Add mobile API and pairing widget

7 years ago · ff33f9e6b3
parent 07be8bd774
commit ff33f9e6b3
6 changed files with 133 additions and 1 deletions
--- a/apps/sync_mobile.php
+++ b/apps/sync_mobile.php
@ -0,0 +1,63 @@
+<?php
+
+dieifnotloggedin();
+
+use Endroid\QrCode\QrCode;
+
+addMultiLangStrings(["en_us" => [
+        "sync mobile" => "Sync Mobile App",
+        "scan sync qrcode" => "Scan this code with the mobile app or enter the code manually.",
+        "sync explained" => "Access your account and apps on the go.  Use a sync code to securely connect your phone or tablet to Portal with the Netsyms Business mobile app.",
+        "generate sync" => "Create new sync code",
+        "active sync codes" => "Active codes",
+        "no active codes" => "No active codes.",
+        "done adding sync code" => "Done adding code"
+    ]
+]);
+
+$APPS["sync_mobile"]["title"] = lang("sync mobile", false);
+$APPS["sync_mobile"]["icon"] = "mobile";
+
+if (!is_empty($_GET['delsynccode'])) {
+    if ($database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]])) {
+        $database->delete("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['delsynccode']]]);
+    }
+}
+
+if ($_GET['mobilecode'] == "generate") {
+    if (!is_empty($_GET['showsynccode']) && $database->has("mobile_codes", ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]])) {
+        $code = $database->get("mobile_codes", 'code', ["AND" => ["uid" => $_SESSION['uid'], "codeid" => $_GET['showsynccode']]]);
+    } else {
+        $code = strtoupper(substr(md5(mt_rand() . uniqid("", true)), 0, 20));
+        $database->insert('mobile_codes', ['uid' => $_SESSION['uid'], 'code' => $code]);
+    }
+    $url = str_replace("/", "\\", URL);
+    $codeuri = "bizsync://" . $url . "/" . $_SESSION['username'] . "/" . $code;
+    $qrCode = new QrCode($codeuri);
+    $qrCode->setSize(200);
+    $qrCode->setErrorCorrection("H");
+    $qrcode = $qrCode->getDataUri();
+    $chunk_code = trim(chunk_split($code, 5, ' '));
+    $lang_done = lang("done adding sync code", false);
+    $APPS["sync_mobile"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan sync qrcode", false) . '</div>' . <<<END
+<img src="$qrcode" class="img-responsive qrcode" />
+<div class="well well-sm" style="text-align: center; font-size: 110%; font-family: monospace;">$chunk_code</div>
+<a class="btn btn-success btn-sm btn-block" href="home.php?page=security">$lang_done</a>
+END;
+} else {
+    $activecodes = $database->select("mobile_codes", ["codeid", "code"], ["uid" => $_SESSION['uid']]);
+    $content = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("sync explained", false) . '</div>'
+            . '<a class="btn btn-success btn-sm btn-block" href="home.php?page=security&mobilecode=generate">'
+            . lang("generate sync", false) . '</a>';
+    $content .= "<br /><b>" . lang("active sync codes", false) . ":</b><br />";
+    $content .= "<div class='list-group'>";
+    if (count($activecodes) > 0) {
+        foreach ($activecodes as $c) {
+            $content .= "<div class='list-group-item'><span style='font-family: Ubuntu Mono,monospace;'>" . trim(chunk_split($c['code'], 5, ' ')) . "</span> <span class='pull-right'><a class='btn btn-primary btn-sm' href='home.php?page=security&mobilecode=generate&showsynccode=" . $c['codeid'] . "'><i class='fa fa-qrcode'></i></a> <a class='btn btn-danger btn-sm' href='home.php?page=security&delsynccode=" . $c['codeid'] . "'><i class='fa fa-trash'></i></a></span></div>";
+        }
+    } else {
+        $content .= "<div class='list-group-item'>" . lang("no active codes", false) . "</div>";
+    }
+    $content .= "</div>";
+    $APPS["sync_mobile"]["content"] = $content;
+}
--- a/database.mwb
+++ b/database.mwb
--- a/lang/en_us.php
+++ b/lang/en_us.php
@ -49,5 +49,7 @@ $STRINGS = [
    "password complexity insufficent" => "The new password does not meet the minumum requirements defined by your system administrator.",
    "error loading widget" => "There was a problem loading this app.",
    "open app" => "Open App",
-    "sign in again" => "Please sign in again to continue."
+    "sign in again" => "Please sign in again to continue.",
+    "login failed try on web" => "There is a problem with your account. Visit Portal via a web browser for more information.",
+    "mobile login disabled" => "Mobile login has been disabled by your system administrator.  Contact technical support for more information."
 ];
--- a/mobile/index.php
+++ b/mobile/index.php
@ -0,0 +1,63 @@
+<?php
+
+/*
+ * Mobile app API
+ */
+
+require __DIR__ . "/../required.php";
+
+require __DIR__ . "/../lib/login.php";
+
+header('Content-Type: application/json');
+
+// Allow ping check without authentication
+if ($VARS['action'] == "ping") {
+    exit(json_encode(["status" => "OK"]));
+}
+
+if (MOBILE_ENABLED !== TRUE) {
+    exit(json_encode(["status" => "ERROR", "msg" => lang("mobile login disabled", false)]));
+}
+
+// Make sure we have a username and access key
+if (is_empty($VARS['username']) || is_empty($VARS['key'])) {
+    http_response_code(401);
+    die(json_encode(["status" => "ERROR", "msg" => "Missing username and/or access key."]));
+}
+
+// Make sure the username and key are actually legit
+$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $VARS['key'], 'accounts.username' => $VARS['username']]]);
+if ($user_key_valid !== TRUE) {
+    http_response_code(401);
+    insertAuthLog(21, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+    die(json_encode(["status" => "ERROR", "msg" => "Invalid username and/or access key."]));
+}
+
+// Process the action
+switch ($VARS['action']) {
+    case "check_key":
+        // Check if the username/key combo is valid.
+        // If we get this far, it is, so return success.
+        exit(json_encode(["status" => "OK"]));
+    case "check_password":
+        if (get_account_status($VARS['username']) != "NORMAL") {
+            insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+            exit(json_encode(["status" => "ERROR", "msg" => lang("login failed try on web", false)]));
+        }
+        if (authenticate_user($VARS['username'], $VARS['password'], $autherror)) {
+            $uid = $database->get("accounts", "uid", ["username" => $VARS['username']]);
+            insertAuthLog(19, $uid, "Key: " . $VARS['key']);
+            exit(json_encode(["status" => "OK", "uid" => $uid]));
+        } else {
+            if (!is_empty($autherror)) {
+                insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+                exit(json_encode(["status" => "ERROR", "msg" => $autherror]));
+            } else {
+                insertAuthLog(20, null, "Username: " . $VARS['username'] . ", Key: " . $VARS['key']);
+                exit(json_encode(["status" => "ERROR", "msg" => lang("login incorrect", false)]));
+            }
+        }
+    default:
+        http_response_code(404);
+        die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
+}
--- a/pages.php
+++ b/pages.php
@ -22,6 +22,7 @@ define("APPS", [
        "account_security"
    ],
    "security" => [
+        "sync_mobile",
        "change_password",
        "setup_2fa"
    ],
--- a/settings.template.php
+++ b/settings.template.php
@ -44,6 +44,9 @@ define("SYSTEM_NAME", "Netsyms SSO Demo");
 // For supported values, see http://php.net/manual/en/timezones.php
 define("TIMEZONE", "America/Denver");

+// Allow or prevent users from logging in via the mobile app.
+define("MOBILE_ENABLED", TRUE);
+
 // Base URL for site links.
 define('URL', 'http://localhost:8000/');