabled')) {
|
if ($this->request->is('post') && Configure::read('Security.email_otp_enabled')) {
|
||||||
$user = $this->Auth->identify($this->request, $this->response);
|
$user = $this->Auth->identify($this->request, $this->response);
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
<div class="index">
|
<div class="index">
|
||||||
<h2><?= __("Latest news") ?></h2>
|
<h2><?= __("Latest news") ?></h2>
|
||||||
|
|
||||||
<?php if ($hasUnreadNews): ?>
|
<?php if ($hasUnreadNews): ?>
|
||||||
<div class="alert alert-success">
|
<div class="alert alert-success">
|
||||||
<p><?= __('You have unread news.') ?></p>
|
<p><?= __('You have unread news.') ?></p>
|
||||||
<a class="btn btn-success" href="<?= $homepage ?>"><?= __('Continue to homepage') ?></a>
|
<a class="btn btn-success" href="<?= isset($homepage['path']) ? $homepage['path'] : $homepage ?>"><?= __('Continue to homepage') ?></a>
|
||||||
</div>
|
</div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
|
|
|
@ -1237,25 +1237,25 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"column_name": "created",
|
"column_name": "created",
|
||||||
"is_nullable": "YES",
|
"is_nullable": "NO",
|
||||||
"data_type": "datetime",
|
"data_type": "datetime",
|
||||||
"character_maximum_length": null,
|
"character_maximum_length": null,
|
||||||
"numeric_precision": null,
|
"numeric_precision": null,
|
||||||
"collation_name": null,
|
"collation_name": null,
|
||||||
"column_type": "datetime",
|
"column_type": "datetime",
|
||||||
"column_default": "current_timestamp()",
|
"column_default": null,
|
||||||
"extra": ""
|
"extra": ""
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"column_name": "modified",
|
"column_name": "modified",
|
||||||
"is_nullable": "YES",
|
"is_nullable": "NO",
|
||||||
"data_type": "datetime",
|
"data_type": "datetime",
|
||||||
"character_maximum_length": null,
|
"character_maximum_length": null,
|
||||||
"numeric_precision": null,
|
"numeric_precision": null,
|
||||||
"collation_name": null,
|
"collation_name": null,
|
||||||
"column_type": "datetime",
|
"column_type": "datetime",
|
||||||
"column_default": "NULL",
|
"column_default": null,
|
||||||
"extra": "on update current_timestamp()"
|
"extra": ""
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"column_name": "distribution",
|
"column_name": "distribution",
|
||||||
|
|
|
@ -804,9 +804,6 @@ class TestSecurity(unittest.TestCase):
|
||||||
logged_in = PyMISP(url, self.test_usr.authkey)
|
logged_in = PyMISP(url, self.test_usr.authkey)
|
||||||
logged_in.global_pythonify = True
|
logged_in.global_pythonify = True
|
||||||
|
|
||||||
with self.assertRaises(Exception):
|
|
||||||
send(logged_in, "GET", f"/users/email_otp")
|
|
||||||
|
|
||||||
with self.assertRaises(Exception):
|
with self.assertRaises(Exception):
|
||||||
send(logged_in, "GET", f"/users/totp_new")
|
send(logged_in, "GET", f"/users/totp_new")
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue