diff --git a/docs/privacyidea.md b/docs/privacyidea.md index 6be53d7e389890ced92b4d57b39a42257fb6a9b0..af33494c8569812f04d22ddf87ee47d5c39e79f2 100644 --- a/docs/privacyidea.md +++ b/docs/privacyidea.md @@ -126,6 +126,14 @@ You need to add the authentication source 'privacyidea' to 'serial' => 'otpSerial', 'otplen' => 'otpLength' ], + + /* + * Override (string) or reformat (callable) messages from privacyIDEA. + * When using callable, HTML is not escaped. + * Optional. + */ + //'messageOverride' => 'Use any of your tokens.', + //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));}, ], ``` @@ -315,6 +323,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration * Optional, default to true. */ 'showLogout' => false, + + /** + * Override (string) or reformat (callable) messages from privacyIDEA. + * When using callable, HTML is not escaped. + * Optional. + */ + //'messageOverride' => 'Use any of your tokens.', + //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));}, ], ] ``` diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php index eb3f49220a7beee9f94b2f120b2a774962461457..861e6906144ff6d851ca6a61de70b4023b964ec1 100644 --- a/lib/Auth/Process/PrivacyideaAuthProc.php +++ b/lib/Auth/Process/PrivacyideaAuthProc.php @@ -56,6 +56,7 @@ class PrivacyideaAuthProc extends ProcessingFilter $state['privacyidea:privacyidea'] = $this->authProcConfig; $state['privacyidea:privacyidea']['authenticationMethod'] = 'authprocess'; $state['privacyidea:privacyidea:ui']['showLogout'] = $this->authProcConfig['showLogout'] ?? true; + $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authProcConfig['messageOverride'] ?? null; // If set in config, allow to check the IP of the client and to control the 2FA depending on the client IP. // It can be used to configure that a user does not need to provide a second factor when logging in from the local network. diff --git a/lib/Auth/Source/PrivacyideaAuthSource.php b/lib/Auth/Source/PrivacyideaAuthSource.php index a5e01f0e5d9f1700147d5a34458575fa1aabcc21..70198eeffb9ba4d9ad2a34da940f2c1464c4e035 100644 --- a/lib/Auth/Source/PrivacyideaAuthSource.php +++ b/lib/Auth/Source/PrivacyideaAuthSource.php @@ -103,6 +103,7 @@ class PrivacyideaAuthSource extends UserPassBase $state['privacyidea:privacyidea:ui']['otpFieldHint'] = $this->authSourceConfig['otpFieldHint'] ?? ''; $state['privacyidea:privacyidea:ui']['passFieldHint'] = $this->authSourceConfig['passFieldHint'] ?? ''; $state['privacyidea:privacyidea:ui']['loadCounter'] = '1'; + $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authSourceConfig['messageOverride'] ?? null; $stateId = State::saveState($state, 'privacyidea:privacyidea'); diff --git a/templates/LoginForm.php b/templates/LoginForm.php index 93bb007a9e41c1b167aba142cecc8519f97e61ce..81dd63ef29200fa83776b3d26332172163fe1e22 100644 --- a/templates/LoginForm.php +++ b/templates/LoginForm.php @@ -137,7 +137,17 @@ if (null !== $this->data['errorCode']) { <input id="password" name="password" tabindex="1" type="password" value="" class="text" placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES); ?>"/> - <strong id="message"><?php echo htmlspecialchars($this->data['message'] ?? '', ENT_QUOTES); ?></strong> + <strong id="message"><?php + $messageOverride = $this->data['messageOverride'] ?? null; + if (null === $messageOverride || is_string($messageOverride)) { + echo htmlspecialchars( + $messageOverride ?? $this->data['message'] ?? '', + ENT_QUOTES + ); + } elseif (is_callable($messageOverride)) { + echo call_user_func($messageOverride, $this->data['message'] ?? ''); + } + ?></strong> <br><br> <label for="otp" class="sr-only"> <?php echo $this->t('{privacyidea:privacyidea:otp}'); ?>