From 2fc6940c112365197064d59495f2d81a0c9b3fb5 Mon Sep 17 00:00:00 2001 From: Yasen Pramatarov Date: Mon, 24 Feb 2025 14:08:05 +0200 Subject: [PATCH] Adds missing feedback messages to login and security --- app/includes/strings.php | 15 ++++++++--- app/pages/login.php | 4 +-- app/pages/security.php | 57 ++++++++++++++++++++++++---------------- 3 files changed, 48 insertions(+), 28 deletions(-) diff --git a/app/includes/strings.php b/app/includes/strings.php index 6c72862..fa64449 100644 --- a/app/includes/strings.php +++ b/app/includes/strings.php @@ -2,6 +2,11 @@ // Message strings for translation return [ + 'ERROR' => [ + 'CSRF_INVALID' => 'Invalid security token. Please try again.', + 'INVALID_ACTION' => 'Invalid action requested.', + 'DEFAULT' => 'An error occurred. Please try again.', + ], 'LOGIN' => [ 'LOGIN_SUCCESS' => 'Login successful.', 'LOGIN_FAILED' => 'Login failed. Please check your credentials.', @@ -12,13 +17,15 @@ return [ ], 'SECURITY' => [ 'WHITELIST_ADD_SUCCESS' => 'IP address successfully added to whitelist.', - 'WHITELIST_ADD_ERROR' => 'Failed to add IP to whitelist. Please check the IP format.', + 'WHITELIST_ADD_FAILED' => 'Failed to add IP to whitelist.', + 'WHITELIST_ADD_ERROR_IP' => 'Failed to add IP to whitelist. Please check the IP format.', 'WHITELIST_REMOVE_SUCCESS' => 'IP address successfully removed from whitelist.', - 'WHITELIST_REMOVE_ERROR' => 'Failed to remove IP from whitelist.', + 'WHITELIST_REMOVE_FAILED' => 'Failed to remove IP from whitelist.', 'BLACKLIST_ADD_SUCCESS' => 'IP address successfully added to blacklist.', - 'BLACKLIST_ADD_ERROR' => 'Failed to add IP to blacklist. Please check the IP format.', + 'BLACKLIST_ADD_FAILED' => 'Failed to add IP to blacklist.', + 'BLACKLIST_ADD_ERROR_IP' => 'Failed to add IP to blacklist. Please check the IP format.', 'BLACKLIST_REMOVE_SUCCESS' => 'IP address successfully removed from blacklist.', - 'BLACKLIST_REMOVE_ERROR' => 'Failed to remove IP from blacklist.', + 'BLACKLIST_REMOVE_FAILED' => 'Failed to remove IP from blacklist.', 'RATE_LIMIT_INFO' => 'Rate limiting is active. This helps protect against brute force attacks.', 'PERMISSION_DENIED' => 'Permission denied. You do not have the required rights.', 'IP_REQUIRED' => 'IP address is required.', diff --git a/app/pages/login.php b/app/pages/login.php index 3ff76bc..1508ceb 100644 --- a/app/pages/login.php +++ b/app/pages/login.php @@ -65,7 +65,7 @@ try { // Check rate limiting before recording attempt if ($rateLimiter->tooManyAttempts($username, $user_IP)) { - throw new Exception(Feedback::get('LOGIN', 'LOGIN_BLOCKED')['message']); + throw new Exception(Feedback::get('LOGIN', 'TOO_MANY_ATTEMPTS')['message']); } // Record this attempt @@ -127,7 +127,7 @@ try { } } } catch (Exception $e) { - Feedback::flash('ERROR', 'DEFAULT', 'There was an unexpected error. Please try again.'); + Feedback::flash('ERROR', 'DEFAULT'); } // Show configured login message if any diff --git a/app/pages/security.php b/app/pages/security.php index b0ec586..ea81f1d 100644 --- a/app/pages/security.php +++ b/app/pages/security.php @@ -36,15 +36,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { switch ($action) { case 'add_whitelist': if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) { - throw new Exception('Unauthorized action'); + Feedback::flash('SECURITY', 'PERMISSION_DENIED'); + break; } $rules = [ 'ip_address' => [ 'required' => true, - 'max' => 45 // IPv6 max length + 'max' => 45, // Max length for IPv6 + 'ip' => true ], 'description' => [ + 'required' => true, 'max' => 255 ] ]; @@ -52,45 +55,51 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { if ($validator->validate($rules)) { $is_network = isset($_POST['is_network']) && $_POST['is_network'] === 'on'; if (!$rateLimiter->addToWhitelist($_POST['ip_address'], $is_network, $_POST['description'] ?? '', $currentUser, $user_id)) { - throw new Exception('Failed to add IP to whitelist'); + Feedback::flash('SECURITY', 'WHITELIST_ADD_FAILED'); + } else { + Feedback::flash('SECURITY', 'WHITELIST_ADD_SUCCESS'); } - Feedback::flash('SECURITY', 'WHITELIST_ADD_SUCCESS'); } else { - Feedback::flash('SECURITY', 'WHITELIST_ADD_ERROR', $validator->getFirstError()); + Feedback::flash('SECURITY', 'WHITELIST_ADD_ERROR_IP', $validator->getFirstError()); } break; case 'remove_whitelist': if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) { - throw new Exception('Unauthorized action'); + Feedback::flash('SECURITY', 'PERMISSION_DENIED'); + break; } $rules = [ 'ip_address' => [ 'required' => true, - 'max' => 45 + 'max' => 45, + 'ip' => true ] ]; if ($validator->validate($rules)) { if (!$rateLimiter->removeFromWhitelist($_POST['ip_address'], $currentUser, $user_id)) { - throw new Exception('Failed to remove IP from whitelist'); + Feedback::flash('SECURITY', 'WHITELIST_REMOVE_FAILED'); + } else { + Feedback::flash('SECURITY', 'WHITELIST_REMOVE_SUCCESS'); } - Feedback::flash('SECURITY', 'WHITELIST_REMOVE_SUCCESS'); } else { - Feedback::flash('SECURITY', 'WHITELIST_REMOVE_ERROR', $validator->getFirstError()); + Feedback::flash('SECURITY', 'WHITELIST_REMOVE_FAILED', $validator->getFirstError()); } break; case 'add_blacklist': if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) { - throw new Exception('Unauthorized action'); + Feedback::flash('SECURITY', 'PERMISSION_DENIED'); + break; } $rules = [ 'ip_address' => [ 'required' => true, - 'max' => 45 + 'max' => 45, + 'ip' => true ], 'reason' => [ 'required' => true, @@ -108,41 +117,45 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) { $expiry_hours = !empty($_POST['expiry_hours']) ? (int)$_POST['expiry_hours'] : null; if (!$rateLimiter->addToBlacklist($_POST['ip_address'], $is_network, $_POST['reason'], $currentUser, $user_id, $expiry_hours)) { - throw new Exception('Failed to add IP to blacklist'); + Feedback::flash('SECURITY', 'BLACKLIST_ADD_FAILED'); + } else { + Feedback::flash('SECURITY', 'BLACKLIST_ADD_SUCCESS'); } - Feedback::flash('SECURITY', 'BLACKLIST_ADD_SUCCESS'); } else { - Feedback::flash('SECURITY', 'BLACKLIST_ADD_ERROR', $validator->getFirstError()); + Feedback::flash('SECURITY', 'BLACKLIST_ADD_ERROR_IP', $validator->getFirstError()); } break; case 'remove_blacklist': if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) { - throw new Exception('Unauthorized action'); + Feedback::flash('SECURITY', 'PERMISSION_DENIED'); + break; } $rules = [ 'ip_address' => [ 'required' => true, - 'max' => 45 + 'max' => 45, + 'ip' => true ] ]; if ($validator->validate($rules)) { if (!$rateLimiter->removeFromBlacklist($_POST['ip_address'], $currentUser, $user_id)) { - throw new Exception('Failed to remove IP from blacklist'); + Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_FAILED'); + } else { + Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_SUCCESS'); } - Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_SUCCESS'); } else { - Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_ERROR', $validator->getFirstError()); + Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_FAILED', $validator->getFirstError()); } break; default: - throw new Exception('Invalid action'); + Feedback::flash('ERROR', 'INVALID_ACTION'); } } catch (Exception $e) { - Feedback::flash('SECURITY', 'ERROR', $e->getMessage()); + Feedback::flash('ERROR', $e->getMessage()); } // Redirect back to the appropriate section