1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
user.php
См. документацию.
1<?
2use \Bitrix\Security\Mfa\Otp;
3use Bitrix\Security\Mfa\OtpException;
4
8class CSecurityUser
9{
10 const BX_SECURITY_SYNC_WINDOW = 15000;
11
13 protected static $cacheOtp = array();
14
19 public static function getCachedOtp($userId)
20 {
21 if (!isset(static::$cacheOtp[$userId]))
22 {
23 static::$cacheOtp[$userId] = Otp::getByUser($userId);
24 }
25
26 return static::$cacheOtp[$userId];
27 }
28
32 public static function onBeforeUserLogin(&$arParams)
33 {
34 //compatibility with old forms
35 if (
36 $arParams['PASSWORD_ORIGINAL'] === 'Y'
37 && preg_match('/(\d{6})$/D', $arParams["PASSWORD"], $arMatch)
38 )
39 {
40 $arParams['OTP'] = $arMatch[1];
41 }
42
43 return true;
44 }
45
50 public static function update($arFields)
51 {
52 global $USER;
53 $userId = intval($arFields['USER_ID']);
54 $result = null;
55
56 if (!$userId)
57 return true;
58
59 $otp = Otp::getByUser($userId);
60 $canAdminOtp =
61 !Otp::isMandatoryUsing() && $userId == $USER->GetID()
62 || $USER->CanDoOperation('security_edit_user_otp')
63 ;
64
65 try
66 {
67 if (
68 $arFields['ACTIVE'] !== 'Y'
69 && $otp->isActivated()
70 )
71 {
72 if ($canAdminOtp)
73 {
74 $otp->deactivate();
75 return true;
76 }
77 return false;
78 }
79
80 if (
81 $arFields['DEACTIVATE_UNTIL'] > 0
82 && $otp->isActivated()
83 )
84 {
85 if ($canAdminOtp)
86 {
87 $otp->deactivate((int) $arFields['DEACTIVATE_UNTIL']);
88 return true;
89 }
90 return false;
91 }
92
93 $secret = mb_substr(trim($arFields['SECRET']), 0, 64);
94 if (!$secret)
95 {
96 if ($canAdminOtp)
97 {
98 $otp->delete();
99 return true;
100 }
101 return false;
102 }
103
104 if ($otp->getHexSecret() != $secret)
105 {
106 // We want to connect new device
107 $binarySecret = pack('H*', $secret);
108 $otp->regenerate($binarySecret);
109 }
110 if ($arFields['TYPE'])
111 {
112 $otp->setType($arFields['TYPE']);
113 }
114
115 $sync1 = trim($arFields['SYNC1']);
116 $sync2 = trim($arFields['SYNC2']);
117
118 if ($sync1 || $sync2)
119 {
120 $otp->syncParameters($sync1, $sync2);
121 }
122
123 $otp
124 ->setActive(true)
125 ->save();
126 }
127 catch (OtpException $e)
128 {
130 global $APPLICATION;
131 $ex = array();
132 $ex[] = array(
133 'id' => 'security_otp',
134 'text' => $e->getMessage()
135 );
136
137 $APPLICATION->ThrowException(
138 new CAdminException($ex)
139 );
140 return false;
141 }
142
143 return true;
144 }
145
150 public static function onUserDelete($userId)
151 {
152 \Bitrix\Security\Mfa\UserTable::delete($userId);
153 return true;
154 }
155
159 public static function isActive()
160 {
161 $bActive = false;
162 foreach(GetModuleEvents("main", "OnBeforeUserLogin", true) as $event)
163 {
164 if(
165 $event["TO_MODULE_ID"] == "security"
166 && $event["TO_CLASS"] == "CSecurityUser"
167 )
168 {
169 $bActive = true;
170 break;
171 }
172 }
173 return $bActive;
174 }
175
179 public static function setActive($pActive = false)
180 {
181 $otpRecheckAgent = 'Bitrix\Security\Mfa\OtpEvents::onRecheckDeactivate();';
182 if($pActive)
183 {
184 if(!CSecurityUser::isActive())
185 {
186 RegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin", "100");
187 RegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout", "100");
188 CAgent::RemoveAgent($otpRecheckAgent, "security");
189 CAgent::Add(array(
190 "NAME" => $otpRecheckAgent,
191 "MODULE_ID" => "security",
192 "ACTIVE" => "Y",
193 "AGENT_INTERVAL" => 3600,
194 "IS_PERIOD" => "N"
195 ));
196 COption::SetOptionString('security', 'otp_enabled', 'Y');
197 }
198 }
199 else
200 {
201 if(CSecurityUser::isActive())
202 {
203 UnRegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin");
204 UnRegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout");
205 CAgent::RemoveAgent($otpRecheckAgent, "security");
206 COption::SetOptionString('security', 'otp_enabled', 'N');
207 }
208 }
209 }
210
211 public static function OnAfterUserLogout()
212 {
214 global $APPLICATION;
215
216 $APPLICATION->set_cookie(Otp::SKIP_COOKIE, '', false, '/', false, false, true, false, true);
217
218 // Clear deferred params
219 Otp::setDeferredParams(null);
220 }
221
222 public static function IsOtpMandatory()
223 {
224 $isOtpMandatory = Otp::isMandatoryUsing();
225 return ($isOtpMandatory ? true : false);
226 }
227
228 public static function IsUserOtpActive($userId)
229 {
230 if (!intval($userId))
231 return false;
232
233 $otp = static::getCachedOtp($userId);
234 return ($otp->isActivated() ? true : false);
235 }
236
237 public static function IsUserSkipMandatoryRights($userId)
238 {
239 if (!intval($userId))
240 return false;
241
242 if (!static::IsOtpMandatory())
243 return true;
244
245 $otp = static::getCachedOtp($userId);
246 return $otp->canSkipMandatoryByRights();
247 }
248
249 public static function IsUserOtpExist($userId)
250 {
251 if (!intval($userId))
252 return false;
253
254 $otp = static::getCachedOtp($userId);
255 return ($otp->isInitialized() ? true : false);
256 }
257
258 public static function DeactivateUserOtp($userId, $days = 0)
259 {
261 global $USER;
262
263 if (!intval($userId))
264 return false;
265
266 if (
267 self::IsUserSkipMandatoryRights($userId) && $userId === $USER->GetID()
268 || $USER->CanDoOperation('security_edit_user_otp')
269 )
270 {
271 $otp = static::getCachedOtp($userId);
272 try
273 {
274 $otp->deactivate($days);
275 return true;
276 }
277 catch (OtpException $e)
278 {
279 return false;
280 }
281
282 }
283
284 return false;
285 }
286
287 public static function DeferUserOtp($userId, $days = 0)
288 {
290 global $USER;
291
292 if (!intval($userId))
293 return false;
294
295 $isOtpMandatory = self::IsOtpMandatory();
296
297 if (
298 $isOtpMandatory
299 && $USER->CanDoOperation('security_edit_user_otp')
300 )
301 {
302 $otp = static::getCachedOtp($userId);
303 try
304 {
305 $otp->defer($days);
306 return true;
307 }
308 catch (OtpException $e)
309 {
310 return false;
311 }
312
313 }
314
315 return false;
316 }
317
318 public static function ActivateUserOtp($userId)
319 {
321 global $USER;
322
323 if (!intval($userId))
324 return false;
325
326 if (
327 $userId == $USER->GetID()
328 || $USER->CanDoOperation('security_edit_user_otp')
329 )
330 {
331 $otp = static::getCachedOtp($userId);
332 try
333 {
334 $otp->activate();
335 return true;
336 }
337 catch (OtpException $e)
338 {
339 return false;
340 }
341 }
342
343 return false;
344 }
345
346 public static function GetDeactivateUntil($userId)
347 {
349 global $USER;
350
351 if (!intval($userId))
352 return false;
353
354 if (
355 $userId == $USER->GetID()
356 || $USER->CanDoOperation('security_edit_user_otp')
357 )
358 {
359 $otp = static::getCachedOtp($userId);
360 return $otp->getDeactivateUntil();
361 }
362
363 return false;
364 }
365
366 public static function GetInitialDate($userId)
367 {
369 global $USER;
370
371 if (!intval($userId))
372 return false;
373
374 $otp = static::getCachedOtp($userId);
375 if ($otp->isActivated())
376 {
377 $datetime = $otp->getInitialDate();
378 return $datetime;
379 }
380
381 return false;
382 }
383}
$arParams
$arParams
Определения access_dialog.php:21
$APPLICATION
global $APPLICATION
Определения include.php:80
$userId
if(!is_object($USER)||! $USER->IsAuthorized()) $userId
Определения check_mail.php:18
Bitrix\Main\ORM\Data\DataManager\delete
static delete($primary)
Определения datamanager.php:1644
CSecurityUser
Определения user.php:9
CSecurityUser\DeferUserOtp
static DeferUserOtp($userId, $days=0)
Определения user.php:287
CSecurityUser\DeactivateUserOtp
static DeactivateUserOtp($userId, $days=0)
Определения user.php:258
CSecurityUser\OnAfterUserLogout
static OnAfterUserLogout()
Определения user.php:211
CSecurityUser\IsOtpMandatory
static IsOtpMandatory()
Определения user.php:222
CSecurityUser\BX_SECURITY_SYNC_WINDOW
const BX_SECURITY_SYNC_WINDOW
Определения user.php:10
CSecurityUser\setActive
static setActive($pActive=false)
Определения user.php:179
CSecurityUser\IsUserSkipMandatoryRights
static IsUserSkipMandatoryRights($userId)
Определения user.php:237
CSecurityUser\IsUserOtpActive
static IsUserOtpActive($userId)
Определения user.php:228
CSecurityUser\GetInitialDate
static GetInitialDate($userId)
Определения user.php:366
CSecurityUser\onUserDelete
static onUserDelete($userId)
Определения user.php:150
CSecurityUser\IsUserOtpExist
static IsUserOtpExist($userId)
Определения user.php:249
CSecurityUser\onBeforeUserLogin
static onBeforeUserLogin(&$arParams)
Определения user.php:32
CSecurityUser\$cacheOtp
static $cacheOtp
Определения user.php:13
CSecurityUser\getCachedOtp
static getCachedOtp($userId)
Определения user.php:19
CSecurityUser\isActive
static isActive()
Определения user.php:159
CSecurityUser\GetDeactivateUntil
static GetDeactivateUntil($userId)
Определения user.php:346
CSecurityUser\update
static update($arFields)
Определения user.php:50
CSecurityUser\ActivateUserOtp
static ActivateUserOtp($userId)
Определения user.php:318
$arFields
$arFields
Определения dblapprove.php:5
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$result
$result
Определения get_property_values.php:14
$USER
global $USER
Определения csv_new_run.php:40
RegisterModuleDependences
RegisterModuleDependences($FROM_MODULE_ID, $MESSAGE_ID, $TO_MODULE_ID, $TO_CLASS="", $TO_METHOD="", $SORT=100, $TO_PATH="", $TO_METHOD_ARG=[])
Определения tools.php:5295
UnRegisterModuleDependences
UnRegisterModuleDependences($FROM_MODULE_ID, $MESSAGE_ID, $TO_MODULE_ID, $TO_CLASS="", $TO_METHOD="", $TO_PATH="", $TO_METHOD_ARG=[])
Определения tools.php:5289
GetModuleEvents
GetModuleEvents($MODULE_ID, $MESSAGE_ID, $bReturnArray=false)
Определения tools.php:5177
$event
$event
Определения prolog_after.php:141
$otp
$otp
Определения options_user_settings.php:33