Add a lot of log-points

This commit is contained in:
Philipp 2022-07-07 21:33:41 +02:00
parent 464fdb955c
commit e4a83eafb8
No known key found for this signature in database
GPG Key ID: 24A7501396EB5432
8 changed files with 189 additions and 65 deletions

View File

@ -108,7 +108,7 @@ class SignOut extends BaseModule
info($this->t('Logged out.')); info($this->t('Logged out.'));
$this->baseUrl->redirect(); $this->baseUrl->redirect();
} }
} catch (NotFoundException $exception) { } catch (TwoFactor\Exception\TrustedBrowserNotFoundException $exception) {
$this->cookie->clear(); $this->cookie->clear();
$this->session->clear(); $this->session->clear();

View File

@ -29,7 +29,6 @@ use Friendica\Core\Session\Capability\IHandleSessions;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Model\User\Cookie; use Friendica\Model\User\Cookie;
use Friendica\Module\Response; use Friendica\Module\Response;
use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Security\Authentication; use Friendica\Security\Authentication;
use Friendica\Util\Profiler; use Friendica\Util\Profiler;
use Friendica\Security\TwoFactor; use Friendica\Security\TwoFactor;
@ -53,7 +52,7 @@ class Trust extends BaseModule
/** @var TwoFactor\Factory\TrustedBrowser */ /** @var TwoFactor\Factory\TrustedBrowser */
protected $trustedBrowserFactory; protected $trustedBrowserFactory;
/** @var TwoFactor\Repository\TrustedBrowser */ /** @var TwoFactor\Repository\TrustedBrowser */
protected $trustedBrowserRepositoy; protected $trustedBrowserRepository;
public function __construct(App $app, Authentication $auth, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, IHandleSessions $session, Cookie $cookie, TwoFactor\Factory\TrustedBrowser $trustedBrowserFactory, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Response $response, array $server, array $parameters = []) public function __construct(App $app, Authentication $auth, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, IHandleSessions $session, Cookie $cookie, TwoFactor\Factory\TrustedBrowser $trustedBrowserFactory, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Response $response, array $server, array $parameters = [])
{ {
@ -64,12 +63,13 @@ class Trust extends BaseModule
$this->session = $session; $this->session = $session;
$this->cookie = $cookie; $this->cookie = $cookie;
$this->trustedBrowserFactory = $trustedBrowserFactory; $this->trustedBrowserFactory = $trustedBrowserFactory;
$this->trustedBrowserRepositoy = $trustedBrowserRepositoy; $this->trustedBrowserRepository = $trustedBrowserRepositoy;
} }
protected function post(array $request = []) protected function post(array $request = [])
{ {
if (!local_user() || !$this->session->get('2fa')) { if (!local_user() || !$this->session->get('2fa')) {
$this->logger->info('Invalid call', ['request' => $request]);
return; return;
} }
@ -82,16 +82,24 @@ class Trust extends BaseModule
case 'trust': case 'trust':
case 'dont_trust': case 'dont_trust':
$trustedBrowser = $this->trustedBrowserFactory->createForUserWithUserAgent(local_user(), $this->server['HTTP_USER_AGENT'], $action === 'trust'); $trustedBrowser = $this->trustedBrowserFactory->createForUserWithUserAgent(local_user(), $this->server['HTTP_USER_AGENT'], $action === 'trust');
$this->trustedBrowserRepositoy->save($trustedBrowser); try {
$this->trustedBrowserRepository->save($trustedBrowser);
// The string is sent to the browser to be sent back with each request // The string is sent to the browser to be sent back with each request
if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) { if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) {
notice($this->t('Couldn\'t save browser to Cookie.')); notice($this->t('Couldn\'t save browser to Cookie.'));
}; };
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected error when saving the trusted browser.', ['trustedBrowser' => $trustedBrowser, 'exception' => $exception]);
}
break; break;
} }
try {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true); $this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
} catch (\Exception $exception) {
$this->logger->warning('Unexpected error during authentication.', ['user' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
}
} }
} }
@ -103,13 +111,17 @@ class Trust extends BaseModule
if ($this->cookie->get('2fa_cookie_hash')) { if ($this->cookie->get('2fa_cookie_hash')) {
try { try {
$trustedBrowser = $this->trustedBrowserRepositoy->selectOneByHash($this->cookie->get('2fa_cookie_hash')); $trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
if (!$trustedBrowser->trusted) { if (!$trustedBrowser->trusted) {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true); $this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
$this->baseUrl->redirect(); $this->baseUrl->redirect();
} }
} catch (NotFoundException $exception) { } catch (TwoFactor\Exception\TrustedBrowserNotFoundException $exception) {
$this->logger->notice('Trusted Browser of the cookie not found.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]); $this->logger->notice('Trusted Browser of the cookie not found.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected persistence exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (\Exception $exception) {
$this->logger->warning('Unexpected exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} }
} }

View File

@ -77,7 +77,7 @@ class Trusted extends BaseSettings
self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted'); self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
switch ($_POST['action']) { switch ($_POST['action']) {
case 'remove_all' : case 'remove_all':
$this->trustedBrowserRepo->removeAllForUser(local_user()); $this->trustedBrowserRepo->removeAllForUser(local_user());
info($this->t('Trusted browsers successfully removed.')); info($this->t('Trusted browsers successfully removed.'));
$this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password')); $this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));

View File

@ -0,0 +1,32 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Security\TwoFactor\Exception;
use Exception;
class TrustedBrowserNotFoundException extends \RuntimeException
{
public function __construct($message = '', Exception $previous = null)
{
parent::__construct($message, 404, $previous);
}
}

View File

@ -0,0 +1,32 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Security\TwoFactor\Exception;
use Throwable;
class TrustedBrowserPersistenceException extends \RuntimeException
{
public function __construct($message = "", Throwable $previous = null)
{
parent::__construct($message, 500, $previous);
}
}

View File

@ -27,6 +27,11 @@ use Friendica\Util\Strings;
class TrustedBrowser extends BaseFactory class TrustedBrowser extends BaseFactory
{ {
/**
* Creates a new Trusted Browser based on the current user environment
*
* @throws \Exception In case something really unexpected happens
*/
public function createForUserWithUserAgent(int $uid, string $userAgent, bool $trusted): \Friendica\Security\TwoFactor\Model\TrustedBrowser public function createForUserWithUserAgent(int $uid, string $userAgent, bool $trusted): \Friendica\Security\TwoFactor\Model\TrustedBrowser
{ {
$trustedHash = Strings::getRandomHex(); $trustedHash = Strings::getRandomHex();

View File

@ -67,6 +67,12 @@ class TrustedBrowser extends BaseEntity
$this->last_used = $last_used; $this->last_used = $last_used;
} }
/**
* Records if the trusted browser was used
*
* @return void
* @throws \Exception unexpected DateTime exception happened
*/
public function recordUse() public function recordUse()
{ {
$this->last_used = DateTimeFormat::utcNow(); $this->last_used = DateTimeFormat::utcNow();

View File

@ -21,10 +21,8 @@
namespace Friendica\Security\TwoFactor\Repository; namespace Friendica\Security\TwoFactor\Repository;
use Friendica\Security\TwoFactor\Model; use Friendica\Security\TwoFactor;
use Friendica\Security\TwoFactor\Collection\TrustedBrowsers;
use Friendica\Database\Database; use Friendica\Database\Database;
use Friendica\Network\HTTPException\NotFoundException;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
class TrustedBrowser class TrustedBrowser
@ -35,83 +33,122 @@ class TrustedBrowser
/** @var LoggerInterface */ /** @var LoggerInterface */
protected $logger; protected $logger;
/** @var \Friendica\Security\TwoFactor\Factory\TrustedBrowser */ /** @var TwoFactor\Factory\TrustedBrowser */
protected $factory; protected $factory;
protected static $table_name = '2fa_trusted_browser'; protected static $table_name = '2fa_trusted_browser';
public function __construct(Database $database, LoggerInterface $logger, \Friendica\Security\TwoFactor\Factory\TrustedBrowser $factory = null) public function __construct(Database $database, LoggerInterface $logger, TwoFactor\Factory\TrustedBrowser $factory = null)
{ {
$this->db = $database; $this->db = $database;
$this->logger = $logger; $this->logger = $logger;
$this->factory = $factory ?? new \Friendica\Security\TwoFactor\Factory\TrustedBrowser($logger); $this->factory = $factory ?? new TwoFactor\Factory\TrustedBrowser($logger);
} }
/** /**
* @param string $cookie_hash * @param string $cookie_hash
* @return Model\TrustedBrowser|null *
* @throws \Exception * @return TwoFactor\Model\TrustedBrowser|null
*
* @throws TwoFactor\Exception\TrustedBrowserPersistenceException
* @throws TwoFactor\Exception\TrustedBrowserNotFoundException
*/ */
public function selectOneByHash(string $cookie_hash): Model\TrustedBrowser public function selectOneByHash(string $cookie_hash): TwoFactor\Model\TrustedBrowser
{ {
try {
$fields = $this->db->selectFirst(self::$table_name, [], ['cookie_hash' => $cookie_hash]); $fields = $this->db->selectFirst(self::$table_name, [], ['cookie_hash' => $cookie_hash]);
} catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('Internal server error when retrieving cookie hash \'%s\'', $cookie_hash));
}
if (!$this->db->isResult($fields)) { if (!$this->db->isResult($fields)) {
throw new NotFoundException(''); throw new TwoFactor\Exception\TrustedBrowserNotFoundException(sprintf('Cookie hash \'%s\' not found', $cookie_hash));
} }
return $this->factory->createFromTableRow($fields); return $this->factory->createFromTableRow($fields);
} }
public function selectAllByUid(int $uid): TrustedBrowsers /**
* @param int $uid
*
* @return TwoFactor\Collection\TrustedBrowsers
*
* @throws TwoFactor\Exception\TrustedBrowserPersistenceException
*/
public function selectAllByUid(int $uid): TwoFactor\Collection\TrustedBrowsers
{ {
try {
$rows = $this->db->selectToArray(self::$table_name, [], ['uid' => $uid]); $rows = $this->db->selectToArray(self::$table_name, [], ['uid' => $uid]);
$trustedBrowsers = []; $trustedBrowsers = [];
foreach ($rows as $fields) { foreach ($rows as $fields) {
$trustedBrowsers[] = $this->factory->createFromTableRow($fields); $trustedBrowsers[] = $this->factory->createFromTableRow($fields);
} }
return new TwoFactor\Collection\TrustedBrowsers($trustedBrowsers);
return new TrustedBrowsers($trustedBrowsers); } catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('selection for uid \'%s\' wasn\'t successful.', $uid));
}
} }
/** /**
* @param Model\TrustedBrowser $trustedBrowser * @param TwoFactor\Model\TrustedBrowser $trustedBrowser
*
* @return bool * @return bool
* @throws \Exception *
* @throws TwoFactor\Exception\TrustedBrowserPersistenceException
*/ */
public function save(Model\TrustedBrowser $trustedBrowser): bool public function save(TwoFactor\Model\TrustedBrowser $trustedBrowser): bool
{ {
try {
return $this->db->insert(self::$table_name, $trustedBrowser->toArray(), $this->db::INSERT_UPDATE); return $this->db->insert(self::$table_name, $trustedBrowser->toArray(), $this->db::INSERT_UPDATE);
} catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('Couldn\'t save trusted Browser with cookie_hash \'%s\'', $trustedBrowser->cookie_hash));
}
} }
/** /**
* @param Model\TrustedBrowser $trustedBrowser * @param TwoFactor\Model\TrustedBrowser $trustedBrowser
*
* @return bool * @return bool
* @throws \Exception *
* @throws TwoFactor\Exception\TrustedBrowserPersistenceException
*/ */
public function remove(Model\TrustedBrowser $trustedBrowser): bool public function remove(TwoFactor\Model\TrustedBrowser $trustedBrowser): bool
{ {
try {
return $this->db->delete(self::$table_name, ['cookie_hash' => $trustedBrowser->cookie_hash]); return $this->db->delete(self::$table_name, ['cookie_hash' => $trustedBrowser->cookie_hash]);
} catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('Couldn\'t delete trusted Browser with cookie hash \'%s\'', $trustedBrowser->cookie_hash));
}
} }
/** /**
* @param int $local_user * @param int $local_user
* @param string $cookie_hash * @param string $cookie_hash
*
* @return bool * @return bool
* @throws \Exception *
* @throws TwoFactor\Exception\TrustedBrowserPersistenceException
*/ */
public function removeForUser(int $local_user, string $cookie_hash): bool public function removeForUser(int $local_user, string $cookie_hash): bool
{ {
return $this->db->delete(self::$table_name, ['cookie_hash' => $cookie_hash,'uid' => $local_user]); try {
return $this->db->delete(self::$table_name, ['cookie_hash' => $cookie_hash, 'uid' => $local_user]);
} catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('Couldn\'t delete trusted Browser for user \'%s\' and cookie hash \'%s\'', $local_user, $cookie_hash));
}
} }
/** /**
* @param int $local_user * @param int $local_user
* @return bool * @return bool
* @throws \Exception
*/ */
public function removeAllForUser(int $local_user): bool public function removeAllForUser(int $local_user): bool
{ {
try {
return $this->db->delete(self::$table_name, ['uid' => $local_user]); return $this->db->delete(self::$table_name, ['uid' => $local_user]);
} catch (\Exception $exception) {
throw new TwoFactor\Exception\TrustedBrowserPersistenceException(sprintf('Couldn\'t delete trusted Browsers for user \'%s\'', $local_user));
}
} }
} }