joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade dependencies: update robthree/twofactorauth to v3 and endroid/qr-code to v5; update TOTP integration (namespace, enum, QR provider) accordingly

Browse Source
This commit is contained in:
Ryan
2025-04-11 18:41:44 -04:00
committed by GitHub
parent 81a08ffd5b
commit 8553efabc1
6 changed files with 83 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -10,6 +10,9 @@
- Moved change password close button to the top right of the modal. - Moved change password close button to the top right of the modal.
- Updated upload regex pattern to be Unicodeenabled and added additional security measures. [(#19)](https://github.com/error311/FileRise/issues/19) - Updated upload regex pattern to be Unicodeenabled and added additional security measures. [(#19)](https://github.com/error311/FileRise/issues/19)
- Updated filename, folder, and username regex acceptance patterns. - Updated filename, folder, and username regex acceptance patterns.
- Updated robthree/twofactorauth to v3 and endroid/qr-code to v5
- Updated TOTP integration (namespace, enum, QR provider) accordingly
- Updated docker image from 22.04 to 24.04 <https://github.com/error311/filerise-docker>
--- ---

11
auth.php
View File

@@ -2,6 +2,9 @@
require_once 'vendor/autoload.php'; require_once 'vendor/autoload.php';
require_once 'config.php'; require_once 'config.php';
use RobThree\Auth\Algorithm;
use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
// Only send the Content-Type header; CORS and related headers are handled via .htaccess. // Only send the Content-Type header; CORS and related headers are handled via .htaccess.
header('Content-Type: application/json'); header('Content-Type: application/json');
@@ -197,7 +200,13 @@ if ($user !== false) {
]); ]);
exit(); exit();
} else { } else {
$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise'); $tfa = new \RobThree\Auth\TwoFactorAuth(
new GoogleChartsQrCodeProvider(), // QR code provider
'FileRise', // issuer
6, // number of digits
30, // period in seconds
Algorithm::Sha1 // Correct enum case name from your enum
);
$providedCode = trim($data['totp_code']); $providedCode = trim($data['totp_code']);
if (!$tfa->verifyCode($user['totp_secret'], $providedCode)) { if (!$tfa->verifyCode($user['totp_secret'], $providedCode)) {
echo json_encode(["error" => "Invalid TOTP code"]); echo json_encode(["error" => "Invalid TOTP code"]);

4
composer.json
View File

@@ -5,7 +5,7 @@
"require": { "require": {
"jumbojett/openid-connect-php": "^1.0.0", "jumbojett/openid-connect-php": "^1.0.0",
"phpseclib/phpseclib": "~3.0.7", "phpseclib/phpseclib": "~3.0.7",
"robthree/twofactorauth": "^1.7", "robthree/twofactorauth": "^3.0",
"endroid/qr-code": "^4.0" "endroid/qr-code": "^5.0"
} }
} }

74
composer.lock generated
View File

@@ -4,32 +4,32 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "c9857f23364f2280ef4b71cdc72d3f78", "content-hash": "6b70aec0c1830ebb2b8f9bb625b04a22",
"packages": [ "packages": [
{ {
"name": "bacon/bacon-qr-code", "name": "bacon/bacon-qr-code",
"version": "2.0.8", "version": "v3.0.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/Bacon/BaconQrCode.git", "url": "https://github.com/Bacon/BaconQrCode.git",
"reference": "8674e51bb65af933a5ffaf1c308a660387c35c22" "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/8674e51bb65af933a5ffaf1c308a660387c35c22", "url": "https://api.github.com/repos/Bacon/BaconQrCode/zipball/f9cc1f52b5a463062251d666761178dbdb6b544f",
"reference": "8674e51bb65af933a5ffaf1c308a660387c35c22", "reference": "f9cc1f52b5a463062251d666761178dbdb6b544f",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"dasprid/enum": "^1.0.3", "dasprid/enum": "^1.0.3",
"ext-iconv": "*", "ext-iconv": "*",
"php": "^7.1 || ^8.0" "php": "^8.1"
}, },
"require-dev": { "require-dev": {
"phly/keep-a-changelog": "^2.1", "phly/keep-a-changelog": "^2.12",
"phpunit/phpunit": "^7 | ^8 | ^9", "phpunit/phpunit": "^10.5.11 || 11.0.4",
"spatie/phpunit-snapshot-assertions": "^4.2.9", "spatie/phpunit-snapshot-assertions": "^5.1.5",
"squizlabs/php_codesniffer": "^3.4" "squizlabs/php_codesniffer": "^3.9"
}, },
"suggest": { "suggest": {
"ext-imagick": "to generate QR code images" "ext-imagick": "to generate QR code images"
@@ -56,9 +56,9 @@
"homepage": "https://github.com/Bacon/BaconQrCode", "homepage": "https://github.com/Bacon/BaconQrCode",
"support": { "support": {
"issues": "https://github.com/Bacon/BaconQrCode/issues", "issues": "https://github.com/Bacon/BaconQrCode/issues",
"source": "https://github.com/Bacon/BaconQrCode/tree/2.0.8" "source": "https://github.com/Bacon/BaconQrCode/tree/v3.0.1"
}, },
"time": "2022-12-07T17:46:57+00:00" "time": "2024-10-01T13:55:55+00:00"
}, },
{ {
"name": "dasprid/enum", "name": "dasprid/enum",
@@ -112,29 +112,26 @@
}, },
{ {
"name": "endroid/qr-code", "name": "endroid/qr-code",
"version": "4.8.5", "version": "5.1.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/endroid/qr-code.git", "url": "https://github.com/endroid/qr-code.git",
"reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77" "reference": "393fec6c4cbdc1bd65570ac9d245704428010122"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/endroid/qr-code/zipball/0db25b506a8411a5e1644ebaa67123a6eb7b6a77", "url": "https://api.github.com/repos/endroid/qr-code/zipball/393fec6c4cbdc1bd65570ac9d245704428010122",
"reference": "0db25b506a8411a5e1644ebaa67123a6eb7b6a77", "reference": "393fec6c4cbdc1bd65570ac9d245704428010122",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"bacon/bacon-qr-code": "^2.0.5", "bacon/bacon-qr-code": "^3.0",
"php": "^8.1" "php": "^8.1"
}, },
"conflict": {
"khanamiryan/qrcode-detector-decoder": "^1.0.6"
},
"require-dev": { "require-dev": {
"endroid/quality": "dev-master", "endroid/quality": "dev-main",
"ext-gd": "*", "ext-gd": "*",
"khanamiryan/qrcode-detector-decoder": "^1.0.4||^2.0.2", "khanamiryan/qrcode-detector-decoder": "^2.0.2",
"setasign/fpdf": "^1.8.2" "setasign/fpdf": "^1.8.2"
}, },
"suggest": { "suggest": {
@@ -146,7 +143,7 @@
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-master": "4.x-dev" "dev-main": "5.x-dev"
} }
}, },
"autoload": { "autoload": {
@@ -175,7 +172,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/endroid/qr-code/issues", "issues": "https://github.com/endroid/qr-code/issues",
"source": "https://github.com/endroid/qr-code/tree/4.8.5" "source": "https://github.com/endroid/qr-code/tree/5.1.0"
}, },
"funding": [ "funding": [
{ {
@@ -183,7 +180,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2023-09-29T14:03:20+00:00" "time": "2024-09-08T08:52:55+00:00"
}, },
{ {
"name": "jumbojett/openid-connect-php", "name": "jumbojett/openid-connect-php",
@@ -456,24 +453,25 @@
}, },
{ {
"name": "robthree/twofactorauth", "name": "robthree/twofactorauth",
"version": "1.8.2", "version": "v3.0.2",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/RobThree/TwoFactorAuth.git", "url": "https://github.com/RobThree/TwoFactorAuth.git",
"reference": "65681de5a324eae05140ac58b08648a60212afc0" "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/65681de5a324eae05140ac58b08648a60212afc0", "url": "https://api.github.com/repos/RobThree/TwoFactorAuth/zipball/6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
"reference": "65681de5a324eae05140ac58b08648a60212afc0", "reference": "6d70f9ca8e25568f163a7b3b3ff77bd8ea743978",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=5.6.0" "php": ">=8.2.0"
}, },
"require-dev": { "require-dev": {
"php-parallel-lint/php-parallel-lint": "^1.2", "friendsofphp/php-cs-fixer": "^3.13",
"phpunit/phpunit": "@stable" "phpstan/phpstan": "^1.9",
"phpunit/phpunit": "^9"
}, },
"suggest": { "suggest": {
"bacon/bacon-qr-code": "Needed for BaconQrCodeProvider provider", "bacon/bacon-qr-code": "Needed for BaconQrCodeProvider provider",
@@ -494,6 +492,16 @@
"name": "Rob Janssen", "name": "Rob Janssen",
"homepage": "http://robiii.me", "homepage": "http://robiii.me",
"role": "Developer" "role": "Developer"
},
{
"name": "Nicolas CARPi",
"homepage": "https://github.com/NicolasCARPi",
"role": "Developer"
},
{
"name": "Will Power",
"homepage": "https://github.com/willpower232",
"role": "Developer"
} }
], ],
"description": "Two Factor Authentication", "description": "Two Factor Authentication",
@@ -522,7 +530,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2022-03-22T16:11:07+00:00" "time": "2024-10-24T15:14:25+00:00"
} }
], ],
"packages-dev": [], "packages-dev": [],

16
totp_setup.php
View File

@@ -6,11 +6,8 @@ require_once 'config.php';
use Endroid\QrCode\Builder\Builder; use Endroid\QrCode\Builder\Builder;
use Endroid\QrCode\Writer\PngWriter; use Endroid\QrCode\Writer\PngWriter;
use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh; use RobThree\Auth\Algorithm;
use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
// For debugging purposes, you might enable error reporting temporarily:
// ini_set('display_errors', 1);
// error_reporting(E_ALL);
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) { if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
http_response_code(403); http_response_code(403);
@@ -108,7 +105,13 @@ function getGlobalOtpauthUrl() {
return ""; return "";
} }
$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise'); $tfa = new \RobThree\Auth\TwoFactorAuth(
new GoogleChartsQrCodeProvider(), // QR code provider
'FileRise', // issuer
6, // number of digits
30, // period in seconds
Algorithm::Sha1 // Correct enum case name from your enum
);
// Retrieve the current TOTP secret for the user. // Retrieve the current TOTP secret for the user.
$totpSecret = getUserTOTPSecret($username); $totpSecret = getUserTOTPSecret($username);
@@ -140,7 +143,6 @@ if (!empty($globalOtpauthUrl)) {
$result = Builder::create() $result = Builder::create()
->writer(new PngWriter()) ->writer(new PngWriter())
->data($otpauthUrl) ->data($otpauthUrl)
->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
->build(); ->build();
header('Content-Type: ' . $result->getMimeType()); header('Content-Type: ' . $result->getMimeType());

20
totp_verify.php
View File

@@ -8,6 +8,9 @@ require_once 'config.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
header("Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self';"); header("Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self';");
use RobThree\Auth\Algorithm;
use RobThree\Auth\Providers\Qr\GoogleChartsQrCodeProvider;
try { try {
// standardized error helper // standardized error helper
function respond($status, $code, $message, $data = []) { function respond($status, $code, $message, $data = []) {
@@ -71,7 +74,13 @@ try {
if (isset($_SESSION['pending_login_user'])) { if (isset($_SESSION['pending_login_user'])) {
$username = $_SESSION['pending_login_user']; $username = $_SESSION['pending_login_user'];
$totpSecret = $_SESSION['pending_login_secret']; $totpSecret = $_SESSION['pending_login_secret'];
$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise'); $tfa = new \RobThree\Auth\TwoFactorAuth(
new GoogleChartsQrCodeProvider(), // QR code provider
'FileRise', // issuer
6, // number of digits
30, // period in seconds
Algorithm::Sha1 // Correct enum case name from your enum
);
if (!$tfa->verifyCode($totpSecret, $code)) { if (!$tfa->verifyCode($totpSecret, $code)) {
$_SESSION['totp_failures']++; $_SESSION['totp_failures']++;
@@ -117,7 +126,14 @@ try {
respond('error', 500, 'TOTP secret not found. Please set up TOTP again.'); respond('error', 500, 'TOTP secret not found. Please set up TOTP again.');
} }
$tfa = new \RobThree\Auth\TwoFactorAuth('FileRise'); $tfa = new \RobThree\Auth\TwoFactorAuth(
new GoogleChartsQrCodeProvider(), // QR code provider
'FileRise', // issuer
6, // number of digits
30, // period in seconds
Algorithm::Sha1 // Correct enum case name from your enum
);
if (!$tfa->verifyCode($totpSecret, $code)) { if (!$tfa->verifyCode($totpSecret, $code)) {
$_SESSION['totp_failures']++; $_SESSION['totp_failures']++;
respond('error', 400, 'Invalid TOTP code'); respond('error', 400, 'Invalid TOTP code');