diff --git a/mail/roundcube-twofactor_gauthenticator/Makefile b/mail/roundcube-twofactor_gauthenticator/Makefile index b679824812f6..5be83f53a14a 100644 --- a/mail/roundcube-twofactor_gauthenticator/Makefile +++ b/mail/roundcube-twofactor_gauthenticator/Makefile @@ -1,36 +1,36 @@ PORTNAME= twofactor_gauthenticator -PORTVERSION= g20220911 +PORTVERSION= g20231119 CATEGORIES= mail security PKGNAMEPREFIX= roundcube- PKGNAMESUFFIX= ${PHP_PKGNAMESUFFIX} MAINTAINER= brnrd@FreeBSD.org COMMENT= Roundcube TOTP auth plugin WWW= https://github.com/alexandregz/twofactor_gauthenticator LICENSE= GPLv2 BUILD_DEPENDS= roundcube${PHP_PKGNAMESUFFIX}>=1.0:mail/roundcube@${PHP_FLAVOR} RUN_DEPENDS= roundcube${PHP_PKGNAMESUFFIX}>=1.0:mail/roundcube@${PHP_FLAVOR} USES= php:flavors -IGNORE_WITH_PHP=82 83 +IGNORE_WITH_PHP=83 USE_GITHUB= yes GH_ACCOUNT= alexandregz -GH_TAGNAME= 06e21b0 +GH_TAGNAME= 23d8f4c NO_BUILD= yes NO_ARCH= yes SUB_FILES= pkg-message WWWDIR= ${PREFIX}/www/roundcube/plugins/${PORTNAME} do-install: ${MKDIR} ${STAGEDIR}${WWWDIR} cd ${WRKSRC} && ${PAX} -r -w . ${STAGEDIR}${WWWDIR} cd ${STAGEDIR}${WWWDIR} && \ ${MV} config.inc.php.dist config.inc.php.sample .include diff --git a/mail/roundcube-twofactor_gauthenticator/distinfo b/mail/roundcube-twofactor_gauthenticator/distinfo index a1b643c02fc3..f4de3d8a8de5 100644 --- a/mail/roundcube-twofactor_gauthenticator/distinfo +++ b/mail/roundcube-twofactor_gauthenticator/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1663421514 -SHA256 (alexandregz-twofactor_gauthenticator-g20220911-06e21b0_GH0.tar.gz) = fb224c584af79e3797a1de6319a63cbc8773b97bea14161654139d2e5872307b -SIZE (alexandregz-twofactor_gauthenticator-g20220911-06e21b0_GH0.tar.gz) = 1157840 +TIMESTAMP = 1701025860 +SHA256 (alexandregz-twofactor_gauthenticator-g20231119-23d8f4c_GH0.tar.gz) = 47edd6710fa34cfd644ece0afd2b4fb0fc208a40cef04178e071aa243a1de488 +SIZE (alexandregz-twofactor_gauthenticator-g20231119-23d8f4c_GH0.tar.gz) = 1159932 diff --git a/mail/roundcube-twofactor_gauthenticator/files/patch-Issue165 b/mail/roundcube-twofactor_gauthenticator/files/patch-Issue165 deleted file mode 100644 index 2f867ccda1ca..000000000000 --- a/mail/roundcube-twofactor_gauthenticator/files/patch-Issue165 +++ /dev/null @@ -1,781 +0,0 @@ -diff -ruN 2FA_qr_code.js.orig 2FA_qr_code.js ---- 2FA_qr_code.js.orig 2022-04-04 01:10:32.000000000 +0200 -+++ 2FA_qr_code.js 2022-08-26 10:13:19.458764000 +0200 -@@ -7,9 +7,9 @@ - text: url_qr_code_values, - width: 200, - height: 200, -- colorDark : "#000000", -+ colorDark : rcmail.env.qr_image_colour, - colorLight : "#ffffff", -- correctLevel : QRCode.CorrectLevel.M // like charts.googleapis.com -+ correctLevel : QRCode.CorrectLevel.M //like charts.googleapis.com - }); - - $('#2FA_qr_code').prop('title', ''); // enjoy the silence (qrcode.js uses text to set title) -diff -ruN config.inc.php.dist.orig config.inc.php.dist ---- config.inc.php.dist.orig 2022-04-04 01:10:32.000000000 +0200 -+++ config.inc.php.dist 2022-08-29 15:50:06.293339000 +0200 -@@ -8,12 +8,17 @@ - - // Admin can disable saving devices for all users (paranoid mode) - // Default: allow saving devices (true) --$rcmail_config['allow_save_device_30days'] = true; -+$rcmail_config['allow_save_device_xdays'] = true; - -+$rcmail_config['save_device_xdays'] = 30; -+ -+$rcmail_config['qr_image_colour'] = "#000000"; -+ - // Make the 2-step field a masked password input type - // Default: form field will be text (false) - $rcmail_config['twofactor_formfield_as_password'] = false; - -+$rcmail_config['enable_ua2fa'] = false; - - // Users allowed to use plugin (IMPORTANT: other users DON'T have plugin activated) - $rcmail_config['users_allowed_2FA'] = array('ale.*@tereborace.com', 'administrator@tereborace.com'); -diff -ruN localization/cs_CZ.inc.orig localization/cs_CZ.inc ---- localization/cs_CZ.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/cs_CZ.inc 2022-09-17 15:26:27.718498000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'Správný kód'; - $labels['code_ko'] = 'Špatný kód'; - --$labels['dont_ask_me_30days'] = 'Neptat se na tomto stroji znovu na kódy následujích 30 dnů'; -+$labels['dont_ask_me_xdays'] = 'Neptat se na tomto stroji znovu na kódy následujích % dnů'; - - $labels['check_code_to_activate'] = 'Pro uložení, naskenujte QR kód a vložte následně vygenerovaný dvoufázový kód níže.'; - -diff -ruN localization/da_DK.inc ./localization/da_DK.inc ---- localization/da_DK.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/da_DK.inc 2022-09-17 15:26:27.718746000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Koden er OK'; - $labels['code_ko'] = 'Koden er forkert'; - --$labels['dont_ask_me_30days'] = 'Spørg mig ikke igen de næste 30 dage på denne computer'; -+$labels['dont_ask_me_xdays'] = 'Spørg mig ikke igen de næste % dage på denne computer'; - - $labels['check_code_to_activate'] = 'For at gemme, scan QR koden og indtast verificeringskoden nederst.'; - -diff -ruN localization/de_DE.inc.orig localization/de_DE.inc ---- localization/de_DE.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/de_DE.inc 2022-09-17 15:26:27.718988000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'Code OK'; - $labels['code_ko'] = 'Falscher Code'; - --$labels['dont_ask_me_30days'] = 'Nicht erneut nach dem Code fragen für die nächsten 30 Tage'; -+$labels['dont_ask_me_xdays'] = 'Nicht erneut nach dem Code fragen für die nächsten % Tage'; - - $labels['check_code_to_activate'] = 'Um zu speichern, muss mindestens 1 Code zuvor geprüpft werden'; - -diff -ruN localization/en_UK.inci.orig localization/en_UK.inc ---- localization/en_UK.inc.orig 1970-01-01 01:00:00.000000000 +0100 -+++ localization/en_UK.inc 2022-08-29 16:54:34.478291000 +0200 -@@ -0,0 +1,41 @@ -+google-authenticator'; -+ -+$labels['show_secret'] = 'Show secret'; -+$labels['hide_secret'] = 'Hide secret'; -+$labels['create_secret'] = 'Create secret'; -+ -+$labels['show_qr_code'] = 'Show QR Code'; -+$labels['hide_qr_code'] = 'Hide QR Code'; -+ -+$labels['recovery_codes'] = 'Recovery codes'; -+$labels['show_recovery_codes'] = 'Show recovery codes'; -+$labels['hide_recovery_codes'] = 'Hide recovery codes'; -+ -+$labels['setup_all_fields'] = 'Fill all fields (make sure you click save to store your settings)'; -+ -+$labels['enrollment_dialog_title'] = '2-Factor authentication enrollment'; -+$labels['enrollment_dialog_msg'] = '2-Factor authentication codes are required for increased security, please configure them now.'; -+ -+$labels['check_code'] = 'Check code'; -+$labels['code_ok'] = 'Code OK'; -+$labels['code_ko'] = 'Incorrect code'; -+ -+$labels['dont_ask_me_xdays'] = 'Don't ask me codes again on this computer for % days'; -+ -+$labels['check_code_to_activate'] = 'To save, please scan the QR Code and enter the current 2-Factor code below.'; -+ -+// Messages used for the different portions of the plugin -+$messages = array(); -+$messages['successfully_saved'] = '2-Factor authentication settings saved successfully.'; -+ -diff -ruN localization/en_US.inc.orig localization/en_US.inc ---- localization/en_US.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/en_US.inc 2022-08-29 16:54:34.478453000 +0200 -@@ -2,7 +2,7 @@ - // Labels used for different portions of the plugin - $labels = array(); - $labels['activate'] = 'Activate'; --$labels['twofactor_gauthenticator'] = '2-Factor Authentication'; -+$labels['twofactor_gauthenticator'] = 'Two-Factor Authentication'; - $labels['code'] = 'Google Authenticator Code'; - - $labels['two_step_verification_form'] = '2-Factor Authentication Code:'; -@@ -31,11 +31,10 @@ - $labels['code_ok'] = 'Code OK'; - $labels['code_ko'] = 'Incorrect code'; - --$labels['dont_ask_me_30days'] = 'Don't ask me codes again on this computer for 30 days'; -+$labels['dont_ask_me_xdays'] = 'Don't ask me codes again on this computer for % days'; - - $labels['check_code_to_activate'] = 'To save, please scan the QR Code and enter the current 2-Factor code below.'; - - // Messages used for the different portions of the plugin - $messages = array(); - $messages['successfully_saved'] = '2-Factor authentication settings saved successfully.'; -- -diff -ruN localization/es_AR.inc.orig localization/es_AR.inc ---- localization/es_AR.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/es_AR.inc 2022-09-17 15:26:27.719230000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Código correcto'; - $labels['code_ko'] = 'Código incorrecto'; - --$labels['dont_ask_me_30days'] = 'No solicitar códigos en esta computadora durante 30 días'; -+$labels['dont_ask_me_xdays'] = 'No solicitar códigos en esta computadora durante % días'; - - $labels['check_code_to_activate'] = 'Para poder guardar, antes debe de chequearse algún código'; - -diff -ruN localization/es_ES.inc.orig localization/es_ES.inc ---- localization/es_ES.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/es_ES.inc 2022-09-17 15:26:27.719477000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Codigo correcto'; - $labels['code_ko'] = 'Codigo erróneo'; - --$labels['dont_ask_me_30days'] = 'No solicitar códigos en este ordenador durante 30 días'; -+$labels['dont_ask_me_xdays'] = 'No solicitar códigos en este ordenador durante % días'; - - $labels['check_code_to_activate'] = 'Para poder guardar, antes debe de comprobarse algún código'; - -diff -ruN localization/fr_FR.inc.orig ./localization/fr_FR.inc ---- localization/fr_FR.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/fr_FR.inc 2022-09-17 15:26:27.719708000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Code OK'; - $labels['code_ko'] = 'Code incorrect'; - --$labels['dont_ask_me_30days'] = 'Ne plus me demander de codes pour 30 jours.'; -+$labels['dont_ask_me_xdays'] = 'Ne plus me demander de codes pour % jours.'; - - $labels['check_code_to_activate'] = 'Pour enregistrer, scannez le QR Code et entrez un premier code de vérification ci-dessous.'; - -diff -ruN localization/gl_ES.inc.orig localization/gl_ES.inc ---- localization/gl_ES.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/gl_ES.inc 2022-09-17 15:26:27.719937000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Codigo correcto'; - $labels['code_ko'] = 'Codigo erróneo'; - --$labels['dont_ask_me_30days'] = 'Non solicitar códigos nesta computadora durante 30 días'; -+$labels['dont_ask_me_xdays'] = 'Non solicitar códigos nesta computadora durante % días'; - - $labels['check_code_to_activate'] = 'Para poder gardar, antes debese ter comprobado a validez dalgún código'; - -diff -ruN localization/he_IL.inc.orig localization/he_IL.inc ---- localization/he_IL.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/he_IL.inc 2022-09-17 15:26:27.720169000 +0200 -@@ -22,7 +22,7 @@ - $labels['check_code'] = 'בדוק קוד'; - $labels['code_ok'] = 'הקוד תקין'; - $labels['code_ko'] = 'הקוד לא תקין'; --$labels['dont_ask_me_30days'] = 'אל תבקש ממני קודים אלו שוב במחשב זה למשך 30 יום'; -+$labels['dont_ask_me_xdays'] = 'אל תבקש ממני קודים אלו שוב במחשב זה למשך % יום'; - $labels['check_code_to_activate'] = 'כדי לשמור, אנא סרוק את קוד ה-QR והכנס למטה את קוד האימות הדו-שלבי הנוכחי.'; - // Messages used for the different portions of the plugin - $messages = array(); -diff -ruN localization/hu_HU.inc.orig localization/hu_HU.inc ---- localization/hu_HU.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/hu_HU.inc 2022-09-17 15:26:27.720411000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'Helyes kód'; - $labels['code_ko'] = 'Hibás kód'; - --$labels['dont_ask_me_30days'] = 'Ne kérdezze tőlem a kódot a következő 30 napban'; -+$labels['dont_ask_me_xdays'] = 'Ne kérdezze tőlem a kódot a következő % napban'; - - $labels['check_code_to_activate'] = 'A mentéshez kérem olvassa be a QR-kódot és írja be a kapott kétfaktoros kódot.'; - -diff -ruN localization/it_IT.inc.orig localization/it_IT.inc ---- localization/it_IT.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/it_IT.inc 2022-09-17 15:26:27.720632000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Codice OK'; - $labels['code_ko'] = 'Codicec non corretto'; - --$labels['dont_ask_me_30days'] = 'Non chiedermi più codici per i prossimi 30 giorni su questo computer'; -+$labels['dont_ask_me_xdays'] = 'Non chiedermi più codici per i prossimi % giorni su questo computer'; - - $labels['check_code_to_activate'] = 'Per salvare devi prima verificare il codice'; - -diff -ruN localization/ja_JP.inc.orig localization/ja_JP.inc ---- localization/ja_JP.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/ja_JP.inc 2022-09-17 15:26:27.720851000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'コードOK'; - $labels['code_ko'] = 'コードが違ってます'; - --$labels['dont_ask_me_30days'] = '子の端末で以後30日間コードを求めるな'; -+$labels['dont_ask_me_xdays'] = '子の端末で以後%日間コードを求めるな'; - - $labels['check_code_to_activate'] = '保存する前にコードを確認してください'; - -diff -ruN localization/nl_NL.inc.orig localization/nl_NL.inc ---- localization/nl_NL.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/nl_NL.inc 2022-09-17 15:26:27.721067000 +0200 -@@ -16,13 +16,13 @@ - $labels['recovery_codes'] = 'Herstelcodes'; - $labels['show_recovery_codes'] = 'Herstelcodes weergeven'; - $labels['hide_recovery_codes'] = 'Herstelcodes verbergen'; --$labels['setup_all_fields'] = 'Alle velden instellen (vereist )'; -+$labels['setup_all_fields'] = 'Alle velden instellen (vereist)'; - $labels['enrollment_dialog_title'] = '2-staps verificatie'; - $labels['enrollment_dialog_msg'] = '2-staps verificatiecodes zijn vereist voor veiligheid, stel ze alstublieft in'; - $labels['check_code'] = 'Check code'; - $labels['code_ok'] = 'Code correct'; - $labels['code_ko'] = 'Code incorrect'; --$labels['dont_ask_me_30days'] = 'Vraag me de komende 30 dagen niet opnieuw op deze computer'; -+$labels['dont_ask_me_xdays'] = 'Vraag me de komende % dagen niet opnieuw op deze computer'; - $labels['check_code_to_activate'] = 'Om op te slaan, scan alstublieft de QR Code en voer de verificatiecode hieronder in.'; - // Messages used for the different portions of the plugin - $messages = array(); -diff -ruN localization/pl_PL.inc localization/pl_PL.inc ---- localization/pl_PL.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/pl_PL.inc 2022-09-17 15:26:27.721291000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Kod OK'; - $labels['code_ko'] = 'Błędny kod'; - --$labels['dont_ask_me_30days'] = 'Nie pytaj ponownie o kod na tym komputerze przez następne 30 dni'; -+$labels['dont_ask_me_xdays'] = 'Nie pytaj ponownie o kod na tym komputerze przez następne % dni'; - - $labels['check_code_to_activate'] = 'Aby zapisać, zeskanuj kod QR i zweryfikuj go przyciskiem Sprawdź Kod'; - -diff -ruN localization/pt_BR.inc.orig localization/pt_BR.inc ---- localization/pt_BR.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/pt_BR.inc 2022-09-17 15:26:27.721519000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'QR Code Válido'; - $labels['code_ko'] = 'QR Code Incorreto'; - --$labels['dont_ask_me_30days'] = 'Não perguntar por 30 dias'; -+$labels['dont_ask_me_xdays'] = 'Não perguntar por % dias'; - - $labels['check_code_to_activate'] = 'Para salvar, escaneie o QR code e introduza o código da Verificação em Duas Etapas [2FA] abaixo.'; - -diff -ruN localization/ru_RU.inc.orig localization/ru_RU.inc ---- localization/ru_RU.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/ru_RU.inc 2022-09-17 15:26:27.721744000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Код в порядке'; - $labels['code_ko'] = 'Неверный код'; - --$labels['dont_ask_me_30days'] = 'Не спрашивать коды на этом компьютере 30 дней'; -+$labels['dont_ask_me_xdays'] = 'Не спрашивать коды на этом компьютере % дней'; - - $labels['check_code_to_activate'] = 'Для сохранения, необходимо проверить код'; - -diff -ruN localization/sk_SK.inc.orig localization/sk_SK.inc ---- localization/sk_SK.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/sk_SK.inc 2022-09-17 15:26:27.721968000 +0200 -@@ -31,7 +31,7 @@ - $labels['code_ok'] = 'Správny kód'; - $labels['code_ko'] = 'Neplatný kód'; - --$labels['dont_ask_me_30days'] = 'Nepýtať si na tomto zariadení kódy 30 dní '; -+$labels['dont_ask_me_xdays'] = 'Nepýtať si na tomto zariadení kódy % dní '; - - $labels['check_code_to_activate'] = 'Pre aktiváciu naskenujte QR kód v TOTP aplikácii (napr. Google Authenticator alebo Authy) a následne zadajte vygenerovaný kód.'; - -diff -ruN localization/sv_SE.inc.orig localization/sv_SE.inc ---- localization/sv_SE.inc.orig 2022-04-04 01:10:32.000000000 +0200 -+++ localization/sv_SE.inc 2022-09-17 15:26:27.722189000 +0200 -@@ -32,7 +32,7 @@ - $labels['code_ok'] = 'Koden godkänd'; - $labels['code_ko'] = 'Inkorrekt kod'; - --$labels['dont_ask_me_30days'] = 'KOm i håg mig på den här enheten i 30 dagar'; -+$labels['dont_ask_me_xdays'] = 'KOm i håg mig på den här enheten i % dagar'; - - $labels['check_code_to_activate'] = 'KOntrollera kod för att aktivera'; - -diff -ruN twofactor_gauthenticator.js.orig twofactor_gauthenticator.js ---- twofactor_gauthenticator.js.orig 2022-04-04 01:10:32.000000000 +0200 -+++ twofactor_gauthenticator.js 2022-08-26 10:13:19.459868000 +0200 -@@ -50,14 +50,14 @@ - - // add qr-code before msg_infor - var url_qr_code_values = 'otpauth://totp/' +$('#prefs-title').html().split(/ - /)[1]+ '?secret=' +$('#2FA_secret').get(0).value +'&issuer=RoundCube2FA%20'+window.location.hostname; -- $('table tr:last').before('' +rcmail.gettext('qr_code', 'twofactor_gauthenticator')+ '' +rcmail.gettext('qr_code', 'twofactor_gauthenticator')+ '
'); - - var qrcode = new QRCode(document.getElementById("2FA_qr_code"), { - text: url_qr_code_values, - width: 200, - height: 200, -- colorDark : "#000000", -+ colorDark : rcmail.env.qr_image_colour, - colorLight : "#ffffff", - correctLevel : QRCode.CorrectLevel.L // like charts.googleapis.com - }); -@@ -129,7 +129,9 @@ - $('#2FA_check_code').click(function(){ - url = "./?_action=plugin.twofactor_gauthenticator-checkcode&code=" +$('#2FA_code_to_check').val() + '&secret='+$('#2FA_secret').val(); - $.post(url, function(data){ -- alert(data); -+ -+ alert(data); -+ - if(data == rcmail.gettext('code_ok', 'twofactor_gauthenticator')) - $('#2FA_setup_fields').prev().removeAttr('disabled'); - -diff -ruN twofactor_gauthenticator.php twofactor_gauthenticator.php ---- twofactor_gauthenticator.php 2022-04-04 01:10:32.000000000 +0200 -+++ twofactor_gauthenticator.php.orig 2022-09-17 15:26:27.722699000 +0200 -@@ -19,8 +19,9 @@ - { - private $_number_recovery_codes = 4; - -- // relative from RC home dir, not plugin directory -- private $_logs_file = '/logs/log_errors_2FA.txt'; -+ // relative to $config['log_dir'], not plugin directory -+ private $_log_dir = '.'; -+ private $_log_file = 'twofactor_gauthenticator.txt'; - - function init() - { -@@ -32,7 +33,8 @@ - $this->add_hook('render_page', array($this, 'popup_msg_enrollment')); - - $this->load_config(); -- -+ $this->_log_dir = realpath($rcmail->config->get('log_dir','.')).DIRECTORY_SEPARATOR; -+ - $allowedPlugin = $this->__pluginAllowedByConfig(); - - // skipping all logic and plugin not appears -@@ -52,11 +54,13 @@ - $this->include_script('qrcode.min.js'); - - // settings we will export to the form javascript -- //$this_output = $this->api->output; -- //if ($this_output) { -- // $this->api->output->set_env('allow_save_device_30days',$rcmail->config->get('allow_save_device_30days',true)); -- // $this->api->output->set_env('twofactor_formfield_as_password',$rcmail->config->get('twofactor_formfield_as_password',false)); -- //} -+ $this_output = $this->api->output; -+ if ($this_output) { -+ $this->api->output->set_env('allow_save_device_xdays',$rcmail->config->get('allow_save_device_xdays',true)); -+ $this->api->output->set_env('save_device_xdays',$rcmail->config->get('save_device_xdays',30)); -+ $this->api->output->set_env('twofactor_formfield_as_password',$rcmail->config->get('twofactor_formfield_as_password',false)); -+ $this->api->output->set_env('qr_image_colour',$rcmail->config->get('qr_image_colour',"#000000")); -+ } - } - - // check if user are valid from config.inc.php or true (by default) if config.inc.php not exists -@@ -65,23 +69,27 @@ - - $this->load_config(); - -- // users allowed to use plugin (not showed for others!). -- // -- From config.inc.php file. -- // -- You can use regexp: admin.*@domain.com -- $users = $rcmail->config->get('users_allowed_2FA'); -- if(is_array($users)) { // exists "users" from config.inc.php -- foreach($users as $u) { -- if (isset( $rcmail->user->data['username'])){ -- preg_match("/$u/", $rcmail->user->data['username'], $matches); -+ if($rcmail->config->get('enable_ua2fa')){ -+ -+ // users allowed to use plugin (not showed for others!). -+ // -- From config.inc.php file. -+ // -- You can use regexp: admin.*@domain.com -+ $users = $rcmail->config->get('users_allowed_2FA'); -+ if(is_array($users)) { // exists "users" from config.inc.php -+ foreach($users as $u) { -+ if (isset( $rcmail->user->data['username'])){ -+ preg_match("/$u/", $rcmail->user->data['username'], $matches); - -- if(isset($matches[0])) { -- return true; -- } -- } -- } -+ if(isset($matches[0])) { -+ return true; -+ } -+ } -+ } - -- // not allowed for all, except explicit -- return false; -+ // not allowed for all, except explicit -+ return false; -+ } -+ - } - - // by default, all users have plugin activated -@@ -98,7 +106,7 @@ - - - $config_2FA = self::__get2FAconfig(); -- if(!($config_2FA['activate'] ?? false)) -+ if(!$config_2FA['activate']) - { - if($rcmail->config->get('force_enrollment_users')) - { -@@ -115,12 +123,9 @@ - - $rcmail->output->set_pagetitle($this->gettext('twofactor_gauthenticator')); - -- $rcmail->output->set_env('allow_save_device_30days',$rcmail->config->get('allow_save_device_30days',true)); -- $rcmail->output->set_env('twofactor_formfield_as_password',$rcmail->config->get('twofactor_formfield_as_password',false)); -- - $this->add_texts('localization', true); - $this->include_script('twofactor_gauthenticator_form.js'); -- -+ - $rcmail->output->send('login'); - } - -@@ -130,21 +135,21 @@ - $rcmail = rcmail::get_instance(); - $config_2FA = self::__get2FAconfig(); - -- if($config_2FA['activate'] ?? false) -+ -+ if($config_2FA['activate']) - { -- // with IP allowed, we don't need to check anything -- if($rcmail->config->get('whitelist')) { -- foreach($rcmail->config->get('whitelist') as $ip_to_check) { -- if(CIDR::match($_SERVER['REMOTE_ADDR'], $ip_to_check)) { -- if(isset($_SESSION['twofactor_gauthenticator_login'])) { -+ // with IP allowed, we don't need to check anything -+ if($rcmail->config->get('whitelist')) { -+ if(is_array($rcmail->config->get('whitelist'))){ -+ foreach($rcmail->config->get('whitelist') as $ip_to_check) { -+ if(CIDR::match($_SERVER['REMOTE_ADDR'], $ip_to_check)) { - if($rcmail->task === 'login') $this->__goingRoundcubeTask('mail'); - return $p; - } -- } -- } -+ } -+ } - } - -- - $code = rcube_utils::get_input_value('_code_2FA', rcube_utils::INPUT_POST); - $remember = rcube_utils::get_input_value('_remember_2FA', rcube_utils::INPUT_POST); - -@@ -172,7 +177,7 @@ - } - } - // we're into some task but marked with login... -- elseif($rcmail->task !== 'login' && ! $_SESSION['twofactor_gauthenticator_2FA_login'] >= $_SESSION['twofactor_gauthenticator_login']) -+ elseif($rcmail->task !== 'login' && array_key_exists("twofactor_gauthenticator_2FA_login",$_SESSION) && ! $_SESSION['twofactor_gauthenticator_2FA_login'] >= $_SESSION['twofactor_gauthenticator_login']) - { - $this->__exitSession(); - } -@@ -196,7 +201,7 @@ - $rcmail = rcmail::get_instance(); - $config_2FA = self::__get2FAconfig(); - -- if(!($config_2FA['activate'] ?? false) -+ if(!$config_2FA['activate'] - && $rcmail->config->get('force_enrollment_users') && $rcmail->task == 'settings' && $rcmail->action == 'plugin.twofactor_gauthenticator') - { - // add overlay input box to html page -@@ -230,16 +235,16 @@ - function twofactor_gauthenticator_save() - { - $rcmail = rcmail::get_instance(); -- -- // 2022-04-03: Corrected security incidente reported by kototilt@haiiro.dev -- // "2FA in twofactor_gauthenticator can be bypassed allowing an attacker to disable 2FA or change the TOTP secret." -- // -- // Solution: if user don't have session created by any rendered page, we kick out -- $config_2FA = self::__get2FAconfig(); -- if(!$_SESSION['twofactor_gauthenticator_2FA_login'] && $config_2FA['activate']) { -- $this->__exitSession(); -- } - -+ // 2022-04-03: Corrected security incidente reported by kototilt@haiiro.dev -+ // "2FA in twofactor_gauthenticator can be bypassed allowing an attacker to disable 2FA or change the TOTP secret." -+ // -+ // Solution: if user don't have session created by any rendered page, we kick out -+ $config_2FA = self::__get2FAconfig(); -+ if(!array_key_exists("twofactor_gauthenticator_2FA_login",$_SESSION) && $config_2FA['activate']) { -+ $this->__exitSession(); -+ } -+ - $this->add_texts('localization/', true); - $this->register_handler('plugin.body', array($this, 'twofactor_gauthenticator_form')); - $rcmail->output->set_pagetitle($this->gettext('twofactor_gauthenticator')); -@@ -250,12 +255,24 @@ - $recovery_codes = rcube_utils::get_input_value('2FA_recovery_codes', rcube_utils::INPUT_POST); - - // remove recovery codes without value -- $recovery_codes = array_values(array_diff($recovery_codes, array(''))); -+ if($recovery_codes != null){ -+ $recovery_codes = array_values(array_diff($recovery_codes, array(''))); -+ }else{ -+ $recovery_codes = array(''); -+ } - - $data = self::__get2FAconfig(); -- $data['secret'] = $secret; -- $data['activate'] = $activate ? true : false; -- $data['recovery_codes'] = $recovery_codes; -+ -+ $data['activate'] = $activate ? true : false; -+ -+ if($data['activate']){ -+ $data['secret'] = $secret; -+ $data['recovery_codes'] = $recovery_codes; -+ }else{ -+ $data['secret'] = null; -+ $data['recovery_codes'] = null; -+ } -+ - self::__set2FAconfig($data); - - // if we can't save time into SESSION, the plugin logouts -@@ -279,29 +296,40 @@ - $data = self::__get2FAconfig(); - - // Fields will be positioned inside of a table -- $table = new html_table(array('cols' => 2)); -+ $table = new html_table(array('cols' => 2, 'class' => 'propform cols-sm-8')); - - // Activate/deactivate - $field_id = '2FA_activate'; -- $checkbox_activate = new html_checkbox(array('name' => $field_id, 'id' => $field_id, 'type' => 'checkbox')); -+ -+ -+ $activateData = array('name' => $field_id, 'id' => $field_id, 'type' => 'checkbox'); -+ -+ if($data != null && array_key_exists('secret', $data) && $data['secret']){ -+ $activateData['checked'] = "checked"; -+ } -+ -+ $checkbox_activate = new html_checkbox($activateData); - $table->add('title', html::label($field_id, rcube::Q($this->gettext('activate')))); - $checked = $data['activate'] ? null: 1; // :-? - $table->add(null, $checkbox_activate->show( $checked )); -- - - // secret - $field_id = '2FA_secret'; -- $input_descsecret = new html_inputfield(array('name' => $field_id, 'id' => $field_id, 'size' => 60, 'type' => 'password', 'value' => $data['secret'], 'autocomplete' => 'new-password')); -+ -+ $input_descsecret = new html_inputfield(array('name' => $field_id, 'id' => $field_id, 'size' => 60, 'type' => 'password', 'value' => $data['secret'], 'autocomplete' => 'new-password')); - $table->add('title', html::label($field_id, rcube::Q($this->gettext('secret')))); - $html_secret = $input_descsecret->show(); -+ $html_secret = "
".$html_secret; - if($data['secret']) - { -- $html_secret .= ''; -+ $html_secret .= '


'; - } - else - { -- $html_secret .= ''; -+ $html_secret .= '


'; - } -+ $html_secret .= "
"; -+ - $table->add(null, $html_secret); - - -@@ -313,13 +341,18 @@ - for($i = 0; $i < $this->_number_recovery_codes; $i++) - { - $value = isset($data['recovery_codes'][$i]) ? $data['recovery_codes'][$i] : ''; -- $html_recovery_codes .= '   '; -+ if(($i+1) == $this->_number_recovery_codes){ -+ $html_recovery_codes .= '
'; -+ }else{ -+ $html_recovery_codes .= '
'; -+ } -+ - } - if($data['secret']) { -- $html_recovery_codes .= ''; -+ $html_recovery_codes .= '

'; - } - else { -- $html_recovery_codes .= ''; -+ $html_recovery_codes .= '

'; - } - $table->add(null, $html_recovery_codes); - -@@ -328,7 +361,7 @@ - if($data['secret']) { - $table->add('title', $this->gettext('qr_code')); - $table->add(null, ' -- '); -+ '); - - // new JS qr-code, without call to Google - $this->include_script('2FA_qr_code.js'); -@@ -340,24 +373,21 @@ - // button to setup all fields if doesn't exists secret - $html_setup_all_fields = ''; - if(!$data['secret']) { -- $html_setup_all_fields = ''; -+ $html_setup_all_fields = '
'.$this->gettext('setup_all_fields').'
'; - } - -- $html_check_code = '

   '; -+ $html_check_code = '
'; - -- -- - // Build the table with the divs around it -- $out = html::div(array('class' => 'settingsbox', 'style' => 'margin: 0;'), -- html::div(array('id' => 'prefs-title', 'class' => ''), $this->gettext('twofactor_gauthenticator') . ' - ' . $rcmail->user->data['username']) . -+ $out = html::tag('fieldset', array('class' => 'main'), html::tag('legend', array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('twofactor_gauthenticator')). html::tag('legend', array('id' => 'prefs-title'), $rcmail->user->data['username']). html::div(array('class' => 'settingsbox', 'style' => 'margin: 0;'), - html::div(array('class' => 'boxcontent'), $table->show() . - html::p(null, - $rcmail->output->button(array( - 'command' => 'plugin.twofactor_gauthenticator-save', -- 'type' => 'input', -- 'class' => 'button mainaction', -+ 'type' => 'button', -+ 'class' => 'button mainaction btn btn-primary submit', - 'label' => 'save' -- )) -+ ))."
" - - // button show/hide secret - //.'' -@@ -367,7 +397,9 @@ - .$html_check_code - ) - ) -- ); -+ )); -+ -+ - - // Construct the form - $rcmail->output->add_gui_object('twofactor_gauthenticatorform', 'twofactor_gauthenticator-form'); -@@ -378,8 +410,10 @@ - 'method' => 'post', - 'action' => './?_task=settings&_action=plugin.twofactor_gauthenticator-save', - ), $out); -+ -+ - -- $out = "
".$out."
"; -+ $out = "
".$out."
"; - - return $out; - } -@@ -428,7 +462,7 @@ - $user = $rcmail->user; - - $arr_prefs = $user->get_prefs(); -- return $arr_prefs['twofactor_gauthenticator'] ?? null; -+ return array_key_exists('twofactor_gauthenticator',$arr_prefs) ? $arr_prefs['twofactor_gauthenticator'] : []; - } - - // we can set array to NULL to remove -@@ -501,7 +535,13 @@ - $name = hash_hmac('md5', $rcmail->user->data['username'], $rcmail->config->get('des_key')); - - if ($set) { -- $expires = time() + 2592000; // 30 days from now -+ $daysInSeconds = intval($rcmail->config->get('save_device_xdays',true)); -+ if(is_numeric($daysInSeconds) && $daysInSeconds > 0){ -+ $daysInSeconds = $daysInSeconds * 86400; -+ }else{ -+ $daysInSeconds = 2592000; -+ } -+ $expires = time() + $daysInSeconds; // X days from now - $rand = mt_rand(); - $signature = hash_hmac('sha512', implode("\1\0\1", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE); - $plain_content = sprintf("%d:%d:%s", $expires, $rand, $signature); -@@ -521,7 +561,7 @@ - if ($plain_content !== false) { - $now = time(); - list($expires, $rand, $signature) = explode(':', $plain_content, 3); -- if ($expires > $now && ($expires - $now) <= 2592000) { -+ if ($expires > $now && ($expires - $now) <= $daysInSeconds) { - $signature_verification = hash_hmac('sha512', implode("\1\0\1", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE); - // constant time - $cmp = strlen($signature) ^ strlen($signature_verification); -@@ -541,8 +581,8 @@ - - - // log error into $_logs_file directory -- private function __logError() { -- file_put_contents(realpath(".").$this->_logs_file, date("Y-m-d H:i:s")."|".$_SERVER['HTTP_X_FORWARDED_FOR']."|".$_SERVER['REMOTE_ADDR']."\n", FILE_APPEND); -+ private function __logError($msg = '') { -+ file_put_contents($this->_log_dir.$this->_log_file, date("Y-m-d H:i:s")."|".$_SERVER['HTTP_X_FORWARDED_FOR']."|".$_SERVER['REMOTE_ADDR']."|".$msg."\n", FILE_APPEND); - } - - } -diff -ruN twofactor_gauthenticator_form.js.orig twofactor_gauthenticator_form.js ---- twofactor_gauthenticator_form.js.orig 2022-04-04 01:10:32.000000000 +0200 -+++ twofactor_gauthenticator_form.js 2022-08-26 10:13:19.460924000 +0200 -@@ -17,18 +17,28 @@ - var twoFactorCodeFieldType = 'text'; - - //twofactor input form -- var text = ''; -- text += ''; -- text += ''; -- text += ''; -- text += ''; -+ var text = ''; -+ text += ` -+ -+ -+ -+`; - -+ - // remember option -- if(rcmail.env.allow_save_device_30days){ -- text += ''; -- text += ''; -- text += ''; -- } -+ if(rcmail.env.allow_save_device_xdays){ -+ text += ` -+ -+ -+ -+ -+
-+ -+ -+
-+ -+ `; -+ } - - // create textbox - $('form > table > tbody:last').append(text); diff --git a/mail/roundcube-twofactor_gauthenticator/files/patch-twofactor__gauthenticator.php b/mail/roundcube-twofactor_gauthenticator/files/patch-twofactor__gauthenticator.php new file mode 100644 index 000000000000..18fc02145a41 --- /dev/null +++ b/mail/roundcube-twofactor_gauthenticator/files/patch-twofactor__gauthenticator.php @@ -0,0 +1,12 @@ +--- twofactor_gauthenticator.php.orig 2023-11-26 19:11:04 UTC ++++ twofactor_gauthenticator.php +@@ -20,7 +20,8 @@ class twofactor_gauthenticator extends rcube_plugin + private $_number_recovery_codes = 4; + + // relative to $config['log_dir'] +- private $_logs_file = 'log_errors_2FA.txt'; ++ private $_logs_file = 'log_errors_2FA.txt'; ++ private $_log_dir = '.'; + + function init() + { diff --git a/mail/roundcube-twofactor_gauthenticator/pkg-plist b/mail/roundcube-twofactor_gauthenticator/pkg-plist index ea141e9fd8be..72ea1835ffc8 100644 --- a/mail/roundcube-twofactor_gauthenticator/pkg-plist +++ b/mail/roundcube-twofactor_gauthenticator/pkg-plist @@ -1,46 +1,45 @@ %%WWWDIR%%/.gitignore %%WWWDIR%%/2FA_qr_code.js %%WWWDIR%%/CIDR.php %%WWWDIR%%/LICENSE %%WWWDIR%%/PHPGangsta/GoogleAuthenticator.php %%WWWDIR%%/README.md %%WWWDIR%%/ToDo %%WWWDIR%%/composer.json @sample %%WWWDIR%%/config.inc.php.sample %%WWWDIR%%/localization/cs_CZ.inc %%WWWDIR%%/localization/da_DK.inc %%WWWDIR%%/localization/de_DE.inc -%%WWWDIR%%/localization/en_UK.inc %%WWWDIR%%/localization/en_US.inc %%WWWDIR%%/localization/es_AR.inc %%WWWDIR%%/localization/es_ES.inc %%WWWDIR%%/localization/fr_FR.inc %%WWWDIR%%/localization/gl_ES.inc %%WWWDIR%%/localization/he_IL.inc %%WWWDIR%%/localization/hu_HU.inc %%WWWDIR%%/localization/it_IT.inc %%WWWDIR%%/localization/ja_JP.inc %%WWWDIR%%/localization/nb_NO.inc %%WWWDIR%%/localization/nl_NL.inc %%WWWDIR%%/localization/nn_NO.inc %%WWWDIR%%/localization/pl_PL.inc %%WWWDIR%%/localization/pt_BR.inc %%WWWDIR%%/localization/ru_RU.inc %%WWWDIR%%/localization/sk_SK.inc %%WWWDIR%%/localization/sv_SE.inc %%WWWDIR%%/qrcode.min.js %%WWWDIR%%/screenshots/001-login.png %%WWWDIR%%/screenshots/002-2steps.png %%WWWDIR%%/screenshots/003-settings_default.png %%WWWDIR%%/screenshots/004-settings_ok.png %%WWWDIR%%/screenshots/005-settings_qr_code.png %%WWWDIR%%/screenshots/006-recovery_codes.png %%WWWDIR%%/screenshots/007-check_code.png %%WWWDIR%%/screenshots/008-msg_infor_about_enrollment.png %%WWWDIR%%/screenshots/009-elastic_skin_start.png %%WWWDIR%%/screenshots/010-elastic_skin_config.png %%WWWDIR%%/screenshots/IMG_20160321_210439.jpg %%WWWDIR%%/screenshots/screen30days.png %%WWWDIR%%/twofactor_gauthenticator.js %%WWWDIR%%/twofactor_gauthenticator.php %%WWWDIR%%/twofactor_gauthenticator_form.js