From 0e5db60ab49afb45ca2a38f8383243c41f39da0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ou=C5=A1ek?= <brousek@ics.muni.cz>
Date: Wed, 23 Mar 2022 09:52:14 +0100
Subject: [PATCH] feat: messageOverride configuration option

replace privacyIDEA messages with a string
or modify them with a function
---
 docs/privacyidea.md                       | 16 ++++++++++++++++
 lib/Auth/Process/PrivacyideaAuthProc.php  |  1 +
 lib/Auth/Source/PrivacyideaAuthSource.php |  1 +
 templates/LoginForm.php                   | 12 +++++++++++-
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/docs/privacyidea.md b/docs/privacyidea.md
index 6be53d7..af33494 100644
--- a/docs/privacyidea.md
+++ b/docs/privacyidea.md
@@ -126,6 +126,14 @@ You need to add the authentication source 'privacyidea' to
         'serial' => 'otpSerial',
         'otplen' => 'otpLength'
     ],
+
+    /*
+     * Override (string) or reformat (callable) messages from privacyIDEA.
+     * When using callable, HTML is not escaped.
+     * Optional.
+     */
+    //'messageOverride' => 'Use any of your tokens.',
+    //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));},
 ],
 ```
 
@@ -315,6 +323,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
          * Optional, default to true.
          */
         'showLogout' => false,
+
+        /**
+         * Override (string) or reformat (callable) messages from privacyIDEA.
+         * When using callable, HTML is not escaped.
+         * Optional.
+         */
+        //'messageOverride' => 'Use any of your tokens.',
+        //'messageOverride' => function($messages){return htmlspecialchars(current(explode(',', $messages)));},
     ],
 ]
 ```
diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php
index eb3f492..861e690 100644
--- a/lib/Auth/Process/PrivacyideaAuthProc.php
+++ b/lib/Auth/Process/PrivacyideaAuthProc.php
@@ -56,6 +56,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
         $state['privacyidea:privacyidea'] = $this->authProcConfig;
         $state['privacyidea:privacyidea']['authenticationMethod'] = 'authprocess';
         $state['privacyidea:privacyidea:ui']['showLogout'] = $this->authProcConfig['showLogout'] ?? true;
+        $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authProcConfig['messageOverride'] ?? null;
 
         // If set in config, allow to check the IP of the client and to control the 2FA depending on the client IP.
         // It can be used to configure that a user does not need to provide a second factor when logging in from the local network.
diff --git a/lib/Auth/Source/PrivacyideaAuthSource.php b/lib/Auth/Source/PrivacyideaAuthSource.php
index a5e01f0..70198ee 100644
--- a/lib/Auth/Source/PrivacyideaAuthSource.php
+++ b/lib/Auth/Source/PrivacyideaAuthSource.php
@@ -103,6 +103,7 @@ class PrivacyideaAuthSource extends UserPassBase
         $state['privacyidea:privacyidea:ui']['otpFieldHint'] = $this->authSourceConfig['otpFieldHint'] ?? '';
         $state['privacyidea:privacyidea:ui']['passFieldHint'] = $this->authSourceConfig['passFieldHint'] ?? '';
         $state['privacyidea:privacyidea:ui']['loadCounter'] = '1';
+        $state['privacyidea:privacyidea:ui']['messageOverride'] = $this->authSourceConfig['messageOverride'] ?? null;
 
         $stateId = State::saveState($state, 'privacyidea:privacyidea');
 
diff --git a/templates/LoginForm.php b/templates/LoginForm.php
index 93bb007..81dd63e 100644
--- a/templates/LoginForm.php
+++ b/templates/LoginForm.php
@@ -137,7 +137,17 @@ if (null !== $this->data['errorCode']) {
                                 <input id="password" name="password" tabindex="1" type="password" value="" class="text"
                                        placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES); ?>"/>
 
-                                <strong id="message"><?php echo htmlspecialchars($this->data['message'] ?? '', ENT_QUOTES); ?></strong>
+                                <strong id="message"><?php
+                                    $messageOverride = $this->data['messageOverride'] ?? null;
+                                    if (null === $messageOverride || is_string($messageOverride)) {
+                                        echo htmlspecialchars(
+                                            $messageOverride ?? $this->data['message'] ?? '',
+                                            ENT_QUOTES
+                                        );
+                                    } elseif (is_callable($messageOverride)) {
+                                        echo call_user_func($messageOverride, $this->data['message'] ?? '');
+                                    }
+                                ?></strong>
                                 <br><br>
                                 <label for="otp" class="sr-only">
                                     <?php echo $this->t('{privacyidea:privacyidea:otp}'); ?>
-- 
GitLab