From 9c45544961071884cbf77bd79fe7679cc8a46da5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <christopher@dieschittigs.de>
Date: Thu, 4 Jan 2018 16:01:30 +0100
Subject: [PATCH] Add translation, backend templates and authentication logic

---
 .../classes/TwoFactorAuthentication.php       | 27 +++++++
 .../contao/classes/TwoFactorWidget.php        | 51 ++++++++++++++
 src/Resources/contao/languages/de/modules.php |  7 ++
 src/Resources/contao/languages/de/tl_user.php |  4 ++
 .../contao/templates/be_2fa_field.html5       | 32 +++++++++
 .../contao/templates/be_2fa_loginform.html5   | 70 +++++++++++++++++++
 6 files changed, 191 insertions(+)
 create mode 100644 src/Resources/contao/classes/TwoFactorAuthentication.php
 create mode 100644 src/Resources/contao/classes/TwoFactorWidget.php
 create mode 100644 src/Resources/contao/languages/de/modules.php
 create mode 100644 src/Resources/contao/languages/de/tl_user.php
 create mode 100644 src/Resources/contao/templates/be_2fa_field.html5
 create mode 100644 src/Resources/contao/templates/be_2fa_loginform.html5

diff --git a/src/Resources/contao/classes/TwoFactorAuthentication.php b/src/Resources/contao/classes/TwoFactorAuthentication.php
new file mode 100644
index 0000000..6930aeb
--- /dev/null
+++ b/src/Resources/contao/classes/TwoFactorAuthentication.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Contao;
+
+use RobThree\Auth\TwoFactorAuth;
+
+class TwoFactorAuthentication extends \Backend
+{
+    public function __construct()
+    {
+        $this->import('BackendUser', 'user');
+
+        parent::__construct();
+    }
+
+    public static function generateAuthenticator()
+    {
+        $title = $GLOBALS['TL_CONFIG']['websiteTitle'];
+        return new TwoFactorAuth($title);
+    }
+
+    public static function verifyCode($secret, $code)
+    {
+        $auth = self::generateAuthenticator();
+        return $auth->verifyCode($secret, $code);
+    }
+}
\ No newline at end of file
diff --git a/src/Resources/contao/classes/TwoFactorWidget.php b/src/Resources/contao/classes/TwoFactorWidget.php
new file mode 100644
index 0000000..62e168f
--- /dev/null
+++ b/src/Resources/contao/classes/TwoFactorWidget.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace Contao;
+
+use RobThree\Auth\TwoFactorAuth;
+
+class TwoFactorWidget extends \Widget
+{
+	/**
+	 * Submit user input
+	 * @var boolean
+	 */
+    protected $blnSubmitInput = true;
+    
+    protected $strTemplate = 'be_2fa_field';
+
+    public function __construct($arrAttributes = null)
+    {
+        $this->import('BackendUser', 'user');
+
+        parent::__construct($arrAttributes);
+    }
+
+    protected function validator($secret)
+    {
+        $code = $this->Input->post('tfaToken');
+
+        if (!TwoFactorAuthentication::verifyCode($secret, $code)) {
+            $this->addError($GLOBALS['TL_LANG']['tl_user']['tfa_exception_invalid']);
+        }
+
+        return parent::validator($secret);
+    }
+
+    public function parse()
+    {
+        $auth = TwoFactorAuthentication::generateAuthenticator();
+
+        // Only create a new secret, if it isn't already set.
+        $this->secret = $this->value ? $this->value : $auth->createSecret();
+        $this->imageUrl = $auth->getQrCodeImageAsDataUri($this->user->email, $this->secret, 200);
+        $this->tfaEnabled = (bool) $this->value;
+
+        return parent::parse();
+    }
+
+    public function generate()
+    {
+        return $this->parse();
+    }
+}
\ No newline at end of file
diff --git a/src/Resources/contao/languages/de/modules.php b/src/Resources/contao/languages/de/modules.php
new file mode 100644
index 0000000..b1ea542
--- /dev/null
+++ b/src/Resources/contao/languages/de/modules.php
@@ -0,0 +1,7 @@
+<?php
+
+$GLOBALS['TL_LANG']['MOD']['tfa_explanation'] = 'Um die Zwei-Faktor-Authentifizierung für Ihren Account zu aktivieren, scannen Sie bitte diesen QR-Code mit einer kompatiblen App wie dem <strong>Google Authenticator</strong> (verfügbar für iOS und Android) und geben Sie danach den generierten Code ein.';
+$GLOBALS['TL_LANG']['MOD']['tfa_activated'] = 'Sie haben die Zwei-Faktor-Authentifizierung bereits aktiviert. Bitte halten Sie Ihre Authenticator-App bereit, wenn Sie sich zukünftig in Contao einloggen.';
+$GLOBALS['TL_LANG']['MOD']['tfa_token'] = 'Von App generierter Code';
+
+$GLOBALS['TL_LANG']['MSC']['abort'] = 'Abbrechen';
\ No newline at end of file
diff --git a/src/Resources/contao/languages/de/tl_user.php b/src/Resources/contao/languages/de/tl_user.php
new file mode 100644
index 0000000..2f435cd
--- /dev/null
+++ b/src/Resources/contao/languages/de/tl_user.php
@@ -0,0 +1,4 @@
+<?php
+
+$GLOBALS['TL_LANG']['tl_user']['tfa_title'] = 'Zwei-Faktor-Authentifizierung';
+$GLOBALS['TL_LANG']['tl_user']['tfa_exception_invalid'] = 'Der eingegebene Code ist nicht gültig.';
\ No newline at end of file
diff --git a/src/Resources/contao/templates/be_2fa_field.html5 b/src/Resources/contao/templates/be_2fa_field.html5
new file mode 100644
index 0000000..2ee4724
--- /dev/null
+++ b/src/Resources/contao/templates/be_2fa_field.html5
@@ -0,0 +1,32 @@
+<div>
+    <div class="widget">
+        <?php if ($this->tfaEnabled): ?>
+            <p class="tl_info"><?= $GLOBALS['TL_LANG']['MOD']['tfa_activated']; ?></p>
+
+            <div class="w50 widget cbx">
+                <div id="ctrl_useCE" class="tl_checkbox_single_container"><input type="hidden" name="useCE" value=""><input type="checkbox" name="useCE" id="opt_useCE_0" class="tl_checkbox" value="1" checked="" onfocus="Backend.getScrollOffset()"> <label for="opt_useCE_0">Zwei-Faktor-Authentifizierung deaktivieren</label></div>
+                <p class="tl_help tl_tip" title="">Zur Bestätigung bitte rechts den aktuellen Code eingeben.</p>
+            </div>
+        <?php else: ?>
+            <p class="tl_info"><?= $GLOBALS['TL_LANG']['MOD']['tfa_explanation']; ?></p>
+
+            <div class="w50" style="height:auto;text-align:center;">
+                <img src="<?= $this->imageUrl ?>">
+                <input type="hidden" name="tfaSecret" value="<?= $this->secret ?>">
+            </div>
+        <?php endif; ?>
+
+        <div class="w50">
+            <h3>
+                <label for="ctrl_tfa_token" <?php if ($this->hasErrors()): ?> class="error"<?php endif; ?>>
+                    <?= $GLOBALS['TL_LANG']['MOD']['tfa_token']; ?>
+                </label>
+            </h3>
+            <input class="tl_text" id="ctrl_tfa_token" name="tfaToken">
+            <?php if ($this->hasErrors()): ?>
+                <p class="tl_error tl_tip" title><?= $this->getErrorAsString() ?></p>
+            <?php endif; ?>
+        </div>
+    </div>
+
+</div>
\ No newline at end of file
diff --git a/src/Resources/contao/templates/be_2fa_loginform.html5 b/src/Resources/contao/templates/be_2fa_loginform.html5
new file mode 100644
index 0000000..46b0efb
--- /dev/null
+++ b/src/Resources/contao/templates/be_2fa_loginform.html5
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<html lang="<?= $this->language ?>">
+<head>
+
+  <meta charset="<?= $this->charset ?>">
+  <title><?= $this->title ?> - Contao Open Source CMS</title>
+  <base href="<?= $this->base ?>">
+  <meta name="generator" content="Contao Open Source CMS">
+  <meta name="viewport" content="width=device-width,initial-scale=1.0,shrink-to-fit=no">
+  <meta name="referrer" content="origin">
+  <meta name="robots" content="noindex,follow">
+
+  <link rel="stylesheet" href="<?php
+    $objCombiner = new Combiner();
+    $objCombiner->add('system/themes/'. $this->theme .'/fonts.css');
+    $objCombiner->add('system/themes/'. $this->theme .'/basic.css');
+    $objCombiner->add('system/themes/'. $this->theme .'/login.css');
+    echo $objCombiner->getCombinedFile();
+  ?>">
+  <?= $this->stylesheets ?>
+
+  <script><?= $this->getLocaleString() ?></script>
+  <script src="<?php
+    $objCombiner = new Combiner();
+    $objCombiner->add('assets/mootools/js/mootools.min.js');
+    $objCombiner->add('bundles/contaocore/mootao.min.js');
+    $objCombiner->add('bundles/contaocore/core.min.js');
+    echo $objCombiner->getCombinedFile();
+  ?>"></script>
+  <script><?= $this->getDateString() ?></script>
+  <?= $this->javascripts ?>
+
+</head>
+<body class="<?= $this->ua ?>">
+
+  <div id="container" class="cf">
+    <main id="main">
+      <form action="<?= $this->action ?>" class="tl_login_form" method="post">
+        <div class="formbody">
+          <input type="hidden" name="FORM_SUBMIT" value="tl_login">
+          <input type="hidden" name="REQUEST_TOKEN" value="<?= REQUEST_TOKEN ?>">
+          <h1><?= $this->headline ?></h1>
+          <div class="widget">
+            <input type="text" name="2fa_code" id="2fa_code" class="tl_text" value="<?= $this->curUsername ?>" autocapitalize="off" placeholder="<?= $this->f2a_code ?>" required>
+          </div>
+          <div class="submit_container cf">
+            <button type="submit" name="login" id="login" class="tl_submit"><?= $this->loginButton ?></button>
+            <a href="<?= $this->route('contao_backend_logout') ?>" class="footer_preview"><?= $this->feLink ?> ›</a>
+          </div>
+        </div>
+      </form>
+    </main>
+    <?= $this->messages ?>
+  </div>
+
+  <div class="tl_info" id="javascript">
+    <?= $this->jsDisabled ?>
+  </div>
+
+  <script>
+    window.addEvent('domready', function() {
+      if (parent.frames[0] && parent.frames[0].name == 'switch') {
+        parent.location.reload();
+      }
+      $('2fa_code').focus();
+    });
+  </script>
+
+</body>
+</html>
\ No newline at end of file