Exemplo n.º 1
0
 /**
  * Obtener la pestaña de seguridad
  */
 public function getSecurityTab()
 {
     $this->setAction(self::ACTION_USR_PREFERENCES_SECURITY);
     $this->view->addTemplate('security');
     $twoFa = new Auth2FA($this->_userId, Session::getUserLogin());
     if (!$this->_userPrefs->isUse2Fa()) {
         $this->view->assign('qrCode', $twoFa->getUserQRCode());
     }
     $this->view->assign('userId', $this->_userId);
     $this->view->assign('chk2FAEnabled', $this->_userPrefs->isUse2Fa());
     $this->view->append('tabs', array('title' => _('Seguridad')));
     $this->view->assign('tabIndex', $this->getTabIndex(), 'security');
     $this->view->assign('actionId', $this->getAction(), 'security');
 }
Exemplo n.º 2
0
 /**
  * Obtener los datos para la presentación de la tabla de eventos
  */
 public function getEventlog()
 {
     $this->setAction(self::ACTION_EVL);
     if (!$this->checkAccess()) {
         return;
     }
     $this->view->addTemplate('eventlog');
     $this->view->assign('rowClass', 'row_even');
     $this->view->assign('isDemoMode', \SP\Util::demoIsEnabled() || !\SP\Session::getUserIsAdminApp());
     $this->view->assign('limitStart', isset($this->view->limitStart) ? (int) $this->view->limitStart : 0);
     $this->view->assign('events', \SP\Log::getEvents($this->view->limitStart));
     $this->view->assign('totalRows', \SP\Log::$numRows);
     $this->view->assign('firstPage', ceil(($this->view->limitStart + 1) / self::MAX_ROWS));
     $this->view->assign('lastPage', ceil(\SP\Log::$numRows / self::MAX_ROWS));
     $limitLast = \SP\Log::$numRows % self::MAX_ROWS == 0 ? \SP\Log::$numRows - self::MAX_ROWS : floor(\SP\Log::$numRows / self::MAX_ROWS) * self::MAX_ROWS;
     $this->view->assign('pagerOnnClick', array('first' => 'sysPassUtil.Common.navLog(0,' . $this->view->limitStart . ')', 'last' => 'sysPassUtil.Common.navLog(' . $limitLast . ',' . $this->view->limitStart . ')', 'prev' => 'sysPassUtil.Common.navLog(' . ($this->view->limitStart - self::MAX_ROWS) . ',' . $this->view->limitStart . ')', 'next' => 'sysPassUtil.Common.navLog(' . ($this->view->limitStart + self::MAX_ROWS) . ',' . $this->view->limitStart . ')'));
 }
Exemplo n.º 3
0
 /**
  * @param      $actionId  int El id de la acción
  * @param      $authToken string El token de seguridad
  * @param null $userPass  string La clave del usuario
  * @throws SPException
  */
 public function __construct($actionId, $authToken, $userPass = null)
 {
     if (!Auth::checkAuthToken($actionId, $authToken)) {
         throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
     }
     $this->_userId = ApiTokens::getUserIdForToken($authToken);
     $this->_actionId = $actionId;
     $this->_auth = true;
     if (!is_null($userPass)) {
         $userLogin = UserUtil::getUserLoginById($this->_userId);
         $User = new User();
         $User->setUserId($this->_userId);
         $User->setUserLogin($userLogin);
         $User->setUserPass($userPass);
         if (Auth::authUserMySQL($userLogin, $userPass) && !UserUtil::checkUserIsDisabled($userLogin) && UserPass::checkUserMPass($User) && UserPass::checkUserUpdateMPass($userLogin) && !$User->isUserChangePass()) {
             $this->_mPass = $User->getUserMPass(true);
         } else {
             throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
         }
     }
     Session::setUserId($this->_userId);
 }
Exemplo n.º 4
0
 /**
  * Obtener la lista de campos personalizados y sus valores
  */
 private function getCustomFieldsForItem()
 {
     // Establecer el id de la cuenta en activo y no del historial
     $id = Session::getLastAcountId() !== 0 ? Session::getLastAcountId() : $this->getId();
     // Se comprueba que hayan campos con valores para la cuenta actual
     if ($this->isGotData() && CustomFields::checkCustomFieldExists(ActionsInterface::ACTION_ACC_NEW, $id)) {
         $this->view->assign('customFields', CustomFields::getCustomFieldsData(ActionsInterface::ACTION_ACC_NEW, $id));
     } else {
         $this->view->assign('customFields', CustomFields::getCustomFieldsForModule(ActionsInterface::ACTION_ACC_NEW));
     }
 }
Exemplo n.º 5
0
        $controller = new SP\Controller\ConfigC($tpl);
        $controller->getGeneralTab();
        $controller->getWikiTab();
        $controller->getLdapTab();
        $controller->getMailTab();
        $controller->getEncryptionTab();
        $controller->getBackupTab();
        $controller->getImportTab();
        $controller->getInfoTab();
        $tpl->addTemplate('tabs-end');
        break;
    case \SP\Controller\ActionsInterface::ACTION_EVL:
        $controller = new SP\Controller\EventlogC($tpl);
        $controller->getEventlog();
        break;
    case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES:
    case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_GENERAL:
    case \SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY:
        $tpl->addTemplate('tabs-start');
        $controller = new \SP\Controller\UsersPrefsC($tpl);
        $controller->getPreferencesTab();
        $controller->getSecurityTab();
        $tpl->addTemplate('tabs-end');
        break;
}
// Se comprueba si se debe de mostrar la vista de depuración
if (\SP\Session::getUserIsAdminApp() && SP\Config::getValue('debug')) {
    $controller->getDebug();
}
$tpl->addTemplate('js-common');
$controller->view();
Exemplo n.º 6
0
 /**
  * Inicializar la vista de cambio de clave de usuario
  */
 public function getUserPass()
 {
     $this->setAction(self::ACTION_USR_USERS_EDITPASS);
     // Comprobar si el usuario a modificar es distinto al de la sesión
     if ($this->view->userId != Session::getUserId() && !$this->checkAccess()) {
         return;
     }
     $this->view->addTemplate('userspass');
     $this->view->assign('actionId', self::ACTION_USR_USERS_EDITPASS);
     // Obtener de nuevo el token de seguridad por si se habñia regenerado antes
     $this->view->assign('sk', SessionUtil::getSessionKey());
 }
Exemplo n.º 7
0
 /**
  * Obtener la pestaña de encriptación
  *
  * @return bool
  */
 public function getEncryptionTab()
 {
     $this->setAction(self::ACTION_CFG_ENCRYPTION);
     if (!$this->checkAccess()) {
         return;
     }
     $this->view->addTemplate('encryption');
     $this->view->assign('lastUpdateMPass', ConfigDB::getValue("lastupdatempass"));
     $this->view->assign('tempMasterPassTime', ConfigDB::getValue("tempmaster_passtime"));
     $this->view->assign('tempMasterMaxTime', ConfigDB::getValue("tempmaster_maxtime"));
     $this->view->assign('tempMasterPass', Session::getTemporaryMasterPass());
     $this->view->append('tabs', array('title' => _('Encriptación')));
     $this->view->assign('tabIndex', $this->getTabIndex(), 'encryption');
 }
Exemplo n.º 8
0
 /**
  * Comprobar si el usuario está logado.
  *
  * @returns bool
  */
 public static function isLoggedIn()
 {
     if (Session::getUserLogin() && Session::get2FApassed()) {
         return true;
     }
     return false;
 }
Exemplo n.º 9
0
 /**
  * Seleccionar un color para la cuenta
  *
  * @param int $id El id del elemento a asignar
  * @return mixed
  */
 private function pickAccountColor($id)
 {
     $accountColor = Session::getAccountColor();
     if (!isset($accountColor) || !is_array($accountColor) || !isset($accountColor[$id])) {
         // Se asigna el color de forma aleatoria a cada id
         $color = array_rand($this->_colors);
         $accountColor[$id] = '#' . $this->_colors[$color];
         Session::setAccountColor($accountColor);
     }
     return $accountColor[$id];
 }
Exemplo n.º 10
0
 /**
  * Obtener los datos para la mostrar la barra de sesión
  */
 private function getSessionBar()
 {
     $this->view->addTemplate('sessionbar');
     $this->view->assign('adminApp', Session::getUserIsAdminApp() ? '<span title="' . _('Admin Aplicación') . '">(A+)</span>' : '');
     $this->view->assign('userId', Session::getUserId());
     $this->view->assign('userLogin', strtoupper(Session::getUserLogin()));
     $this->view->assign('userName', Session::getUserName() ? Session::getUserName() : strtoupper($this->view->userLogin));
     $this->view->assign('userGroup', Session::getUserGroupName());
     $this->view->assign('showPassIcon', !Session::getUserIsLdap());
 }
Exemplo n.º 11
0
 $User->setUserIsDisabled(SP\Request::analyze('disabled', 0, false, 1));
 $User->setUserChangePass(SP\Request::analyze('changepass', 0, false, 1));
 $User->setUserPass(SP\Request::analyzeEncrypted('pass'));
 // Nuevo usuario o editar
 if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT) {
     if (!$User->getUserName() && !$isLdap) {
         SP\Response::printJSON(_('Es necesario un nombre de usuario'), 2);
     } elseif (!$User->getUserLogin() && !$isLdap) {
         SP\Response::printJSON(_('Es necesario un login'), 2);
     } elseif (!$User->getUserProfileId()) {
         SP\Response::printJSON(_('Es necesario un perfil'), 2);
     } elseif (!$User->getUserGroupId()) {
         SP\Response::printJSON(_('Es necesario un grupo'), 2);
     } elseif (!$User->getUserEmail() && !$isLdap) {
         SP\Response::printJSON(_('Es necesario un email'), 2);
     } elseif (SP\Util::demoIsEnabled() && !\SP\Session::getUserIsAdminApp() && $User->getUserLogin() == 'demo') {
         SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
     }
     switch ($User->checkUserExist()) {
         case UserUtil::USER_LOGIN_EXIST:
             SP\Response::printJSON(_('Login de usuario duplicado'), 2);
             break;
         case UserUtil::USER_MAIL_EXIST:
             SP\Response::printJSON(_('Email de usuario duplicado'), 2);
             break;
     }
     if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW) {
         if (!$User->getUserPass() || !$userPassR) {
             SP\Response::printJSON(_('La clave no puede estar en blanco'), 2);
         } elseif ($User->getUserPass() != $userPassR) {
             SP\Response::printJSON(_('Las claves no coinciden'), 2);
Exemplo n.º 12
0
 /**
  * Actualizar un token
  *
  * @throws SPException
  */
 public function updateToken()
 {
     $this->checkTokenExist();
     if ($this->_refreshToken) {
         $this->refreshToken();
     }
     $query = 'UPDATE authTokens ' . 'SET authtoken_userId = :userid,' . 'authtoken_actionId = :actionid,' . 'authtoken_createdBy = :createdby,' . 'authtoken_token = :token,' . 'authtoken_startDate = UNIX_TIMESTAMP() ' . 'WHERE authtoken_id = :id LIMIT 1';
     $data['id'] = $this->_tokenId;
     $data['userid'] = $this->_userId;
     $data['actionid'] = $this->_actionId;
     $data['createdby'] = Session::getUserId();
     $data['token'] = $this->getUserToken() ? $this->_token : sha1(uniqid() . time());
     try {
         DB::getQuery($query, __FUNCTION__, $data);
     } catch (SPException $e) {
         throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
     }
     $Log = new Log(_('Actualizar Autorización'));
     $Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId)));
     $Log->writeLog();
     Email::sendEmail($Log);
 }
Exemplo n.º 13
0
    $UserPrefs->setSortViews($sortViews);
    $UserPrefs->setTopNavbar($topNavbar);
    $UserPrefs->setOptionalActions($optionalActions);
    if (!$UserPrefs->updatePreferences()) {
        SP\Response::printJSON(_('Error al actualizar preferencias'));
    }
    // Forzar la detección del lenguaje tras actualizar
    SP\Language::setLanguage(true);
    SP\Themes::setTheme(true);
    // Actualizar las preferencias en la sesión y recargar la página
    SP\Session::setUserPreferences($UserPrefs);
    SP\Util::reload();
    SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
    if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) {
        if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') {
            SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
        }
        // Variables POST del formulario
        $twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1);
        $pin = SP\Request::analyze('security_pin', 0);
        $userLogin = UserUtil::getUserLoginById($itemId);
        $twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin);
        if (!$twoFa->verifyKey($pin)) {
            SP\Response::printJSON(_('Código incorrecto'));
        }
        // No se instancia la clase ya que es necesario guardar los atributos ya guardados
        $UserPrefs = \SP\UserPreferences::getPreferences($itemId);
        $UserPrefs->setId($itemId);
        $UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled));
        if (!$UserPrefs->updatePreferences()) {
Exemplo n.º 14
0
use SP\Request;
use SP\UserPass;
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
    SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$accountId = SP\Request::analyze('accountid', false);
$isHistory = SP\Request::analyze('isHistory', false);
if (!$accountId) {
    return;
}
$account = !$isHistory ? new SP\Account() : new SP\AccountHistory();
$account->setAccountParentId(\SP\Session::getAccountParentId());
$account->setAccountId($accountId);
$accountData = $account->getAccountPassData();
if ($isHistory && !$account->checkAccountMPass()) {
    SP\Response::printJSON(_('La clave maestra no coincide'));
}
if (!SP\Acl::checkAccountAccess(SP\Acl::ACTION_ACC_VIEW_PASS, $account->getAccountDataForACL()) || !SP\Acl::checkUserAccess(SP\Acl::ACTION_ACC_VIEW_PASS)) {
    SP\Response::printJSON(_('No tiene permisos para acceder a esta cuenta'));
} elseif (!UserPass::checkUserUpdateMPass()) {
    SP\Response::printJSON(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla'));
}
$accountClearPass = SP\Crypt::getDecrypt($accountData->pass, $accountData->iv);
if (!$isHistory) {
    $account->incrementDecryptCounter();
    $log = new \SP\Log(_('Ver Clave'));
    $log->addDescription(_('ID') . ': ' . $accountId);
Exemplo n.º 15
0
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * sysPass is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
    SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$userId = SP\Request::analyze('itemId', 0);
$pin = SP\Request::analyze('security_pin', 0);
$twoFa = new \SP\Auth\Auth2FA($userId, $userLogin);
if ($userId && $pin && $twoFa->verifyKey($pin)) {
    \SP\Session::set2FApassed(true);
    SP\Response::printJSON(_('Código correcto'), 0, 'sysPassUtil.Common.redirect(\'index.php\')');
} else {
    \SP\Session::set2FApassed(false);
    SP\Response::printJSON(_('Código incorrecto'));
}