Skip to content
This repository has been archived by the owner on Nov 2, 2020. It is now read-only.

Commit

Permalink
feat(Auth/Login): Add full Advanced Options support
Browse files Browse the repository at this point in the history
1. Add config key 'security.auto_logout', 'security.secure_login', 'security.ssl_login'
which means `0 - disable -> 'disabled' ; 1 - option -> '' ; 2 - force -> 'checked disabled'`
2. Add noscript and nocookie check
  • Loading branch information
Rhilip committed Aug 10, 2019
1 parent bf897c6 commit 6009dc8
Show file tree
Hide file tree
Showing 9 changed files with 66 additions and 31 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
### Feat
- **ban_ips:** Store banned ip in components/Site (01084c9)

### Fix
- **User:** Fix User Class miss in string format (3680444)

### Refactor
- **Config:** Remove params `$throw` in Config()->get() (706cc9a)
- **RateLimit:** Change last param of isRateLimitHit and rate limit store Namespace (4dd571d)
Expand Down
12 changes: 8 additions & 4 deletions apps/models/form/Auth/UserLoginForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,17 @@ class UserLoginForm extends Validator

public static function inputRules()
{
/**
* We only control frontend behaviour of input keys - `securelogin`, `logout`, `ssl`,
* So we not add Rules `Required` for these keys
*/
return [
'username' => 'required',
'username' => 'Required',
'password' => [
['required'],
['length', ['min' => 6, 'max' => 40]]
['Required'],
['Length', ['min' => 6, 'max' => 40]]
],
'opt' => 'length(6)',
'opt' => ['Length', ['min' => 6, 'max' => 6]],
'securelogin' => 'Equal(value=yes)',
'logout' => 'Equal(value=yes)',
'ssl' => 'Equal(value=yes)',
Expand Down
24 changes: 17 additions & 7 deletions apps/public/static/js/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ const api_point = '/api/v1';
const _location_search = new URLSearchParams(window.location.search); // Short and parse location.search

const paswordStrengthText = {
0: "Worst", // too guessable: risky password. (guesses < 10^3)
1: "Bad", // too guessable: risky password. (guesses < 10^3)
2: "Weak", // somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
3: "Good", // safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
4: "Strong" // very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
0: "Worst", // too guessable: risky password. (guesses < 10^3)
1: "Bad", // too guessable: risky password. (guesses < 10^3)
2: "Weak", // somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
3: "Good", // safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
4: "Strong" // very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
};

const wysibbSetting = {
Expand Down Expand Up @@ -45,14 +45,23 @@ function randomString(length = 16, charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh
return result;
}

function location_search_replace(new_params) {
function locationSearchReplace(new_params) {
let search = _location_search;
for (let i in new_params) {
search.set(i, new_params[i]);
}
return '?' + search.toString();
}

function checkCookie() {
let cookieEnabled = navigator.cookieEnabled;
if (!cookieEnabled) {
document.cookie = "cookiebar";
cookieEnabled = document.cookie.indexOf("cookiebar") !== -1;
}
return cookieEnabled;
}

jQuery(document).ready(function () {
// Cache Field
const cache_torrent_files = localforage.createInstance({name: 'torrent_files'});
Expand All @@ -63,6 +72,7 @@ jQuery(document).ready(function () {

// Init Page
if ($.zui.browser.ie) $.zui.browser.tip(); // Drop all support of IE 6-11
if (!checkCookie()) $.zui.browser.tip('Cookie support are required for visit our site.');

$('[data-toggle="tooltip"]').tooltip(); // Active tooltip
$('[data-toggle="popover"]').popover(); // Active popover
Expand All @@ -74,7 +84,7 @@ jQuery(document).ready(function () {
maxNavCount: 8,
elements: ['first_icon', 'prev_icon', 'pages', 'next_icon', 'last_icon'],
linkCreator: function (page, pager) {
return location_search_replace({
return locationSearchReplace({
'page': page,
'limit': pager.recPerPage
});
Expand Down
34 changes: 20 additions & 14 deletions apps/views/auth/login.php
Original file line number Diff line number Diff line change
Expand Up @@ -64,22 +64,28 @@
<fieldset>
<legend><a href="#adv_option" data-toggle="collapse" class="btn btn-link">Advanced Options</a></legend>
<div id="adv_option" class="collapse">
<div class="row">
<label for="logout" class="col-md-3">Auto Logout</label>
<div class="col-md-6">
<input type="checkbox" name="logout" id="logout" value="yes" title=""> Log me out after 15 minutes
<div class="form-group">
<?php // 0 - disable -> 'disabled' ; 1 - option -> '' ; 2 - force -> 'checked disabled' ?>
<div class="switch">
<input type="checkbox" name="logout" id="logout" value="yes"
<?php if (config('security.auto_logout') > 1): ?>checked<?php endif; ?>
<?php if (config('security.auto_logout') != 1): ?>disabled<?php endif; ?>
>
<label for="logout">Automatically Log me out after 15 minutes</label>
</div>
</div>
<div class="row">
<label for="securelogin" class="col-md-3">Restrict IP</label>
<div class="col-md-6">
<input type="checkbox" name="securelogin" id="securelogin" value="yes" title=""> Restrict session to my IP
<div class="switch">
<input type="checkbox" name="securelogin" id="securelogin" value="yes"
<?php if (config('security.secure_login') > 1): ?>checked<?php endif; ?>
<?php if (config('security.secure_login') != 1): ?>disabled<?php endif; ?>
>
<label for="securelogin">Restrict session to my login IP</label>
</div>
</div>
<div class="row">
<label for="ssl" class="col-md-3">SSL (HTTPS)</label>
<div class="col-md-6">
<input type="checkbox" name="ssl" id="ssl" value="yes" title=""<?= app()->request->isSecure() ? ' checked disabled': '' ?>> Enable SSL
<div class="switch">
<input type="checkbox" name="ssl" id="ssl" value="yes"
<?php if (app()->request->isSecure() || config('security.ssl_login') > 1): ?>checked<?php endif; ?>
<?php if (app()->request->isSecure() || config('security.ssl_login') != 1): ?>disabled<?php endif; ?>
>
<label for="ssl">Enable SSL (HTTPS)</label>
</div>
</div>
</div>
Expand Down
14 changes: 12 additions & 2 deletions apps/views/layout/base.php
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,10 @@
</div>

<footer id="footer_menu">
<div class="container" align="center">
<div class="container text-center">
<div class="row">
<p class="copyright">
&copy; <a href="/" target="_self"><?= config('base.site_name') ?></a> 2019-2020 Powered by <a href="https://github.com/Rhilip/RidPT">RidPT</a>
&copy; <a href="/" target="_self"><?= config('base.site_name') ?></a> 2019-2020 Powered by <a href="https://github.com/Rhilip/RidPT" target="_blank">RidPT</a>
</p>
<p class="debug-info">
[ Page created in <b><?= number_format(microtime(true) - app()->request->start_at, 6) ?></b> sec
Expand All @@ -110,6 +110,16 @@

<?= $this->section('body') ?>

<!-- noscript alert -->
<noscript>
<style type="text/css">
body > div, footer {display:none;}
</style>
<div class="noscriptmsg">
You don't have javascript enabled.
</div>
</noscript>

<!-- Javascript of Library -->
<script src="/lib/localforage/dist/localforage.min.js"></script>
<script src="/lib/jquery/dist/jquery.min.js"></script>
Expand Down
1 change: 0 additions & 1 deletion apps/views/layout/nav_anonymous.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,3 @@
</ul> <!-- END .navbar-nav -->
</div><!-- END .navbar-collapse -->
</nav> <!-- END /nav -->
<div class="clearfix"></div>
2 changes: 1 addition & 1 deletion apps/views/layout/nav_user.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
<div id="info_block_line_1">
Welcome Back, <?= $this->insert('helper/username', ['user' => $user, 'show_badge' => true]) ?>
<span data-item="logout"><!--suppress HtmlUnknownTarget -->[<a href="/auth/logout">Logout</a>]</span>
<?php if ($user->getClass(true) > \apps\models\User::ROLE_FORUM_MODERATOR): ?>
<?php if ($user->getClass() > \apps\models\User::ROLE_FORUM_MODERATOR): ?>
<span><!--suppress HtmlUnknownTarget -->[<a href="/admin">Admin Panel</a>]</span>
<?php endif; ?>
<span data-item="favour"><!--suppress HtmlUnknownTarget -->[<a href="/torrents/favour">Favour</a>]</span>
Expand Down
2 changes: 1 addition & 1 deletion framework/functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ function __($string, $avg = null, $lang = null)
}

if (!function_exists('config')) {
function config($config)
function config(string $config)
{
return app()->config->get($config);
}
Expand Down
5 changes: 4 additions & 1 deletion migration/ridpt.sql
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: Aug 10, 2019 at 10:24 PM
-- Generation Time: Aug 11, 2019 at 12:05 AM
-- Server version: 8.0.16
-- PHP Version: 7.3.7

Expand Down Expand Up @@ -820,7 +820,10 @@ INSERT INTO `site_config` (`name`, `value`) VALUES
('register.user_default_uploadpos', '1'),
('route.admin_index', '60'),
('route.admin_service', '90'),
('security.auto_logout', '1'),
('security.max_login_attempts', '10'),
('security.secure_login', '1'),
('security.ssl_login', '1'),
('torrent_upload.allow_new_custom_tags', '0'),
('torrent_upload.enable_anonymous', '1'),
('torrent_upload.enable_hr', '1'),
Expand Down

0 comments on commit 6009dc8

Please sign in to comment.