Merge pull request #4489 from corentin-soriano/download_keys_password

Verify user password to download user keys.
nilsteampassnet · Nov 26, 2024 · 2d25840 · 2d25840
2 parents ad4e195 + 3d370fa
commit 2d25840
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 24 deletions.
diff --git a/pages/profile.js.php b/pages/profile.js.php
@@ -567,11 +567,20 @@ function(data) {
         event.preventDefault();
         $('#dialog-recovery-keys-download').removeClass('hidden');
 
+        // Default text on dialog box
+        let dialog_content = '<?php echo $lang->get('download_recovery_keys_confirmation'); ?>'
+
+        // Request authentication on local and ldap accounts
+        if (store.get('teampassUser').auth_type !== 'oauth2') {
+            dialog_content += '<br/><br/><?php echo $lang->get('confirm_password'); ?>' +
+                '<input type="password" placeholder="<?php echo $lang->get('password'); ?>" class="form-control" id="keys-download-confirm-pwd" />';
+        }
+
         // Prepare modal
         showModalDialogBox(
             '#warningModal',
             '<i class="fa-solid fa-user-shield fa-lg warning mr-2"></i><?php echo $lang->get('caution'); ?>',
-            '<?php echo $lang->get('download_recovery_keys_confirmation'); ?>',
+            dialog_content,
             '<?php echo $lang->get('download'); ?>',
             '<?php echo $lang->get('close'); ?>',
             false,
@@ -583,12 +592,25 @@ function(data) {
         $(document).on('click', '#warningModalButtonAction', function(event) {
             event.preventDefault();
 
+            // Ensure that a password is provided by user
+            const user_pasword = $('#keys-download-confirm-pwd').val() ?? '';
+            if (store.get('teampassUser').auth_type !== 'oauth2' && !user_pasword) {
+                toastr.remove();
+                toastr.error(
+                    '<?php echo $lang->get('password_cannot_be_empty'); ?>',
+                    '<?php echo $lang->get('caution'); ?>', {
+                        timeOut: 5000,
+                        progressBar: true
+                    }
+                );
+                return false;
+            }
+
             if (RequestOnGoing === true) {
                 return false;
             }
             RequestOnGoing = true;
 
-            // We have the password, start reencryption
             $('#warningModalButtonAction')
                 .addClass('disabled')
                 .html('<i class="fa-solid fa-spinner fa-spin"></i>');
@@ -598,12 +620,16 @@ function(data) {
             toastr.remove();
             toastr.info('<?php echo $lang->get('in_progress'); ?><i class="fa-solid fa-circle-notch fa-spin fa-2x ml-3"></i>');
 
+            let data = {
+                password: user_pasword,
+            };
             // Do query
             $.post(
                 "sources/main.queries.php", {
                     'type': "user_recovery_keys_download",
                     'type_category': 'action_key',
-                    'key': '<?php echo $session->get('key'); ?>'
+                    'key': '<?php echo $session->get('key'); ?>',
+                    'data': prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $session->get('key'); ?>"),
                 },
                 function(data) {
                     data = prepareExchangedData(data, "decode", "<?php echo $session->get('key'); ?>");
@@ -620,8 +646,11 @@ function(data) {
                         );
 
                         // Enable buttons
-                        $("#user-current-defuse-psk-progress").html('<?php echo $lang->get('provide_current_psk_and_click_launch'); ?>');
-                        $('#button_do_sharekeys_reencryption, #button_close_sharekeys_reencryption').removeAttr('disabled');
+                        $('#warningModalButtonAction')
+                            .removeClass('disabled')
+                            .html('<?php echo $lang->get('download'); ?>');
+                        RequestOnGoing = false;
+
                         return false;
                     } else {
                         $('#profile-keys_download-date').text(data.datetime);

diff --git a/pages/profile.php b/pages/profile.php
@@ -466,25 +466,6 @@
                                         </div>
                                     </div>
 
-                                    <?php
-                                    /*if (
-                                        isset($SETTINGS['agses_authentication_enabled']) === true
-                                        && (int) $SETTINGS['agses_authentication_enabled'] === 1
-                                    ) {
-                                        ?>
-                                        <div class="form-group">
-                                            <label class="col-sm-10 control-label"><?php echo $lang->get('user_profile_agses_card_id'); ?></label>
-                                            <div class="col-sm-10">
-                                                <input type="numeric" class="form-control" id="profile-user-agsescardid" placeholder="name@domain.com" value="<?php
-                                                if (isset($_SESSION['user_agsescardid']) === true) {
-                                                    echo $_SESSION['user_agsescardid'];
-                                                } ?>">
-                                            </div>
-                                        </div>
-                                    <?php
-                                    }*/
-                                    ?>
-
                                     <div class="form-group">
                                         <div class="row">
                                             <div class="col-sm-offset-2 col-sm-2">

diff --git a/sources/main.queries.php b/sources/main.queries.php
@@ -776,6 +776,31 @@ function keyHandler(string $post_type, /*php8 array|null|string */$dataReceived,
          * Launch user recovery download
          */
         case 'user_recovery_keys_download'://action_key
+            // Validate user password on local and LDAP accounts before download
+            if ($session->get('user-auth_type') !== 'oauth2') {
+                // Users passwords are html escaped
+                $userPassword = filter_var($dataReceived['password'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+                // Get current user hash
+                $userHash = DB::queryFirstRow(
+                    "SELECT pw FROM " . prefixtable('users') . " WHERE id = %i;",
+                    $session->get('user-id')
+                )['pw'];
+
+                $passwordManager = new PasswordManager();
+
+                // Verify provided user password
+                if (!$passwordManager->verifyPassword($userHash, $userPassword)) {
+                    return prepareExchangedData(
+                        array(
+                            'error' => true,
+                            'message' => $lang->get('error_bad_credentials'),
+                        ),
+                        'encode'
+                    );
+                }
+            }
+
             return handleUserRecoveryKeysDownload(
                 (int) $filtered_user_id,
                 (array) $SETTINGS,