Add captive prompts for the rest of MFA methods (#38082)

* Add captive prompts for the rest of MFA methods Addresses comment #37912 (comment) Adds captive login prompts for these MFA methods: * Backup Codes * TOTP (Authenticator Code) * YubiKey The rest of the methods already had it: * Email * Fixed * WebAuthn * Update administrator/language/en-GB/com_users.ini * Update language/en-GB/com_users.ini Co-authored-by: Brian Teeman <brian@teeman.net>
joomla · Jun 18, 2022 · 1273361 · 1273361
1 parent 598b9aa
commit 1273361
Show file tree

Hide file tree

Showing 8 changed files with 8 additions and 3 deletions.
diff --git a/administrator/components/com_users/src/Model/CaptiveModel.php b/administrator/components/com_users/src/Model/CaptiveModel.php
@@ -240,6 +240,7 @@ public function loadCaptiveRenderOptions(?MfaTable $record): CaptiveRenderOption
 			{
 				return $renderOptions->merge(
 					[
+						'pre_message' => Text::_('COM_USERS_USER_BACKUPCODES_CAPTIVE_PROMPT'),
 						'input_type' => 'number',
 						'label' => Text::_('COM_USERS_USER_BACKUPCODE'),
 					]

diff --git a/administrator/language/en-GB/com_users.ini b/administrator/language/en-GB/com_users.ini
@@ -392,6 +392,7 @@ COM_USERS_USERS_TABLE_CAPTION="Table of Users"
 COM_USERS_USER_ACCOUNT_DETAILS="Account Details"
 COM_USERS_USER_BACKUPCODE="Backup Code"
 COM_USERS_USER_BACKUPCODES="Backup Codes"
+COM_USERS_USER_BACKUPCODES_CAPTIVE_PROMPT="If you do not have access to your usual Multi-factor Authentication method use any of your Backup Codes in the field below. Please remember that this emergency backup code cannot be reused."
 COM_USERS_USER_BACKUPCODES_DESC="Lets you access the site if all other Multi-factor Authentication methods you have set up fail."
 COM_USERS_USER_BATCH_FAILED="An error was encountered while performing the batch operation: %s."
 COM_USERS_USER_BATCH_SUCCESS="Batch operation completed."

diff --git a/administrator/language/en-GB/plg_multifactorauth_totp.ini b/administrator/language/en-GB/plg_multifactorauth_totp.ini
@@ -4,6 +4,7 @@
 ; Note : All ini files need to be saved as UTF-8
 
 PLG_MULTIFACTORAUTH_TOTP="Multi-factor Authentication - Verification Code"
+PLG_MULTIFACTORAUTH_TOTP_CAPTIVE_PROMPT="Please open your authenticator application or password manager and copy the six digit code for this site in the text box below, then click on the Validate button. If this code has been automatically filled in for you just click on the Validate button."
 PLG_MULTIFACTORAUTH_TOTP_ERR_VALIDATIONFAILED="You did not enter a valid verification code. Please check your authenticator app setup, and make sure that the time and time zone on your device is set correctly."
 PLG_MULTIFACTORAUTH_TOTP_LBL_LABEL="Enter the six digit verification code"
 PLG_MULTIFACTORAUTH_TOTP_LBL_SETUP_INSTRUCTIONS="Set up your verification code (also known as an “authenticator code”) using the information below. You can use an authenticator app (such Google Authenticator, Authy, LastPass Authenticator, etc), your favorite password manager (1Password, BitWarden, Keeper, KeePassXC, Strongbox, etc) or, in some cases, your browser."

diff --git a/administrator/language/en-GB/plg_multifactorauth_yubikey.ini b/administrator/language/en-GB/plg_multifactorauth_yubikey.ini
@@ -4,6 +4,7 @@
 ; Note : All ini files need to be saved as UTF-8
 
 PLG_MULTIFACTORAUTH_YUBIKEY="Multi-factor Authentication - YubiKey"
+PLG_MULTIFACTORAUTH_YUBIKEY_CAPTIVE_PROMPT="Please click in the text box below. Then insert your YubiKey into the USB port of your device and touch its golden disk or golden pad (depending on your model) to make it produce a YubiKey code. If you are on an NFC-capable phone or tablet with an NFC-enabled YubiKey you need to instead approach your YubiKey to the NFC reader area of your phone or tablet."
 PLG_MULTIFACTORAUTH_YUBIKEY_CODE_LABEL="YubiKey code"
 PLG_MULTIFACTORAUTH_YUBIKEY_ERR_VALIDATIONFAILED="You did not enter a valid YubiKey secret code or the YubiCloud servers are unreachable at this time."
 PLG_MULTIFACTORAUTH_YUBIKEY_LBL_AFTERSETUP_INSTRUCTIONS="You have already set up your YubiKey (the one generating codes starting with <code>%s</code>). You can only change its title from this page."

diff --git a/components/com_users/tmpl/captive/default.php b/components/com_users/tmpl/captive/default.php
@@ -57,7 +57,7 @@ class="btn btn-sm btn-secondary"
 	</h2>
 
 	<?php if ($this->renderOptions['pre_message']): ?>
-		<div class="users-mfa-captive-pre-message text-muted">
+		<div class="users-mfa-captive-pre-message text-muted mb-3">
 			<?php echo $this->renderOptions['pre_message'] ?>
 		</div>
 	<?php endif; ?>

diff --git a/language/en-GB/com_users.ini b/language/en-GB/com_users.ini
@@ -140,6 +140,7 @@ COM_USERS_RESET_REQUEST_LABEL="Please enter the email address for your account.
 COM_USERS_SETTINGS_FIELDSET_LABEL="Basic Settings"
 COM_USERS_USER_BACKUPCODE="Backup Code"
 COM_USERS_USER_BACKUPCODES="Backup Codes"
+COM_USERS_USER_BACKUPCODES_CAPTIVE_PROMPT="If you do not have access to your usual Multi-factor Authentication method use any of your Backup Codes in the field below. Please remember that this emergency backup code cannot be reused."
 COM_USERS_USER_BACKUPCODES_DESC="If you do not have access to your Multi-factor Authentication device you can use any of the following passwords instead of a regular security code. Each one of these emergency codes is immediately destroyed upon use. We recommend printing these codes out and keeping the printout in a safe and accessible location, eg your wallet or a safety deposit box."
 COM_USERS_USER_BLOCKED="This user is blocked. If this is an error, please contact an administrator."
 COM_USERS_USER_FIELD_BACKEND_LANGUAGE_LABEL="Backend Language"

diff --git a/plugins/multifactorauth/totp/src/Extension/Totp.php b/plugins/multifactorauth/totp/src/Extension/Totp.php
@@ -137,7 +137,7 @@ public function onUserMultifactorCaptive(Captive $event): void
 			new CaptiveRenderOptions(
 				[
 					// Custom HTML to display above the MFA form
-					'pre_message'      => '',
+					'pre_message'      => Text::_('PLG_MULTIFACTORAUTH_TOTP_CAPTIVE_PROMPT'),
 					// How to render the MFA code field. "input" (HTML input element) or "custom" (custom HTML)
 					'field_type'       => 'input',
 					// The type attribute for the HTML input box. Typically "text" or "password". Use any HTML5 input type.

diff --git a/plugins/multifactorauth/yubikey/src/Extension/Yubikey.php b/plugins/multifactorauth/yubikey/src/Extension/Yubikey.php
@@ -139,7 +139,7 @@ public function onUserMultifactorCaptive(Captive $event): void
 			new CaptiveRenderOptions(
 				[
 					// Custom HTML to display above the MFA form
-					'pre_message'        => '',
+					'pre_message'        => Text::_('PLG_MULTIFACTORAUTH_YUBIKEY_CAPTIVE_PROMPT'),
 					// How to render the MFA code field. "input" (HTML input element) or "custom" (custom HTML)
 					'field_type'         => 'input',
 					// The type attribute for the HTML input box. Typically "text" or "password". Use any HTML5 input type.