Merge branch '2558-two-factor-authentication' into 'develop'

Resolve "Two-factor authentication"

Closes #2558

See merge request ispconfig/ispconfig3!1575

Author: Marius Burkard

install/sql/incremental/upd_dev_collection.sql

@@ -0,0 +1 @@
+ALTER TABLE `sys_user` ADD `otp_type` SET('none', 'email') NOT NULL DEFAULT 'none' AFTER `lost_password_reqtime`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;

install/sql/ispconfig3.sql

@@ -1842,6 +1842,10 @@ CREATE TABLE `sys_user` (
   `lost_password_function` tinyint(1) NOT NULL default '1',
   `lost_password_hash` VARCHAR(50) NOT NULL default '',
   `lost_password_reqtime` DATETIME NULL default NULL,
+  `otp_type` set('none', 'email') NOT NULL DEFAULT 'none',
+  `otp_data` varchar(255) DEFAULT NULL,
+  `otp_recovery` varchar(64) DEFAULT NULL,
+  `otp_attempts` tinyint(4) NOT NULL DEFAULT 0,
   PRIMARY KEY  (`userid`)
 ) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 

interface/lib/app.inc.php

@@ -212,6 +212,12 @@ public function log($msg, $priority = 0) {
 		}
 	}
 
+	public function auth_log($msg) {
+		$authlog_handle = fopen($this->_conf['ispconfig_log_dir'].'/auth.log', 'a');
+		fwrite($authlog_handle, $msg . PHP_EOL);
+		fclose($authlog_handle);
+	}
+
 	/** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
 	public function error($msg, $next_link = '', $stop = true, $priority = 1) {
 		//$this->uses("error");

interface/web/admin/form/users.tform.php

@@ -94,6 +94,11 @@
 	}
 }
 
+$otp_method_list = array(
+	'none' => 'none',
+	'email' => 'email',
+);
+
 //* Load themes
 $themes_list = array();
 $handle = @opendir(ISPC_THEMES_PATH);
@@ -254,6 +259,25 @@
 			'rows'  => '',
 			'cols'  => ''
 		),
+		'otp_type' => array(
+				'datatype' => 'VARCHAR',
+				'formtype' => 'SELECT',
+				'validators' => array (  0 => array (    'type' => 'NOTEMPTY',
+						'errmsg'=> 'otp_auth_empty'),
+					1 => array (    'type' => 'REGEX',
+						'regex' => '/^[a-z0-9\_]{0,64}$/',
+						'errmsg'=> 'otp_auth_regex'),
+					),
+				'regex'  => '',
+				'errmsg' => '',
+				'default' => '',
+				'value'  => $otp_method_list,
+				'separator' => '',
+				'width'  => '30',
+				'maxlength' => '255',
+				'rows'  => '',
+				'cols'  => ''
+				),
 		'language' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'SELECT',

interface/web/admin/lib/lang/ar_users.lng

@@ -34,4 +34,5 @@ $wb['username_error_collision'] = 'The username may not be web or web plus a num
 $wb['client_not_admin_err'] = 'A user that belongs to a client can not be set to type: admin';
 $wb['lost_password_function_txt'] = 'Forgot password function is available';
 $wb['no_user_insert'] = 'CP-Users of type -user- get added and updated automatically when you add a client or reseller.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';
 ?>

interface/web/admin/lib/lang/bg_users.lng

@@ -34,4 +34,5 @@ $wb['username_error_collision'] = 'The username may not be web or web plus a num
 $wb['client_not_admin_err'] = 'A user that belongs to a client can not be set to type: admin';
 $wb['lost_password_function_txt'] = 'Forgot password function is available';
 $wb['no_user_insert'] = 'CP-Users of type -user- get added and updated automatically when you add a client or reseller.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';
 ?>

interface/web/admin/lib/lang/br_users.lng

@@ -38,3 +38,4 @@ $wb['startmodule_empty'] = 'O módulo inicial está vazio.';
 $wb['startmodule_regex'] = 'Caracteres inválidos no módulo inicial.';
 $wb['app_theme_empty'] = 'Tema está vazio.';
 $wb['app_theme_regex'] = 'Caracteres inválidos no tema.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';

interface/web/admin/lib/lang/ca_users.lng

@@ -34,4 +34,5 @@ $wb['username_error_collision'] = 'The username may not be web or web plus a num
 $wb['client_not_admin_err'] = 'A user that belongs to a client can not be set to type: admin';
 $wb['lost_password_function_txt'] = 'Forgot password function is available';
 $wb['no_user_insert'] = 'CP-Users of type -user- get added and updated automatically when you add a client or reseller.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';
 ?>

interface/web/admin/lib/lang/cz_users.lng

@@ -38,3 +38,4 @@ $wb['startmodule_empty'] = 'Startmodule empty.';
 $wb['startmodule_regex'] = 'Invalid chars in Startmodule.';
 $wb['app_theme_empty'] = 'App theme empty.';
 $wb['app_theme_regex'] = 'Invalid chars in App theme.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';

interface/web/admin/lib/lang/de_users.lng

@@ -34,4 +34,5 @@ $wb['username_error_collision'] = 'Der Benutzername darf nicht <b>web<b> oder <b
 $wb['client_not_admin_err'] = 'A user that belongs to a client can not be set to type: admin';
 $wb['lost_password_function_txt'] = 'Passwort vergessen Funktion steht zur Verfügung';
 $wb['no_user_insert'] = 'CP-Users of type -user- get added and updated automatically when you add a client or reseller.';
+$wb['otp_auth_txt'] = '2-Factor Authentication';
 ?>