/**
* Obtener la pestaña de seguridad
*/
public function getSecurityTab()
{
$this->setAction(self::ACTION_USR_PREFERENCES_SECURITY);
$this->view->addTemplate('security');
$twoFa = new Auth2FA($this->_userId, Session::getUserLogin());
if (!$this->_userPrefs->isUse2Fa()) {
$this->view->assign('qrCode', $twoFa->getUserQRCode());
}
$this->view->assign('userId', $this->_userId);
$this->view->assign('chk2FAEnabled', $this->_userPrefs->isUse2Fa());
$this->view->append('tabs', array('title' => _('Seguridad')));
$this->view->assign('tabIndex', $this->getTabIndex(), 'security');
$this->view->assign('actionId', $this->getAction(), 'security');
}
/**
* Obtener los datos para la presentación de la tabla de eventos
*/
public function getEventlog()
{
$this->setAction(self::ACTION_EVL);
if (!$this->checkAccess()) {
return;
}
$this->view->addTemplate('eventlog');
$this->view->assign('rowClass', 'row_even');
$this->view->assign('isDemoMode', \SP\Util::demoIsEnabled() || !\SP\Session::getUserIsAdminApp());
$this->view->assign('limitStart', isset($this->view->limitStart) ? (int) $this->view->limitStart : 0);
$this->view->assign('events', \SP\Log::getEvents($this->view->limitStart));
$this->view->assign('totalRows', \SP\Log::$numRows);
$this->view->assign('firstPage', ceil(($this->view->limitStart + 1) / self::MAX_ROWS));
$this->view->assign('lastPage', ceil(\SP\Log::$numRows / self::MAX_ROWS));
$limitLast = \SP\Log::$numRows % self::MAX_ROWS == 0 ? \SP\Log::$numRows - self::MAX_ROWS : floor(\SP\Log::$numRows / self::MAX_ROWS) * self::MAX_ROWS;
$this->view->assign('pagerOnnClick', array('first' => 'sysPassUtil.Common.navLog(0,' . $this->view->limitStart . ')', 'last' => 'sysPassUtil.Common.navLog(' . $limitLast . ',' . $this->view->limitStart . ')', 'prev' => 'sysPassUtil.Common.navLog(' . ($this->view->limitStart - self::MAX_ROWS) . ',' . $this->view->limitStart . ')', 'next' => 'sysPassUtil.Common.navLog(' . ($this->view->limitStart + self::MAX_ROWS) . ',' . $this->view->limitStart . ')'));
}
/**
* @param $actionId int El id de la acción
* @param $authToken string El token de seguridad
* @param null $userPass string La clave del usuario
* @throws SPException
*/
public function __construct($actionId, $authToken, $userPass = null)
{
if (!Auth::checkAuthToken($actionId, $authToken)) {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
$this->_userId = ApiTokens::getUserIdForToken($authToken);
$this->_actionId = $actionId;
$this->_auth = true;
if (!is_null($userPass)) {
$userLogin = UserUtil::getUserLoginById($this->_userId);
$User = new User();
$User->setUserId($this->_userId);
$User->setUserLogin($userLogin);
$User->setUserPass($userPass);
if (Auth::authUserMySQL($userLogin, $userPass) && !UserUtil::checkUserIsDisabled($userLogin) && UserPass::checkUserMPass($User) && UserPass::checkUserUpdateMPass($userLogin) && !$User->isUserChangePass()) {
$this->_mPass = $User->getUserMPass(true);
} else {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
}
Session::setUserId($this->_userId);
}
/**
* Obtener la lista de campos personalizados y sus valores
*/
private function getCustomFieldsForItem()
{
// Establecer el id de la cuenta en activo y no del historial
$id = Session::getLastAcountId() !== 0 ? Session::getLastAcountId() : $this->getId();
// Se comprueba que hayan campos con valores para la cuenta actual
if ($this->isGotData() && CustomFields::checkCustomFieldExists(ActionsInterface::ACTION_ACC_NEW, $id)) {
$this->view->assign('customFields', CustomFields::getCustomFieldsData(ActionsInterface::ACTION_ACC_NEW, $id));
} else {
$this->view->assign('customFields', CustomFields::getCustomFieldsForModule(ActionsInterface::ACTION_ACC_NEW));
}
}
$controller = new SP\Controller\ConfigC($tpl);
$controller->getGeneralTab();
$controller->getWikiTab();
$controller->getLdapTab();
$controller->getMailTab();
$controller->getEncryptionTab();
$controller->getBackupTab();
$controller->getImportTab();
$controller->getInfoTab();
$tpl->addTemplate('tabs-end');
break;
case \SP\Controller\ActionsInterface::ACTION_EVL:
$controller = new SP\Controller\EventlogC($tpl);
$controller->getEventlog();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES:
case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_GENERAL:
case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY:
$tpl->addTemplate('tabs-start');
$controller = new \SP\Controller\UsersPrefsC($tpl);
$controller->getPreferencesTab();
$controller->getSecurityTab();
$tpl->addTemplate('tabs-end');
break;
}
// Se comprueba si se debe de mostrar la vista de depuración
if (\SP\Session::getUserIsAdminApp() && SP\Config::getValue('debug')) {
$controller->getDebug();
}
$tpl->addTemplate('js-common');
$controller->view();
/**
* Inicializar la vista de cambio de clave de usuario
*/
public function getUserPass()
{
$this->setAction(self::ACTION_USR_USERS_EDITPASS);
// Comprobar si el usuario a modificar es distinto al de la sesión
if ($this->view->userId != Session::getUserId() && !$this->checkAccess()) {
return;
}
$this->view->addTemplate('userspass');
$this->view->assign('actionId', self::ACTION_USR_USERS_EDITPASS);
// Obtener de nuevo el token de seguridad por si se habñia regenerado antes
$this->view->assign('sk', SessionUtil::getSessionKey());
}
/**
* Obtener la pestaña de encriptación
*
* @return bool
*/
public function getEncryptionTab()
{
$this->setAction(self::ACTION_CFG_ENCRYPTION);
if (!$this->checkAccess()) {
return;
}
$this->view->addTemplate('encryption');
$this->view->assign('lastUpdateMPass', ConfigDB::getValue("lastupdatempass"));
$this->view->assign('tempMasterPassTime', ConfigDB::getValue("tempmaster_passtime"));
$this->view->assign('tempMasterMaxTime', ConfigDB::getValue("tempmaster_maxtime"));
$this->view->assign('tempMasterPass', Session::getTemporaryMasterPass());
$this->view->append('tabs', array('title' => _('Encriptación')));
$this->view->assign('tabIndex', $this->getTabIndex(), 'encryption');
}
/**
* Comprobar si el usuario está logado.
*
* @returns bool
*/
public static function isLoggedIn()
{
if (Session::getUserLogin() && Session::get2FApassed()) {
return true;
}
return false;
}
/**
* Seleccionar un color para la cuenta
*
* @param int $id El id del elemento a asignar
* @return mixed
*/
private function pickAccountColor($id)
{
$accountColor = Session::getAccountColor();
if (!isset($accountColor) || !is_array($accountColor) || !isset($accountColor[$id])) {
// Se asigna el color de forma aleatoria a cada id
$color = array_rand($this->_colors);
$accountColor[$id] = '#' . $this->_colors[$color];
Session::setAccountColor($accountColor);
}
return $accountColor[$id];
}
/**
* Obtener los datos para la mostrar la barra de sesión
*/
private function getSessionBar()
{
$this->view->addTemplate('sessionbar');
$this->view->assign('adminApp', Session::getUserIsAdminApp() ? '<span title="' . _('Admin Aplicación') . '">(A+)</span>' : '');
$this->view->assign('userId', Session::getUserId());
$this->view->assign('userLogin', strtoupper(Session::getUserLogin()));
$this->view->assign('userName', Session::getUserName() ? Session::getUserName() : strtoupper($this->view->userLogin));
$this->view->assign('userGroup', Session::getUserGroupName());
$this->view->assign('showPassIcon', !Session::getUserIsLdap());
}
$User->setUserIsDisabled(SP\Request::analyze('disabled', 0, false, 1));
$User->setUserChangePass(SP\Request::analyze('changepass', 0, false, 1));
$User->setUserPass(SP\Request::analyzeEncrypted('pass'));
// Nuevo usuario o editar
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT) {
if (!$User->getUserName() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un nombre de usuario'), 2);
} elseif (!$User->getUserLogin() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un login'), 2);
} elseif (!$User->getUserProfileId()) {
SP\Response::printJSON(_('Es necesario un perfil'), 2);
} elseif (!$User->getUserGroupId()) {
SP\Response::printJSON(_('Es necesario un grupo'), 2);
} elseif (!$User->getUserEmail() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un email'), 2);
} elseif (SP\Util::demoIsEnabled() && !\SP\Session::getUserIsAdminApp() && $User->getUserLogin() == 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
switch ($User->checkUserExist()) {
case UserUtil::USER_LOGIN_EXIST:
SP\Response::printJSON(_('Login de usuario duplicado'), 2);
break;
case UserUtil::USER_MAIL_EXIST:
SP\Response::printJSON(_('Email de usuario duplicado'), 2);
break;
}
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW) {
if (!$User->getUserPass() || !$userPassR) {
SP\Response::printJSON(_('La clave no puede estar en blanco'), 2);
} elseif ($User->getUserPass() != $userPassR) {
SP\Response::printJSON(_('Las claves no coinciden'), 2);
/**
* Actualizar un token
*
* @throws SPException
*/
public function updateToken()
{
$this->checkTokenExist();
if ($this->_refreshToken) {
$this->refreshToken();
}
$query = 'UPDATE authTokens ' . 'SET authtoken_userId = :userid,' . 'authtoken_actionId = :actionid,' . 'authtoken_createdBy = :createdby,' . 'authtoken_token = :token,' . 'authtoken_startDate = UNIX_TIMESTAMP() ' . 'WHERE authtoken_id = :id LIMIT 1';
$data['id'] = $this->_tokenId;
$data['userid'] = $this->_userId;
$data['actionid'] = $this->_actionId;
$data['createdby'] = Session::getUserId();
$data['token'] = $this->getUserToken() ? $this->_token : sha1(uniqid() . time());
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
$Log = new Log(_('Actualizar Autorización'));
$Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId)));
$Log->writeLog();
Email::sendEmail($Log);
}
$UserPrefs->setSortViews($sortViews);
$UserPrefs->setTopNavbar($topNavbar);
$UserPrefs->setOptionalActions($optionalActions);
if (!$UserPrefs->updatePreferences()) {
SP\Response::printJSON(_('Error al actualizar preferencias'));
}
// Forzar la detección del lenguaje tras actualizar
SP\Language::setLanguage(true);
SP\Themes::setTheme(true);
// Actualizar las preferencias en la sesión y recargar la página
SP\Session::setUserPreferences($UserPrefs);
SP\Util::reload();
SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) {
if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
// Variables POST del formulario
$twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1);
$pin = SP\Request::analyze('security_pin', 0);
$userLogin = UserUtil::getUserLoginById($itemId);
$twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin);
if (!$twoFa->verifyKey($pin)) {
SP\Response::printJSON(_('Código incorrecto'));
}
// No se instancia la clase ya que es necesario guardar los atributos ya guardados
$UserPrefs = \SP\UserPreferences::getPreferences($itemId);
$UserPrefs->setId($itemId);
$UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled));
if (!$UserPrefs->updatePreferences()) {
use SP\Request;
use SP\UserPass;
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$accountId = SP\Request::analyze('accountid', false);
$isHistory = SP\Request::analyze('isHistory', false);
if (!$accountId) {
return;
}
$account = !$isHistory ? new SP\Account() : new SP\AccountHistory();
$account->setAccountParentId(\SP\Session::getAccountParentId());
$account->setAccountId($accountId);
$accountData = $account->getAccountPassData();
if ($isHistory && !$account->checkAccountMPass()) {
SP\Response::printJSON(_('La clave maestra no coincide'));
}
if (!SP\Acl::checkAccountAccess(SP\Acl::ACTION_ACC_VIEW_PASS, $account->getAccountDataForACL()) || !SP\Acl::checkUserAccess(SP\Acl::ACTION_ACC_VIEW_PASS)) {
SP\Response::printJSON(_('No tiene permisos para acceder a esta cuenta'));
} elseif (!UserPass::checkUserUpdateMPass()) {
SP\Response::printJSON(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla'));
}
$accountClearPass = SP\Crypt::getDecrypt($accountData->pass, $accountData->iv);
if (!$isHistory) {
$account->incrementDecryptCounter();
$log = new \SP\Log(_('Ver Clave'));
$log->addDescription(_('ID') . ': ' . $accountId);
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$userId = SP\Request::analyze('itemId', 0);
$pin = SP\Request::analyze('security_pin', 0);
$twoFa = new \SP\Auth\Auth2FA($userId, $userLogin);
if ($userId && $pin && $twoFa->verifyKey($pin)) {
\SP\Session::set2FApassed(true);
SP\Response::printJSON(_('Código correcto'), 0, 'sysPassUtil.Common.redirect(\'index.php\')');
} else {
\SP\Session::set2FApassed(false);
SP\Response::printJSON(_('Código incorrecto'));
}
