Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.1] Extend 2FA Enforcement option to select usergroups #1233

Closed
jgerman-bot opened this issue Sep 22, 2020 · 6 comments · Fixed by #1276
Closed

[4.1] Extend 2FA Enforcement option to select usergroups #1233

jgerman-bot opened this issue Sep 22, 2020 · 6 comments · Fixed by #1276
Assignees
@tecpromotion
Labels
core language change Joomla! 4.x

Comments

@jgerman-bot
Copy link

New language relevant PR in upstream repo: joomla/joomla-cms#30522 Here are the upstream changes:

Click to expand the diff! 
diff --git a/administrator/components/com_users/config.xml b/administrator/components/com_users/config.xml
index 4238d255eeba..f02345cff79c 100644
--- a/administrator/components/com_users/config.xml
+++ b/administrator/components/com_users/config.xml
@@ -123,6 +123,16 @@
 			<option value="3">COM_USERS_CONFIG_FIELD_ENFORCE_2FA_FIELD_BOTH</option>
 		</field>
 
+		<field
+			name="enforce_2fa_usergroups"
+			type="usergrouplist"
+			label="COM_USERS_CONFIG_FIELD_ENFORCE_2FA_GROUPS_LABEL"
+			multiple="true"
+			filter="int_array"
+			size="10"
+			showon="enforce_2fa_options!:0"
+		/>
+
 	</fieldset>
 
 	<fieldset
diff --git a/administrator/language/en-GB/com_users.ini b/administrator/language/en-GB/com_users.ini
index 2b90ad68bb19..dce12ede36d7 100644
--- a/administrator/language/en-GB/com_users.ini
+++ b/administrator/language/en-GB/com_users.ini
@@ -35,6 +35,7 @@ COM_USERS_CONFIG_FIELD_ENFORCE_2FA_FIELD_ADMIN="Admin (Backend)"
 COM_USERS_CONFIG_FIELD_ENFORCE_2FA_FIELD_BOTH="Both"
 COM_USERS_CONFIG_FIELD_ENFORCE_2FA_FIELD_LABEL="Enforce Two Factor Authentication"
 COM_USERS_CONFIG_FIELD_ENFORCE_2FA_FIELD_SITE="Site (Frontend)"
+COM_USERS_CONFIG_FIELD_ENFORCE_2FA_GROUPS_LABEL="Enforce Two Factor Authentication for Usergroups"
 COM_USERS_CONFIG_FIELD_FRONTEND_LANG_LABEL="Frontend Language"
 COM_USERS_CONFIG_FIELD_FRONTEND_RESET_COUNT_LABEL="Maximum Reset Count"
 COM_USERS_CONFIG_FIELD_FRONTEND_RESET_TIME_LABEL="Reset Time"
diff --git a/libraries/src/Application/CMSApplication.php b/libraries/src/Application/CMSApplication.php
index 5e7e0c349eb5..1e0664995e48 100644
--- a/libraries/src/Application/CMSApplication.php
+++ b/libraries/src/Application/CMSApplication.php
@@ -1175,9 +1175,9 @@ public function isCli()
 	 */
 	protected function isTwoFactorAuthenticationRequired(): bool
 	{
-		$userId = $this->getIdentity()->id;
+		$user = $this->getIdentity();
 
-		if (!$userId)
+		if (!$user->id)
 		{
 			return false;
 		}
@@ -1188,7 +1188,22 @@ protected function isTwoFactorAuthenticationRequired(): bool
 			return false;
 		}
 
-		$enforce2faOptions = ComponentHelper::getComponent('com_users')->getParams()->get('enforce_2fa_options', 0);
+		$comUsersParams = ComponentHelper::getComponent('com_users')->getParams();
+
+		// Check if 2fa is enforced for the logged in user.
+		$forced2faGroups = (array) $comUsersParams->get('enforce_2fa_usergroups', []);
+
+		if (!empty($forced2faGroups))
+		{
+			$userGroups = (array) $user->get('groups', []);
+
+			if (!array_intersect($forced2faGroups, $userGroups))
+			{
+				return false;
+			}
+		}
+
+		$enforce2faOptions = $comUsersParams->get('enforce_2fa_options', 0);
 
 		if ($enforce2faOptions == 0 || !$enforce2faOptions)
 		{
@tecpromotion tecpromotion added this to the 4.0.0v1 milestone Oct 3, 2020
@tecpromotion tecpromotion linked a pull request Oct 3, 2020 that will close this issue
[4.0] administrator/language/com_users #1091
Merged
tecpromotion added a commit to tecpromotion/joomla that referenced this issue Oct 3, 2020
@tecpromotion
fix joomlagerman#1233
cb23909
@tecpromotion
Copy link
Member

oh. @zero-24 this is 4.1 and not 4.0? do we already need a 4.1-dev branch?

@zero-24
Copy link
Member

zero-24 commented Oct 3, 2020

Yes its 4.1 will do a 4.1 branch in a minute

@zero-24
Copy link
Member

zero-24 commented Oct 3, 2020

https://github.com/joomlagerman/joomla/tree/4.1-dev

@tecpromotion tecpromotion removed a link to a pull request Oct 3, 2020
[4.0] administrator/language/com_users #1091
Merged
@tecpromotion
Copy link
Member

Wait for PR #1091
Please merge 4.0-dev into 4.1-dev after merge

@tecpromotion tecpromotion modified the milestones: 4.0.0v1, 4.1.0.v1 Oct 3, 2020
zero-24 added a commit that referenced this issue Oct 5, 2020
@tecpromotion @zero-24
[4.0] administrator/language/com_users (#1091)
1627a9f 
* rename files

* add new string

* fix #1233

* translation and ordering

* Update administrator/language/de-DE/com_users.ini

Co-authored-by: Tobias Zulauf <zero-24@users.noreply.github.com>

Co-authored-by: Tobias Zulauf <zero-24@users.noreply.github.com>
@tecpromotion
Copy link
Member

is merged in 4.1? please close issue #1233 @zero-24

@zero-24
Copy link
Member

zero-24 commented Oct 5, 2020

hmm ja diese PR: #1091 ist jetzt auch in 4.1 aber für diesen issue hier müssten wir dann noch einen PR machen welcher den Sprachstring COM_USERS_CONFIG_FIELD_ENFORCE_2FA_GROUPS_LABEL in 4,1 einbaut.

@tecpromotion tecpromotion mentioned this issue Oct 6, 2020
Merged
@tecpromotion tecpromotion linked a pull request Oct 6, 2020 that will close this issue
[4.1] Extend 2FA Enforcement option to select usergroups #1276
Merged
@zero-24 zero-24 closed this as completed Oct 6, 2020
@zero-24 zero-24 removed this from the 4.1.0.v1 milestone Oct 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tecpromotion tecpromotion

Labels
core language change Joomla! 4.x
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[4.1] Extend 2FA Enforcement option to select usergroups tecpromotion/joomla
3 participants
@tecpromotion @zero-24 @jgerman-bot