From e295fae626347cc3d993c060460c2377e50ea968 Mon Sep 17 00:00:00 2001 From: Mike Alhayek Date: Thu, 18 May 2023 12:27:27 -0700 Subject: [PATCH] Add two-factor authentication (#13704) --- .../ViewModels/RoleLoginSettingsViewModel.cs | 10 + .../OrchardCore.Users/Assets.json | 6 + .../Controllers/AccountBaseController.cs | 50 + .../Controllers/AccountController.cs | 47 +- .../TwoFactorAuthenticationController.cs | 672 ++++++++++ .../Drivers/LoginSettingsDisplayDriver.cs | 52 +- .../Drivers/RoleLoginSettingsDisplayDriver.cs | 93 ++ ...FactorAuthenticationAuthorizationFilter.cs | 53 + .../OrchardCore.Users/Models/LoginSettings.cs | 19 - .../TwoFactorAuthenticationClaimsProvider.cs | 48 + .../Services/UsersThemeSelector.cs | 5 + .../OrchardCore.Users/Startup.cs | 79 +- .../UserOptionsConfiguration.cs | 5 + .../EnableAuthenticatorViewModel.cs | 15 + .../LoginWithRecoveryCodeViewModel.cs | 11 + .../ViewModels/LoginWithTwoFaViewModel.cs | 19 + .../ViewModels/RoleLoginSettingsViewModel.cs | 14 + .../ViewModels/ShowRecoveryCodesViewModel.cs | 6 + .../TwoFactorAuthenticationViewModel.cs | 17 + ...sEnableTwoFactorAuthentication.Edit.cshtml | 9 + .../Views/LoginSettingsRoles.Edit.cshtml | 24 + ...ettingsTwoFactorAuthentication.Edit.cshtml | 51 + .../TwoFactorAuthentication/Disable2FA.cshtml | 17 + .../EnableAuthenticator.cshtml | 63 + .../GenerateRecoveryCodes.cshtml | 12 + .../TwoFactorAuthentication/Index.cshtml | 82 ++ .../LoginWith2FA.cshtml | 61 + .../LoginWithRecoveryCode.cshtml | 33 + .../ResetAuthenticator.cshtml | 13 + .../ShowRecoveryCodes.cshtml | 18 + .../OrchardCore.Users/Views/UserMenu.cshtml | 13 + .../OrchardCore.Users/package-lock.json | 21 + .../OrchardCore.Users/package.json | 14 + .../wwwroot/Scripts/qrcode.js | 1118 +++++++++++++++++ .../wwwroot/Scripts/qrcode.min.js | 1 + .../TheTheme/Views/LoginMenu.cshtml | 5 + .../UserOptions.cs | 7 + .../UsersServiceCollectionExtensions.cs | 3 + .../Models/LoginSettings.cs | 37 + .../OrchardCore.Users.Core/Models/User.cs | 19 + .../Services/LoginSettingsExtensions.cs | 29 + .../Services/UserStore.cs | 136 +- src/docs/reference/modules/Users/README.md | 8 +- src/docs/releases/1.7.0.md | 4 + 44 files changed, 2947 insertions(+), 72 deletions(-) create mode 100644 src/OrchardCore.Modules/OrchardCore.Roles/ViewModels/RoleLoginSettingsViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountBaseController.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationController.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Drivers/RoleLoginSettingsDisplayDriver.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Filters/TwoFactorAuthenticationAuthorizationFilter.cs delete mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Models/LoginSettings.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Services/TwoFactorAuthenticationClaimsProvider.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/EnableAuthenticatorViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithRecoveryCodeViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithTwoFaViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/RoleLoginSettingsViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/ShowRecoveryCodesViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/ViewModels/TwoFactorAuthenticationViewModel.cs create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsEnableTwoFactorAuthentication.Edit.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsRoles.Edit.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsTwoFactorAuthentication.Edit.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Disable2FA.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/EnableAuthenticator.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/GenerateRecoveryCodes.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWith2FA.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWithRecoveryCode.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ResetAuthenticator.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ShowRecoveryCodes.cshtml create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/package-lock.json create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/package.json create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.js create mode 100644 src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.min.js create mode 100644 src/OrchardCore/OrchardCore.Users.Core/Models/LoginSettings.cs create mode 100644 src/OrchardCore/OrchardCore.Users.Core/Services/LoginSettingsExtensions.cs diff --git a/src/OrchardCore.Modules/OrchardCore.Roles/ViewModels/RoleLoginSettingsViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Roles/ViewModels/RoleLoginSettingsViewModel.cs new file mode 100644 index 00000000000..25e3e4c04ad --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Roles/ViewModels/RoleLoginSettingsViewModel.cs @@ -0,0 +1,10 @@ +using System; + +namespace OrchardCore.Roles.ViewModels; + +public class RoleLoginSettingsViewModel +{ + public bool EnableTwoFactorAuthenticationForSpecificRoles { get; set; } + + public RoleEntry[] Roles { get; set; } = Array.Empty(); +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Assets.json b/src/OrchardCore.Modules/OrchardCore.Users/Assets.json index efdc72128c4..69d516295dd 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Assets.json +++ b/src/OrchardCore.Modules/OrchardCore.Users/Assets.json @@ -4,5 +4,11 @@ "Assets/js/password-generator.js" ], "output": "wwwroot/Scripts/password-generator.js" + }, + { + "inputs": [ + "node_modules/qrcodejs/qrcode.js" + ], + "output": "wwwroot/Scripts/qrcode.js" } ] diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountBaseController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountBaseController.cs new file mode 100644 index 00000000000..d37d98b28ef --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountBaseController.cs @@ -0,0 +1,50 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Identity; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.DependencyInjection; +using OrchardCore.Users.Models; +using OrchardCore.Workflows.Services; + +namespace OrchardCore.Users.Controllers; + +public class AccountBaseController : Controller +{ + protected readonly UserManager _userManager; + + public AccountBaseController(UserManager userManager) + { + _userManager = userManager; + } + + protected async Task LoggedInActionResult(IUser user, string returnUrl = null, ExternalLoginInfo info = null) + { + var workflowManager = HttpContext.RequestServices.GetService(); + if (workflowManager != null && user is User u) + { + var input = new Dictionary + { + ["UserName"] = user.UserName, + ["ExternalClaims"] = info?.Principal?.GetSerializableClaims() ?? Enumerable.Empty(), + ["Roles"] = u.RoleNames, + ["Provider"] = info?.LoginProvider + }; + await workflowManager.TriggerEventAsync(nameof(Workflows.Activities.UserLoggedInEvent), + input: input, correlationId: u.UserId); + } + + return RedirectToLocal(returnUrl); + } + + protected IActionResult RedirectToLocal(string returnUrl) + { + if (Url.IsLocalUrl(returnUrl)) + { + return Redirect(returnUrl.ToUriComponents()); + } + + return Redirect("~/"); + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs index 4c593017b17..b119beae3f8 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/AccountController.cs @@ -10,7 +10,6 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Localization; using Microsoft.Extensions.Caching.Distributed; -using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Localization; using Microsoft.Extensions.Logging; using OrchardCore.DisplayManagement.Notify; @@ -23,19 +22,17 @@ using OrchardCore.Users.Models; using OrchardCore.Users.Services; using OrchardCore.Users.ViewModels; -using IWorkflowManager = OrchardCore.Workflows.Services.IWorkflowManager; using SignInResult = Microsoft.AspNetCore.Identity.SignInResult; namespace OrchardCore.Users.Controllers { [Authorize] - public class AccountController : Controller + public class AccountController : AccountBaseController { public const string DefaultExternalLoginProtector = "DefaultExternalLogin"; private readonly IUserService _userService; private readonly SignInManager _signInManager; - private readonly UserManager _userManager; private readonly ILogger _logger; private readonly ISiteService _siteService; private readonly IEnumerable _accountEvents; @@ -61,9 +58,9 @@ public AccountController( IDistributedCache distributedCache, IDataProtectionProvider dataProtectionProvider, IEnumerable externalLoginHandlers) + : base(userManager) { _signInManager = signInManager; - _userManager = userManager; _userService = userService; _logger = logger; _siteService = siteService; @@ -219,6 +216,17 @@ public async Task Login(LoginViewModel model, string returnUrl = } } + if (result.RequiresTwoFactor) + { + return RedirectToAction(nameof(TwoFactorAuthenticationController.LoginWith2FA), + typeof(TwoFactorAuthenticationController).ControllerName(), + new + { + returnUrl, + model.RememberMe + }); + } + if (result.IsLockedOut) { ModelState.AddModelError(String.Empty, S["The account is locked out"]); @@ -298,35 +306,6 @@ private void AddIdentityErrors(IdentityResult result) } } - private IActionResult RedirectToLocal(string returnUrl) - { - if (Url.IsLocalUrl(returnUrl)) - { - return Redirect(returnUrl.ToUriComponents()); - } - - return Redirect("~/"); - } - - private async Task LoggedInActionResult(IUser user, string returnUrl = null, ExternalLoginInfo info = null) - { - var workflowManager = HttpContext.RequestServices.GetService(); - if (workflowManager != null && user is User u) - { - var input = new Dictionary - { - ["UserName"] = user.UserName, - ["ExternalClaims"] = info?.Principal?.GetSerializableClaims() ?? Enumerable.Empty(), - ["Roles"] = u.RoleNames, - ["Provider"] = info?.LoginProvider - }; - await workflowManager.TriggerEventAsync(nameof(Workflows.Activities.UserLoggedInEvent), - input: input, correlationId: u.UserId); - } - - return RedirectToLocal(returnUrl); - } - [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationController.cs b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationController.cs new file mode 100644 index 00000000000..74246bd2e98 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Controllers/TwoFactorAuthenticationController.cs @@ -0,0 +1,672 @@ +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Linq; +using System.Text; +using System.Text.Encodings.Web; +using System.Text.Json; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Identity; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Localization; +using Microsoft.Extensions.Caching.Distributed; +using Microsoft.Extensions.Localization; +using Microsoft.Extensions.Logging; +using OrchardCore.Admin; +using OrchardCore.DisplayManagement.Notify; +using OrchardCore.Entities; +using OrchardCore.Environment.Shell; +using OrchardCore.Modules; +using OrchardCore.Mvc.Core.Utilities; +using OrchardCore.Settings; +using OrchardCore.Users.Events; +using OrchardCore.Users.Models; +using OrchardCore.Users.Services; +using OrchardCore.Users.ViewModels; + +namespace OrchardCore.Users.Controllers; + +[Authorize] +public class TwoFactorAuthenticationController : AccountBaseController +{ + private const string _authenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&digits={3}&issuer={0}"; + + private readonly SignInManager _signInManager; + private readonly ILogger _logger; + private readonly ISiteService _siteService; + private readonly IEnumerable _accountEvents; + private readonly INotifier _notifier; + private readonly IDistributedCache _distributedCache; + private readonly UrlEncoder _urlEncoder; + private readonly ShellSettings _shellSettings; + private readonly IHtmlLocalizer H; + private readonly IStringLocalizer S; + + public TwoFactorAuthenticationController( + SignInManager signInManager, + UserManager userManager, + ILogger logger, + ISiteService siteService, + IHtmlLocalizer htmlLocalizer, + IStringLocalizer stringLocalizer, + IEnumerable accountEvents, + INotifier notifier, + IDistributedCache distributedCache, + UrlEncoder urlEncoder, + ShellSettings shellSettings) + : base(userManager) + { + _signInManager = signInManager; + _logger = logger; + _siteService = siteService; + _accountEvents = accountEvents; + _notifier = notifier; + _distributedCache = distributedCache; + _urlEncoder = urlEncoder; + _shellSettings = shellSettings; + H = htmlLocalizer; + S = stringLocalizer; + } + + [HttpGet] + [AllowAnonymous] + public async Task LoginWith2FA(bool rememberMe, string returnUrl = null) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + // Ensure the user has gone through the username & password screen first. + var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); + + if (user == null) + { + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + var model = new LoginWithTwoFaViewModel() + { + RememberMe = rememberMe, + ReturnUrl = returnUrl, + AllowRememberClient = loginSettings.AllowRememberClientTwoFactorAuthentication, + }; + + return View(model); + } + + [HttpPost] + [AllowAnonymous] + [ValidateAntiForgeryToken] + public async Task LoginWith2FA(LoginWithTwoFaViewModel model) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + model.AllowRememberClient = loginSettings.AllowRememberClientTwoFactorAuthentication; + + if (!ModelState.IsValid) + { + return View(model); + } + + var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); + + if (user == null) + { + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + var authenticatorCode = StripToken(model.TwoFactorCode); + var rememberClient = loginSettings.AllowRememberClientTwoFactorAuthentication && model.RememberClient; + var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, model.RememberMe, rememberClient); + var userId = await _userManager.GetUserIdAsync(user); + + if (result.Succeeded) + { + await _accountEvents.InvokeAsync((e, user) => e.LoggedInAsync(user), user, _logger); + + return await LoggedInActionResult(user, model.ReturnUrl); + } + + if (result.IsLockedOut) + { + _logger.LogWarning("User account locked out."); + ModelState.AddModelError(String.Empty, S["The account is locked out"]); + await _accountEvents.InvokeAsync((e, user) => e.IsLockedOutAsync(user), user, _logger); + + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + ModelState.AddModelError(String.Empty, S["Invalid authenticator code."]); + + // Login failed with a known user. + await _accountEvents.InvokeAsync((e, user) => e.LoggingInFailedAsync(user), user, _logger); + + return View(model); + } + + [AllowAnonymous] + public async Task LoginWithRecoveryCode(string returnUrl = null) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + // Ensure the user has gone through the username & password screen first + var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); + if (user == null) + { + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + return View(new LoginWithRecoveryCodeViewModel() + { + ReturnUrl = returnUrl, + }); + } + + [HttpPost] + [AllowAnonymous] + [ValidateAntiForgeryToken] + public async Task LoginWithRecoveryCode(LoginWithRecoveryCodeViewModel model) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + if (ModelState.IsValid) + { + // Ensure the user has gone through the username & password screen first. + var user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); + + if (user == null) + { + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + var recoveryCode = model.RecoveryCode.Replace(" ", String.Empty); + + var result = await _signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode); + + var userId = await _userManager.GetUserIdAsync(user); + + if (result.Succeeded) + { + await _accountEvents.InvokeAsync((e, user) => e.LoggedInAsync(user), user, _logger); + + return await LoggedInActionResult(user, model.ReturnUrl); + } + + if (result.IsLockedOut) + { + _logger.LogWarning("User account locked out."); + + ModelState.AddModelError(String.Empty, S["The account is locked out"]); + await _accountEvents.InvokeAsync((e, user) => e.IsLockedOutAsync(user), user, _logger); + + return RedirectToAction(nameof(AccountController.Login), typeof(AccountController).ControllerName()); + } + + _logger.LogWarning("Invalid recovery code entered for user with ID '{UserId}' ", userId); + ModelState.AddModelError(String.Empty, S["Invalid recovery code entered."]); + } + + return View(model); + } + + [Admin] + public async Task EnableAuthenticator(string returnUrl) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + var model = await LoadSharedKeyAndQrCodeUriAsync(user, loginSettings); + + model.ReturnUrl = returnUrl; + + return View(model); + } + + [HttpPost] + [ValidateAntiForgeryToken] + [Admin] + public async Task EnableAuthenticator(EnableAuthenticatorViewModel model) + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.EnableTwoFactorAuthentication && !loginSettings.EnableTwoFactorAuthenticationForSpecificRoles) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + if (!ModelState.IsValid) + { + return View(await LoadSharedKeyAndQrCodeUriAsync(user, loginSettings)); + } + + var verificationCode = StripToken(model.Code); + var provider = _userManager.Options.Tokens.AuthenticatorTokenProvider; + var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(user, provider, verificationCode); + + if (!is2faTokenValid) + { + ModelState.AddModelError(nameof(model.Code), S["Verification code is invalid."]); + + return View(await LoadSharedKeyAndQrCodeUriAsync(user, loginSettings)); + } + + await _userManager.SetTwoFactorEnabledAsync(user, true); + + var twoFactorClaim = User.Claims + .FirstOrDefault(claim => claim.Type == TwoFactorAuthenticationClaimsProvider.TwoFactorAuthenticationClaimType); + + if (twoFactorClaim != null) + { + await _userManager.RemoveClaimAsync(user, twoFactorClaim); + await _signInManager.RefreshSignInAsync(user); + } + + await _notifier.SuccessAsync(H["Your authenticator app has been verified."]); + + if (await _userManager.CountRecoveryCodesAsync(user) == 0) + { + var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, loginSettings.NumberOfRecoveryCodesToGenerate); + await SetRecoveryCodes(recoveryCodes.ToArray(), await _userManager.GetUserIdAsync(user)); + + return RedirectToAction(nameof(ShowRecoveryCodes)); + } + + return RedirectToAction(nameof(Index)); + } + + [Admin] + public async Task Index() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + var model = new TwoFactorAuthenticationViewModel() + { + HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null, + IsTwoFaEnabled = await _userManager.GetTwoFactorEnabledAsync(user), + IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user), + RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user), + CanDisableTwoFa = !loginSettings.RequireTwoFactorAuthentication + || !await loginSettings.CanEnableTwoFactorAuthenticationAsync(role => _userManager.IsInRoleAsync(user, role)), + }; + + return View(model); + } + + [HttpPost] + [ValidateAntiForgeryToken] + [Admin] + public async Task ForgetTwoFactorClient() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + await _signInManager.ForgetTwoFactorClientAsync(); + await _notifier.SuccessAsync(H["The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code."]); + + return RedirectToAction(nameof(Index)); + } + + [Admin] + public async Task GenerateRecoveryCodes() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + var isTwoFactorEnabled = await _userManager.GetTwoFactorEnabledAsync(user); + if (!isTwoFactorEnabled) + { + await _notifier.ErrorAsync(H["Cannot generate recovery codes for user because they do not have 2FA enabled."]); + + return RedirectToAction(nameof(EnableAuthenticator)); + } + + return View(); + } + + [HttpPost] + [ValidateAntiForgeryToken] + [Admin] + [ActionName(nameof(GenerateRecoveryCodes))] + public async Task GenerateRecoveryCodesPost() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + var isTwoFactorEnabled = await _userManager.GetTwoFactorEnabledAsync(user); + if (!isTwoFactorEnabled) + { + await _notifier.ErrorAsync(H["Cannot generate recovery codes for user because they do not have 2FA enabled."]); + + return RedirectToAction(nameof(EnableAuthenticator)); + } + + var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, loginSettings.NumberOfRecoveryCodesToGenerate); + await SetRecoveryCodes(recoveryCodes.ToArray(), await _userManager.GetUserIdAsync(user)); + + await _notifier.SuccessAsync(H["You have generated new recovery codes."]); + + return RedirectToAction(nameof(ShowRecoveryCodes)); + } + + [Admin] + public async Task ShowRecoveryCodes() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + var userId = await _userManager.GetUserIdAsync(user); + + var recoveryCodes = await GetCachedRecoveryCodes(userId); + + if (recoveryCodes == null || recoveryCodes.Length == 0) + { + return RedirectToAction(nameof(Index)); + } + + return View(new ShowRecoveryCodesViewModel() + { + RecoveryCodes = recoveryCodes, + }); + } + + [Admin] + public async Task ResetAuthenticator() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + return View(); + } + + [HttpPost] + [ValidateAntiForgeryToken] + [Admin] + [ActionName(nameof(ResetAuthenticator))] + public async Task ResetAuthenticatorPost() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + await _userManager.SetTwoFactorEnabledAsync(user, false); + await _userManager.ResetAuthenticatorKeyAsync(user); + await _signInManager.RefreshSignInAsync(user); + await _notifier.SuccessAsync(H["Your authenticator app key has been reset, you will need to configure your authenticator app using the new key."]); + + return RedirectToAction(nameof(EnableAuthenticator)); + } + + [Admin] + public async Task Disable2FA() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + if (loginSettings.RequireTwoFactorAuthentication + && await loginSettings.CanEnableTwoFactorAuthenticationAsync(role => _userManager.IsInRoleAsync(user, role))) + { + await _notifier.WarningAsync(H["Two-factor authentication cannot be disabled for the current user."]); + + return RedirectToAction(nameof(Index)); + } + + return View(); + } + + [HttpPost] + [ValidateAntiForgeryToken] + [Admin] + [ActionName(nameof(Disable2FA))] + public async Task Disable2FAPost() + { + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (!loginSettings.IsTwoFactorAuthenticationEnabled()) + { + return NotFound(); + } + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."); + } + + if (loginSettings.RequireTwoFactorAuthentication + && await loginSettings.CanEnableTwoFactorAuthenticationAsync(role => _userManager.IsInRoleAsync(user, role))) + { + await _notifier.WarningAsync(H["Two-factor authentication cannot be disabled for the current user."]); + + return RedirectToAction(nameof(Index)); + } + + var disable2faResult = await _userManager.SetTwoFactorEnabledAsync(user, false); + if (!disable2faResult.Succeeded) + { + await _notifier.ErrorAsync(H["Unexpected error occurred disabling two-factor authentication."]); + } + else + { + await _notifier.WarningAsync(H["Two-factor authentication has been disabled. You can re-enable it when you setup an authenticator app"]); + } + + return RedirectToAction(nameof(Index)); + } + + private async Task SetRecoveryCodes(string[] codes, string userId) + { + var key = GetRecoveryCodesCacheKey(userId); + + var model = new ShowRecoveryCodesViewModel() + { + RecoveryCodes = codes ?? Array.Empty(), + }; + + var data = JsonSerializer.SerializeToUtf8Bytes(model); + + await _distributedCache.SetAsync(key, data, + new DistributedCacheEntryOptions() + { + AbsoluteExpirationRelativeToNow = new TimeSpan(0, 0, 5) + }); + } + + private async Task GetCachedRecoveryCodes(string userId) + { + var key = GetRecoveryCodesCacheKey(userId); + + var data = await _distributedCache.GetAsync(key); + + if (data != null && data.Length > 0) + { + var model = JsonSerializer.Deserialize(data); + + return model?.RecoveryCodes ?? Array.Empty(); + } + + return Array.Empty(); + } + + private async Task LoadSharedKeyAndQrCodeUriAsync(IUser user, LoginSettings settings) + { + // Load the authenticator key & QR code URI to display on the form. + var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); + + if (String.IsNullOrEmpty(unformattedKey)) + { + await _userManager.ResetAuthenticatorKeyAsync(user); + unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user); + } + + var displayName = await GetUserDisplayName(user, settings.UseEmailAsAuthenticatorDisplayName); + + return new EnableAuthenticatorViewModel() + { + SharedKey = FormatKey(unformattedKey), + AuthenticatorUri = await GenerateQrCodeUriAsync(displayName, unformattedKey, settings.TokenLength), + }; + } + + private Task GetUserDisplayName(IUser user, bool showEmail) + { + if (showEmail) + { + return _userManager.GetEmailAsync(user); + } + + return _userManager.GetUserNameAsync(user); + } + + private static string FormatKey(string unformattedKey) + { + var result = new StringBuilder(); + var currentPosition = 0; + while (currentPosition + 4 < unformattedKey.Length) + { + result.Append(unformattedKey.AsSpan(currentPosition, 4)).Append(' '); + currentPosition += 4; + } + if (currentPosition < unformattedKey.Length) + { + result.Append(unformattedKey.AsSpan(currentPosition)); + } + + return result.ToString().ToLowerInvariant(); + } + + private async Task GenerateQrCodeUriAsync(string displayName, string unformattedKey, int tokenLength) + { + var site = await _siteService.GetSiteSettingsAsync(); + + var issuer = String.IsNullOrWhiteSpace(site.SiteName) ? _shellSettings.Name : site.SiteName.Trim(); + + return String.Format( + CultureInfo.InvariantCulture, + _authenticatorUriFormat, + _urlEncoder.Encode(issuer), + _urlEncoder.Encode(displayName), + unformattedKey, + tokenLength); + } + + private static string StripToken(string code) => + code.Replace(" ", String.Empty).Replace("-", String.Empty); + + private static string GetRecoveryCodesCacheKey(string userId) + => $"TwoFactorAuthenticationRecoveryCodes_{userId}"; +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Drivers/LoginSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.Users/Drivers/LoginSettingsDisplayDriver.cs index 3bd834be6da..5bb9d7c9b94 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Drivers/LoginSettingsDisplayDriver.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Drivers/LoginSettingsDisplayDriver.cs @@ -2,9 +2,12 @@ using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Localization; using OrchardCore.DisplayManagement.Entities; using OrchardCore.DisplayManagement.Handlers; using OrchardCore.DisplayManagement.Views; +using OrchardCore.Mvc.ModelBinding; +using OrchardCore.Security.Services; using OrchardCore.Settings; using OrchardCore.Users.Models; @@ -15,13 +18,17 @@ public class LoginSettingsDisplayDriver : SectionDisplayDriver stringLocalizer, + IRoleService roleService) { _httpContextAccessor = httpContextAccessor; _authorizationService = authorizationService; + S = stringLocalizer; } public override async Task EditAsync(LoginSettings settings, BuildEditorContext context) { @@ -32,7 +39,7 @@ public override async Task EditAsync(LoginSettings settings, Bui return null; } - return Initialize("LoginSettings_Edit", model => + var contentResult = Initialize("LoginSettings_Edit", model => { model.UseSiteTheme = settings.UseSiteTheme; model.UseExternalProviderIfOnlyOneDefined = settings.UseExternalProviderIfOnlyOneDefined; @@ -41,20 +48,53 @@ public override async Task EditAsync(LoginSettings settings, Bui model.SyncRolesScript = settings.SyncRolesScript; model.AllowChangingEmail = settings.AllowChangingEmail; model.AllowChangingUsername = settings.AllowChangingUsername; - }).Location("Content:5").OnGroup(GroupId); + }).Location("Content:5#General") + .OnGroup(GroupId); + + var enableTwoFaResult = Initialize("LoginSettingsEnableTwoFactorAuthentication_Edit", model => + { + model.EnableTwoFactorAuthentication = settings.EnableTwoFactorAuthentication; + }).Location("Content:5#Two-factor Authentication") + .OnGroup(GroupId); + + var twoFaResult = Initialize("LoginSettingsTwoFactorAuthentication_Edit", model => + { + model.EnableTwoFactorAuthentication = settings.EnableTwoFactorAuthentication; + model.NumberOfRecoveryCodesToGenerate = settings.NumberOfRecoveryCodesToGenerate; + model.UseEmailAsAuthenticatorDisplayName = settings.UseEmailAsAuthenticatorDisplayName; + model.RequireTwoFactorAuthentication = settings.RequireTwoFactorAuthentication; + model.AllowRememberClientTwoFactorAuthentication = settings.AllowRememberClientTwoFactorAuthentication; + model.TokenLength = settings.TokenLength; + }).Location("Content:10#Two-factor Authentication") + .OnGroup(GroupId); + + return Combine(contentResult, enableTwoFaResult, twoFaResult); } public override async Task UpdateAsync(LoginSettings section, BuildEditorContext context) { - if (!await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext?.User, CommonPermissions.ManageUsers)) + if (!context.GroupId.Equals(GroupId, StringComparison.OrdinalIgnoreCase) + || !await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext?.User, CommonPermissions.ManageUsers)) { return null; } - if (context.GroupId.Equals(GroupId, StringComparison.OrdinalIgnoreCase)) + await context.Updater.TryUpdateModelAsync(section, Prefix); + + if (section.NumberOfRecoveryCodesToGenerate < 1) + { + context.Updater.ModelState.AddModelError(Prefix, nameof(section.NumberOfRecoveryCodesToGenerate), S["Number of Recovery Codes to Generate should be grater than 0."]); + } + + // A possible issue in Identity prevents from validation token that are not 6 in length. + // If this limitation is lifted, the following block can be uncommented. + // For more info read https://github.com/dotnet/aspnetcore/issues/48317 + /* + if (section.TokenLength != 6 && section.TokenLength != 8) { - await context.Updater.TryUpdateModelAsync(section, Prefix); + context.Updater.ModelState.AddModelError(Prefix, nameof(section.TokenLength), S["The token length should be either 6 or 8."]); } + */ return await EditAsync(section, context); } diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Drivers/RoleLoginSettingsDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.Users/Drivers/RoleLoginSettingsDisplayDriver.cs new file mode 100644 index 00000000000..dfedbe82515 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Drivers/RoleLoginSettingsDisplayDriver.cs @@ -0,0 +1,93 @@ +using System; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Localization; +using OrchardCore.DisplayManagement.Entities; +using OrchardCore.DisplayManagement.Handlers; +using OrchardCore.DisplayManagement.Views; +using OrchardCore.Mvc.ModelBinding; +using OrchardCore.Security.Services; +using OrchardCore.Settings; +using OrchardCore.Users.Models; +using OrchardCore.Users.ViewModels; + +namespace OrchardCore.Users.Drivers; + +public class RoleLoginSettingsDisplayDriver : SectionDisplayDriver +{ + private readonly IHttpContextAccessor _httpContextAccessor; + private readonly IAuthorizationService _authorizationService; + private readonly IRoleService _roleService; + private readonly IStringLocalizer S; + + public RoleLoginSettingsDisplayDriver( + IHttpContextAccessor httpContextAccessor, + IAuthorizationService authorizationService, + IRoleService roleService, + IStringLocalizer stringLocalizer) + { + _httpContextAccessor = httpContextAccessor; + _authorizationService = authorizationService; + _roleService = roleService; + S = stringLocalizer; + } + + public override async Task EditAsync(LoginSettings settings, BuildEditorContext context) + { + var user = _httpContextAccessor.HttpContext?.User; + + if (!await _authorizationService.AuthorizeAsync(user, CommonPermissions.ManageUsers)) + { + return null; + } + + return Initialize("LoginSettingsRoles_Edit", async model => + { + model.EnableTwoFactorAuthentication = settings.EnableTwoFactorAuthentication; + model.EnableTwoFactorAuthenticationForSpecificRoles = settings.EnableTwoFactorAuthenticationForSpecificRoles; + var roles = await _roleService.GetRolesAsync(); + model.Roles = roles.Select(role => new RoleEntry() + { + Role = role.RoleName, + IsSelected = settings.Roles != null && settings.Roles.Contains(role.RoleName), + }).OrderBy(entry => entry.Role) + .ToArray(); + }).Location("Content:5.1#Two-factor Authentication") + .OnGroup(LoginSettingsDisplayDriver.GroupId); + } + + public override async Task UpdateAsync(LoginSettings section, BuildEditorContext context) + { + if (!context.GroupId.Equals(LoginSettingsDisplayDriver.GroupId, StringComparison.OrdinalIgnoreCase) + || !await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext?.User, CommonPermissions.ManageUsers)) + { + return null; + } + + var model = new RoleLoginSettingsViewModel(); + + await context.Updater.TryUpdateModelAsync(model, Prefix); + + if (model.EnableTwoFactorAuthenticationForSpecificRoles + && (model.Roles == null || !model.Roles.Any(x => x.IsSelected))) + { + context.Updater.ModelState.AddModelError(Prefix, nameof(model.Roles), S["Select at least one role."]); + } + + if (model.EnableTwoFactorAuthenticationForSpecificRoles) + { + section.EnableTwoFactorAuthenticationForSpecificRoles = true; + section.Roles = model.Roles.Where(x => x.IsSelected) + .Select(x => x.Role) + .ToArray(); + } + else + { + section.EnableTwoFactorAuthenticationForSpecificRoles = false; + } + + return await EditAsync(section, context); + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Filters/TwoFactorAuthenticationAuthorizationFilter.cs b/src/OrchardCore.Modules/OrchardCore.Users/Filters/TwoFactorAuthenticationAuthorizationFilter.cs new file mode 100644 index 00000000000..3c797abc7a1 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Filters/TwoFactorAuthenticationAuthorizationFilter.cs @@ -0,0 +1,53 @@ +using System; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Filters; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Options; +using OrchardCore.Entities; +using OrchardCore.Settings; +using OrchardCore.Users.Models; +using OrchardCore.Users.Services; + +namespace OrchardCore.Users.Filters; + +public class TwoFactorAuthenticationAuthorizationFilter : IAsyncAuthorizationFilter +{ + private readonly UserOptions _userOptions; + + public TwoFactorAuthenticationAuthorizationFilter(IOptions userOptions) + { + _userOptions = userOptions.Value; + } + + public async Task OnAuthorizationAsync(AuthorizationFilterContext context) + { + if (context == null) + { + throw new ArgumentNullException(nameof(context)); + } + + if (!(context.HttpContext?.User?.Identity?.IsAuthenticated ?? false) + || context.HttpContext.Request.Path.Equals("/" + _userOptions.LogoffPath, StringComparison.OrdinalIgnoreCase) + || context.HttpContext.Request.Path.Equals("/" + _userOptions.EnableAuthenticatorPath, StringComparison.OrdinalIgnoreCase)) + { + return; + } + + var siteService = context.HttpContext.RequestServices.GetService(); + + if (siteService == null) + { + return; + } + + var loginSettings = (await siteService.GetSiteSettingsAsync()).As(); + + if (loginSettings.RequireTwoFactorAuthentication + && loginSettings.IsTwoFactorAuthenticationEnabled() + && context.HttpContext.User.HasClaim(claim => claim.Type == TwoFactorAuthenticationClaimsProvider.TwoFactorAuthenticationClaimType)) + { + context.Result = new RedirectResult("~/" + _userOptions.EnableAuthenticatorPath); + } + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Models/LoginSettings.cs b/src/OrchardCore.Modules/OrchardCore.Users/Models/LoginSettings.cs deleted file mode 100644 index 9547ea1456a..00000000000 --- a/src/OrchardCore.Modules/OrchardCore.Users/Models/LoginSettings.cs +++ /dev/null @@ -1,19 +0,0 @@ -namespace OrchardCore.Users.Models -{ - public class LoginSettings - { - public bool UseSiteTheme { get; set; } - - public bool UseExternalProviderIfOnlyOneDefined { get; set; } - - public bool DisableLocalLogin { get; set; } - - public bool UseScriptToSyncRoles { get; set; } - - public string SyncRolesScript { get; set; } - - public bool AllowChangingUsername { get; set; } - - public bool AllowChangingEmail { get; set; } - } -} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Services/TwoFactorAuthenticationClaimsProvider.cs b/src/OrchardCore.Modules/OrchardCore.Users/Services/TwoFactorAuthenticationClaimsProvider.cs new file mode 100644 index 00000000000..0fad5b82e49 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Services/TwoFactorAuthenticationClaimsProvider.cs @@ -0,0 +1,48 @@ +using System; +using System.Security.Claims; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Identity; +using OrchardCore.Entities; +using OrchardCore.Settings; +using OrchardCore.Users.Models; + +namespace OrchardCore.Users.Services; + +public class TwoFactorAuthenticationClaimsProvider : IUserClaimsProvider +{ + public const string TwoFactorAuthenticationClaimType = "TwoFacAuth"; + + private readonly UserManager _userManager; + private readonly ISiteService _siteService; + + public TwoFactorAuthenticationClaimsProvider( + UserManager userManager, + ISiteService siteService) + { + _userManager = userManager; + _siteService = siteService; + } + + public async Task GenerateAsync(IUser user, ClaimsIdentity claims) + { + if (user == null) + { + throw new ArgumentNullException(nameof(user)); + } + + if (claims == null) + { + throw new ArgumentNullException(nameof(claims)); + } + + var loginSettings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (loginSettings.RequireTwoFactorAuthentication + && !await _userManager.GetTwoFactorEnabledAsync(user) + && await loginSettings.CanEnableTwoFactorAuthenticationAsync(role => _userManager.IsInRoleAsync(user, role))) + { + // At this point, we know that the user must enable two-factor authentication. + claims.AddClaim(new Claim(TwoFactorAuthenticationClaimType, "required")); + } + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Services/UsersThemeSelector.cs b/src/OrchardCore.Modules/OrchardCore.Users/Services/UsersThemeSelector.cs index 4965434860e..95511c1db94 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Services/UsersThemeSelector.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Services/UsersThemeSelector.cs @@ -45,6 +45,11 @@ public async Task GetThemeAsync() case "Account": useSiteTheme = (await _siteService.GetSiteSettingsAsync()).As().UseSiteTheme; break; + case "TwoFactorAuthentication": + useSiteTheme = routeValues["action"] != null + && routeValues["action"].ToString().StartsWith("LoginWith", StringComparison.OrdinalIgnoreCase) + && (await _siteService.GetSiteSettingsAsync()).As().UseSiteTheme; + break; case "Registration": useSiteTheme = (await _siteService.GetSiteSettingsAsync()).As().UseSiteTheme; break; diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs index f021b5497e0..139bbebb558 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/Startup.cs @@ -36,6 +36,7 @@ using OrchardCore.Users.Commands; using OrchardCore.Users.Controllers; using OrchardCore.Users.Drivers; +using OrchardCore.Users.Filters; using OrchardCore.Users.Handlers; using OrchardCore.Users.Indexes; using OrchardCore.Users.Liquid; @@ -141,6 +142,58 @@ public override void Configure(IApplicationBuilder builder, IEndpointRouteBuilde pattern: _adminOptions.AdminUrlPrefix + "/Users/Display/{id}", defaults: new { controller = adminControllerName, action = nameof(AdminController.Display) } ); + + var twoFaControllerName = typeof(TwoFactorAuthenticationController).ControllerName(); + + routes.MapAreaControllerRoute( + name: "LoginWith2fa", + areaName: "OrchardCore.Users", + pattern: "LoginWith2fa", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.LoginWith2FA) } + ); + routes.MapAreaControllerRoute( + name: "EnableAuthenticator", + areaName: "OrchardCore.Users", + pattern: userOptions.EnableAuthenticatorPath, + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.EnableAuthenticator) } + ); + routes.MapAreaControllerRoute( + name: "TwoFactorAuthentication", + areaName: "OrchardCore.Users", + pattern: "TwoFactorAuthentication", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.Index) } + ); + routes.MapAreaControllerRoute( + name: "GenerateRecoveryCodes", + areaName: "OrchardCore.Users", + pattern: "GenerateRecoveryCodes", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.GenerateRecoveryCodes) } + ); + routes.MapAreaControllerRoute( + name: "ShowRecoveryCodes", + areaName: "OrchardCore.Users", + pattern: "ShowRecoveryCodes", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.ShowRecoveryCodes) } + ); + routes.MapAreaControllerRoute( + name: "ResetAuthenticator", + areaName: "OrchardCore.Users", + pattern: "ResetAuthenticator", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.ResetAuthenticator) } + ); + routes.MapAreaControllerRoute( + name: "Disable2FA", + areaName: "OrchardCore.Users", + pattern: "Disable2FA", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.Disable2FA) } + ); + routes.MapAreaControllerRoute( + name: "LoginWithRecoveryCode", + areaName: "OrchardCore.Users", + pattern: "LoginWithRecoveryCode", + defaults: new { controller = twoFaControllerName, action = nameof(TwoFactorAuthenticationController.LoginWithRecoveryCode) } + ); + builder.UseAuthorization(); } @@ -155,17 +208,31 @@ public override void ConfigureServices(IServiceCollection services) // Add ILookupNormalizer as Singleton because it is needed by UserIndexProvider services.TryAddSingleton(); - // Adds the default token providers used to generate tokens for reset passwords, change email - // and change telephone number operations, and for two factor authentication token generation. - services.AddIdentity(options => + // Add the default token providers used to generate tokens for reset passwords, change email, + // and for two-factor authentication token generation. + var identityBuilder = services.AddIdentity(options => { // Specify OrchardCore User requirements. // A user name cannot include an @ symbol, i.e. be an email address // An email address must be provided, and be unique. options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._+"; options.User.RequireUniqueEmail = true; - }) - .AddDefaultTokenProviders(); + }); + + var dataProtectionProviderType = typeof(DataProtectorTokenProvider<>).MakeGenericType(identityBuilder.UserType); + //var phoneNumberProviderType = typeof(PhoneNumberTokenProvider<>).MakeGenericType(identityBuilder.UserType); + var emailTokenProviderType = typeof(EmailTokenProvider<>).MakeGenericType(identityBuilder.UserType); + var authenticatorProviderType = typeof(AuthenticatorTokenProvider<>).MakeGenericType(identityBuilder.UserType); + + identityBuilder.AddTokenProvider(TokenOptions.DefaultProvider, dataProtectionProviderType) + .AddTokenProvider(TokenOptions.DefaultEmailProvider, emailTokenProviderType) + // .AddTokenProvider(TokenOptions.DefaultPhoneProvider, phoneNumberProviderType) + .AddTokenProvider(TokenOptions.DefaultAuthenticatorProvider, authenticatorProviderType); + + services.AddMvc(options => + { + options.Filters.Add(); + }); // Configure the authentication options to use the application cookie scheme as the default sign-out handler. // This is required for security modules like the OpenID module (that uses SignOutAsync()) to work correctly. @@ -190,6 +257,7 @@ public override void ConfigureServices(IServiceCollection services) services.AddDataMigration(); + services.AddScoped(); services.AddScoped(); services.AddSingleton(); @@ -245,6 +313,7 @@ public override void ConfigureServices(IServiceCollection services) services.AddScoped(); services.AddScoped(); services.AddSingleton(); + services.AddScoped, RoleLoginSettingsDisplayDriver>(); } } diff --git a/src/OrchardCore.Modules/OrchardCore.Users/UserOptionsConfiguration.cs b/src/OrchardCore.Modules/OrchardCore.Users/UserOptionsConfiguration.cs index 7d1b744a194..dfeffe4108e 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/UserOptionsConfiguration.cs +++ b/src/OrchardCore.Modules/OrchardCore.Users/UserOptionsConfiguration.cs @@ -15,6 +15,11 @@ static UserOptionsConfiguration() .DefineScript("password-generator") .SetUrl("~/OrchardCore.Users/Scripts/password-generator.min.js", "~/OrchardCore.Users/Scripts/password-generator.js") .SetVersion("1.0.0"); + + _manifest + .DefineScript("qrcode") + .SetUrl("~/OrchardCore.Users/Scripts/qrcode.min.js", "~/OrchardCore.Users/Scripts/qrcode.js") + .SetVersion("1.0.0"); } public void Configure(ResourceManagementOptions options) diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/EnableAuthenticatorViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/EnableAuthenticatorViewModel.cs new file mode 100644 index 00000000000..8fddbd76a41 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/EnableAuthenticatorViewModel.cs @@ -0,0 +1,15 @@ +using System.ComponentModel.DataAnnotations; + +namespace OrchardCore.Users.ViewModels; + +public class EnableAuthenticatorViewModel +{ + public string SharedKey { get; set; } + + public string AuthenticatorUri { get; set; } + + public string ReturnUrl { get; set; } + + [Required] + public string Code { get; set; } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithRecoveryCodeViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithRecoveryCodeViewModel.cs new file mode 100644 index 00000000000..87331e96406 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithRecoveryCodeViewModel.cs @@ -0,0 +1,11 @@ +using System.ComponentModel.DataAnnotations; + +namespace OrchardCore.Users.ViewModels; + +public class LoginWithRecoveryCodeViewModel +{ + [Required] + public string RecoveryCode { get; set; } + + public string ReturnUrl { get; set; } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithTwoFaViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithTwoFaViewModel.cs new file mode 100644 index 00000000000..54a35046aee --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/LoginWithTwoFaViewModel.cs @@ -0,0 +1,19 @@ +using System.ComponentModel.DataAnnotations; +using Microsoft.AspNetCore.Mvc.ModelBinding; + +namespace OrchardCore.Users.ViewModels; + +public class LoginWithTwoFaViewModel +{ + public bool RememberMe { get; set; } + + public string ReturnUrl { get; set; } + + [Required] + public string TwoFactorCode { get; set; } + + public bool RememberClient { get; set; } + + [BindNever] + public bool AllowRememberClient { get; set; } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/RoleLoginSettingsViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/RoleLoginSettingsViewModel.cs new file mode 100644 index 00000000000..04a8496ade9 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/RoleLoginSettingsViewModel.cs @@ -0,0 +1,14 @@ +using System; +using Microsoft.AspNetCore.Mvc.ModelBinding; + +namespace OrchardCore.Users.ViewModels; + +public class RoleLoginSettingsViewModel +{ + [BindNever] + public bool EnableTwoFactorAuthentication { get; set; } + + public bool EnableTwoFactorAuthenticationForSpecificRoles { get; set; } + + public RoleEntry[] Roles { get; set; } = Array.Empty(); +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/ShowRecoveryCodesViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/ShowRecoveryCodesViewModel.cs new file mode 100644 index 00000000000..4e25a10a11e --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/ShowRecoveryCodesViewModel.cs @@ -0,0 +1,6 @@ +namespace OrchardCore.Users.ViewModels; + +public class ShowRecoveryCodesViewModel +{ + public string[] RecoveryCodes { get; set; } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/TwoFactorAuthenticationViewModel.cs b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/TwoFactorAuthenticationViewModel.cs new file mode 100644 index 00000000000..4743f63156d --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/ViewModels/TwoFactorAuthenticationViewModel.cs @@ -0,0 +1,17 @@ +using Microsoft.AspNetCore.Mvc.ModelBinding; + +namespace OrchardCore.Users.ViewModels; + +public class TwoFactorAuthenticationViewModel +{ + public bool HasAuthenticator { get; set; } + + public bool IsTwoFaEnabled { get; set; } + + public bool IsMachineRemembered { get; set; } + + public int RecoveryCodesLeft { get; set; } + + [BindNever] + public bool CanDisableTwoFa { get; set; } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsEnableTwoFactorAuthentication.Edit.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsEnableTwoFactorAuthentication.Edit.cshtml new file mode 100644 index 00000000000..9f8f8dffcb4 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsEnableTwoFactorAuthentication.Edit.cshtml @@ -0,0 +1,9 @@ +@model OrchardCore.Users.Models.LoginSettings + +
+
+ + + +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsRoles.Edit.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsRoles.Edit.cshtml new file mode 100644 index 00000000000..5f3e03047d2 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsRoles.Edit.cshtml @@ -0,0 +1,24 @@ +@model OrchardCore.Users.ViewModels.RoleLoginSettingsViewModel + +
+
+
+ + + +
+
+ +
+ @T["Select the roles to enable two-factor authentication for."] + + @for (var i = 0; i < Model.Roles.Length; i++) + { +
+ + + +
+ } +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsTwoFactorAuthentication.Edit.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsTwoFactorAuthentication.Edit.cshtml new file mode 100644 index 00000000000..883bd61f37a --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/LoginSettingsTwoFactorAuthentication.Edit.cshtml @@ -0,0 +1,51 @@ +@model OrchardCore.Users.Models.LoginSettings + +
+
+ + + + @T["When selected, users may use Remember Client during login to avoid having to provide a token every time."] +
+
+ +
+
+ + + + @T["When selected, the users will see their email address in the authenticatior app. Otherwise, the username will be displayed."] +
+
+ +
+
+ + + + @T["When selected, any user with enabled two-factor authentication authentication will be required to use it."] +
+
+ +@* + +// A possible issue in Identity prevents from validation token that are not 6 in length. +// If this limitation is lifted, the following line can be removed. +// For more info read https://github.com/dotnet/aspnetcore/issues/48317 + +
+ + + + @T["The length token length that the authenticator app should generate. Default is 6."] +
+*@ +
+ + + + @T["The number of recovery codes to generate. Default is 5."] +
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Disable2FA.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Disable2FA.cshtml new file mode 100644 index 00000000000..7486f788cb3 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Disable2FA.cshtml @@ -0,0 +1,17 @@ + +

@RenderTitleSegments(T["Disable two-factor authentication"])

 + + + +
+
+ +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/EnableAuthenticator.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/EnableAuthenticator.cshtml new file mode 100644 index 00000000000..611101bdd08 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/EnableAuthenticator.cshtml @@ -0,0 +1,63 @@ +@using OrchardCore.Users.Services +@model EnableAuthenticatorViewModel + +

@RenderTitleSegments(T["Configure Authenticator App"])

 + +@if (User.HasClaim(claim => claim.Type == TwoFactorAuthenticationClaimsProvider.TwoFactorAuthenticationClaimType)) +{ +
+ @T["Two-factor authentication must be enabled before proceeding."] +
+} + +
+

@T["To use an authenticator app go through the following steps:"]

+
    +
  1. +

    + @T["Download a two-factor authenticator app like Microsoft Authenticator for Android and iOS.","https://go.microsoft.com/fwlink/?Linkid=825072","https://go.microsoft.com/fwlink/?Linkid=825073"] + + @T["Or, Google Authenticator for Android and iOS.","https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en", "https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8"] +

    +
    2. +
  2. +

    + @T["Scan the QR Code below, or enter this key {0} into your two-factor authenticator app. You may ignore spaces and casing.", $"{Model.SharedKey}"] +

    +
    +
    +
    3. +
  3. +

    + @T["Once you have scanned the QR code or input the key above, your two-factor authentication app will provide you with a unique code. Enter the code in the confirmation box below."] +

    +
    +
    + + +
    +
    + + + +
    + +
    +
    +
    +
    4. +
+
+ + + diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/GenerateRecoveryCodes.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/GenerateRecoveryCodes.cshtml new file mode 100644 index 00000000000..6eb37a8502f --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/GenerateRecoveryCodes.cshtml @@ -0,0 +1,12 @@ +

@RenderTitleSegments(T["Generate two-factor authentication (2FA) recovery codes"])

 + + +
+
+ +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml new file mode 100644 index 00000000000..03b7b62bf10 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/Index.cshtml @@ -0,0 +1,82 @@ +@using Microsoft.AspNetCore.Http.Features + +@model TwoFactorAuthenticationViewModel + +@{ + var canTrack = ViewContext.HttpContext.Features.Get()?.CanTrack ?? true; +} + +

@RenderTitleSegments(T["Two-factor Authentication"])

 + +@if (canTrack) +{ +
+ @if (Model.IsTwoFaEnabled) + { +

@T["Two-factor authentication is enabled."]

+ } + else + { +

@T["Two-factor authentication is not enabled yet."]

+ } + + @if (Model.IsTwoFaEnabled) + { + if (Model.RecoveryCodesLeft == 0) + { +
+ @T["You have no recovery codes left."] +

@T["You must generate a new set of recovery codes before you can log in with a recovery code.", Url.Action("GenerateRecoveryCodes")]

+
+ } + else if (Model.RecoveryCodesLeft == 1) + { +
+ @T["You have 1 recovery code left."] +

@T["You can generate a new set of recovery codes.", Url.Action("GenerateRecoveryCodes")]

+
+ } + else if (Model.RecoveryCodesLeft <= 3) + { +
+ @T["You have {0} recovery {1} left.", Model.RecoveryCodesLeft, T.Plural(Model.RecoveryCodesLeft, "code", "codes")]) +

@T["You should generate a new set of recovery codes.", Url.Action("GenerateRecoveryCodes")]

+
+ } + + @if (Model.IsMachineRemembered) + { +
+ +
+ } + + @if (Model.CanDisableTwoFa) + { + @T["Disable two-factor authentication"] + } + + @T["Reset recovery codes"] + } +
+ +
+

@T["Authenticator App"]

+ @if (!Model.HasAuthenticator) + { + @T["Add authenticator app"] + } + else + { + @T["Set up authenticator app"] + @T["Reset authenticator app"] + } +
+} +else +{ +
+ @T["Privacy and cookie policy have not been accepted."] +

@T["You must accept the policy before you can enable two-factor authentication."]

+
+} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWith2FA.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWith2FA.cshtml new file mode 100644 index 00000000000..d057229663e --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWith2FA.cshtml @@ -0,0 +1,61 @@ +@using OrchardCore.Settings +@using OrchardCore.Users.Models +@using OrchardCore.Entities + +@model LoginWithTwoFaViewModel + +@inject ISiteService SiteService +@{ + ViewLayout = "Layout__Login"; +} + +

@RenderTitleSegments(T["Two-factor authentication"])

 + +
+ +

@T["Your login is protected with a second authentication code. Enter your authenticator code below."]

+ +
+ + @if (!ViewContext.ModelState.IsValid) + { +
+ +
+ } + +
+ +
+ +
+ + + +
+ @if (Model.AllowRememberClient) + { +
+
+ + +
+
+ } +
+ +
+
+
+
+

+ @{ + var url = Url.ActionLink("LoginWithRecoveryCode", controller: null, new + { + returnUrl = Model.ReturnUrl + }); + } + + @T["Don't have access to your authenticator device? You can log in with a recovery code.", url] +

+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWithRecoveryCode.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWithRecoveryCode.cshtml new file mode 100644 index 00000000000..72f518f4601 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/LoginWithRecoveryCode.cshtml @@ -0,0 +1,33 @@ +@model LoginWithRecoveryCodeViewModel + +@{ + ViewLayout = "Layout__Login"; +} + +

@RenderTitleSegments(T["Recovery code verification"])

 + +
+

+ @T["You have requested to log in with a recovery code. This login will not be remembered until you provide an authenticator app code at log in or disable 2FA and log in again."] +

+
+ + @if (!ViewContext.ModelState.IsValid) + { +
+ +
+ } + +
+
+
+ + + +
+ +
+
+
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ResetAuthenticator.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ResetAuthenticator.cshtml new file mode 100644 index 00000000000..a84bba03d5d --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ResetAuthenticator.cshtml @@ -0,0 +1,13 @@ + +

@RenderTitleSegments(T["Reset authenticator key"])

 + + + +
+
+ +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ShowRecoveryCodes.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ShowRecoveryCodes.cshtml new file mode 100644 index 00000000000..9458bedac4e --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/TwoFactorAuthentication/ShowRecoveryCodes.cshtml @@ -0,0 +1,18 @@ +@model ShowRecoveryCodesViewModel + +

@RenderTitleSegments(T["Recovery codes"])

 + + + +
+
+

@T["Any of the following codes can be used to login."]

+ @foreach (var line in Model.RecoveryCodes) + { +

@line

+ } +
+
diff --git a/src/OrchardCore.Modules/OrchardCore.Users/Views/UserMenu.cshtml b/src/OrchardCore.Modules/OrchardCore.Users/Views/UserMenu.cshtml index 55d386f991f..6ad9c55d091 100644 --- a/src/OrchardCore.Modules/OrchardCore.Users/Views/UserMenu.cshtml +++ b/src/OrchardCore.Modules/OrchardCore.Users/Views/UserMenu.cshtml @@ -1,7 +1,13 @@ @using System.Security.Claims +@using OrchardCore.Settings +@using OrchardCore.Users.Models +@using OrchardCore.Entities + +@inject ISiteService SiteService @inject IAuthorizationService AuthorizationService @{ var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); + var loginSettings = (await SiteService.GetSiteSettingsAsync()).As(); }
@@ -20,6 +26,13 @@
  •   @T["Profile"]
    • }
  •   @T["Change password"]
    • + + @if (loginSettings.IsTwoFactorAuthenticationEnabled()) + { +
  • + @T["Security"] +
    • + }
    • diff --git a/src/OrchardCore.Modules/OrchardCore.Users/package-lock.json b/src/OrchardCore.Modules/OrchardCore.Users/package-lock.json new file mode 100644 index 00000000000..2495822b075 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/package-lock.json @@ -0,0 +1,21 @@ +{ + "name": "orchardcore.users", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "orchardcore.users", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "qrcodejs": "^1.0.0" + } + }, + "node_modules/qrcodejs": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/qrcodejs/-/qrcodejs-1.0.0.tgz", + "integrity": "sha512-67rj3mMBhSBepaD57qENnltO+r8rSYlqM7HGThks/BiyDAkc86sLvkKqjkqPS5v13f7tvnt6dbEf3qt7zq+BCg==" + } + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/package.json b/src/OrchardCore.Modules/OrchardCore.Users/package.json new file mode 100644 index 00000000000..c928d474909 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/package.json @@ -0,0 +1,14 @@ +{ + "name": "orchardcore.users", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "qrcodejs": "^1.0.0" + } +} diff --git a/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.js b/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.js new file mode 100644 index 00000000000..01225a3cf54 --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.js @@ -0,0 +1,1118 @@ +/* +** NOTE: This file is generated by Gulp and should not be edited directly! +** Any changes made directly to this file will be overwritten next time its asset group is processed by Gulp. +*/ + +/** + * @fileoverview + * - Using the 'QRCode for Javascript library' + * - Fixed dataset of 'QRCode for Javascript library' for support full-spec. + * - this library has no dependencies. + * + * @author davidshimjs + * @see http://www.d-project.com/ + * @see http://jeromeetienne.github.com/jquery-qrcode/ + */ +var QRCode; +(function () { + //--------------------------------------------------------------------- + // QRCode for JavaScript + // + // Copyright (c) 2009 Kazuhiko Arase + // + // URL: http://www.d-project.com/ + // + // Licensed under the MIT license: + // http://www.opensource.org/licenses/mit-license.php + // + // The word "QR Code" is registered trademark of + // DENSO WAVE INCORPORATED + // http://www.denso-wave.com/qrcode/faqpatent-e.html + // + //--------------------------------------------------------------------- + function QR8bitByte(data) { + this.mode = QRMode.MODE_8BIT_BYTE; + this.data = data; + this.parsedData = []; + + // Added to support UTF-8 Characters + for (var i = 0, l = this.data.length; i < l; i++) { + var byteArray = []; + var code = this.data.charCodeAt(i); + if (code > 0x10000) { + byteArray[0] = 0xF0 | (code & 0x1C0000) >>> 18; + byteArray[1] = 0x80 | (code & 0x3F000) >>> 12; + byteArray[2] = 0x80 | (code & 0xFC0) >>> 6; + byteArray[3] = 0x80 | code & 0x3F; + } else if (code > 0x800) { + byteArray[0] = 0xE0 | (code & 0xF000) >>> 12; + byteArray[1] = 0x80 | (code & 0xFC0) >>> 6; + byteArray[2] = 0x80 | code & 0x3F; + } else if (code > 0x80) { + byteArray[0] = 0xC0 | (code & 0x7C0) >>> 6; + byteArray[1] = 0x80 | code & 0x3F; + } else { + byteArray[0] = code; + } + this.parsedData.push(byteArray); + } + this.parsedData = Array.prototype.concat.apply([], this.parsedData); + if (this.parsedData.length != this.data.length) { + this.parsedData.unshift(191); + this.parsedData.unshift(187); + this.parsedData.unshift(239); + } + } + QR8bitByte.prototype = { + getLength: function getLength(buffer) { + return this.parsedData.length; + }, + write: function write(buffer) { + for (var i = 0, l = this.parsedData.length; i < l; i++) { + buffer.put(this.parsedData[i], 8); + } + } + }; + function QRCodeModel(typeNumber, errorCorrectLevel) { + this.typeNumber = typeNumber; + this.errorCorrectLevel = errorCorrectLevel; + this.modules = null; + this.moduleCount = 0; + this.dataCache = null; + this.dataList = []; + } + QRCodeModel.prototype = { + addData: function addData(data) { + var newData = new QR8bitByte(data); + this.dataList.push(newData); + this.dataCache = null; + }, + isDark: function isDark(row, col) { + if (row < 0 || this.moduleCount <= row || col < 0 || this.moduleCount <= col) { + throw new Error(row + "," + col); + } + return this.modules[row][col]; + }, + getModuleCount: function getModuleCount() { + return this.moduleCount; + }, + make: function make() { + this.makeImpl(false, this.getBestMaskPattern()); + }, + makeImpl: function makeImpl(test, maskPattern) { + this.moduleCount = this.typeNumber * 4 + 17; + this.modules = new Array(this.moduleCount); + for (var row = 0; row < this.moduleCount; row++) { + this.modules[row] = new Array(this.moduleCount); + for (var col = 0; col < this.moduleCount; col++) { + this.modules[row][col] = null; + } + } + this.setupPositionProbePattern(0, 0); + this.setupPositionProbePattern(this.moduleCount - 7, 0); + this.setupPositionProbePattern(0, this.moduleCount - 7); + this.setupPositionAdjustPattern(); + this.setupTimingPattern(); + this.setupTypeInfo(test, maskPattern); + if (this.typeNumber >= 7) { + this.setupTypeNumber(test); + } + if (this.dataCache == null) { + this.dataCache = QRCodeModel.createData(this.typeNumber, this.errorCorrectLevel, this.dataList); + } + this.mapData(this.dataCache, maskPattern); + }, + setupPositionProbePattern: function setupPositionProbePattern(row, col) { + for (var r = -1; r <= 7; r++) { + if (row + r <= -1 || this.moduleCount <= row + r) continue; + for (var c = -1; c <= 7; c++) { + if (col + c <= -1 || this.moduleCount <= col + c) continue; + if (0 <= r && r <= 6 && (c == 0 || c == 6) || 0 <= c && c <= 6 && (r == 0 || r == 6) || 2 <= r && r <= 4 && 2 <= c && c <= 4) { + this.modules[row + r][col + c] = true; + } else { + this.modules[row + r][col + c] = false; + } + } + } + }, + getBestMaskPattern: function getBestMaskPattern() { + var minLostPoint = 0; + var pattern = 0; + for (var i = 0; i < 8; i++) { + this.makeImpl(true, i); + var lostPoint = QRUtil.getLostPoint(this); + if (i == 0 || minLostPoint > lostPoint) { + minLostPoint = lostPoint; + pattern = i; + } + } + return pattern; + }, + createMovieClip: function createMovieClip(target_mc, instance_name, depth) { + var qr_mc = target_mc.createEmptyMovieClip(instance_name, depth); + var cs = 1; + this.make(); + for (var row = 0; row < this.modules.length; row++) { + var y = row * cs; + for (var col = 0; col < this.modules[row].length; col++) { + var x = col * cs; + var dark = this.modules[row][col]; + if (dark) { + qr_mc.beginFill(0, 100); + qr_mc.moveTo(x, y); + qr_mc.lineTo(x + cs, y); + qr_mc.lineTo(x + cs, y + cs); + qr_mc.lineTo(x, y + cs); + qr_mc.endFill(); + } + } + } + return qr_mc; + }, + setupTimingPattern: function setupTimingPattern() { + for (var r = 8; r < this.moduleCount - 8; r++) { + if (this.modules[r][6] != null) { + continue; + } + this.modules[r][6] = r % 2 == 0; + } + for (var c = 8; c < this.moduleCount - 8; c++) { + if (this.modules[6][c] != null) { + continue; + } + this.modules[6][c] = c % 2 == 0; + } + }, + setupPositionAdjustPattern: function setupPositionAdjustPattern() { + var pos = QRUtil.getPatternPosition(this.typeNumber); + for (var i = 0; i < pos.length; i++) { + for (var j = 0; j < pos.length; j++) { + var row = pos[i]; + var col = pos[j]; + if (this.modules[row][col] != null) { + continue; + } + for (var r = -2; r <= 2; r++) { + for (var c = -2; c <= 2; c++) { + if (r == -2 || r == 2 || c == -2 || c == 2 || r == 0 && c == 0) { + this.modules[row + r][col + c] = true; + } else { + this.modules[row + r][col + c] = false; + } + } + } + } + } + }, + setupTypeNumber: function setupTypeNumber(test) { + var bits = QRUtil.getBCHTypeNumber(this.typeNumber); + for (var i = 0; i < 18; i++) { + var mod = !test && (bits >> i & 1) == 1; + this.modules[Math.floor(i / 3)][i % 3 + this.moduleCount - 8 - 3] = mod; + } + for (var i = 0; i < 18; i++) { + var mod = !test && (bits >> i & 1) == 1; + this.modules[i % 3 + this.moduleCount - 8 - 3][Math.floor(i / 3)] = mod; + } + }, + setupTypeInfo: function setupTypeInfo(test, maskPattern) { + var data = this.errorCorrectLevel << 3 | maskPattern; + var bits = QRUtil.getBCHTypeInfo(data); + for (var i = 0; i < 15; i++) { + var mod = !test && (bits >> i & 1) == 1; + if (i < 6) { + this.modules[i][8] = mod; + } else if (i < 8) { + this.modules[i + 1][8] = mod; + } else { + this.modules[this.moduleCount - 15 + i][8] = mod; + } + } + for (var i = 0; i < 15; i++) { + var mod = !test && (bits >> i & 1) == 1; + if (i < 8) { + this.modules[8][this.moduleCount - i - 1] = mod; + } else if (i < 9) { + this.modules[8][15 - i - 1 + 1] = mod; + } else { + this.modules[8][15 - i - 1] = mod; + } + } + this.modules[this.moduleCount - 8][8] = !test; + }, + mapData: function mapData(data, maskPattern) { + var inc = -1; + var row = this.moduleCount - 1; + var bitIndex = 7; + var byteIndex = 0; + for (var col = this.moduleCount - 1; col > 0; col -= 2) { + if (col == 6) col--; + while (true) { + for (var c = 0; c < 2; c++) { + if (this.modules[row][col - c] == null) { + var dark = false; + if (byteIndex < data.length) { + dark = (data[byteIndex] >>> bitIndex & 1) == 1; + } + var mask = QRUtil.getMask(maskPattern, row, col - c); + if (mask) { + dark = !dark; + } + this.modules[row][col - c] = dark; + bitIndex--; + if (bitIndex == -1) { + byteIndex++; + bitIndex = 7; + } + } + } + row += inc; + if (row < 0 || this.moduleCount <= row) { + row -= inc; + inc = -inc; + break; + } + } + } + } + }; + QRCodeModel.PAD0 = 0xEC; + QRCodeModel.PAD1 = 0x11; + QRCodeModel.createData = function (typeNumber, errorCorrectLevel, dataList) { + var rsBlocks = QRRSBlock.getRSBlocks(typeNumber, errorCorrectLevel); + var buffer = new QRBitBuffer(); + for (var i = 0; i < dataList.length; i++) { + var data = dataList[i]; + buffer.put(data.mode, 4); + buffer.put(data.getLength(), QRUtil.getLengthInBits(data.mode, typeNumber)); + data.write(buffer); + } + var totalDataCount = 0; + for (var i = 0; i < rsBlocks.length; i++) { + totalDataCount += rsBlocks[i].dataCount; + } + if (buffer.getLengthInBits() > totalDataCount * 8) { + throw new Error("code length overflow. (" + buffer.getLengthInBits() + ">" + totalDataCount * 8 + ")"); + } + if (buffer.getLengthInBits() + 4 <= totalDataCount * 8) { + buffer.put(0, 4); + } + while (buffer.getLengthInBits() % 8 != 0) { + buffer.putBit(false); + } + while (true) { + if (buffer.getLengthInBits() >= totalDataCount * 8) { + break; + } + buffer.put(QRCodeModel.PAD0, 8); + if (buffer.getLengthInBits() >= totalDataCount * 8) { + break; + } + buffer.put(QRCodeModel.PAD1, 8); + } + return QRCodeModel.createBytes(buffer, rsBlocks); + }; + QRCodeModel.createBytes = function (buffer, rsBlocks) { + var offset = 0; + var maxDcCount = 0; + var maxEcCount = 0; + var dcdata = new Array(rsBlocks.length); + var ecdata = new Array(rsBlocks.length); + for (var r = 0; r < rsBlocks.length; r++) { + var dcCount = rsBlocks[r].dataCount; + var ecCount = rsBlocks[r].totalCount - dcCount; + maxDcCount = Math.max(maxDcCount, dcCount); + maxEcCount = Math.max(maxEcCount, ecCount); + dcdata[r] = new Array(dcCount); + for (var i = 0; i < dcdata[r].length; i++) { + dcdata[r][i] = 0xff & buffer.buffer[i + offset]; + } + offset += dcCount; + var rsPoly = QRUtil.getErrorCorrectPolynomial(ecCount); + var rawPoly = new QRPolynomial(dcdata[r], rsPoly.getLength() - 1); + var modPoly = rawPoly.mod(rsPoly); + ecdata[r] = new Array(rsPoly.getLength() - 1); + for (var i = 0; i < ecdata[r].length; i++) { + var modIndex = i + modPoly.getLength() - ecdata[r].length; + ecdata[r][i] = modIndex >= 0 ? modPoly.get(modIndex) : 0; + } + } + var totalCodeCount = 0; + for (var i = 0; i < rsBlocks.length; i++) { + totalCodeCount += rsBlocks[i].totalCount; + } + var data = new Array(totalCodeCount); + var index = 0; + for (var i = 0; i < maxDcCount; i++) { + for (var r = 0; r < rsBlocks.length; r++) { + if (i < dcdata[r].length) { + data[index++] = dcdata[r][i]; + } + } + } + for (var i = 0; i < maxEcCount; i++) { + for (var r = 0; r < rsBlocks.length; r++) { + if (i < ecdata[r].length) { + data[index++] = ecdata[r][i]; + } + } + } + return data; + }; + var QRMode = { + MODE_NUMBER: 1 << 0, + MODE_ALPHA_NUM: 1 << 1, + MODE_8BIT_BYTE: 1 << 2, + MODE_KANJI: 1 << 3 + }; + var QRErrorCorrectLevel = { + L: 1, + M: 0, + Q: 3, + H: 2 + }; + var QRMaskPattern = { + PATTERN000: 0, + PATTERN001: 1, + PATTERN010: 2, + PATTERN011: 3, + PATTERN100: 4, + PATTERN101: 5, + PATTERN110: 6, + PATTERN111: 7 + }; + var QRUtil = { + PATTERN_POSITION_TABLE: [[], [6, 18], [6, 22], [6, 26], [6, 30], [6, 34], [6, 22, 38], [6, 24, 42], [6, 26, 46], [6, 28, 50], [6, 30, 54], [6, 32, 58], [6, 34, 62], [6, 26, 46, 66], [6, 26, 48, 70], [6, 26, 50, 74], [6, 30, 54, 78], [6, 30, 56, 82], [6, 30, 58, 86], [6, 34, 62, 90], [6, 28, 50, 72, 94], [6, 26, 50, 74, 98], [6, 30, 54, 78, 102], [6, 28, 54, 80, 106], [6, 32, 58, 84, 110], [6, 30, 58, 86, 114], [6, 34, 62, 90, 118], [6, 26, 50, 74, 98, 122], [6, 30, 54, 78, 102, 126], [6, 26, 52, 78, 104, 130], [6, 30, 56, 82, 108, 134], [6, 34, 60, 86, 112, 138], [6, 30, 58, 86, 114, 142], [6, 34, 62, 90, 118, 146], [6, 30, 54, 78, 102, 126, 150], [6, 24, 50, 76, 102, 128, 154], [6, 28, 54, 80, 106, 132, 158], [6, 32, 58, 84, 110, 136, 162], [6, 26, 54, 82, 110, 138, 166], [6, 30, 58, 86, 114, 142, 170]], + G15: 1 << 10 | 1 << 8 | 1 << 5 | 1 << 4 | 1 << 2 | 1 << 1 | 1 << 0, + G18: 1 << 12 | 1 << 11 | 1 << 10 | 1 << 9 | 1 << 8 | 1 << 5 | 1 << 2 | 1 << 0, + G15_MASK: 1 << 14 | 1 << 12 | 1 << 10 | 1 << 4 | 1 << 1, + getBCHTypeInfo: function getBCHTypeInfo(data) { + var d = data << 10; + while (QRUtil.getBCHDigit(d) - QRUtil.getBCHDigit(QRUtil.G15) >= 0) { + d ^= QRUtil.G15 << QRUtil.getBCHDigit(d) - QRUtil.getBCHDigit(QRUtil.G15); + } + return (data << 10 | d) ^ QRUtil.G15_MASK; + }, + getBCHTypeNumber: function getBCHTypeNumber(data) { + var d = data << 12; + while (QRUtil.getBCHDigit(d) - QRUtil.getBCHDigit(QRUtil.G18) >= 0) { + d ^= QRUtil.G18 << QRUtil.getBCHDigit(d) - QRUtil.getBCHDigit(QRUtil.G18); + } + return data << 12 | d; + }, + getBCHDigit: function getBCHDigit(data) { + var digit = 0; + while (data != 0) { + digit++; + data >>>= 1; + } + return digit; + }, + getPatternPosition: function getPatternPosition(typeNumber) { + return QRUtil.PATTERN_POSITION_TABLE[typeNumber - 1]; + }, + getMask: function getMask(maskPattern, i, j) { + switch (maskPattern) { + case QRMaskPattern.PATTERN000: + return (i + j) % 2 == 0; + case QRMaskPattern.PATTERN001: + return i % 2 == 0; + case QRMaskPattern.PATTERN010: + return j % 3 == 0; + case QRMaskPattern.PATTERN011: + return (i + j) % 3 == 0; + case QRMaskPattern.PATTERN100: + return (Math.floor(i / 2) + Math.floor(j / 3)) % 2 == 0; + case QRMaskPattern.PATTERN101: + return i * j % 2 + i * j % 3 == 0; + case QRMaskPattern.PATTERN110: + return (i * j % 2 + i * j % 3) % 2 == 0; + case QRMaskPattern.PATTERN111: + return (i * j % 3 + (i + j) % 2) % 2 == 0; + default: + throw new Error("bad maskPattern:" + maskPattern); + } + }, + getErrorCorrectPolynomial: function getErrorCorrectPolynomial(errorCorrectLength) { + var a = new QRPolynomial([1], 0); + for (var i = 0; i < errorCorrectLength; i++) { + a = a.multiply(new QRPolynomial([1, QRMath.gexp(i)], 0)); + } + return a; + }, + getLengthInBits: function getLengthInBits(mode, type) { + if (1 <= type && type < 10) { + switch (mode) { + case QRMode.MODE_NUMBER: + return 10; + case QRMode.MODE_ALPHA_NUM: + return 9; + case QRMode.MODE_8BIT_BYTE: + return 8; + case QRMode.MODE_KANJI: + return 8; + default: + throw new Error("mode:" + mode); + } + } else if (type < 27) { + switch (mode) { + case QRMode.MODE_NUMBER: + return 12; + case QRMode.MODE_ALPHA_NUM: + return 11; + case QRMode.MODE_8BIT_BYTE: + return 16; + case QRMode.MODE_KANJI: + return 10; + default: + throw new Error("mode:" + mode); + } + } else if (type < 41) { + switch (mode) { + case QRMode.MODE_NUMBER: + return 14; + case QRMode.MODE_ALPHA_NUM: + return 13; + case QRMode.MODE_8BIT_BYTE: + return 16; + case QRMode.MODE_KANJI: + return 12; + default: + throw new Error("mode:" + mode); + } + } else { + throw new Error("type:" + type); + } + }, + getLostPoint: function getLostPoint(qrCode) { + var moduleCount = qrCode.getModuleCount(); + var lostPoint = 0; + for (var row = 0; row < moduleCount; row++) { + for (var col = 0; col < moduleCount; col++) { + var sameCount = 0; + var dark = qrCode.isDark(row, col); + for (var r = -1; r <= 1; r++) { + if (row + r < 0 || moduleCount <= row + r) { + continue; + } + for (var c = -1; c <= 1; c++) { + if (col + c < 0 || moduleCount <= col + c) { + continue; + } + if (r == 0 && c == 0) { + continue; + } + if (dark == qrCode.isDark(row + r, col + c)) { + sameCount++; + } + } + } + if (sameCount > 5) { + lostPoint += 3 + sameCount - 5; + } + } + } + for (var row = 0; row < moduleCount - 1; row++) { + for (var col = 0; col < moduleCount - 1; col++) { + var count = 0; + if (qrCode.isDark(row, col)) count++; + if (qrCode.isDark(row + 1, col)) count++; + if (qrCode.isDark(row, col + 1)) count++; + if (qrCode.isDark(row + 1, col + 1)) count++; + if (count == 0 || count == 4) { + lostPoint += 3; + } + } + } + for (var row = 0; row < moduleCount; row++) { + for (var col = 0; col < moduleCount - 6; col++) { + if (qrCode.isDark(row, col) && !qrCode.isDark(row, col + 1) && qrCode.isDark(row, col + 2) && qrCode.isDark(row, col + 3) && qrCode.isDark(row, col + 4) && !qrCode.isDark(row, col + 5) && qrCode.isDark(row, col + 6)) { + lostPoint += 40; + } + } + } + for (var col = 0; col < moduleCount; col++) { + for (var row = 0; row < moduleCount - 6; row++) { + if (qrCode.isDark(row, col) && !qrCode.isDark(row + 1, col) && qrCode.isDark(row + 2, col) && qrCode.isDark(row + 3, col) && qrCode.isDark(row + 4, col) && !qrCode.isDark(row + 5, col) && qrCode.isDark(row + 6, col)) { + lostPoint += 40; + } + } + } + var darkCount = 0; + for (var col = 0; col < moduleCount; col++) { + for (var row = 0; row < moduleCount; row++) { + if (qrCode.isDark(row, col)) { + darkCount++; + } + } + } + var ratio = Math.abs(100 * darkCount / moduleCount / moduleCount - 50) / 5; + lostPoint += ratio * 10; + return lostPoint; + } + }; + var QRMath = { + glog: function glog(n) { + if (n < 1) { + throw new Error("glog(" + n + ")"); + } + return QRMath.LOG_TABLE[n]; + }, + gexp: function gexp(n) { + while (n < 0) { + n += 255; + } + while (n >= 256) { + n -= 255; + } + return QRMath.EXP_TABLE[n]; + }, + EXP_TABLE: new Array(256), + LOG_TABLE: new Array(256) + }; + for (var i = 0; i < 8; i++) { + QRMath.EXP_TABLE[i] = 1 << i; + } + for (var i = 8; i < 256; i++) { + QRMath.EXP_TABLE[i] = QRMath.EXP_TABLE[i - 4] ^ QRMath.EXP_TABLE[i - 5] ^ QRMath.EXP_TABLE[i - 6] ^ QRMath.EXP_TABLE[i - 8]; + } + for (var i = 0; i < 255; i++) { + QRMath.LOG_TABLE[QRMath.EXP_TABLE[i]] = i; + } + function QRPolynomial(num, shift) { + if (num.length == undefined) { + throw new Error(num.length + "/" + shift); + } + var offset = 0; + while (offset < num.length && num[offset] == 0) { + offset++; + } + this.num = new Array(num.length - offset + shift); + for (var i = 0; i < num.length - offset; i++) { + this.num[i] = num[i + offset]; + } + } + QRPolynomial.prototype = { + get: function get(index) { + return this.num[index]; + }, + getLength: function getLength() { + return this.num.length; + }, + multiply: function multiply(e) { + var num = new Array(this.getLength() + e.getLength() - 1); + for (var i = 0; i < this.getLength(); i++) { + for (var j = 0; j < e.getLength(); j++) { + num[i + j] ^= QRMath.gexp(QRMath.glog(this.get(i)) + QRMath.glog(e.get(j))); + } + } + return new QRPolynomial(num, 0); + }, + mod: function mod(e) { + if (this.getLength() - e.getLength() < 0) { + return this; + } + var ratio = QRMath.glog(this.get(0)) - QRMath.glog(e.get(0)); + var num = new Array(this.getLength()); + for (var i = 0; i < this.getLength(); i++) { + num[i] = this.get(i); + } + for (var i = 0; i < e.getLength(); i++) { + num[i] ^= QRMath.gexp(QRMath.glog(e.get(i)) + ratio); + } + return new QRPolynomial(num, 0).mod(e); + } + }; + function QRRSBlock(totalCount, dataCount) { + this.totalCount = totalCount; + this.dataCount = dataCount; + } + QRRSBlock.RS_BLOCK_TABLE = [[1, 26, 19], [1, 26, 16], [1, 26, 13], [1, 26, 9], [1, 44, 34], [1, 44, 28], [1, 44, 22], [1, 44, 16], [1, 70, 55], [1, 70, 44], [2, 35, 17], [2, 35, 13], [1, 100, 80], [2, 50, 32], [2, 50, 24], [4, 25, 9], [1, 134, 108], [2, 67, 43], [2, 33, 15, 2, 34, 16], [2, 33, 11, 2, 34, 12], [2, 86, 68], [4, 43, 27], [4, 43, 19], [4, 43, 15], [2, 98, 78], [4, 49, 31], [2, 32, 14, 4, 33, 15], [4, 39, 13, 1, 40, 14], [2, 121, 97], [2, 60, 38, 2, 61, 39], [4, 40, 18, 2, 41, 19], [4, 40, 14, 2, 41, 15], [2, 146, 116], [3, 58, 36, 2, 59, 37], [4, 36, 16, 4, 37, 17], [4, 36, 12, 4, 37, 13], [2, 86, 68, 2, 87, 69], [4, 69, 43, 1, 70, 44], [6, 43, 19, 2, 44, 20], [6, 43, 15, 2, 44, 16], [4, 101, 81], [1, 80, 50, 4, 81, 51], [4, 50, 22, 4, 51, 23], [3, 36, 12, 8, 37, 13], [2, 116, 92, 2, 117, 93], [6, 58, 36, 2, 59, 37], [4, 46, 20, 6, 47, 21], [7, 42, 14, 4, 43, 15], [4, 133, 107], [8, 59, 37, 1, 60, 38], [8, 44, 20, 4, 45, 21], [12, 33, 11, 4, 34, 12], [3, 145, 115, 1, 146, 116], [4, 64, 40, 5, 65, 41], [11, 36, 16, 5, 37, 17], [11, 36, 12, 5, 37, 13], [5, 109, 87, 1, 110, 88], [5, 65, 41, 5, 66, 42], [5, 54, 24, 7, 55, 25], [11, 36, 12], [5, 122, 98, 1, 123, 99], [7, 73, 45, 3, 74, 46], [15, 43, 19, 2, 44, 20], [3, 45, 15, 13, 46, 16], [1, 135, 107, 5, 136, 108], [10, 74, 46, 1, 75, 47], [1, 50, 22, 15, 51, 23], [2, 42, 14, 17, 43, 15], [5, 150, 120, 1, 151, 121], [9, 69, 43, 4, 70, 44], [17, 50, 22, 1, 51, 23], [2, 42, 14, 19, 43, 15], [3, 141, 113, 4, 142, 114], [3, 70, 44, 11, 71, 45], [17, 47, 21, 4, 48, 22], [9, 39, 13, 16, 40, 14], [3, 135, 107, 5, 136, 108], [3, 67, 41, 13, 68, 42], [15, 54, 24, 5, 55, 25], [15, 43, 15, 10, 44, 16], [4, 144, 116, 4, 145, 117], [17, 68, 42], [17, 50, 22, 6, 51, 23], [19, 46, 16, 6, 47, 17], [2, 139, 111, 7, 140, 112], [17, 74, 46], [7, 54, 24, 16, 55, 25], [34, 37, 13], [4, 151, 121, 5, 152, 122], [4, 75, 47, 14, 76, 48], [11, 54, 24, 14, 55, 25], [16, 45, 15, 14, 46, 16], [6, 147, 117, 4, 148, 118], [6, 73, 45, 14, 74, 46], [11, 54, 24, 16, 55, 25], [30, 46, 16, 2, 47, 17], [8, 132, 106, 4, 133, 107], [8, 75, 47, 13, 76, 48], [7, 54, 24, 22, 55, 25], [22, 45, 15, 13, 46, 16], [10, 142, 114, 2, 143, 115], [19, 74, 46, 4, 75, 47], [28, 50, 22, 6, 51, 23], [33, 46, 16, 4, 47, 17], [8, 152, 122, 4, 153, 123], [22, 73, 45, 3, 74, 46], [8, 53, 23, 26, 54, 24], [12, 45, 15, 28, 46, 16], [3, 147, 117, 10, 148, 118], [3, 73, 45, 23, 74, 46], [4, 54, 24, 31, 55, 25], [11, 45, 15, 31, 46, 16], [7, 146, 116, 7, 147, 117], [21, 73, 45, 7, 74, 46], [1, 53, 23, 37, 54, 24], [19, 45, 15, 26, 46, 16], [5, 145, 115, 10, 146, 116], [19, 75, 47, 10, 76, 48], [15, 54, 24, 25, 55, 25], [23, 45, 15, 25, 46, 16], [13, 145, 115, 3, 146, 116], [2, 74, 46, 29, 75, 47], [42, 54, 24, 1, 55, 25], [23, 45, 15, 28, 46, 16], [17, 145, 115], [10, 74, 46, 23, 75, 47], [10, 54, 24, 35, 55, 25], [19, 45, 15, 35, 46, 16], [17, 145, 115, 1, 146, 116], [14, 74, 46, 21, 75, 47], [29, 54, 24, 19, 55, 25], [11, 45, 15, 46, 46, 16], [13, 145, 115, 6, 146, 116], [14, 74, 46, 23, 75, 47], [44, 54, 24, 7, 55, 25], [59, 46, 16, 1, 47, 17], [12, 151, 121, 7, 152, 122], [12, 75, 47, 26, 76, 48], [39, 54, 24, 14, 55, 25], [22, 45, 15, 41, 46, 16], [6, 151, 121, 14, 152, 122], [6, 75, 47, 34, 76, 48], [46, 54, 24, 10, 55, 25], [2, 45, 15, 64, 46, 16], [17, 152, 122, 4, 153, 123], [29, 74, 46, 14, 75, 47], [49, 54, 24, 10, 55, 25], [24, 45, 15, 46, 46, 16], [4, 152, 122, 18, 153, 123], [13, 74, 46, 32, 75, 47], [48, 54, 24, 14, 55, 25], [42, 45, 15, 32, 46, 16], [20, 147, 117, 4, 148, 118], [40, 75, 47, 7, 76, 48], [43, 54, 24, 22, 55, 25], [10, 45, 15, 67, 46, 16], [19, 148, 118, 6, 149, 119], [18, 75, 47, 31, 76, 48], [34, 54, 24, 34, 55, 25], [20, 45, 15, 61, 46, 16]]; + QRRSBlock.getRSBlocks = function (typeNumber, errorCorrectLevel) { + var rsBlock = QRRSBlock.getRsBlockTable(typeNumber, errorCorrectLevel); + if (rsBlock == undefined) { + throw new Error("bad rs block @ typeNumber:" + typeNumber + "/errorCorrectLevel:" + errorCorrectLevel); + } + var length = rsBlock.length / 3; + var list = []; + for (var i = 0; i < length; i++) { + var count = rsBlock[i * 3 + 0]; + var totalCount = rsBlock[i * 3 + 1]; + var dataCount = rsBlock[i * 3 + 2]; + for (var j = 0; j < count; j++) { + list.push(new QRRSBlock(totalCount, dataCount)); + } + } + return list; + }; + QRRSBlock.getRsBlockTable = function (typeNumber, errorCorrectLevel) { + switch (errorCorrectLevel) { + case QRErrorCorrectLevel.L: + return QRRSBlock.RS_BLOCK_TABLE[(typeNumber - 1) * 4 + 0]; + case QRErrorCorrectLevel.M: + return QRRSBlock.RS_BLOCK_TABLE[(typeNumber - 1) * 4 + 1]; + case QRErrorCorrectLevel.Q: + return QRRSBlock.RS_BLOCK_TABLE[(typeNumber - 1) * 4 + 2]; + case QRErrorCorrectLevel.H: + return QRRSBlock.RS_BLOCK_TABLE[(typeNumber - 1) * 4 + 3]; + default: + return undefined; + } + }; + function QRBitBuffer() { + this.buffer = []; + this.length = 0; + } + QRBitBuffer.prototype = { + get: function get(index) { + var bufIndex = Math.floor(index / 8); + return (this.buffer[bufIndex] >>> 7 - index % 8 & 1) == 1; + }, + put: function put(num, length) { + for (var i = 0; i < length; i++) { + this.putBit((num >>> length - i - 1 & 1) == 1); + } + }, + getLengthInBits: function getLengthInBits() { + return this.length; + }, + putBit: function putBit(bit) { + var bufIndex = Math.floor(this.length / 8); + if (this.buffer.length <= bufIndex) { + this.buffer.push(0); + } + if (bit) { + this.buffer[bufIndex] |= 0x80 >>> this.length % 8; + } + this.length++; + } + }; + var QRCodeLimitLength = [[17, 14, 11, 7], [32, 26, 20, 14], [53, 42, 32, 24], [78, 62, 46, 34], [106, 84, 60, 44], [134, 106, 74, 58], [154, 122, 86, 64], [192, 152, 108, 84], [230, 180, 130, 98], [271, 213, 151, 119], [321, 251, 177, 137], [367, 287, 203, 155], [425, 331, 241, 177], [458, 362, 258, 194], [520, 412, 292, 220], [586, 450, 322, 250], [644, 504, 364, 280], [718, 560, 394, 310], [792, 624, 442, 338], [858, 666, 482, 382], [929, 711, 509, 403], [1003, 779, 565, 439], [1091, 857, 611, 461], [1171, 911, 661, 511], [1273, 997, 715, 535], [1367, 1059, 751, 593], [1465, 1125, 805, 625], [1528, 1190, 868, 658], [1628, 1264, 908, 698], [1732, 1370, 982, 742], [1840, 1452, 1030, 790], [1952, 1538, 1112, 842], [2068, 1628, 1168, 898], [2188, 1722, 1228, 958], [2303, 1809, 1283, 983], [2431, 1911, 1351, 1051], [2563, 1989, 1423, 1093], [2699, 2099, 1499, 1139], [2809, 2213, 1579, 1219], [2953, 2331, 1663, 1273]]; + function _isSupportCanvas() { + return typeof CanvasRenderingContext2D != "undefined"; + } + + // android 2.x doesn't support Data-URI spec + function _getAndroid() { + var android = false; + var sAgent = navigator.userAgent; + if (/android/i.test(sAgent)) { + // android + android = true; + var aMat = sAgent.toString().match(/android ([0-9]\.[0-9])/i); + if (aMat && aMat[1]) { + android = parseFloat(aMat[1]); + } + } + return android; + } + var svgDrawer = function () { + var Drawing = function Drawing(el, htOption) { + this._el = el; + this._htOption = htOption; + }; + Drawing.prototype.draw = function (oQRCode) { + var _htOption = this._htOption; + var _el = this._el; + var nCount = oQRCode.getModuleCount(); + var nWidth = Math.floor(_htOption.width / nCount); + var nHeight = Math.floor(_htOption.height / nCount); + this.clear(); + function makeSVG(tag, attrs) { + var el = document.createElementNS('http://www.w3.org/2000/svg', tag); + for (var k in attrs) if (attrs.hasOwnProperty(k)) el.setAttribute(k, attrs[k]); + return el; + } + var svg = makeSVG("svg", { + 'viewBox': '0 0 ' + String(nCount) + " " + String(nCount), + 'width': '100%', + 'height': '100%', + 'fill': _htOption.colorLight + }); + svg.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xlink", "http://www.w3.org/1999/xlink"); + _el.appendChild(svg); + svg.appendChild(makeSVG("rect", { + "fill": _htOption.colorLight, + "width": "100%", + "height": "100%" + })); + svg.appendChild(makeSVG("rect", { + "fill": _htOption.colorDark, + "width": "1", + "height": "1", + "id": "template" + })); + for (var row = 0; row < nCount; row++) { + for (var col = 0; col < nCount; col++) { + if (oQRCode.isDark(row, col)) { + var child = makeSVG("use", { + "x": String(row), + "y": String(col) + }); + child.setAttributeNS("http://www.w3.org/1999/xlink", "href", "#template"); + svg.appendChild(child); + } + } + } + }; + Drawing.prototype.clear = function () { + while (this._el.hasChildNodes()) this._el.removeChild(this._el.lastChild); + }; + return Drawing; + }(); + var useSVG = document.documentElement.tagName.toLowerCase() === "svg"; + + // Drawing in DOM by using Table tag + var Drawing = useSVG ? svgDrawer : !_isSupportCanvas() ? function () { + var Drawing = function Drawing(el, htOption) { + this._el = el; + this._htOption = htOption; + }; + + /** + * Draw the QRCode + * + * @param {QRCode} oQRCode + */ + Drawing.prototype.draw = function (oQRCode) { + var _htOption = this._htOption; + var _el = this._el; + var nCount = oQRCode.getModuleCount(); + var nWidth = Math.floor(_htOption.width / nCount); + var nHeight = Math.floor(_htOption.height / nCount); + var aHTML = ['']; + for (var row = 0; row < nCount; row++) { + aHTML.push(''); + for (var col = 0; col < nCount; col++) { + aHTML.push(''); + } + aHTML.push(''); + } + aHTML.push('
    '); + _el.innerHTML = aHTML.join(''); + + // Fix the margin values as real size. + var elTable = _el.childNodes[0]; + var nLeftMarginTable = (_htOption.width - elTable.offsetWidth) / 2; + var nTopMarginTable = (_htOption.height - elTable.offsetHeight) / 2; + if (nLeftMarginTable > 0 && nTopMarginTable > 0) { + elTable.style.margin = nTopMarginTable + "px " + nLeftMarginTable + "px"; + } + }; + + /** + * Clear the QRCode + */ + Drawing.prototype.clear = function () { + this._el.innerHTML = ''; + }; + return Drawing; + }() : function () { + // Drawing in Canvas + function _onMakeImage() { + this._elImage.src = this._elCanvas.toDataURL("image/png"); + this._elImage.style.display = "block"; + this._elCanvas.style.display = "none"; + } + + // Android 2.1 bug workaround + // http://code.google.com/p/android/issues/detail?id=5141 + if (this._android && this._android <= 2.1) { + var factor = 1 / window.devicePixelRatio; + var drawImage = CanvasRenderingContext2D.prototype.drawImage; + CanvasRenderingContext2D.prototype.drawImage = function (image, sx, sy, sw, sh, dx, dy, dw, dh) { + if ("nodeName" in image && /img/i.test(image.nodeName)) { + for (var i = arguments.length - 1; i >= 1; i--) { + arguments[i] = arguments[i] * factor; + } + } else if (typeof dw == "undefined") { + arguments[1] *= factor; + arguments[2] *= factor; + arguments[3] *= factor; + arguments[4] *= factor; + } + drawImage.apply(this, arguments); + }; + } + + /** + * Check whether the user's browser supports Data URI or not + * + * @private + * @param {Function} fSuccess Occurs if it supports Data URI + * @param {Function} fFail Occurs if it doesn't support Data URI + */ + function _safeSetDataURI(fSuccess, fFail) { + var self = this; + self._fFail = fFail; + self._fSuccess = fSuccess; + + // Check it just once + if (self._bSupportDataURI === null) { + var el = document.createElement("img"); + var fOnError = function fOnError() { + self._bSupportDataURI = false; + if (self._fFail) { + self._fFail.call(self); + } + }; + var fOnSuccess = function fOnSuccess() { + self._bSupportDataURI = true; + if (self._fSuccess) { + self._fSuccess.call(self); + } + }; + el.onabort = fOnError; + el.onerror = fOnError; + el.onload = fOnSuccess; + el.src = "data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="; // the Image contains 1px data. + return; + } else if (self._bSupportDataURI === true && self._fSuccess) { + self._fSuccess.call(self); + } else if (self._bSupportDataURI === false && self._fFail) { + self._fFail.call(self); + } + } + ; + + /** + * Drawing QRCode by using canvas + * + * @constructor + * @param {HTMLElement} el + * @param {Object} htOption QRCode Options + */ + var Drawing = function Drawing(el, htOption) { + this._bIsPainted = false; + this._android = _getAndroid(); + this._htOption = htOption; + this._elCanvas = document.createElement("canvas"); + this._elCanvas.width = htOption.width; + this._elCanvas.height = htOption.height; + el.appendChild(this._elCanvas); + this._el = el; + this._oContext = this._elCanvas.getContext("2d"); + this._bIsPainted = false; + this._elImage = document.createElement("img"); + this._elImage.alt = "Scan me!"; + this._elImage.style.display = "none"; + this._el.appendChild(this._elImage); + this._bSupportDataURI = null; + }; + + /** + * Draw the QRCode + * + * @param {QRCode} oQRCode + */ + Drawing.prototype.draw = function (oQRCode) { + var _elImage = this._elImage; + var _oContext = this._oContext; + var _htOption = this._htOption; + var nCount = oQRCode.getModuleCount(); + var nWidth = _htOption.width / nCount; + var nHeight = _htOption.height / nCount; + var nRoundedWidth = Math.round(nWidth); + var nRoundedHeight = Math.round(nHeight); + _elImage.style.display = "none"; + this.clear(); + for (var row = 0; row < nCount; row++) { + for (var col = 0; col < nCount; col++) { + var bIsDark = oQRCode.isDark(row, col); + var nLeft = col * nWidth; + var nTop = row * nHeight; + _oContext.strokeStyle = bIsDark ? _htOption.colorDark : _htOption.colorLight; + _oContext.lineWidth = 1; + _oContext.fillStyle = bIsDark ? _htOption.colorDark : _htOption.colorLight; + _oContext.fillRect(nLeft, nTop, nWidth, nHeight); + + // 안티 앨리어싱 방지 처리 + _oContext.strokeRect(Math.floor(nLeft) + 0.5, Math.floor(nTop) + 0.5, nRoundedWidth, nRoundedHeight); + _oContext.strokeRect(Math.ceil(nLeft) - 0.5, Math.ceil(nTop) - 0.5, nRoundedWidth, nRoundedHeight); + } + } + this._bIsPainted = true; + }; + + /** + * Make the image from Canvas if the browser supports Data URI. + */ + Drawing.prototype.makeImage = function () { + if (this._bIsPainted) { + _safeSetDataURI.call(this, _onMakeImage); + } + }; + + /** + * Return whether the QRCode is painted or not + * + * @return {Boolean} + */ + Drawing.prototype.isPainted = function () { + return this._bIsPainted; + }; + + /** + * Clear the QRCode + */ + Drawing.prototype.clear = function () { + this._oContext.clearRect(0, 0, this._elCanvas.width, this._elCanvas.height); + this._bIsPainted = false; + }; + + /** + * @private + * @param {Number} nNumber + */ + Drawing.prototype.round = function (nNumber) { + if (!nNumber) { + return nNumber; + } + return Math.floor(nNumber * 1000) / 1000; + }; + return Drawing; + }(); + + /** + * Get the type by string length + * + * @private + * @param {String} sText + * @param {Number} nCorrectLevel + * @return {Number} type + */ + function _getTypeNumber(sText, nCorrectLevel) { + var nType = 1; + var length = _getUTF8Length(sText); + for (var i = 0, len = QRCodeLimitLength.length; i <= len; i++) { + var nLimit = 0; + switch (nCorrectLevel) { + case QRErrorCorrectLevel.L: + nLimit = QRCodeLimitLength[i][0]; + break; + case QRErrorCorrectLevel.M: + nLimit = QRCodeLimitLength[i][1]; + break; + case QRErrorCorrectLevel.Q: + nLimit = QRCodeLimitLength[i][2]; + break; + case QRErrorCorrectLevel.H: + nLimit = QRCodeLimitLength[i][3]; + break; + } + if (length <= nLimit) { + break; + } else { + nType++; + } + } + if (nType > QRCodeLimitLength.length) { + throw new Error("Too long data"); + } + return nType; + } + function _getUTF8Length(sText) { + var replacedText = encodeURI(sText).toString().replace(/\%[0-9a-fA-F]{2}/g, 'a'); + return replacedText.length + (replacedText.length != sText ? 3 : 0); + } + + /** + * @class QRCode + * @constructor + * @example + * new QRCode(document.getElementById("test"), "http://jindo.dev.naver.com/collie"); + * + * @example + * var oQRCode = new QRCode("test", { + * text : "http://naver.com", + * width : 128, + * height : 128 + * }); + * + * oQRCode.clear(); // Clear the QRCode. + * oQRCode.makeCode("http://map.naver.com"); // Re-create the QRCode. + * + * @param {HTMLElement|String} el target element or 'id' attribute of element. + * @param {Object|String} vOption + * @param {String} vOption.text QRCode link data + * @param {Number} [vOption.width=256] + * @param {Number} [vOption.height=256] + * @param {String} [vOption.colorDark="#000000"] + * @param {String} [vOption.colorLight="#ffffff"] + * @param {QRCode.CorrectLevel} [vOption.correctLevel=QRCode.CorrectLevel.H] [L|M|Q|H] + */ + QRCode = function QRCode(el, vOption) { + this._htOption = { + width: 256, + height: 256, + typeNumber: 4, + colorDark: "#000000", + colorLight: "#ffffff", + correctLevel: QRErrorCorrectLevel.H + }; + if (typeof vOption === 'string') { + vOption = { + text: vOption + }; + } + + // Overwrites options + if (vOption) { + for (var i in vOption) { + this._htOption[i] = vOption[i]; + } + } + if (typeof el == "string") { + el = document.getElementById(el); + } + if (this._htOption.useSVG) { + Drawing = svgDrawer; + } + this._android = _getAndroid(); + this._el = el; + this._oQRCode = null; + this._oDrawing = new Drawing(this._el, this._htOption); + if (this._htOption.text) { + this.makeCode(this._htOption.text); + } + }; + + /** + * Make the QRCode + * + * @param {String} sText link data + */ + QRCode.prototype.makeCode = function (sText) { + this._oQRCode = new QRCodeModel(_getTypeNumber(sText, this._htOption.correctLevel), this._htOption.correctLevel); + this._oQRCode.addData(sText); + this._oQRCode.make(); + this._el.title = sText; + this._oDrawing.draw(this._oQRCode); + this.makeImage(); + }; + + /** + * Make the Image from Canvas element + * - It occurs automatically + * - Android below 3 doesn't support Data-URI spec. + * + * @private + */ + QRCode.prototype.makeImage = function () { + if (typeof this._oDrawing.makeImage == "function" && (!this._android || this._android >= 3)) { + this._oDrawing.makeImage(); + } + }; + + /** + * Clear the QRCode + */ + QRCode.prototype.clear = function () { + this._oDrawing.clear(); + }; + + /** + * @name QRCode.CorrectLevel + */ + QRCode.CorrectLevel = QRErrorCorrectLevel; +})(); \ No newline at end of file diff --git a/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.min.js b/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.min.js new file mode 100644 index 00000000000..8c346770a2b --- /dev/null +++ b/src/OrchardCore.Modules/OrchardCore.Users/wwwroot/Scripts/qrcode.min.js @@ -0,0 +1 @@ +var QRCode;!function(){function t(t){this.mode=r.MODE_8BIT_BYTE,this.data=t,this.parsedData=[];for(var e=0,o=this.data.length;e65536?(i[0]=240|(1835008&n)>>>18,i[1]=128|(258048&n)>>>12,i[2]=128|(4032&n)>>>6,i[3]=128|63&n):n>2048?(i[0]=224|(61440&n)>>>12,i[1]=128|(4032&n)>>>6,i[2]=128|63&n):n>128?(i[0]=192|(1984&n)>>>6,i[1]=128|63&n):i[0]=n,this.parsedData.push(i)}this.parsedData=Array.prototype.concat.apply([],this.parsedData),this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function e(t,e){this.typeNumber=t,this.errorCorrectLevel=e,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}t.prototype={getLength:function(t){return this.parsedData.length},write:function(t){for(var e=0,r=this.parsedData.length;e=7&&this.setupTypeNumber(t),null==this.dataCache&&(this.dataCache=e.createData(this.typeNumber,this.errorCorrectLevel,this.dataList)),this.mapData(this.dataCache,r)},setupPositionProbePattern:function(t,e){for(var r=-1;r<=7;r++)if(!(t+r<=-1||this.moduleCount<=t+r))for(var o=-1;o<=7;o++)e+o<=-1||this.moduleCount<=e+o||(this.modules[t+r][e+o]=0<=r&&r<=6&&(0==o||6==o)||0<=o&&o<=6&&(0==r||6==r)||2<=r&&r<=4&&2<=o&&o<=4)},getBestMaskPattern:function(){for(var t=0,e=0,r=0;r<8;r++){this.makeImpl(!0,r);var o=f.getLostPoint(this);(0==r||t>o)&&(t=o,e=r)}return e},createMovieClip:function(t,e,r){var o=t.createEmptyMovieClip(e,r);this.make();for(var i=0;i>r&1);this.modules[Math.floor(r/3)][r%3+this.moduleCount-8-3]=o}for(r=0;r<18;r++){o=!t&&1==(e>>r&1);this.modules[r%3+this.moduleCount-8-3][Math.floor(r/3)]=o}},setupTypeInfo:function(t,e){for(var r=this.errorCorrectLevel<<3|e,o=f.getBCHTypeInfo(r),i=0;i<15;i++){var n=!t&&1==(o>>i&1);i<6?this.modules[i][8]=n:i<8?this.modules[i+1][8]=n:this.modules[this.moduleCount-15+i][8]=n}for(i=0;i<15;i++){n=!t&&1==(o>>i&1);i<8?this.modules[8][this.moduleCount-i-1]=n:i<9?this.modules[8][15-i-1+1]=n:this.modules[8][15-i-1]=n}this.modules[this.moduleCount-8][8]=!t},mapData:function(t,e){for(var r=-1,o=this.moduleCount-1,i=7,n=0,a=this.moduleCount-1;a>0;a-=2)for(6==a&&a--;;){for(var s=0;s<2;s++)if(null==this.modules[o][a-s]){var h=!1;n>>i&1)),f.getMask(e,o,a-s)&&(h=!h),this.modules[o][a-s]=h,-1==--i&&(n++,i=7)}if((o+=r)<0||this.moduleCount<=o){o-=r,r=-r;break}}}},e.PAD0=236,e.PAD1=17,e.createData=function(t,r,o){for(var i=m.getRSBlocks(t,r),n=new _,a=0;a8*h)throw new Error("code length overflow. ("+n.getLengthInBits()+">"+8*h+")");for(n.getLengthInBits()+4<=8*h&&n.put(0,4);n.getLengthInBits()%8!=0;)n.putBit(!1);for(;!(n.getLengthInBits()>=8*h||(n.put(e.PAD0,8),n.getLengthInBits()>=8*h));)n.put(e.PAD1,8);return e.createBytes(n,i)},e.createBytes=function(t,e){for(var r=0,o=0,i=0,n=new Array(e.length),a=new Array(e.length),s=0;s=0?d.get(c):0}}var m=0;for(u=0;u=0;)e^=f.G15<=0;)e^=f.G18<>>=1;return e},getPatternPosition:function(t){return f.PATTERN_POSITION_TABLE[t-1]},getMask:function(t,e,r){switch(t){case i:return(e+r)%2==0;case n:return e%2==0;case a:return r%3==0;case s:return(e+r)%3==0;case h:return(Math.floor(e/2)+Math.floor(r/3))%2==0;case l:return e*r%2+e*r%3==0;case u:return(e*r%2+e*r%3)%2==0;case g:return(e*r%3+(e+r)%2)%2==0;default:throw new Error("bad maskPattern:"+t)}},getErrorCorrectPolynomial:function(t){for(var e=new p([1],0),r=0;r5&&(r+=3+n-5)}for(o=0;o=256;)t-=255;return d.EXP_TABLE[t]},EXP_TABLE:new Array(256),LOG_TABLE:new Array(256)},c=0;c<8;c++)d.EXP_TABLE[c]=1<>>7-t%8&1)},put:function(t,e){for(var r=0;r>>e-r-1&1))},getLengthInBits:function(){return this.length},putBit:function(t){var e=Math.floor(this.length/8);this.buffer.length<=e&&this.buffer.push(0),t&&(this.buffer[e]|=128>>>this.length%8),this.length++}};var v=[[17,14,11,7],[32,26,20,14],[53,42,32,24],[78,62,46,34],[106,84,60,44],[134,106,74,58],[154,122,86,64],[192,152,108,84],[230,180,130,98],[271,213,151,119],[321,251,177,137],[367,287,203,155],[425,331,241,177],[458,362,258,194],[520,412,292,220],[586,450,322,250],[644,504,364,280],[718,560,394,310],[792,624,442,338],[858,666,482,382],[929,711,509,403],[1003,779,565,439],[1091,857,611,461],[1171,911,661,511],[1273,997,715,535],[1367,1059,751,593],[1465,1125,805,625],[1528,1190,868,658],[1628,1264,908,698],[1732,1370,982,742],[1840,1452,1030,790],[1952,1538,1112,842],[2068,1628,1168,898],[2188,1722,1228,958],[2303,1809,1283,983],[2431,1911,1351,1051],[2563,1989,1423,1093],[2699,2099,1499,1139],[2809,2213,1579,1219],[2953,2331,1663,1273]];function C(){var t=!1,e=navigator.userAgent;if(/android/i.test(e)){t=!0;var r=e.toString().match(/android ([0-9]\.[0-9])/i);r&&r[1]&&(t=parseFloat(r[1]))}return t}var w=function(){var t=function(t,e){this._el=t,this._htOption=e};return t.prototype.draw=function(t){var e=this._htOption,r=this._el,o=t.getModuleCount();Math.floor(e.width/o),Math.floor(e.height/o);function i(t,e){var r=document.createElementNS("http://www.w3.org/2000/svg",t);for(var o in e)e.hasOwnProperty(o)&&r.setAttribute(o,e[o]);return r}this.clear();var n=i("svg",{viewBox:"0 0 "+String(o)+" "+String(o),width:"100%",height:"100%",fill:e.colorLight});n.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"),r.appendChild(n),n.appendChild(i("rect",{fill:e.colorLight,width:"100%",height:"100%"})),n.appendChild(i("rect",{fill:e.colorDark,width:"1",height:"1",id:"template"}));for(var a=0;a'],s=0;s");for(var h=0;h');a.push("")}a.push(""),r.innerHTML=a.join("");var l=r.childNodes[0],u=(e.width-l.offsetWidth)/2,g=(e.height-l.offsetHeight)/2;u>0&&g>0&&(l.style.margin=g+"px "+u+"px")},t.prototype.clear=function(){this._el.innerHTML=""},t}():function(){function t(){this._elImage.src=this._elCanvas.toDataURL("image/png"),this._elImage.style.display="block",this._elCanvas.style.display="none"}if(this._android&&this._android<=2.1){var e=1/window.devicePixelRatio,r=CanvasRenderingContext2D.prototype.drawImage;CanvasRenderingContext2D.prototype.drawImage=function(t,o,i,n,a,s,h,l,u){if("nodeName"in t&&/img/i.test(t.nodeName))for(var g=arguments.length-1;g>=1;g--)arguments[g]=arguments[g]*e;else void 0===l&&(arguments[1]*=e,arguments[2]*=e,arguments[3]*=e,arguments[4]*=e);r.apply(this,arguments)}}function o(t,e){var r=this;if(r._fFail=e,r._fSuccess=t,null===r._bSupportDataURI){var o=document.createElement("img"),i=function(){r._bSupportDataURI=!1,r._fFail&&r._fFail.call(r)};return o.onabort=i,o.onerror=i,o.onload=function(){r._bSupportDataURI=!0,r._fSuccess&&r._fSuccess.call(r)},void(o.src="data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==")}!0===r._bSupportDataURI&&r._fSuccess?r._fSuccess.call(r):!1===r._bSupportDataURI&&r._fFail&&r._fFail.call(r)}var i=function(t,e){this._bIsPainted=!1,this._android=C(),this._htOption=e,this._elCanvas=document.createElement("canvas"),this._elCanvas.width=e.width,this._elCanvas.height=e.height,t.appendChild(this._elCanvas),this._el=t,this._oContext=this._elCanvas.getContext("2d"),this._bIsPainted=!1,this._elImage=document.createElement("img"),this._elImage.alt="Scan me!",this._elImage.style.display="none",this._el.appendChild(this._elImage),this._bSupportDataURI=null};return i.prototype.draw=function(t){var e=this._elImage,r=this._oContext,o=this._htOption,i=t.getModuleCount(),n=o.width/i,a=o.height/i,s=Math.round(n),h=Math.round(a);e.style.display="none",this.clear();for(var l=0;lv.length)throw new Error("Too long data");return r}QRCode=function(t,e){if(this._htOption={width:256,height:256,typeNumber:4,colorDark:"#000000",colorLight:"#ffffff",correctLevel:o.H},"string"==typeof e&&(e={text:e}),e)for(var r in e)this._htOption[r]=e[r];"string"==typeof t&&(t=document.getElementById(t)),this._htOption.useSVG&&(D=w),this._android=C(),this._el=t,this._oQRCode=null,this._oDrawing=new D(this._el,this._htOption),this._htOption.text&&this.makeCode(this._htOption.text)},QRCode.prototype.makeCode=function(t){this._oQRCode=new e(A(t,this._htOption.correctLevel),this._htOption.correctLevel),this._oQRCode.addData(t),this._oQRCode.make(),this._el.title=t,this._oDrawing.draw(this._oQRCode),this.makeImage()},QRCode.prototype.makeImage=function(){"function"==typeof this._oDrawing.makeImage&&(!this._android||this._android>=3)&&this._oDrawing.makeImage()},QRCode.prototype.clear=function(){this._oDrawing.clear()},QRCode.CorrectLevel=o}(); diff --git a/src/OrchardCore.Themes/TheTheme/Views/LoginMenu.cshtml b/src/OrchardCore.Themes/TheTheme/Views/LoginMenu.cshtml index 2bd24b5456a..3c1348d1031 100644 --- a/src/OrchardCore.Themes/TheTheme/Views/LoginMenu.cshtml +++ b/src/OrchardCore.Themes/TheTheme/Views/LoginMenu.cshtml @@ -8,6 +8,7 @@ @{ var allowChangeEmail = (await SiteService.GetSiteSettingsAsync()).As().AllowChangeEmail; + var loginSettings = (await SiteService.GetSiteSettingsAsync()).As(); var externalAuthenticationSchemes = await SignInManager.GetExternalAuthenticationSchemesAsync(); } @@ -32,6 +33,10 @@ { @T["External Logins"] } + @if (loginSettings.IsTwoFactorAuthenticationEnabled()) + { + @T["Security"] + }
    diff --git a/src/OrchardCore/OrchardCore.Users.Abstractions/UserOptions.cs b/src/OrchardCore/OrchardCore.Users.Abstractions/UserOptions.cs index 021df56cb60..5243a9467aa 100644 --- a/src/OrchardCore/OrchardCore.Users.Abstractions/UserOptions.cs +++ b/src/OrchardCore/OrchardCore.Users.Abstractions/UserOptions.cs @@ -7,6 +7,7 @@ public class UserOptions private string _changePasswordUrl = "ChangePassword"; private string _changePasswordConfirmationUrl = "ChangePasswordConfirmation"; private string _externalLoginsUrl = "ExternalLogins"; + private string _enableAuthenticatorPath = "EnableAuthenticator"; public string LoginPath { @@ -37,5 +38,11 @@ public string ExternalLoginsUrl get => _externalLoginsUrl; set => _externalLoginsUrl = value.Trim(' ', '/'); } + + public string EnableAuthenticatorPath + { + get => _enableAuthenticatorPath; + set => _enableAuthenticatorPath = value.Trim(' ', '/'); + } } } diff --git a/src/OrchardCore/OrchardCore.Users.Core/Extensions/UsersServiceCollectionExtensions.cs b/src/OrchardCore/OrchardCore.Users.Core/Extensions/UsersServiceCollectionExtensions.cs index 4851efcf06e..58406c0a497 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/Extensions/UsersServiceCollectionExtensions.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/Extensions/UsersServiceCollectionExtensions.cs @@ -30,6 +30,9 @@ public static IServiceCollection AddUsers(this IServiceCollection services) services.TryAddScoped>(sp => sp.GetRequiredService()); services.TryAddScoped>(sp => sp.GetRequiredService()); services.TryAddScoped>(sp => sp.GetRequiredService()); + services.TryAddScoped>(sp => sp.GetRequiredService()); + services.TryAddScoped>(sp => sp.GetRequiredService()); + services.TryAddScoped>(sp => sp.GetRequiredService()); services.TryAddScoped>(sp => sp.GetRequiredService()); services.AddScoped(); diff --git a/src/OrchardCore/OrchardCore.Users.Core/Models/LoginSettings.cs b/src/OrchardCore/OrchardCore.Users.Core/Models/LoginSettings.cs new file mode 100644 index 00000000000..74cf1638de7 --- /dev/null +++ b/src/OrchardCore/OrchardCore.Users.Core/Models/LoginSettings.cs @@ -0,0 +1,37 @@ +using System; + +namespace OrchardCore.Users.Models +{ + public class LoginSettings + { + public bool UseSiteTheme { get; set; } + + public bool UseExternalProviderIfOnlyOneDefined { get; set; } + + public bool DisableLocalLogin { get; set; } + + public bool UseScriptToSyncRoles { get; set; } + + public string SyncRolesScript { get; set; } + + public bool AllowChangingUsername { get; set; } + + public bool AllowChangingEmail { get; set; } + + public bool EnableTwoFactorAuthentication { get; set; } + + public bool EnableTwoFactorAuthenticationForSpecificRoles { get; set; } + + public string[] Roles { get; set; } = Array.Empty(); + + public bool RequireTwoFactorAuthentication { get; set; } + + public bool AllowRememberClientTwoFactorAuthentication { get; set; } + + public bool UseEmailAsAuthenticatorDisplayName { get; set; } + + public int NumberOfRecoveryCodesToGenerate { get; set; } = 5; + + public int TokenLength { get; set; } = 6; + } +} diff --git a/src/OrchardCore/OrchardCore.Users.Core/Models/User.cs b/src/OrchardCore/OrchardCore.Users.Core/Models/User.cs index bb9d30bfa94..14d3f5bcc5a 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/Models/User.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/Models/User.cs @@ -8,22 +8,41 @@ namespace OrchardCore.Users.Models public class User : Entity, IUser { public int Id { get; set; } + public string UserId { get; set; } + public string UserName { get; set; } + public string NormalizedUserName { get; set; } + public string Email { get; set; } + public string NormalizedEmail { get; set; } + public string PasswordHash { get; set; } + public string SecurityStamp { get; set; } + public bool EmailConfirmed { get; set; } + public bool IsEnabled { get; set; } = true; + + public bool TwoFactorEnabled { get; set; } + public bool IsLockoutEnabled { get; set; } + public DateTime? LockoutEndUtc { get; set; } + public int AccessFailedCount { get; set; } + public string ResetToken { get; set; } + public IList RoleNames { get; set; } = new List(); + public IList UserClaims { get; set; } = new List(); + public IList LoginInfos { get; set; } = new List(); + public IList UserTokens { get; set; } = new List(); public override string ToString() diff --git a/src/OrchardCore/OrchardCore.Users.Core/Services/LoginSettingsExtensions.cs b/src/OrchardCore/OrchardCore.Users.Core/Services/LoginSettingsExtensions.cs new file mode 100644 index 00000000000..11259d416d4 --- /dev/null +++ b/src/OrchardCore/OrchardCore.Users.Core/Services/LoginSettingsExtensions.cs @@ -0,0 +1,29 @@ +using System; +using System.Threading.Tasks; + +namespace OrchardCore.Users.Models +{ + public static class LoginSettingsExtensions + { + public static bool IsTwoFactorAuthenticationEnabled(this LoginSettings settings) => settings.EnableTwoFactorAuthentication + || settings.EnableTwoFactorAuthenticationForSpecificRoles; + + public static async Task CanEnableTwoFactorAuthenticationAsync(this LoginSettings loginSettings, Func> isInRole) + { + if (loginSettings.EnableTwoFactorAuthenticationForSpecificRoles) + { + foreach (var role in loginSettings.Roles) + { + if (await isInRole(role)) + { + return true; + } + } + + return false; + } + + return loginSettings.EnableTwoFactorAuthentication; + } + } +} diff --git a/src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs b/src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs index b98cd201b49..6f69c816c33 100644 --- a/src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs +++ b/src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs @@ -7,8 +7,10 @@ using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Logging; +using OrchardCore.Entities; using OrchardCore.Modules; using OrchardCore.Security.Services; +using OrchardCore.Settings; using OrchardCore.Users.Handlers; using OrchardCore.Users.Indexes; using OrchardCore.Users.Models; @@ -24,9 +26,15 @@ public class UserStore : IUserSecurityStampStore, IUserLoginStore, IUserLockoutStore, - IUserAuthenticationTokenStore + IUserAuthenticationTokenStore, + IUserTwoFactorRecoveryCodeStore, + IUserTwoFactorStore, + IUserAuthenticatorKeyStore { - private const string TokenProtector = "OrchardCore.UserStore.Token"; + private const string _tokenProtector = "OrchardCore.UserStore.Token"; + private const string _internalLoginProvider = "[OrchardCoreUserStore]"; + private const string _recoveryCodeTokenName = "RecoveryCodes"; + private const string _authenticatorKeyTokenName = "AuthenticatorKey"; private readonly ISession _session; private readonly ILookupNormalizer _keyNormalizer; @@ -34,6 +42,7 @@ public class UserStore : private readonly ILogger _logger; private readonly IRoleService _roleService; private readonly IDataProtectionProvider _dataProtectionProvider; + private readonly ISiteService _siteService; public UserStore(ISession session, ILookupNormalizer keyNormalizer, @@ -41,13 +50,15 @@ public UserStore(ISession session, ILogger logger, IEnumerable handlers, IRoleService roleService, - IDataProtectionProvider dataProtectionProvider) + IDataProtectionProvider dataProtectionProvider, + ISiteService siteService) { _session = session; _keyNormalizer = keyNormalizer; _userIdGenerator = userIdGenerator; _logger = logger; _dataProtectionProvider = dataProtectionProvider; + _siteService = siteService; Handlers = handlers; _roleService = roleService; } @@ -740,7 +751,9 @@ public Task GetTokenAsync(IUser user, string loginProvider, string name, var userToken = GetUserToken(user, loginProvider, name); if (userToken != null) { - return Task.FromResult(_dataProtectionProvider.CreateProtector(TokenProtector).Unprotect(userToken.Value)); + var value = _dataProtectionProvider.CreateProtector(_tokenProtector).Unprotect(userToken.Value); + + return Task.FromResult(value); } return Task.FromResult(null); @@ -810,7 +823,7 @@ public Task SetTokenAsync(IUser user, string loginProvider, string name, string // Encrypt the token. if (userToken != null) { - userToken.Value = _dataProtectionProvider.CreateProtector(TokenProtector).Protect(value); + userToken.Value = _dataProtectionProvider.CreateProtector(_tokenProtector).Protect(value); } return Task.CompletedTask; @@ -828,7 +841,6 @@ private static UserToken GetUserToken(IUser user, string loginProvider, string n #endregion #region IUserLockoutStore - public Task GetAccessFailedCountAsync(IUser user, CancellationToken cancellationToken) { if (user == null) @@ -940,7 +952,117 @@ public Task SetLockoutEndDateAsync(IUser user, DateTimeOffset? lockoutEnd, Cance return Task.CompletedTask; } - #endregion IUserLockoutStore + + #region IUserTwoFactorStore + public Task SetTwoFactorEnabledAsync(IUser user, bool enabled, CancellationToken cancellationToken) + { + if (user == null) + { + throw new ArgumentNullException(nameof(user)); + } + + if (user is User u) + { + u.TwoFactorEnabled = enabled; + } + + return Task.CompletedTask; + } + + public async Task GetTwoFactorEnabledAsync(IUser user, CancellationToken cancellationToken) + { + var settings = (await _siteService.GetSiteSettingsAsync()).As(); + + if (settings.IsTwoFactorAuthenticationEnabled() && user is User u) + { + return u.TwoFactorEnabled; + } + + return false; + } + #endregion + + #region IUserTwoFactorRecoveryCodeStore + public Task ReplaceCodesAsync(IUser user, IEnumerable recoveryCodes, CancellationToken cancellationToken) + { + if (user == null) + { + throw new ArgumentNullException(nameof(user)); + } + + if (recoveryCodes == null) + { + throw new ArgumentNullException(nameof(recoveryCodes)); + } + + var mergedCodes = String.Join(";", recoveryCodes); + + return SetTokenAsync(user, _internalLoginProvider, _recoveryCodeTokenName, mergedCodes, cancellationToken); + } + + public async Task RedeemCodeAsync(IUser user, string code, CancellationToken cancellationToken) + { + if (user == null) + { + throw new ArgumentNullException(nameof(user)); + } + + if (String.IsNullOrWhiteSpace(code)) + { + throw new ArgumentException($"{nameof(code)} cannot be null or empty."); + } + + var mergedCodes = await GetTokenAsync(user, _internalLoginProvider, _recoveryCodeTokenName, cancellationToken).ConfigureAwait(false) ?? String.Empty; + var splitCodes = mergedCodes.Split(';'); + if (splitCodes.Contains(code)) + { + var updatedCodes = new List(splitCodes.Where(s => s != code)); + await ReplaceCodesAsync(user, updatedCodes, cancellationToken).ConfigureAwait(false); + + return true; + } + + return false; + } + + public async Task CountCodesAsync(IUser user, CancellationToken cancellationToken) + { + if (user == null) + { + throw new ArgumentNullException(nameof(user)); + } + + var mergedCodes = await GetTokenAsync(user, _internalLoginProvider, _recoveryCodeTokenName, cancellationToken).ConfigureAwait(false) ?? ""; + if (mergedCodes.Length > 0) + { + // non-allocating version of mergedCodes.Split(';').Length + var count = 1; + var index = 0; + while (index < mergedCodes.Length) + { + var semiColonIndex = mergedCodes.IndexOf(';', index); + if (semiColonIndex < 0) + { + break; + } + count++; + index = semiColonIndex + 1; + } + + return count; + } + + return 0; + } + #endregion + + #region IUserAuthenticatorKeyStore + public virtual Task SetAuthenticatorKeyAsync(IUser user, string key, CancellationToken cancellationToken) + => SetTokenAsync(user, _internalLoginProvider, _authenticatorKeyTokenName, key, cancellationToken); + + public virtual Task GetAuthenticatorKeyAsync(IUser user, CancellationToken cancellationToken) + => GetTokenAsync(user, _internalLoginProvider, _authenticatorKeyTokenName, cancellationToken); + #endregion } } diff --git a/src/docs/reference/modules/Users/README.md b/src/docs/reference/modules/Users/README.md index fc5af02439e..dcdfc79febf 100644 --- a/src/docs/reference/modules/Users/README.md +++ b/src/docs/reference/modules/Users/README.md @@ -13,6 +13,10 @@ The module contains the following features apart from the base feature: - Custom User Settings: See [its own documentation page](CustomUserSettings/README.md). - [Users Authentication Ticket Store](./TicketStore.md): Stores users authentication tickets on server in memory cache instead of cookies. If distributed cache feature is enabled it will store authentication tickets on distributed cache. +## Two-factor Authentication + +Starting with version 1.7, the Users feature is shipped with everything you need to enable two-factor authentication. To enable two-factor authentication, go to the Dashboard then navigate to `Security` >> `Settings` >> `User Login`. Click on the "Two-factor Authentication" tab and check "Enable two-factor authentication" option and save. + ## Custom Paths If you want to specify custom paths to access the authentication related urls, you can change them by using this option in the appsettings.json: @@ -24,7 +28,9 @@ If you want to specify custom paths to access the authentication related urls, y "LogoffPath": "Users/LogOff", "ChangePasswordUrl": "ChangePassword", "ChangePasswordConfirmationUrl": "ChangePasswordConfirmation", - "ExternalLoginsUrl": "ExternalLogins" + "ExternalLoginsUrl": "ExternalLogins", + "ExternalLoginsUrl": "ExternalLogins", + "EnableAuthenticatorPath": "EnableAuthenticator" } } ``` diff --git a/src/docs/releases/1.7.0.md b/src/docs/releases/1.7.0.md index 628b7140997..1675e0c1c13 100644 --- a/src/docs/releases/1.7.0.md +++ b/src/docs/releases/1.7.0.md @@ -7,3 +7,7 @@ Release date: Not yet released ### `OrchardCore.AdminDashboard` Module A sample widget is no longer auto created when the `OrchardCore.AdminDashboard` feature is enabled. If you like to see a sample widget, you may do so by executing the "Admin Dashboard Widget Sample" recipe by using the admin menu and navigate to **Configuration** >> **Recipes** + +### `OrchardCore.Users` Module + +Added support for complete two-factor authentication out of the box. [Click here](../reference/modules/Users/README.md) for more info.