Revert "feat: user without tokens is redirected to new page, when mfa is enforced"

This reverts commit 000d0f38.

Revert "feat: user without tokens is redirected to new page, when mfa is enforced"
This reverts commit 000d0f38.
12c9aa4b · Jan Pavlíček · 000d0f38 · 000d0f38 · 12c9aa4b · 000d0f38
Verified Commit 12c9aa4b authored 1 year ago by Jan Pavlíček
--- a/dictionaries/mfa.definition.json
+++ b/dictionaries/mfa.definition.json
-{
-  "setup_mfa_text": {
-    "en": "To access service, you have to configure multi-factor authentication token.",
-    "cs": "K přístupu ke službě nejprve musíte nastavit token pro vícefázové ověření."
-  },
-  "manage_tokens_button": {
-    "en": "Continue",
-    "cs": "Pokračovat"
-  }
-}
--- a/lib/Auth/Process/SwitchAuth.php
+++ b/lib/Auth/Process/SwitchAuth.php
@@ -9,25 +9,17 @@ use SimpleSAML\Auth\State;
 use SimpleSAML\Configuration;
 use SimpleSAML\Error\Exception;
 use SimpleSAML\Logger;
-use SimpleSAML\Module;
 use SimpleSAML\Module\authswitcher\AuthnContextHelper;
 use SimpleSAML\Module\authswitcher\AuthSwitcher;
 use SimpleSAML\Module\authswitcher\ContextSettings;
 use SimpleSAML\Module\authswitcher\ProxyHelper;
 use SimpleSAML\Module\authswitcher\Utils;
-use SimpleSAML\Utils\HTTP;

 class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter
 {
    /* constants */
    private const DEBUG_PREFIX = 'authswitcher:SwitchAuth: ';

-    private const SETUP_MFA_URL = 'authswitcher/setupMFA.php';
-
-    public const SETUP_MFA_TPL_URL = 'authswitcher/setup-mfa-tpl.php';
-
-    public const PARAM_MFA_REDIRECT_URL = 'mfa_redirect_url';
-
    private $type_filter_array = [
        'TOTP' => 'privacyidea:PrivacyideaAuthProc',
        'WebAuthn' => 'privacyidea:PrivacyideaAuthProc',
@@ -70,10 +62,6 @@ class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter

    private $entityID;

-    private $mfa_excluded_sps;
-
-    private $setup_mfa_redirect_url;
-
    /**
     * @override
     *
@@ -107,8 +95,6 @@ class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter
        $this->sfa_len_attr = $config->getString('sfa_len_attr', $this->sfa_len_attr);
        $this->check_entropy = $config->getBoolean('check_entropy', $this->check_entropy);
        $this->entityID = $config->getValue('entityID', null);
-        $this->mfa_excluded_sps = $config->getArray('mfa_excluded_sps', []);
-        $this->setup_mfa_redirect_url = $config->getString('setup_mfa_redirect_url', "");

        list($this->password_contexts, $this->mfa_contexts, $password_contexts_patterns, $mfa_contexts_patterns)
            = ContextSettings::parseConfig($config);
@@ -134,14 +120,6 @@ class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter

        $usersCapabilities = $this->getMFAForUid($state);

-        if ($mfaEnforced && empty($state['Attributes'][AuthSwitcher::MFA_TOKENS]) &&
-            !in_array($this->entityID, $this->mfa_excluded_sps)) {
-            $url = Module::getModuleURL(self::SETUP_MFA_URL);
-            $params = [];
-            $params[self::PARAM_MFA_REDIRECT_URL] = $this->setup_mfa_redirect_url;
-            HTTP::redirectTrustedURL($url, $params);
-        }
-
        self::info('user capabilities: ' . json_encode($usersCapabilities));

        self::setErrorHandling($state);
@@ -165,8 +143,8 @@ class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter
        self::info('supported requested contexts: ' . json_encode($this->supported_requested_contexts));

        $shouldPerformMFA = !$this->authnContextHelper->MFAin([
-                $upstreamContext,
-            ]) && ($mfaEnforced || $this->authnContextHelper->isMFAprefered($this->supported_requested_contexts));
+            $upstreamContext,
+        ]) && ($mfaEnforced || $this->authnContextHelper->isMFAprefered($this->supported_requested_contexts));

        if (
            $this->mfa_preferred_privacyidea_fail
@@ -182,7 +160,7 @@ class SwitchAuth extends \SimpleSAML\Auth\ProcessingFilter
        $maxUserCapability = '';
        if (
            in_array(AuthSwitcher::REFEDS_MFA, $usersCapabilities, true) || $this->authnContextHelper->MFAin([
-                $upstreamContext,
+            $upstreamContext,
            ])
        ) {
            $maxUserCapability = AuthSwitcher::REFEDS_MFA;

--- a/templates/setup-mfa-tpl.php
+++ b/templates/setup-mfa-tpl.php
-<?php
-
-declare(strict_types=1);
-
-use SimpleSAML\Module\authswitcher\Auth\Process\SwitchAuth;
-
-$this->includeAtTemplateBase('includes/header.php');
-?>
-
-<div class="row">
-  <div>
-      <p><?php echo $this->t('{authswitcher:mfa:setup_mfa_text}'); ?></p>
-      <?php if (!empty($this->data[SwitchAuth::PARAM_MFA_REDIRECT_URL])) { ?>
-        <a class="btn btn-lg btn-block btn-primary"
-           href="<?php echo $this->data[SwitchAuth::PARAM_MFA_REDIRECT_URL]; ?>">
-            <?php echo $this->t('{authswitcher:mfa:manage_tokens_button}'); ?>
-        </a>
-      <?php } ?>
-
-  </div>
-</div>
-
-<?php
-$this->includeAtTemplateBase('includes/footer.php');
-?>
--- a/www/setupMFA.php
+++ b/www/setupMFA.php
-<?php
-
-declare(strict_types=1);
-
-use SimpleSAML\Configuration;
-use SimpleSAML\Module\authswitcher\Auth\Process\SwitchAuth;
-use SimpleSAML\XHTML\Template;
-
-$config = Configuration::getInstance();
-$t = new Template($config, SwitchAuth::SETUP_MFA_TPL_URL);
-$t->data[SwitchAuth::PARAM_MFA_REDIRECT_URL] = $_REQUEST[SwitchAuth::PARAM_MFA_REDIRECT_URL];
-
-$t->show();
\ No newline at end of file