mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 10:08:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix FLEXIAPI-138 Add ip and user_agent columns to all the tokens and code...

Browse source
This commit is contained in:
Timothée Jaussoin 2024-01-30 14:02:14 +00:00
parent 4035cbd0ab
commit 4a5d7b6aee
13 changed files with 130 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -2,8 +2,11 @@
v1.5
----
- Fix FLEXIAPI-138 Add ip and user_agent columns to all the tokens and code tables, fill the values when required and display them in the admin
- Fix FLEXIAPI-136 Refactor the Web Panel toggle mechanism and move it to a proper Middleware
- Fix FLEXIAPI-134 Add a system to detect and block abusive accounts
- Fix FLEXIAPI-133 Use the correct breadcrumb on create and fix a password
- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
- Fix #143 Ensure that the ProvisioningToken model behave likes all the other Consommable
- Fix #141 Add a new hook system for the Account Service
- Fix #138 Add a dictionary attached to the accounts
@ -13,8 +16,6 @@ v1.5
- Fix #133 Make the MySQL connection unstrict
- Fix #132 Move the provisioning_tokens and recovery_codes to dedicated table
- Fix #130 Drop the group column in the Accounts table
- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
- Fix FLEXIAPI-134 Add a system to detect and block abusive accounts
v1.4.4
------

10
flexiapi/app/Account.php
View file

@ -392,6 +392,11 @@ class Account extends Authenticatable
$recoveryCode = new RecoveryCode;
$recoveryCode->code = $code ?? generatePin();
$recoveryCode->account_id = $this->id;
if (request()) {
$recoveryCode->fillRequestInfo(request());
}
$recoveryCode->save();
return $recoveryCode->code;
@ -402,6 +407,11 @@ class Account extends Authenticatable
$provisioningToken = new ProvisioningToken;
$provisioningToken->token = $token ?? Str::random(WebAuthenticateController::$emailCodeSize);
$provisioningToken->account_id = $this->id;
if (request()) {
$provisioningToken->fillRequestInfo(request());
}
$provisioningToken->save();
return $provisioningToken->token;

3
flexiapi/app/AuthToken.php
View file

@ -4,9 +4,8 @@ namespace App;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class AuthToken extends Model
class AuthToken extends Consommable
{
use HasFactory;

7
flexiapi/app/Consommable.php
View file

@ -3,6 +3,7 @@
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
abstract class Consommable extends Model
{
@ -14,6 +15,12 @@ abstract class Consommable extends Model
$this->save();
}
public function fillRequestInfo(Request $request)
{
$this->ip = $request->ip();
$this->user_agent = $request->userAgent();
}
public function consumed(): bool
{
return $this->{$this->consommableAttribute} == null;

1
flexiapi/app/Http/Controllers/Account/AuthenticateController.php
View file

@ -91,6 +91,7 @@ class AuthenticateController extends Controller
if ($authToken == null) {
$authToken = new AuthToken;
$authToken->token = Str::random(32);
$authToken->fillRequestInfo($request);
$authToken->save();
return redirect()->route('account.authenticate.auth_token', ['token' => $authToken->token]);

3
flexiapi/app/Http/Controllers/Account/RecoveryController.php
View file

@ -137,8 +137,7 @@ class RecoveryController extends Controller
]);
}
$account->recovery_code = null;
$account->save();
$account->currentRecoveryCode->consume();
Auth::login($account);
return redirect()->route('account.password.update');

3
flexiapi/app/Http/Controllers/Api/Account/AuthTokenController.php
View file

@ -26,10 +26,11 @@ use Illuminate\Support\Str;
class AuthTokenController extends Controller
{
public function store()
public function store(Request $request)
{
$authToken = new AuthToken;
$authToken->token = Str::random(32);
$authToken->fillRequestInfo($request);
$authToken->save();
return $authToken;

2
flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
View file

@ -59,6 +59,7 @@ class CreationTokenController extends Controller
$token->pn_provider = $request->get('pn_provider');
$token->pn_param = $request->get('pn_param');
$token->pn_prid = $request->get('pn_prid');
$token->fillRequestInfo($request);
// Send the token to the device via Push Notification
$fp = new FlexisipPusherConnector($token->pn_provider, $token->pn_param, $token->pn_prid);
@ -88,6 +89,7 @@ class CreationTokenController extends Controller
if ($creationRequestToken && $creationRequestToken->validated_at != null) {
$accountCreationToken = new AccountCreationToken;
$accountCreationToken->token = Str::random(WebAuthenticateController::$emailCodeSize);
$accountCreationToken->fillRequestInfo($request);
$accountCreationToken->save();
$creationRequestToken->consume();

1
flexiapi/app/Http/Controllers/Api/Admin/AccountCreationTokenController.php
View file

@ -32,6 +32,7 @@ class AccountCreationTokenController extends Controller
{
$token = new AccountCreationToken;
$token->token = Str::random(WebAuthenticateController::$emailCodeSize);
$token->fillRequestInfo($request);
$token->save();
return $token;

1
flexiapi/app/RecoveryCode.php
View file

@ -3,7 +3,6 @@
namespace App;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class RecoveryCode extends Consommable
{

2
flexiapi/app/Services/AccountService.php
View file

@ -122,6 +122,7 @@ class AccountService
$phoneChangeCode->account_id = $account->id;
$phoneChangeCode->phone = $request->get('phone');
$phoneChangeCode->code = generatePin();
$phoneChangeCode->fillRequestInfo($request);
$phoneChangeCode->save();
Log::channel('events')->info('Account Service: Account phone change requested by SMS', ['id' => $account->identifier]);
@ -197,6 +198,7 @@ class AccountService
$emailChangeCode->account_id = $account->id;
$emailChangeCode->email = $request->get('email');
$emailChangeCode->code = generatePin();
$emailChangeCode->fillRequestInfo($request);
$emailChangeCode->save();
Log::channel('events')->info('Account Service: Account email change requested by email', ['id' => $account->identifier]);

84
flexiapi/database/migrations/2024_01_29_144458_add_ip_columns_to_tokens_and_keys_tables.php Normal file
View file

@ -0,0 +1,84 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up()
{
Schema::table('recovery_codes', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('phone_change_codes', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('email_change_codes', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('provisioning_tokens', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('auth_tokens', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('account_creation_tokens', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
Schema::table('account_creation_request_tokens', function (Blueprint $table) {
$table->string('ip')->nullable();
$table->string('user_agent')->nullable();
});
}
public function down()
{
Schema::table('recovery_codes', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('phone_change_codes', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('email_change_codes', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('provisioning_tokens', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('auth_tokens', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('account_creation_tokens', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
Schema::table('account_creation_request_tokens', function (Blueprint $table) {
$table->dropColumn('ip');
$table->dropColumn('user_agent');
});
}
};

16
flexiapi/resources/views/admin/account/activity/index.blade.php
View file

@ -21,6 +21,7 @@
<th>Recovery Codes</th>
<th>Created</th>
<th>Used</th>
<th>IP</th>
</tr>
</thead>
<tbody>
@ -33,6 +34,9 @@
<td>
{{ $recoveryCode->created_at != $recoveryCode->updated_at ? $recoveryCode->updated_at : '-' }}
</td>
<td title="{{ $recoveryCode->user_agent }}">
{{ $recoveryCode->ip ? $recoveryCode->ip : '-' }}
</td>
</tr>
@endforeach
</tbody>
@ -46,6 +50,7 @@
<th>Phone Change requests</th>
<th>Created</th>
<th>Used</th>
<th>IP</th>
</tr>
</thead>
<tbody>
@ -58,6 +63,9 @@
<td>
{{ $phoneChangeCode->created_at != $phoneChangeCode->updated_at ? $phoneChangeCode->updated_at : '-' }}
</td>
<td title="{{ $phoneChangeCode->user_agent }}">
{{ $phoneChangeCode->ip ? $phoneChangeCode->ip : '-' }}
</td>
</tr>
@endforeach
</tbody>
@ -71,6 +79,7 @@
<th>Email Change requests</th>
<th>Created</th>
<th>Used</th>
<th>IP</th>
</tr>
</thead>
<tbody>
@ -83,6 +92,9 @@
<td>
{{ $emailChangeCode->created_at != $emailChangeCode->updated_at ? $emailChangeCode->updated_at : '-' }}
</td>
<td title="{{ $emailChangeCode->user_agent }}">
{{ $emailChangeCode->ip ? $emailChangeCode->ip : '-' }}
</td>
</tr>
@endforeach
</tbody>
@ -96,6 +108,7 @@
<th>Provisioning Tokens</th>
<th>Created</th>
<th>Used</th>
<th>IP</th>
</tr>
</thead>
<tbody>
@ -108,6 +121,9 @@
<td>
{{ $provisioningToken->consumed() ? $provisioningToken->updated_at : '-' }}
</td>
<td title="{{ $provisioningToken->user_agent }}">
{{ $provisioningToken->ip ? $provisioningToken->ip : '-' }}
</td>
</tr>
@endforeach
</tbody>