Merge branch 'master' into admin-login

# Conflicts: # data/web/js/site/mailbox.js
2019-03-23 21:17:02 +01:00
parent 3d8a46357b 6a13609bf0
commit 7d2289c3a7
12 changed files with 63 additions and 31 deletions
--- a/data/web/inc/ajax/qr_gen.php
+++ b/data/web/inc/ajax/qr_gen.php
@@ -0,0 +1,13 @@
+<?php
+session_start();
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+header('Content-Type: text/plain');
+if (!isset($_SESSION['mailcow_cc_role'])) {
+	exit();
+}
+
+if (isset($_GET['token']) && ctype_alnum($_GET['token'])) {
+  echo $tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret);
+}
+
+?>
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -93,6 +93,15 @@ $(document).ready(function() {
    }
    if ($(this).val() == "totp") {
      $('#TOTPModal').modal('show');
+      request_token = $('#tfa-qr-img').data('totp-secret');
+      $.ajax({
+        url: '/inc/ajax/qr_gen.php',
+        data: {
+          token: request_token,
+        },
+      }).done(function (result) {
+        $("#tfa-qr-img").attr("src", result);
+      });
      $("option:selected").prop("selected", false);
    }
    if ($(this).val() == "u2f") {
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3714,7 +3714,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
      }
    break;
  }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
    update_sogo_static_view();
  }
 }
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -36,7 +36,8 @@ foreach ($css_dir as $css_file) {

 // U2F API + T/HOTP API
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
-$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL);
+$qrprovider = new RobThree\Auth\Providers\Qr\QRServerProvider();
+$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);

 // Redis
 $redis = new Redis();
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -169,7 +169,25 @@ $(document).ready(function() {
    // $("#active-script").closest('td').css('background-color','#b0f0a0');
    // $("#inactive-script").closest('td').css('background-color','#b0f0a0');
  // });
-
+  $('#addResourceModal').on('shown.bs.modal', function() {
+    $("#multiple_bookings").val($("#multiple_bookings_select").val());
+    if ($("#multiple_bookings").val() == "custom") {
+      $("#multiple_bookings_custom_div").show();
+      $("#multiple_bookings").val($("#multiple_bookings_custom").val());
+    }
+  })
+  $("#multiple_bookings_select").change(function() {
+    $("#multiple_bookings").val($("#multiple_bookings_select").val());
+    if ($("#multiple_bookings").val() == "custom") {
+      $("#multiple_bookings_custom_div").show();
+    }
+    else {
+      $("#multiple_bookings_custom_div").hide();
+    }
+  });
+  $("#multiple_bookings_custom").bind ("change keypress keyup blur", function () {
+    $("#multiple_bookings").val($("#multiple_bookings_custom").val());
+  });


 });
@@ -1000,4 +1018,4 @@ jQuery(function($){
  draw_tls_policy_table();
  draw_transport_maps_table();

-});
+});
--- a/data/web/modals/footer.php
+++ b/data/web/modals/footer.php
@@ -81,7 +81,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
          <ol>
            <li>
              <p><?=$lang['tfa']['scan_qr_code'];?></p>
-              <img src="<?=$tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret);?>">
+              <img id="tfa-qr-img" data-totp-secret="<?=$totp_secret;?>" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=">
              <p class="help-block"><?=$lang['tfa']['enter_qr_code'];?>:<br />
              <code><?=$totp_secret;?></code>
              </p>
--- a/data/web/modals/mailbox.php
+++ b/data/web/modals/mailbox.php
@@ -785,24 +785,3 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
    </div>
  </div>
 </div><!-- DNS info modal -->
-<script>
-$('#addResourceModal').on('shown.bs.modal', function() {
-  $("#multiple_bookings").val($("#multiple_bookings_select").val());
-  if ($("#multiple_bookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
-    $("#multiple_bookings").val($("#multiple_bookings_custom").val());
-  }
-})
-$("#multiple_bookings_select").change(function() {
-  $("#multiple_bookings").val($("#multiple_bookings_select").val());
-  if ($("#multiple_bookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
-  }
-  else {
-    $("#multiple_bookings_custom_div").hide();
-  }
-});
-$("#multiple_bookings_custom").bind ("change keypress keyup blur", function () {
-  $("#multiple_bookings").val($("#multiple_bookings_custom").val());
-});
-</script>