Merge pull request #66 from centosadmin/develop

Develop

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.6.0
+
+* Depend on redmine_bots instead of redmine_telegram_common
+* Google auth confirmation on first page
+* Telegram account connection/2fa connection segregation
+* Don't send code to locked users
+
 # 1.5.1
 
 * Add redmine_telegram_common dependency to init.rb

README.md

@@ -15,10 +15,15 @@ Supports:
 
 ## Requirements
 
-- [redmine_telegram_common](https://github.com/centosadmin/redmine_telegram_common)
+- [redmine_bots](https://github.com/centosadmin/redmine_bots)
 - HTTPS host - Telegram Bot Webhook needs to POST on HTTPS hosts.
 - Ruby 2.3+
 
+### Upgrade to 1.6.0+
+
+From 1.6.0 redmine_2fa depends on [redmine_bots](https://github.com/centosadmin/redmine_bots) instead of redmine_telegram_common.
+Please, install it and follow migration instructions from README of redmine_bots.
+
 ### Upgrade from 1.3.4 to 1.4.0+
 
 From 1.4.0 redmine_2fa (as well as other Southbridge telegram plugins) is using bot from redmine_telegram_common.

README.ru.md

@@ -17,10 +17,15 @@
 
 ## Требования
 
-- [redmine_telegram_common](https://github.com/centosadmin/redmine_telegram_common)
+- [redmine_bots](https://github.com/centosadmin/redmine_bots)
 - HTTPS - нужен для того, чтобы принимать сообщение от Telegram Bot API ([веб-хук](https://tlgrm.ru/docs/bots/api#setwebhook))
 - Ruby 2.3+
 
+### Обновление до 1.6.0 и выше
+
+Начиная с версии 1.6.0 redmine_2fa зависит от [redmine_bots](https://github.com/centosadmin/redmine_bots) вместо redmine_telegram_common.
+Пожалуйста, установите redmine_bots и следуйте инструкциям по миграции данных в его README.
+
 ### Обновление с 1.3.4 до 1.4.0+
 
 Начиная с версии 1.4.0 redmine_2fa (так же, как и другие telegram-плагины от Southbridge) использует бота из redmine_telegram_common.

app/models/redmine_2fa/telegram_connection.rb

@@ -0,0 +1,5 @@
+module Redmine2FA
+  class TelegramConnection < ActiveRecord::Base
+    belongs_to :user
+  end
+end

app/views/account/init_2fa/_google_auth.html.erb

@@ -6,8 +6,16 @@
   </td>
 </tr>
 <tr class="instruction2FA google_authInstruction" style="<%= style %>">
-  <td align="left" colspan="2"></td>
-  <td align="right" colspan="1" class="next2FAStep">
-    <%= submit_tag t('redmine_2fa.second_authentications.next_button_html'), onclick: "$('#init2FAForm').submit();" %>
-  </td>
+  <%= form_tag(confirm_otp_path) do %>
+    <td align="right">
+      <label for="otp_code"><%= t 'redmine_2fa.auth_code' %>:</label>
+    </td>
+    <td align="right" style="width: 140px;">
+      <%= text_field_tag :otp_code, nil, autocomplete: 'off', autofocus: true %>
+    </td>
+    <%= hidden_field_tag :protocol, 'google_auth' %>
+    <td colspan="1">
+      <input type="submit" name="login" value="<%= l('redmine_2fa.second_authentications.next_input_html') %>"/>
+    </td>
+  <% end %>
 </tr>

app/views/account/init_2fa/_telegram.html.erb

@@ -1,3 +1,3 @@
 <div align="center" class="instruction2FA telegramInstruction">
-  <%= render partial: 'telegram_login/widget' %>
+  <%= render partial: 'telegram_login/widget', locals: { context: '2fa_connection' } %>
 </div>

app/views/account/otp.html.erb

@@ -15,7 +15,7 @@
 
       <tr id="otpCodeResentInstruction" style="display: none">
         <td align="center" colspan="2">
-          <%= t('redmine_2fa.resend.instruction_html', timeout: 30, bot_name: Setting.plugin_redmine_telegram_common['bot_name']) %>
+          <%= t('redmine_2fa.resend.instruction_html', timeout: 30) %>
         </td>
       </tr>
 

app/views/account/telegram_login.html.erb

@@ -0,0 +1 @@
+<%= render partial: 'account/init_2fa/telegram' %>

config/locales/en.yml

@@ -39,12 +39,13 @@ en:
         instruction: Please choose type of two-factor authentication
         disable: "Do not use"
       next_button_html: Next »
+      next_input_html: Next;
       google_auth:
         instruction_html: |
           <p>Please setup Google Authenticator follow
             <a href="https://support.google.com/accounts/answer/1066447" target="_blank">the instruction</a>.</p>
           <p>Use this QR-code in application.</p>
-        next_step_instruction: After app setup click "Next".
+        next_step_instruction: After app setup, enter the confirmation code and click "Next".
       telegram:
         instruction_html: |
           %{bot_name} will send you authentication codes. Please activate it.<br>

config/locales/ru.yml

@@ -40,12 +40,13 @@ ru:
         instruction: Пожалуйста, выберите способ двухфакторной аутентификации
         disable: "Не использовать"
       next_button_html: Далее »
+      next_input_html: Далее
       google_auth:
         instruction_html: |
           <p>Установите приложение Google Authenticator следуя инструкции по
             <a href="https://support.google.com/accounts/answer/1066447" target="_blank">ссылке</a>.</p>
           <p>Используйте предложенный ниже QR-код в приложении.</p>
-        next_step_instruction: После настройки приложения, нажмите "Далее".
+        next_step_instruction: После настройки приложения введите код подтверждения и нажмите "Далее".
       telegram:
         instruction_html: |
           Бот "%{bot_name}" будет отправлять вам коды авторизации.<br>

db/migrate/010_create_telegram_connections.rb

@@ -0,0 +1,9 @@
+class CreateTelegramConnections < ActiveRecord::Migration
+  def change
+    create_table :redmine_2fa_telegram_connections do |t|
+      t.belongs_to :user, index: true, foreign_key: true
+      t.integer :telegram_id
+    end
+    add_index :redmine_2fa_telegram_connections, :telegram_id
+  end
+end

db/migrate/011_transfer_telegram_connections.rb

@@ -0,0 +1,8 @@
+class TransferTelegramConnections < ActiveRecord::Migration
+  def up
+    User.where(two_fa_id: Redmine2FA::AuthSource::Telegram.first.id).each do |user|
+      next unless user.telegram_account
+      Redmine2FA::TelegramConnection.create!(user_id: user.id, telegram_id: user.telegram_account.telegram_id)
+    end
+  end
+end

init.rb

@@ -1,4 +1,4 @@
-require_dependency Rails.root.join('plugins','redmine_telegram_common', 'init')
+require_dependency Rails.root.join('plugins','redmine_bots', 'init')
 
 FileUtils.mkdir_p(Rails.root.join('log/redmine_2fa')) unless Dir.exist?(Rails.root.join('log/redmine_2fa'))
 
@@ -23,18 +23,17 @@
 
 Redmine::Plugin.register :redmine_2fa do
   name 'Redmine 2FA'
-  version '1.5.1'
+  version '1.6.0'
   url 'https://github.com/centosadmin/redmine_2fa'
   description 'Two-factor authorization for Redmine'
   author 'Southbridge'
   author_url 'https://github.com/centosadmin/redmine_2fa'
 
   requires_redmine version_or_higher: '3.0'
 
-  requires_redmine_plugin :redmine_telegram_common, '0.7.0'
+  requires_redmine_plugin :redmine_bots, '0.1.0'
 
-  settings(default: { 'bot_token' => '',
-                      'required' => false,
+  settings(default: { 'required' => false,
                       'active_protocols' => Redmine2FA::AVAILABLE_PROTOCOLS
   },
            partial: 'settings/redmine_2fa')

lib/redmine_2fa.rb

@@ -21,18 +21,10 @@ def self.switched_off?
     active_protocols.size.zero? || active_protocols.size == 1 && active_protocols.include?('none')
   end
 
-  def self.bot_token
-    Setting.plugin_redmine_telegram_common['bot_token']
-  end
-
   def self.logger
     Logger.new(Rails.root.join('log', 'redmine_2fa', 'bot-update.log'))
   end
 
-  def self.handle_message(message)
-    TelegramCommon::Bot.new(bot_token, message).call if message.is_a?(Telegram::Bot::Types::Message)
-  end
-
   module Configuration
     def self.configuration
       Redmine::Configuration['redmine_2fa']

lib/redmine_2fa/patches/account_controller_patch/confirm_methods.rb

@@ -27,6 +27,7 @@ def confirm_2fa
 
           def confirm_otp
             if @user.authenticate_otp(params[:otp_code], drift: 120)
+              update_two_fa if @user.two_fa.nil?
               reset_otp_session
               successful_authentication(@user)
             else

lib/redmine_2fa/patches/account_controller_patch/second_authentication_init.rb

@@ -5,7 +5,7 @@ module SecondAuthenticationInit
         private
 
         def password_authentication
-          if Redmine2FA.switched_off? || @user.ignore_2fa? || @user.two_factor_authenticable?
+          if Redmine2FA.switched_off? || @user.locked? || @user.ignore_2fa? || @user.two_factor_authenticable?
             super
           else
             begin

lib/redmine_2fa/patches/account_controller_patch/second_authentication_step.rb

@@ -5,10 +5,10 @@ module SecondAuthenticationStep
         private
 
         def password_authentication
-          if Redmine2FA.switched_on? && !@user.ignore_2fa? && @user.two_factor_authenticable?
+          if Redmine2FA.switched_on? && !@user.locked? && !@user.ignore_2fa? && @user.two_factor_authenticable?
             send_code
             flash[:error] = sender.errors.join(', ') if sender.errors.present?
-            render(@user.two_fa&.name == 'Telegram' ? 'telegram_login/index' : 'account/otp')
+            render(@user.two_fa&.name == 'Telegram' ? 'account/telegram_login' : 'account/otp')
           else
             super
           end

lib/redmine_2fa/patches/user_patch.rb

@@ -14,6 +14,7 @@ def self.included(base)
           alias_method_chain :update_hashed_password, :otp_auth
 
           belongs_to :two_fa, class_name: 'AuthSource'
+          has_one :telegram_connection, class_name: 'Redmine2FA::TelegramConnection'
         end
       end
 
@@ -44,9 +45,12 @@ def google_authenticable?
 
         def reset_second_auth
           otp_regenerate_secret
-          self.two_fa_id = nil
-          self.ignore_2fa = false
-          save!
+          self.class.transaction do
+            self.telegram_connection&.destroy!
+            self.two_fa_id = nil
+            self.ignore_2fa = false
+            save!
+          end
         end
 
         def confirm_mobile_phone(code)

test/unit/redmine_2fa/code_sender_test.rb

@@ -14,12 +14,6 @@ class Redmine2FA::CodeSenderTest < ActiveSupport::TestCase
     end
 
     context 'define sender' do
-      should 'be TelegramSender' do
-        @user.two_fa = auth_sources(:telegram)
-        @sender = Redmine2FA::CodeSender.new(@user)
-        assert @sender.sender.is_a?(Redmine2FA::CodeSender::NullSender)
-      end
-
       should 'be SMSSender' do
         @user.two_fa = auth_sources(:sms)
         @sender           = Redmine2FA::CodeSender.new(@user)