Skip to content

Commit

Permalink
3.1.2
Browse files Browse the repository at this point in the history 
Scrutinizer code review fixes
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Sep 8, 2024
1 parent d39f525 commit c923eb3
Show file tree
Hide file tree
Showing 8 changed files with 35 additions and 42 deletions.
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1724862801");
define('TP_VERSION_MINOR', '63');
define('TP_VERSION_MINOR', '64');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
10 changes: 5 additions & 5 deletions includes/tables_integrity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,19 @@
},
{
"table_name": "background_tasks",
"structure_hash": "ea6c9d60a1cf79a304c6a14222659d19f7211a50d9b74b4059bbe93bf10c5dfc"
"structure_hash": "6b7df0f2f0a2d37e6e2ee51f6bd4fef4304f08fa51024eb1eaebc2f9e0237115"
},
{
"table_name": "background_tasks_logs",
"structure_hash": "fee2924d79e4b81e5f3c6f9b756852c1c4bb315581c68103557d8216f30ed3af"
"structure_hash": "a712559a78127ef9a70b16250ccdaa42d2a96663ee8787096917728ac2ac3bb0"
},
{
"table_name": "cache",
"structure_hash": "0a93e028439f6b0767f083683e0b23c80e885624c800d9432195dd61daf4dc8d"
},
{
"table_name": "cache_tree",
"structure_hash": "4ac912df6bc26f62f277cb2bce22c9d8108af7a47d67c6a823adc9fc7185c0ed"
"structure_hash": "7efb5b1f13896e721918994daa29de092917b8e59e061c9d23441aa8fd7fa6c4"
},
{
"table_name": "categories",
Expand Down Expand Up @@ -97,11 +97,11 @@
},
{
"table_name": "log_items",
"structure_hash": "a0ea4a98e800a21d10f1d1f3f7415e7b7d13f8416005ed2edea89d65c8fb775c"
"structure_hash": "45a2b75f6a44cbeed8704acc7f78ef6439a15490795a5042744892f8b30dbf1d"
},
{
"table_name": "log_system",
"structure_hash": "c7ca1922e4407dc3c49c5d13780f6f28883caaa9fa776e8349a6372eb9667713"
"structure_hash": "6f595135ec27e16110e983207275ab0bcba82c3f6581a0fb1c69b86be656d2ed"
},
{
"table_name": "misc",
Expand Down
6 changes: 3 additions & 3 deletions sources/admin.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@

if (!empty($return)) {
// get a token
$token = GenerateCryptKey(20, false, true, true, false, true, $SETTINGS);
$token = GenerateCryptKey(20, false, true, true, false, true);

//save file
$filename = time() . '-' . $token . '.sql';
Expand Down Expand Up @@ -217,7 +217,7 @@
}

//generate 2d key
$session->set('user-key_tmp', GenerateCryptKey(20, false, true, true, false, true, $SETTINGS));
$session->set('user-key_tmp', GenerateCryptKey(20, false, true, true, false, true));

//update LOG
logEvents($SETTINGS, 'admin_action', 'dataBase backup', (string) $session->get('user-id'), $session->get('user-login'));
Expand Down Expand Up @@ -1633,7 +1633,7 @@
if (null !== $post_action && $post_action === 'add') {
// Generate KEY
require_once 'main.functions.php';
$key = GenerateCryptKey(39, false, true, true, false, true, $SETTINGS);
$key = GenerateCryptKey(39, false, true, true, false, true);

// Generate objectKey
//$object = doDataEncryption($key, SECUREFILE.':'.$timestamp);
Expand Down
4 changes: 2 additions & 2 deletions sources/backups.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@

if (empty($return) === false) {
// get a token
$token = GenerateCryptKey(20, false, true, true, false, true, $SETTINGS);
$token = GenerateCryptKey(20, false, true, true, false, true);

//save file
$filename = time() . '-' . $token . '.sql';
Expand Down Expand Up @@ -220,7 +220,7 @@
}

//generate 2d key
$session->set('user-key_tmp', GenerateCryptKey(16, false, true, true, false, true, $SETTINGS));
$session->set('user-key_tmp', GenerateCryptKey(16, false, true, true, false, true));

//update LOG
logEvents(
Expand Down
40 changes: 17 additions & 23 deletions sources/identify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2127,15 +2127,15 @@ class initialChecks {
public $login;

// Methods
public function get_is_too_much_attempts($attempts) {
public function isTooManyPasswordAttempts($attempts) {
if ($attempts > 30) {
throw new Exception(
"error"
);
}
}

public function get_user_info($login, $enable_ad_user_auto_creation, $oauth2_enabled) {
public function getUserInfo($login, $enable_ad_user_auto_creation, $oauth2_enabled) {
$session = SessionManager::getSession();

// Get user info from DB
Expand Down Expand Up @@ -2172,15 +2172,15 @@ public function get_user_info($login, $enable_ad_user_auto_creation, $oauth2_ena
return $data;
}

public function get_teampass_in_maintenance_mode($maintenance_mode, $user_admin) {
public function isMaintenanceModeEnabled($maintenance_mode, $user_admin) {
if ((int) $maintenance_mode === 1 && (int) $user_admin === 0) {
throw new Exception(
"error"
);
}
}

public function get_mfa_code_is_set(
public function is2faCodeRequired(
$yubico,
$ga,
$duo,
Expand Down Expand Up @@ -2209,7 +2209,7 @@ public function get_mfa_code_is_set(
}
}

public function get_install_folder_is_not_present($admin, $install_folder) {
public function isInstallFolderPresent($admin, $install_folder) {
if ((int) $admin === 1 && is_dir($install_folder) === true) {
throw new Exception(
"error"
Expand All @@ -2227,7 +2227,7 @@ public function get_install_folder_is_not_present($admin, $install_folder) {
* @param string $username
* @param integer $sessionAdmin
* @param string $sessionUrl
* @param string $user_2fa_selection
* @param string $user2faSelection
* @param boolean $oauth2Token
* @return array
*/
Expand All @@ -2237,25 +2237,23 @@ function identifyDoInitialChecks(
string $username,
int $sessionAdmin,
string $sessionUrl,
string $user_2fa_selection
string $user2faSelection
): array
{
$session = SessionManager::getSession();
$checks = new initialChecks();
$enable_ad_user_auto_creation = isset($SETTINGS['enable_ad_user_auto_creation']) === true && (int) $SETTINGS['enable_ad_user_auto_creation'] === 1 ? true : false;
$oauth2_enabled = isset($SETTINGS['oauth2_enabled']) === true && (int) $SETTINGS['oauth2_enabled'] === 1 ? true : false;
$enableAdUserAutoCreation = $settings['enable_ad_user_auto_creation'] ?? false;
$oauth2Enabled = $settings['oauth2_enabled'] ?? false;
$lang = new Language($session->get('user-language') ?? 'english');

// Brute force management
try {
$checks->get_is_too_much_attempts($sessionPwdAttempts);
$checks->isTooManyPasswordAttempts($sessionPwdAttempts);
} catch (Exception $e) {
$session->set('next_possible_pwd_attempts', (time() + 10));
$session->set('pwd_attempts', 0);
$session->set('userOauth2Info', '');

logEvents($SETTINGS, 'failed_auth', 'user_not_exists', '', stripslashes($username), stripslashes($username));

return [
'error' => true,
'array' => [
Expand All @@ -2268,10 +2266,9 @@ function identifyDoInitialChecks(
]
];
}

// Check if user exists
try {
$userInfo = $checks->get_user_info($username, $enable_ad_user_auto_creation, $oauth2_enabled);
$userInfo = $checks->getUserInfo($username, $enableAdUserAutoCreation, $oauth2Enabled);
} catch (Exception $e) {
logEvents($SETTINGS, 'failed_auth', 'user_not_exists', '', stripslashes($username), stripslashes($username));
return [
Expand All @@ -2289,7 +2286,7 @@ function identifyDoInitialChecks(

// Manage Maintenance mode
try {
$checks->get_teampass_in_maintenance_mode(
$checks->isMaintenanceModeEnabled(
$SETTINGS['maintenance_mode'],
$userInfo['admin']
);
Expand All @@ -2306,23 +2303,21 @@ function identifyDoInitialChecks(
]
];
}

// user should use MFA?
$userInfo['mfa_auth_requested_roles'] = mfa_auth_requested_roles(
(string) $userInfo['fonction_id'],
is_null($SETTINGS['mfa_for_roles']) === true ? '' : (string) $SETTINGS['mfa_for_roles']
);

// Check if 2FA code is requested
try {
$checks->get_mfa_code_is_set(
$checks->is2faCodeRequired(
$SETTINGS['yubico_authentication'],
$SETTINGS['google_authentication'],
$SETTINGS['duo'],
$userInfo['admin'],
$SETTINGS['admin_2fa_required'],
$userInfo['mfa_auth_requested_roles'],
$user_2fa_selection,
$user2faSelection,
$userInfo['mfa_enabled']
);
} catch (Exception $e) {
Expand All @@ -2338,11 +2333,10 @@ function identifyDoInitialChecks(
]
];
}

// If admin user then check if folder install exists
// if yes then refuse connection
try {
$checks->get_install_folder_is_not_present(
$checks->isInstallFolderPresent(
$userInfo['admin'],
'../install'
);
Expand All @@ -2363,7 +2357,7 @@ function identifyDoInitialChecks(
// Return some usefull information about user
return [
'error' => false,
'user_mfa_mode' => $user_2fa_selection,
'user_mfa_mode' => $user2faSelection,
'userInfo' => $userInfo,
];
}
Expand Down Expand Up @@ -2446,7 +2440,7 @@ function createOauth2User(
is_null($userInfo['givenname']) ? (is_null($userInfo['givenName']) ? '' : $userInfo['givenName']) : $userInfo['givenname'],
is_null($userInfo['surname']) ? '' : $userInfo['surname'],
'oauth2',
is_null($userInfo['groups']) ? '' : $userInfo['groups'],
is_null($userInfo['groups']) ? [] : $userInfo['groups'],
$SETTINGS
);

Expand Down
8 changes: 4 additions & 4 deletions sources/items.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2016,7 +2016,7 @@
}

// generate 2d key
$session->set('user-key_tmp', bin2hex(GenerateCryptKey(16, false, true, true, false, true, $SETTINGS)));
$session->set('user-key_tmp', bin2hex(GenerateCryptKey(16, false, true, true, false, true)));

// Send email
if (is_array($post_diffusion_list) === true && count($post_diffusion_list) > 0) {
Expand Down Expand Up @@ -3216,7 +3216,7 @@
// Get all expected data about this ITEM
} else {
// generate 2d key
$session->set('user-key_tmp', bin2hex(GenerateCryptKey(16, false, true, true, false, true, $SETTINGS)));
$session->set('user-key_tmp', bin2hex(GenerateCryptKey(16, false, true, true, false, true)));

// Prepare files listing
$attachments = [];
Expand Down Expand Up @@ -6134,8 +6134,8 @@
}

// generate session
$otv_code = GenerateCryptKey(32, false, true, true, false, true, $SETTINGS);
$otv_key = GenerateCryptKey(32, false, true, true, false, true, $SETTINGS);
$otv_code = GenerateCryptKey(32, false, true, true, false, true);
$otv_key = GenerateCryptKey(32, false, true, true, false, true);

// Generate Defuse key
$otv_user_code_encrypted = defuse_generate_personal_key($otv_key);
Expand Down
5 changes: 2 additions & 3 deletions sources/main.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -684,8 +684,7 @@ function systemHandler(string $post_type, array|null|string $dataReceived, array
null !== filter_input(INPUT_POST, 'numeric', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? filter_input(INPUT_POST, 'numeric', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false,
null !== filter_input(INPUT_POST, 'capital', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? filter_input(INPUT_POST, 'capital', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false,
null !== filter_input(INPUT_POST, 'symbols', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? filter_input(INPUT_POST, 'symbols', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false,
null !== filter_input(INPUT_POST, 'lowercase', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? filter_input(INPUT_POST, 'lowercase', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false,
$SETTINGS
null !== filter_input(INPUT_POST, 'lowercase', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? filter_input(INPUT_POST, 'lowercase', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false
);

// store in DB
Expand Down Expand Up @@ -1125,7 +1124,7 @@ function generateQRCode(
// generate new GA user code
$tfa = new TwoFactorAuth($SETTINGS['ga_website_name']);
$gaSecretKey = $tfa->createSecret();
$gaTemporaryCode = GenerateCryptKey(12, false, true, true, false, true, $SETTINGS);
$gaTemporaryCode = GenerateCryptKey(12, false, true, true, false, true);

DB::update(
prefixTable('users'),
Expand Down
2 changes: 1 addition & 1 deletion sources/upload.files.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@
}

// generate file name
$newFileName = bin2hex(GenerateCryptKey(16, false, true, true, false, true, $SETTINGS));
$newFileName = bin2hex(GenerateCryptKey(16, false, true, true, false, true));

if (
null !== ($post_type_upload)
Expand Down

0 comments on commit c923eb3

Please sign in to comment.