Changeset 7410

Timestamp:

Oct 9, 2017, 1:47:39 PM (5 years ago)

Author:

Nicklas Nordborg

Message:

References #2097: Implement support for device verification

Added support for verifying email addresses. The "BASE->Contact information" dialog now has a "2-factor login" checkbox. If this checkbox is checked or if the email address is changed an email is sent to the user with a verification code. At the same time, the browser displays a new form asking the user to enter the verfication code. The 2-factor login is only enabled if the correct verification code is entered.

The email message template is currently hard-coded but it should may be configurable?

Location:

trunk

Files:

• src/core/net/sf/basedb/core/SessionControl.java (modified) (1 diff)
• src/core/net/sf/basedb/core/User.java (modified) (4 diffs)
• www/admin/users/edit_user.jsp (modified) (1 diff)
• www/admin/users/list_users.jsp (modified) (1 diff)
• www/admin/users/view_user.jsp (modified) (1 diff)
• www/login.jsp (modified) (1 diff)
• www/my_base/user/settings.jsp (modified) (1 diff)
• www/my_base/user/submit_user.jsp (modified) (4 diffs)
• www/my_base/user/verify_email.js (added)
• www/my_base/user/verify_email.jsp (added)

trunk/src/core/net/sf/basedb/core/SessionControl.java

@@ -493 +493 @@
         Email email = EmailUtil.createSimpleEmail();
         email.addTo(user.getEmail(), user.getName(), "UTF-8");
-        email.setSubject("Your verification code for " + serverUrl);
+        email.setSubject("Your login verification code for " + serverUrl);
         email.setMsg(msg);
         email.send();

trunk/src/core/net/sf/basedb/core/User.java

@@ -34 +34 @@
 import net.sf.basedb.core.data.DirectoryData;
 import net.sf.basedb.core.hibernate.TypeWrapper;
+import net.sf.basedb.util.EmailUtil;
 import net.sf.basedb.util.EqualsHelper;
 import net.sf.basedb.util.MD5;
@@ -51 +52 @@
 import java.util.List;
 import java.util.Set;
+
+import org.apache.commons.mail.Email;
+import org.apache.commons.mail.EmailException;
+
 import java.util.Collections;
 
@@ -594 +599 @@
     enable this feature by itself, the email address must first
     be verified. 
-    @see xxxx
+    @see #sendEmailVerificationCode()
+    @see #enableDeviceVerification(String)
     @since 3.12
   */
@@ -602 +608 @@
     if (getData().getEmail() == null) useDeviceVerification = false;
     getData().setUseDeviceVerification(useDeviceVerification);
+  }
+  
+  private String verificationCode;
+  private String verifiedEmail;
+  
+  /**
+    Send a verification code to the currently registered email address.
+    The client application should ask the user to enter the verification
+    code and then call {@link #verifyEmail(String)}. The verification must
+    be done with the same User instance since the verification code
+    is only temporarily stored inside this instance.
+    @param serverUrl URL to the server or null to use the default application title
+    @since 3.12
+  */
+  public void sendEmailVerificationCode(String serverUrl)
+  {
+    checkPermission(Permission.RESTRICTED_WRITE);
+    
+    // No email = no device verification
+    if (!EmailUtil.isEnabled()) return;
+    if (!EmailUtil.isValidEmail(getEmail())) return;
+
+    String code = MD5.leftPad(Integer.toString((int)(Math.random()*1000000)), '0', 6);
+    
+    try
+    {
+      SessionControl sc = getSessionControl();
+      if (serverUrl == null) serverUrl = Application.getTitle();
+      
+      String msg = "Hi " + getName() + ",\n\n" +
+        "The verification code is: " + code + "\n\n"
+        + "This email was sent to you because you are trying to enable\n"
+        + "2-factor login to " + serverUrl + ".\n"
+        + "Please enter the verification code in the form on your\n"
+        + "browser to verify that your email address is correct.\n"
+        + "The verification code can only be used once.\n\n"
+        + "Please contact the server administrator if you have any questions.\n\n"
+        + "The request was made from: " + sc.getRemoteId() + "\n";
+      
+      Email email = EmailUtil.createSimpleEmail();
+      email.addTo(getEmail(), getName(), "UTF-8");
+      email.setSubject("Your email verification code for " + serverUrl);
+      email.setMsg(msg);
+      email.send();
+    }
+    catch (EmailException ex)
+    {
+      throw new LoginException("Could not send verification code", ex);
+    }
+    
+    verificationCode = code;
+    verifiedEmail = getEmail();
+  }
+  
+  /**
+    Verify the email and enables device verification.
+    @param code The code that was sent by email to the user
+    @see #sendEmailVerificationCode()
+    @since 3.12
+  */
+  public void enableDeviceVerification(String code)
+  {
+    checkPermission(Permission.RESTRICTED_WRITE);
+    if (verificationCode == null)
+    {
+      throw new IllegalStateException("No email is waiting for verification.");
+    }
+
+    // Check that the email hasn't changed since the verification code was sent!
+    if (!verifiedEmail.equals(getEmail()))
+    {
+      throw new InvalidDataException("The email address was modified after the code was sent.");
+    }
+    
+    // Check the verification code!
+    if (!verificationCode.equals(code))
+    {
+      // Not correct. 
+      throw new InvalidDataException("The verification code was not correct.");
+    }
+    verificationCode = null;
+    verifiedEmail = null;
+    getData().setUseDeviceVerification(true);
+  }
+  
+  /**
+    Disable device verification.
+    @since 3.12
+  */
+  public void disableDeviceVerification()
+  {
+    checkPermission(Permission.RESTRICTED_WRITE);
+    getData().setUseDeviceVerification(false);
   }
   

trunk/www/admin/users/edit_user.jsp

@@ -459 +459 @@
       </tr>
       <tr>
-        <th><label for="use_device_verification">Device verfication</label></th>
+        <th><label for="use_device_verification">2-factor login</label></th>
         <td><input type="checkbox" name="use_device_verification" id="use_device_verification" value="1" 
           <%=(user != null && user.getUseDeviceVerification()) || 

trunk/www/admin/users/list_users.jsp

@@ -242 +242 @@
         property="useDeviceVerification"
         datatype="boolean"
-        title="Device verification"
+        title="2-factor login"
         sortable="true" 
         filterable="true"

trunk/www/admin/users/view_user.jsp

@@ -247 +247 @@
         </tr>
         <tr>
-          <th>Device verification</th>
+          <th>2-factor login</th>
           <td><%=user.getUseDeviceVerification() ? "yes" : "no"%>
           <%

trunk/www/login.jsp

@@ -71 +71 @@
       LoginRequest loginRequest = new LoginRequest(login, password, deviceToken);
       loginRequest.setAttribute("user-agent", request.getHeader("User-Agent"));
-      String serverUrl = request.getRequestURL().toString().replace("/login.jsp", "/");
+      String serverUrl = request.getRequestURL().toString().replace(request.getRequestURI(), root);
       loginRequest.setAttribute("server-url", serverUrl);
       sc.login(loginRequest);

trunk/www/my_base/user/settings.jsp

@@ -140 +140 @@
             <td></td>
           </tr>
+          <tr>
+            <th class="subprompt"></th>
+            <td>
+              <%
+              boolean useDeviceVerification = user.getUseDeviceVerification();
+              %>
+              <input type="checkbox" name="useDeviceVerification" id="useDeviceVerification" value="1" <%=useDeviceVerification ? "checked" : ""%>
+                ><label for="useDeviceVerification">Enable 2-factor login</label>
+            </td>
+            <td></td>
+          </tr>
           <%
         }

trunk/www/my_base/user/submit_user.jsp

@@ -59 +59 @@
 String root = request.getContextPath()+"/";
 
+String forward = null;
 DbControl dc = sc.newDbControl();
 try
@@ -77 +78 @@
     // Contact information tab
     user.setEmail(email);
+    boolean useDeviceVerification = Values.getBoolean(request.getParameter("useDeviceVerification"));
+    if (!useDeviceVerification) user.disableDeviceVerification();
     if (EmailUtil.isEnabled())
     {
       user.setSendMessagesAsEmail(email != null && Values.getBoolean(request.getParameter("sendMessagesAsEmail")));
+      if (useDeviceVerification && !user.getUseDeviceVerification())
+      {
+        // Send a verification code for verifying the email address
+        forward = "verify_email.jsp?ID="+ID;
+      }
     }
     user.setOrganisation(Values.getStringOrNull(request.getParameter("organisation")));
@@ -111 +119 @@
     sc.setSessionSetting("user", null);
     message = "Information saved";
+  }
+  else if ("VerifyEmail".equals(cmd))
+  {
+    String verificationCode = request.getParameter("verificationCode");
+    User user = (User)sc.getSessionSetting("user");
+    dc.reattachItem(user, false);
+    user.enableDeviceVerification(verificationCode);
+    message = "The email has been verified";
+    dc.commit();
   }
   else if ("SavePreferences".equals(cmd))
@@ -204 +221 @@
   if (dc != null) dc.close();
 }
-response.sendRedirect(root + "common/close_popup.jsp?ID="+ID+"&refresh_opener=1&&message="+HTML.urlEncode(message));
+
+if (forward != null)
+{
+  pageContext.forward(forward);
+}
+else
+{
+  response.sendRedirect(root + "common/close_popup.jsp?ID="+ID+"&refresh_opener=1&&message="+HTML.urlEncode(message));
+}
 %>