designtopack/public/kirby/src/Panel/UserTotpDisableDialog.php

<?php

namespace Kirby\Panel;

use Kirby\Cms\App;
use Kirby\Cms\Find;
use Kirby\Cms\User;
use Kirby\Exception\InvalidArgumentException;
use Kirby\Exception\PermissionException;
use Kirby\Toolkit\Escape;
use Kirby\Toolkit\I18n;

/**
 * Manages the Panel dialog to disable TOTP auth for a user
 * @since 4.0.0
 *
 * @package   Kirby Panel
 * @author    Nico Hoffmann <nico@getkirby.com>
 * @link      https://getkirby.com
 * @copyright Bastian Allgeier
 * @license   https://getkirby.com/license
 */
class UserTotpDisableDialog
{
	public App $kirby;
	public User $user;

	public function __construct(
		string|null $id = null
	) {
		$this->kirby = App::instance();
		$this->user  = $id ? Find::user($id) : $this->kirby->user();
	}

	/**
	 * Returns the Panel dialog state when opening the dialog
	 */
	public function load(): array
	{
		$currentUser = $this->kirby->user();
		$submitBtn   = [
			'text'  => I18n::translate('disable'),
			'icon'  => 'protected',
			'theme' => 'negative'
		];

		// admins can disable TOTP for other users without
		// entering their password (but not for themselves)
		if (
			$currentUser->isAdmin() === true &&
			$currentUser->is($this->user) === false
		) {
			$name = $this->user->name()->or($this->user->email());

			return [
				'component' => 'k-remove-dialog',
				'props' => [
					'text' => I18n::template('login.totp.disable.admin', ['user' => Escape::html($name)]),
					'submitButton' => $submitBtn,
				]
			];
		}

		// everybody else
		return [
			'component' => 'k-form-dialog',
			'props' => [
				'fields' => [
					'password' => [
						'type'     => 'password',
						'required' => true,
						'counter'  => false,
						'label'    => I18n::translate('login.totp.disable.label'),
						'help'     => I18n::translate('login.totp.disable.help'),
					]
				],
				'submitButton' => $submitBtn,
			]
		];
	}

	/**
	 * Removes the user's TOTP secret when the dialog is submitted
	 */
	public function submit(): array
	{
		$password = $this->kirby->request()->get('password');

		try {
			if ($this->kirby->user()->is($this->user) === true) {
				$this->user->validatePassword($password);
			} elseif ($this->kirby->user()->isAdmin() === false) {
				throw new PermissionException('You are not allowed to disable TOTP for other users');
			}

			// Remove the TOTP secret from the account
			$this->user->changeTotp(null);

			return [
				'message' => I18n::translate('login.totp.disable.success')
			];
		} catch (InvalidArgumentException $e) {
			// Catch and re-throw exception so that any
			// Unauthenticated exception for incorrect passwords
			// does not trigger a logout
			throw new InvalidArgumentException([
				'key'      => $e->getKey(),
				'data'     => $e->getData(),
				'fallback' => $e->getMessage(),
				'previous' => $e
			]);
		}
	}
}
Initial commit 2024-07-10 16:10:33 +02:00			`<?php`

			`namespace Kirby\Panel;`

			`use Kirby\Cms\App;`
			`use Kirby\Cms\Find;`
			`use Kirby\Cms\User;`
			`use Kirby\Exception\InvalidArgumentException;`
			`use Kirby\Exception\PermissionException;`
			`use Kirby\Toolkit\Escape;`
			`use Kirby\Toolkit\I18n;`

			`/**`
			`* Manages the Panel dialog to disable TOTP auth for a user`
			`* @since 4.0.0`
			`*`
			`* @package Kirby Panel`
			`* @author Nico Hoffmann <nico@getkirby.com>`
			`* @link https://getkirby.com`
			`* @copyright Bastian Allgeier`
			`* @license https://getkirby.com/license`
			`*/`
			`class UserTotpDisableDialog`
			`{`
			`public App $kirby;`
			`public User $user;`

			`public function __construct(`
			`string\|null $id = null`
			`) {`
			`$this->kirby = App::instance();`
			`$this->user = $id ? Find::user($id) : $this->kirby->user();`
			`}`

			`/**`
			`* Returns the Panel dialog state when opening the dialog`
			`*/`
			`public function load(): array`
			`{`
			`$currentUser = $this->kirby->user();`
			`$submitBtn = [`
			`'text' => I18n::translate('disable'),`
			`'icon' => 'protected',`
			`'theme' => 'negative'`
			`];`

			`// admins can disable TOTP for other users without`
			`// entering their password (but not for themselves)`
			`if (`
			`$currentUser->isAdmin() === true &&`
			`$currentUser->is($this->user) === false`
			`) {`
			`$name = $this->user->name()->or($this->user->email());`

			`return [`
			`'component' => 'k-remove-dialog',`
			`'props' => [`
			`'text' => I18n::template('login.totp.disable.admin', ['user' => Escape::html($name)]),`
			`'submitButton' => $submitBtn,`
			`]`
			`];`
			`}`

			`// everybody else`
			`return [`
			`'component' => 'k-form-dialog',`
			`'props' => [`
			`'fields' => [`
			`'password' => [`
			`'type' => 'password',`
			`'required' => true,`
			`'counter' => false,`
			`'label' => I18n::translate('login.totp.disable.label'),`
			`'help' => I18n::translate('login.totp.disable.help'),`
			`]`
			`],`
			`'submitButton' => $submitBtn,`
			`]`
			`];`
			`}`

			`/**`
			`* Removes the user's TOTP secret when the dialog is submitted`
			`*/`
			`public function submit(): array`
			`{`
			`$password = $this->kirby->request()->get('password');`

			`try {`
			`if ($this->kirby->user()->is($this->user) === true) {`
			`$this->user->validatePassword($password);`
			`} elseif ($this->kirby->user()->isAdmin() === false) {`
			`throw new PermissionException('You are not allowed to disable TOTP for other users');`
			`}`

			`// Remove the TOTP secret from the account`
			`$this->user->changeTotp(null);`

			`return [`
			`'message' => I18n::translate('login.totp.disable.success')`
			`];`
			`} catch (InvalidArgumentException $e) {`
			`// Catch and re-throw exception so that any`
			`// Unauthenticated exception for incorrect passwords`
			`// does not trigger a logout`
			`throw new InvalidArgumentException([`
			`'key' => $e->getKey(),`
			`'data' => $e->getData(),`
			`'fallback' => $e->getMessage(),`
			`'previous' => $e`
			`]);`
			`}`
			`}`
			`}`