protected function checkOtp() { if (IsModuleInstalled('intranet')) { //OTP not used in Bitrix Intranet Portal return; } if (CSecurityUser::isActive()) { $dbUser = $this->getAdminUserList(); while ($user = $dbUser->fetch()) { $userInfo = CSecurityUser::getSecurityUserInfo($user['ID']); if (!$userInfo) { $this->addUnformattedDetailError('SECURITY_SITE_CHECKER_ADMIN_OTP_NOT_USED', CSecurityCriticalLevel::MIDDLE); } } } else { $this->addUnformattedDetailError('SECURITY_SITE_CHECKER_OTP_NOT_USED', CSecurityCriticalLevel::MIDDLE); } }
" enctype="multipart/form-data" name="editform"> <?php echo bitrix_sessid_post(); ?> <input type="hidden" name="lang" value="<?php echo LANG; ?> "> <?php $tabControl->Begin(); $tabControl->BeginNextTab(); ?> <tr> <td colspan="2" align="left"> <?php if (CSecurityUser::isActive()) { ?> <input type="hidden" name="otp_active" value="N"> <input type="submit" name="otp_siteb" value="<?php echo GetMessage("SEC_OTP_NEW_BUTTON_OFF"); ?> "<?php if (!$canWrite) { echo " disabled"; } ?> > <?php } else { ?> <input type="hidden" name="otp_active" value="Y">
<?php $securityWarningTmp = ""; if (CModule::IncludeModule("security") && check_bitrix_sessid() && $USER->CanDoOperation('security_edit_user_otp')) { $arSecurityFields = array("USER_ID" => $ID, "ACTIVE" => $security_ACTIVE, "SECRET" => $security_SECRET, "SYNC1" => $security_SYNC1, "SYNC2" => $security_SYNC2); $security_res = CSecurityUser::update($arSecurityFields); }
$rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC")); $arIPRule = $rsIPRule->Fetch(); if ($arIPRule) { $bIPProtection = $arIPRule["ACTIVE"] == "Y"; } else { $bIPProtection = false; } $msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true); $data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? ' ' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION"))); $bSessionsDB = COption::GetOptionString("security", "session") == "Y"; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION"))); $bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION"))); $bRedirect = CSecurityRedirect::IsActive(); $data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? ' ' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION"))); $bOTP = CSecurityUser::isActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? ' ' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION"))); $timeFC = COption::GetOptionInt("security", "last_files_check", -1); $data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? ' ' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION"))); $bSecurityAV = CSecurityAntiVirus::IsActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION"))); $strSecurityAVAction = COption::GetOptionString("security", "antivirus_action"); $data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION"))); $rsSecurityWhiteList = CSecurityAntiVirus::GetWhiteList(); if ($rsSecurityWhiteList->Fetch()) { $bSecurityWhiteList = true; } else { $bSecurityWhiteList = false; } $data['very_high']['ITEMS'][] = array("IS_OK" => !$bSecurityWhiteList, "KPI_NAME" => GetMessage("SEC_PANEL_AV_WHITE_LIST_NAME"), "KPI_VALUE" => $bSecurityWhiteList ? GetMessage("SEC_PANEL_AV_WHITE_LIST_VALUE_ON") : GetMessage("SEC_PANEL_AV_WHITE_LIST_VALUE_OFF"), "KPI_RECOMMENDATION" => !$bSecurityWhiteList ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=exceptions">' . GetMessage("SEC_PANEL_AV_WHITE_LIST_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_WHITE_LIST_RECOMMENDATION"))); $days = COption::GetOptionInt("main", "event_log_cleanup_days", 7);
header('Access-Control-Max-Age: 60'); //header('Access-Control-Allow-Headers: *'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept'); die(''); } define("ADMIN_SECTION", false); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; if ($_POST['action'] != 'register' && $_POST['action'] != 'unregister' || $_POST['secret'] == "") { CHTTP::SetStatus("403 Forbidden"); die; } if ($USER->Login($_POST['login'], $_POST['password']) !== true) { if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};"; } CHTTP::SetStatus("401 Unauthorized"); die; } if (!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if ($_POST['action'] != 'register') { $_POST['secret'] = ""; } if (!CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y"))) { //print_r($APPLICATION->GetException()); } $USER->Logout();
/** * @param bool $pActive */ public static function setActive($pActive = false) { if($pActive) { if(!CSecurityUser::isActive()) { RegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin", "100"); $f = fopen($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/options_user_settings.php", "w"); fwrite($f, "<?include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\");?>"); fclose($f); } } else { if(CSecurityUser::isActive()) { UnRegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin"); unlink($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/options_user_settings.php"); } } }
$cache_id = 'user_otp_' . intval($USER->GetID() / 100); $cache_dir = '/otp/user_id'; $obCache = new CPHPCache(); if ($obCache->InitCache($ttl, $cache_id, $cache_dir)) { $arUserOtp = $obCache->GetVars(); } else { $arUserOtp = array("ACTIVE" => CSecurityUser::IsUserOtpActive($USER->GetID())); if (defined("BX_COMP_MANAGED_CACHE")) { global $CACHE_MANAGER; $CACHE_MANAGER->StartTagCache($cache_dir); $CACHE_MANAGER->RegisterTag("USER_OTP_" . intval($USER->GetID() / 100)); $CACHE_MANAGER->EndTagCache(); } if ($obCache->StartDataCache()) { $obCache->EndDataCache($arUserOtp); } } $arParams["PATH_TO_PROFILE_SECURITY"] = trim($arParams["PATH_TO_PROFILE_SECURITY"]); if (strlen($arParams["PATH_TO_PROFILE_SECURITY"]) <= 0) { $arParams["PATH_TO_PROFILE_SECURITY"] = SITE_DIR . "company/personal/user/#user_id#/security/"; } $arResult["PATH_TO_PROFILE_SECURITY"] = CComponentEngine::MakePathFromTemplate($arParams["PATH_TO_PROFILE_SECURITY"], array("user_id" => $USER->GetID())); //for all mandatory $IsUserSkipMandatoryRights = CSecurityUser::IsUserSkipMandatoryRights($USER->GetID()); $dateDeactivate = CSecurityUser::GetDeactivateUntil($USER->GetID()); if (!$arUserOtp["ACTIVE"] && !isset($_SESSION["OTP_MANDATORY_INFO"]) && !$IsUserSkipMandatoryRights && $dateDeactivate) { $arResult["POPUP_NAME"] = "otp_mandatory_info"; $_SESSION["OTP_MANDATORY_INFO"] = "Y"; $arResult["USER"]["OTP_DAYS_LEFT"] = $dateDeactivate ? FormatDate("ddiff", time() - 60 * 60 * 24, MakeTimeStamp($dateDeactivate)) : ""; $this->IncludeComponentTemplate(); }
$arJsonData["error"] = "Y"; } break; case "activate": if (CModule::IncludeModule("security")) { $res = CSecurityUser::ActivateUserOtp($userId); if ($res) { $arJsonData["success"] = "Y"; } else { $arJsonData["error"] = "Y"; } } else { $arJsonData["error"] = "Y"; } break; case "defer": if (CModule::IncludeModule("security")) { $numDays = intval($_POST["numDays"]); $res = CSecurityUser::DeferUserOtp($userId, $numDays); if ($res) { $arJsonData["success"] = "Y"; } else { $arJsonData["error"] = "Y"; } } else { $arJsonData["error"] = "Y"; } break; } echo \Bitrix\Main\Web\Json::encode($arJsonData); }
/** * @param bool $pActive */ public static function setActive($pActive = false) { $otpRecheckAgent = 'Bitrix\\Security\\Mfa\\OtpEvents::onRecheckDeactivate();'; if ($pActive) { if (!CSecurityUser::isActive()) { RegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin", "100"); RegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout", "100"); CAgent::RemoveAgent($otpRecheckAgent, "security"); CAgent::Add(array("NAME" => $otpRecheckAgent, "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 3600, "IS_PERIOD" => "N")); $f = fopen($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/options_user_settings.php", "w"); fwrite($f, "<?include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\");?>"); fclose($f); COption::SetOptionString('security', 'otp_enabled', 'Y'); } } else { if (CSecurityUser::isActive()) { UnRegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin"); UnRegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout"); CAgent::RemoveAgent($otpRecheckAgent, "security"); unlink($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/options_user_settings.php"); COption::SetOptionString('security', 'otp_enabled', 'N'); } } }
} } $arResult["tasks"] = array("SHOW" => false, "TITLE" => GetMessage("SONET_C39_TASKS_TITLE")); if (array_key_exists("tasks", $arResult["ActiveFeatures"]) && (CSocNetFeaturesPerms::CanPerformOperation($USER->GetID(), SONET_ENTITY_USER, $arResult["User"]["ID"], "tasks", "view", CSocNetUser::IsCurrentUserModuleAdmin()) || $APPLICATION->GetGroupRight("intranet") >= "W") && CModule::IncludeModule("intranet")) { $arResult["tasks"]["SHOW"] = true; if (StrLen($arResult["ActiveFeatures"]["tasks"]) > 0) { $arResult["tasks"]["TITLE"] = $arResult["ActiveFeatures"]["tasks"]; } } } } if (array_key_exists("RatingMultiple", $arResult) && count($arResult["RatingMultiple"]) > 0) { foreach ($arParams["RATING_ID_ARR"] as $rating_id) { if (array_key_exists($rating_id, $arResult["RatingMultiple"])) { $arResult["RatingMultiple"][$rating_id]["VALUE"] = $arResult["User"]["RATING_" . $rating_id . "_CURRENT_VALUE"]; } } } //otp if (CModule::IncludeModule("security")) { $arResult["User"]["OTP"]["IS_MANDATORY"] = CSecurityUser::IsOtpMandatory(); $arResult["User"]["OTP"]["IS_ACTIVE"] = CSecurityUser::IsUserOtpActive($arResult["User"]["ID"]); $arResult["User"]["OTP"]["IS_EXIST"] = CSecurityUser::IsUserOtpExist($arResult["User"]["ID"]); $arResult["User"]["OTP"]["ARE_RECOVERY_CODES_ENABLED"] = Bitrix\Security\Mfa\Otp::isRecoveryCodesEnabled(); $dateDeactivate = CSecurityUser::GetDeactivateUntil($arResult["User"]["ID"]); $arResult["User"]["OTP"]["NUM_LEFT_DAYS"] = $dateDeactivate ? FormatDate("ddiff", time() - 60 * 60 * 24, MakeTimeStamp($dateDeactivate)) : ""; } } } $this->IncludeComponentTemplate(); return array("NAME" => $arResult["User"]["NAME_FORMATTED"]);
die; } if ($USER->Login($_POST['login'], $_POST['password']) !== true) { if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};"; } CHTTP::SetStatus("401 Unauthorized"); die; } if (!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if ($_POST['action'] != 'register') { $_POST['secret'] = ""; } $isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP)); if (!$isUpdated) { //print_r($APPLICATION->GetException()); CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } $USER->Logout();