Proyectos de Subversion Moodle

Rev

| Ultima modificación | Ver Log |

Rev Autor Línea Nro. Línea
1 efrain 1
<?php
2
// This file is part of Moodle - http://moodle.org/
3
//
4
// Moodle is free software: you can redistribute it and/or modify
5
// it under the terms of the GNU General Public License as published by
6
// the Free Software Foundation, either version 3 of the License, or
7
// (at your option) any later version.
8
//
9
// Moodle is distributed in the hope that it will be useful,
10
// but WITHOUT ANY WARRANTY; without even the implied warranty of
11
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
// GNU General Public License for more details.
13
//
14
// You should have received a copy of the GNU General Public License
15
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16
 
17
namespace factor_sms;
18
 
19
use moodle_url;
20
use stdClass;
21
use tool_mfa\local\factor\object_factor_base;
22
 
23
/**
24
 * SMS Factor implementation.
25
 *
26
 * @package     factor_sms
27
 * @subpackage  tool_mfa
28
 * @author      Peter Burnett <peterburnett@catalyst-au.net>
29
 * @copyright   Catalyst IT
30
 * @license     http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
31
 */
32
class factor extends object_factor_base {
33
 
34
    /** @var string Factor icon */
35
    protected $icon = 'fa-commenting-o';
36
 
37
    /**
38
     * Defines login form definition page for SMS Factor.
39
     *
40
     * @param \MoodleQuickForm $mform
41
     * @return \MoodleQuickForm $mform
42
     */
43
    public function login_form_definition(\MoodleQuickForm $mform): \MoodleQuickForm {
44
        $mform->addElement(new \tool_mfa\local\form\verification_field());
45
        $mform->setType('verificationcode', PARAM_ALPHANUM);
46
        return $mform;
47
    }
48
 
49
    /**
50
     * Defines login form definition page after form data has been set.
51
     *
52
     * @param \MoodleQuickForm $mform Form to inject global elements into.
53
     * @return \MoodleQuickForm $mform
54
     */
55
    public function login_form_definition_after_data(\MoodleQuickForm $mform): \MoodleQuickForm {
56
        $this->generate_and_sms_code();
57
 
58
        // Disable the form check prompt.
59
        $mform->disable_form_change_checker();
60
        return $mform;
61
    }
62
 
63
    /**
64
     * Implements login form validation for SMS Factor.
65
     *
66
     * @param array $data
67
     * @return array
68
     */
69
    public function login_form_validation(array $data): array {
70
        $return = [];
71
 
72
        if (!$this->check_verification_code($data['verificationcode'])) {
73
            $return['verificationcode'] = get_string('error:wrongverification', 'factor_sms');
74
        }
75
 
76
        return $return;
77
    }
78
 
79
    /**
80
     * Gets the string for setup button on preferences page.
81
     *
82
     * @return string
83
     */
84
    public function get_setup_string(): string {
85
        return get_string('setupfactorbutton', 'factor_sms');
86
    }
87
 
88
    /**
89
     * Gets the string for manage button on preferences page.
90
     *
91
     * @return string
92
     */
93
    public function get_manage_string(): string {
94
        return get_string('managefactorbutton', 'factor_sms');
95
    }
96
 
97
    /**
98
     * Defines setup_factor form definition page for SMS Factor.
99
     *
100
     * @param \MoodleQuickForm $mform
101
     * @return \MoodleQuickForm $mform
102
     */
103
    public function setup_factor_form_definition(\MoodleQuickForm $mform): \MoodleQuickForm {
104
        global $OUTPUT, $USER, $DB;
105
 
106
        if (!empty(
107
            $phonenumber = $DB->get_field('tool_mfa', 'label', ['factor' => $this->name, 'userid' => $USER->id, 'revoked' => 0])
108
        )) {
109
            redirect(
110
                new \moodle_url('/admin/tool/mfa/user_preferences.php'),
111
                get_string('factorsetup', 'tool_mfa', $phonenumber),
112
                null,
113
                \core\output\notification::NOTIFY_SUCCESS);
114
        }
115
 
116
        $mform->addElement('html', $OUTPUT->heading(get_string('setupfactor', 'factor_sms'), 2));
117
 
118
        if (empty($this->get_phonenumber())) {
119
            $mform->addElement('hidden', 'verificationcode', 0);
120
            $mform->setType('verificationcode', PARAM_ALPHANUM);
121
 
122
            // Add field for phone number setup.
123
            $mform->addElement('text', 'phonenumber', get_string('addnumber', 'factor_sms'),
124
                [
125
                    'autocomplete' => 'tel',
126
                    'inputmode' => 'tel',
127
                ]);
128
            $mform->setType('phonenumber', PARAM_TEXT);
129
 
130
            // HTML to display a message about the phone number.
131
            $message = \html_writer::tag('div', '', ['class' => 'col-md-3']);
132
            $message .= \html_writer::tag(
133
                'div', \html_writer::tag('p', get_string('phonehelp', 'factor_sms')), ['class' => 'col-md-9']);
134
            $mform->addElement('html', \html_writer::tag('div', $message, ['class' => 'row']));
135
        }
136
 
137
        return $mform;
138
    }
139
 
140
    /**
141
     * Defines setup_factor form definition page after form data has been set.
142
     *
143
     * @param \MoodleQuickForm $mform
144
     * @return \MoodleQuickForm $mform
145
     */
146
    public function setup_factor_form_definition_after_data(\MoodleQuickForm $mform): \MoodleQuickForm {
147
        global $OUTPUT;
148
 
149
        $phonenumber = $this->get_phonenumber();
150
        if (empty($phonenumber)) {
151
            return $mform;
152
        }
153
 
154
        $duration = get_config('factor_sms', 'duration');
155
        $code = $this->secretmanager->create_secret($duration, true);
156
        if (!empty($code)) {
157
            $this->sms_verification_code($code, $phonenumber);
158
        }
159
        $message = get_string('logindesc', 'factor_sms', '<b>' . $phonenumber . '</b><br/>');
160
        $message .= get_string('editphonenumberinfo', 'factor_sms');
161
        $mform->addElement('html', \html_writer::tag('p', $OUTPUT->notification($message, 'success')));
162
 
163
        $mform->addElement(new \tool_mfa\local\form\verification_field());
164
        $mform->setType('verificationcode', PARAM_ALPHANUM);
165
 
166
        $editphonenumber = \html_writer::link(
167
            new \moodle_url('/admin/tool/mfa/factor/sms/editphonenumber.php', ['sesskey' => sesskey()]),
168
            get_string('editphonenumber', 'factor_sms'),
169
            ['class' => 'btn btn-secondary', 'type' => 'button']);
170
 
171
        $mform->addElement('html', \html_writer::tag('div', $editphonenumber, ['class' => 'float-sm-left col-md-4']));
172
 
173
        // Disable the form check prompt.
174
        $mform->disable_form_change_checker();
175
 
176
        return $mform;
177
    }
178
 
179
    /**
180
     * Returns the phone number from the current session or from the user profile data.
181
     * @return string|null
182
     */
183
    private function get_phonenumber(): ?string {
184
        global $SESSION, $USER, $DB;
185
 
186
        if (!empty($SESSION->tool_mfa_sms_number)) {
187
            return $SESSION->tool_mfa_sms_number;
188
        }
189
        $phonenumber = $DB->get_field('tool_mfa', 'label', ['factor' => $this->name, 'userid' => $USER->id, 'revoked' => 0]);
190
        if (!empty($phonenumber)) {
191
            return $phonenumber;
192
        }
193
 
194
        return null;
195
    }
196
 
197
    /**
198
     * Returns an array of errors, where array key = field id and array value = error text.
199
     *
200
     * @param array $data
201
     * @return array
202
     */
203
    public function setup_factor_form_validation(array $data): array {
204
        $errors = [];
205
 
206
        // Phone number validation.
207
        if (!empty($data["phonenumber"]) && empty(helper::is_valid_phonenumber($data["phonenumber"]))) {
208
            $errors['phonenumber'] = get_string('error:wrongphonenumber', 'factor_sms');
209
 
210
        } else if (!empty($this->get_phonenumber())) {
211
            // Code validation.
212
            if (empty($data["verificationcode"])) {
213
                $errors['verificationcode'] = get_string('error:emptyverification', 'factor_sms');
214
            } else if ($this->secretmanager->validate_secret($data['verificationcode']) !== $this->secretmanager::VALID) {
215
                $errors['verificationcode'] = get_string('error:wrongverification', 'factor_sms');
216
            }
217
        }
218
 
219
        return $errors;
220
    }
221
 
222
    /**
223
     * Reset values of the session data of the given factor.
224
     *
225
     * @param int $factorid
226
     * @return void
227
     */
228
    public function setup_factor_form_is_cancelled(int $factorid): void {
229
        global $SESSION;
230
        if (!empty($SESSION->tool_mfa_sms_number)) {
231
            unset($SESSION->tool_mfa_sms_number);
232
        }
233
        // Clean temp secrets code.
234
        $secretmanager = new \tool_mfa\local\secret_manager('sms');
235
        $secretmanager->cleanup_temp_secrets();
236
    }
237
 
238
    /**
239
     * Setup submit button string in given factor
240
     *
241
     * @return string|null
242
     */
243
    public function setup_factor_form_submit_button_string(): ?string {
244
        global $SESSION;
245
        if (!empty($SESSION->tool_mfa_sms_number)) {
246
            return get_string('setupsubmitcode', 'factor_sms');
247
        }
248
        return get_string('setupsubmitphone', 'factor_sms');
249
    }
250
 
251
    /**
252
     * Adds an instance of the factor for a user, from form data.
253
     *
254
     * @param stdClass $data
255
     * @return stdClass|null the factor record, or null.
256
     */
257
    public function setup_user_factor(stdClass $data): ?stdClass {
258
        global $DB, $SESSION, $USER;
259
 
260
        // Handle phone number submission.
261
        if (empty($SESSION->tool_mfa_sms_number)) {
262
            $SESSION->tool_mfa_sms_number = !empty($data->phonenumber) ? $data->phonenumber : '';
263
 
264
            $addurl = new \moodle_url('/admin/tool/mfa/action.php', [
265
                'action' => 'setup',
266
                'factor' => 'sms',
267
            ]);
268
            redirect($addurl);
269
        }
270
 
271
        // If the user somehow gets here through form resubmission.
272
        // We dont want two phones active.
273
        if ($DB->record_exists('tool_mfa', ['userid' => $USER->id, 'factor' => $this->name, 'revoked' => 0])) {
274
            return null;
275
        }
276
 
277
        $time = time();
278
        $label = $this->get_phonenumber();
279
 
280
        $row = new \stdClass();
281
        $row->userid = $USER->id;
282
        $row->factor = $this->name;
283
        $row->secret = '';
284
        $row->label = $label;
285
        $row->timecreated = $time;
286
        $row->createdfromip = $USER->lastip;
287
        $row->timemodified = $time;
288
        $row->lastverified = $time;
289
        $row->revoked = 0;
290
 
291
        $id = $DB->insert_record('tool_mfa', $row);
292
        $record = $DB->get_record('tool_mfa', ['id' => $id]);
293
        $this->create_event_after_factor_setup($USER);
294
 
295
        // Remove session phone number.
296
        unset($SESSION->tool_mfa_sms_number);
297
 
298
        return $record;
299
    }
300
 
301
    /**
302
     * Returns an array of all user factors of given type.
303
     *
304
     * @param stdClass $user the user to check against.
305
     * @return array
306
     */
307
    public function get_all_user_factors(stdClass $user): array {
308
        global $DB;
309
 
310
        $sql = 'SELECT *
311
                  FROM {tool_mfa}
312
                 WHERE userid = ?
313
                   AND factor = ?
314
                   AND label IS NOT NULL
315
                   AND revoked = 0';
316
 
317
        return $DB->get_records_sql($sql, [$user->id, $this->name]);
318
    }
319
 
320
    /**
321
     * Returns the information about factor availability.
322
     *
323
     * @return bool
324
     */
325
    public function is_enabled(): bool {
326
        if (empty(get_config('factor_sms', 'gateway'))) {
327
            return false;
328
        }
329
 
330
        $class = '\factor_sms\local\smsgateway\\' . get_config('factor_sms', 'gateway');
331
        if (!call_user_func($class . '::is_gateway_enabled')) {
332
            return false;
333
        }
334
        return parent::is_enabled();
335
    }
336
 
337
    /**
338
     * Decides if a factor requires input from the user to verify.
339
     *
340
     * @return bool
341
     */
342
    public function has_input(): bool {
343
        return true;
344
    }
345
 
346
    /**
347
     * Decides if factor needs to be setup by user and has setup_form.
348
     *
349
     * @return bool
350
     */
351
    public function has_setup(): bool {
352
        return true;
353
    }
354
 
355
    /**
356
     * Decides if the setup buttons should be shown on the preferences page.
357
     *
358
     * @return bool
359
     */
360
    public function show_setup_buttons(): bool {
361
        return true;
362
    }
363
 
364
    /**
365
     * Returns true if factor class has factor records that might be revoked.
366
     * It means that user can revoke factor record from their profile.
367
     *
368
     * @return bool
369
     */
370
    public function has_revoke(): bool {
371
        return true;
372
    }
373
 
374
    /**
375
     * Generates and sms' the code for login to the user, stores codes in DB.
376
     *
377
     * @return int|null the instance ID being used.
378
     */
379
    private function generate_and_sms_code(): ?int {
380
        global $DB, $USER;
381
 
382
        $duration = get_config('factor_sms', 'duration');
383
        $instance = $DB->get_record('tool_mfa', ['factor' => $this->name, 'userid' => $USER->id, 'revoked' => 0]);
384
        if (empty($instance)) {
385
            return null;
386
        }
387
        $secret = $this->secretmanager->create_secret($duration, false);
388
        // There is a new code that needs to be sent.
389
        if (!empty($secret)) {
390
            // Grab the singleton SMS record.
391
            $this->sms_verification_code($secret, $instance->label);
392
        }
393
        return $instance->id;
394
    }
395
 
396
    /**
397
     * This function sends an SMS code to the user based on the phonenumber provided.
398
     *
399
     * @param int $secret the secret to send.
400
     * @param string|null $phonenumber the phonenumber to send the verification code to.
401
     * @return void
402
     */
403
    private function sms_verification_code(int $secret, ?string $phonenumber): void {
404
        global $CFG, $SITE;
405
 
406
        // Here we should get the information, then construct the message.
407
        $url = new moodle_url($CFG->wwwroot);
408
        $content = [
409
            'fullname' => $SITE->fullname,
410
            'url' => $url->get_host(),
411
            'code' => $secret,
412
        ];
413
        $message = get_string('smsstring', 'factor_sms', $content);
414
 
415
        $class = '\factor_sms\local\smsgateway\\' . get_config('factor_sms', 'gateway');
416
        $gateway = new $class();
417
        $gateway->send_sms_message($message, $phonenumber);
418
    }
419
 
420
    /**
421
     * Verifies entered code against stored DB record.
422
     *
423
     * @param string $enteredcode
424
     * @return bool
425
     */
426
    private function check_verification_code(string $enteredcode): bool {
427
        return ($this->secretmanager->validate_secret($enteredcode) === \tool_mfa\local\secret_manager::VALID) ? true : false;
428
    }
429
 
430
    /**
431
     * Returns all possible states for a user.
432
     *
433
     * @param \stdClass $user
434
     */
435
    public function possible_states(\stdClass $user): array {
436
        return [
437
            \tool_mfa\plugininfo\factor::STATE_PASS,
438
            \tool_mfa\plugininfo\factor::STATE_NEUTRAL,
439
            \tool_mfa\plugininfo\factor::STATE_FAIL,
440
            \tool_mfa\plugininfo\factor::STATE_UNKNOWN,
441
        ];
442
    }
443
 
444
    /**
445
     * Get the login description associated with this factor.
446
     * Override for factors that have a user input.
447
     *
448
     * @return string The login option.
449
     */
450
    public function get_login_desc(): string {
451
 
452
        $phonenumber = $this->get_phonenumber();
453
 
454
        if (empty($phonenumber)) {
455
            return get_string('errorsmssent', 'factor_sms');
456
        } else {
457
            return get_string('logindesc', 'factor_' . $this->name, $phonenumber);
458
        }
459
    }
460
}