lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Adds missing feedback messages to login and security

main
Yasen Pramatarov 2025-02-24 14:08:05 +02:00
parent ecad8e2801
commit 2fc6940c11
3 changed files with 48 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/includes/strings.php
View File

@ -2,6 +2,11 @@
// Message strings for translation // Message strings for translation
return [ return [
'ERROR' => [
'CSRF_INVALID' => 'Invalid security token. Please try again.',
'INVALID_ACTION' => 'Invalid action requested.',
'DEFAULT' => 'An error occurred. Please try again.',
],
'LOGIN' => [ 'LOGIN' => [
'LOGIN_SUCCESS' => 'Login successful.', 'LOGIN_SUCCESS' => 'Login successful.',
'LOGIN_FAILED' => 'Login failed. Please check your credentials.', 'LOGIN_FAILED' => 'Login failed. Please check your credentials.',
@ -12,13 +17,15 @@ return [
], ],
'SECURITY' => [ 'SECURITY' => [
'WHITELIST_ADD_SUCCESS' => 'IP address successfully added to whitelist.', 'WHITELIST_ADD_SUCCESS' => 'IP address successfully added to whitelist.',
'WHITELIST_ADD_ERROR' => 'Failed to add IP to whitelist. Please check the IP format.', 'WHITELIST_ADD_FAILED' => 'Failed to add IP to whitelist.',
'WHITELIST_ADD_ERROR_IP' => 'Failed to add IP to whitelist. Please check the IP format.',
'WHITELIST_REMOVE_SUCCESS' => 'IP address successfully removed from whitelist.', 'WHITELIST_REMOVE_SUCCESS' => 'IP address successfully removed from whitelist.',
'WHITELIST_REMOVE_ERROR' => 'Failed to remove IP from whitelist.', 'WHITELIST_REMOVE_FAILED' => 'Failed to remove IP from whitelist.',
'BLACKLIST_ADD_SUCCESS' => 'IP address successfully added to blacklist.', 'BLACKLIST_ADD_SUCCESS' => 'IP address successfully added to blacklist.',
'BLACKLIST_ADD_ERROR' => 'Failed to add IP to blacklist. Please check the IP format.', 'BLACKLIST_ADD_FAILED' => 'Failed to add IP to blacklist.',
'BLACKLIST_ADD_ERROR_IP' => 'Failed to add IP to blacklist. Please check the IP format.',
'BLACKLIST_REMOVE_SUCCESS' => 'IP address successfully removed from blacklist.', 'BLACKLIST_REMOVE_SUCCESS' => 'IP address successfully removed from blacklist.',
'BLACKLIST_REMOVE_ERROR' => 'Failed to remove IP from blacklist.', 'BLACKLIST_REMOVE_FAILED' => 'Failed to remove IP from blacklist.',
'RATE_LIMIT_INFO' => 'Rate limiting is active. This helps protect against brute force attacks.', 'RATE_LIMIT_INFO' => 'Rate limiting is active. This helps protect against brute force attacks.',
'PERMISSION_DENIED' => 'Permission denied. You do not have the required rights.', 'PERMISSION_DENIED' => 'Permission denied. You do not have the required rights.',
'IP_REQUIRED' => 'IP address is required.', 'IP_REQUIRED' => 'IP address is required.',

4
app/pages/login.php
View File

@ -65,7 +65,7 @@ try {
// Check rate limiting before recording attempt // Check rate limiting before recording attempt
if ($rateLimiter->tooManyAttempts($username, $user_IP)) { if ($rateLimiter->tooManyAttempts($username, $user_IP)) {
throw new Exception(Feedback::get('LOGIN', 'LOGIN_BLOCKED')['message']); throw new Exception(Feedback::get('LOGIN', 'TOO_MANY_ATTEMPTS')['message']);
} }
// Record this attempt // Record this attempt
@ -127,7 +127,7 @@ try {
} }
} }
} catch (Exception $e) { } catch (Exception $e) {
Feedback::flash('ERROR', 'DEFAULT', 'There was an unexpected error. Please try again.'); Feedback::flash('ERROR', 'DEFAULT');
} }
// Show configured login message if any // Show configured login message if any

57
app/pages/security.php
View File

@ -36,15 +36,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
switch ($action) { switch ($action) {
case 'add_whitelist': case 'add_whitelist':
if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) { if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) {
throw new Exception('Unauthorized action'); Feedback::flash('SECURITY', 'PERMISSION_DENIED');
break;
} }
$rules = [ $rules = [
'ip_address' => [ 'ip_address' => [
'required' => true, 'required' => true,
'max' => 45 // IPv6 max length 'max' => 45, // Max length for IPv6
'ip' => true
], ],
'description' => [ 'description' => [
'required' => true,
'max' => 255 'max' => 255
] ]
]; ];
@ -52,45 +55,51 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
if ($validator->validate($rules)) { if ($validator->validate($rules)) {
$is_network = isset($_POST['is_network']) && $_POST['is_network'] === 'on'; $is_network = isset($_POST['is_network']) && $_POST['is_network'] === 'on';
if (!$rateLimiter->addToWhitelist($_POST['ip_address'], $is_network, $_POST['description'] ?? '', $currentUser, $user_id)) { if (!$rateLimiter->addToWhitelist($_POST['ip_address'], $is_network, $_POST['description'] ?? '', $currentUser, $user_id)) {
throw new Exception('Failed to add IP to whitelist'); Feedback::flash('SECURITY', 'WHITELIST_ADD_FAILED');
} else {
Feedback::flash('SECURITY', 'WHITELIST_ADD_SUCCESS');
} }
Feedback::flash('SECURITY', 'WHITELIST_ADD_SUCCESS');
} else { } else {
Feedback::flash('SECURITY', 'WHITELIST_ADD_ERROR', $validator->getFirstError()); Feedback::flash('SECURITY', 'WHITELIST_ADD_ERROR_IP', $validator->getFirstError());
} }
break; break;
case 'remove_whitelist': case 'remove_whitelist':
if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) { if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit whitelist')) {
throw new Exception('Unauthorized action'); Feedback::flash('SECURITY', 'PERMISSION_DENIED');
break;
} }
$rules = [ $rules = [
'ip_address' => [ 'ip_address' => [
'required' => true, 'required' => true,
'max' => 45 'max' => 45,
'ip' => true
] ]
]; ];
if ($validator->validate($rules)) { if ($validator->validate($rules)) {
if (!$rateLimiter->removeFromWhitelist($_POST['ip_address'], $currentUser, $user_id)) { if (!$rateLimiter->removeFromWhitelist($_POST['ip_address'], $currentUser, $user_id)) {
throw new Exception('Failed to remove IP from whitelist'); Feedback::flash('SECURITY', 'WHITELIST_REMOVE_FAILED');
} else {
Feedback::flash('SECURITY', 'WHITELIST_REMOVE_SUCCESS');
} }
Feedback::flash('SECURITY', 'WHITELIST_REMOVE_SUCCESS');
} else { } else {
Feedback::flash('SECURITY', 'WHITELIST_REMOVE_ERROR', $validator->getFirstError()); Feedback::flash('SECURITY', 'WHITELIST_REMOVE_FAILED', $validator->getFirstError());
} }
break; break;
case 'add_blacklist': case 'add_blacklist':
if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) { if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) {
throw new Exception('Unauthorized action'); Feedback::flash('SECURITY', 'PERMISSION_DENIED');
break;
} }
$rules = [ $rules = [
'ip_address' => [ 'ip_address' => [
'required' => true, 'required' => true,
'max' => 45 'max' => 45,
'ip' => true
], ],
'reason' => [ 'reason' => [
'required' => true, 'required' => true,
@ -108,41 +117,45 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
$expiry_hours = !empty($_POST['expiry_hours']) ? (int)$_POST['expiry_hours'] : null; $expiry_hours = !empty($_POST['expiry_hours']) ? (int)$_POST['expiry_hours'] : null;
if (!$rateLimiter->addToBlacklist($_POST['ip_address'], $is_network, $_POST['reason'], $currentUser, $user_id, $expiry_hours)) { if (!$rateLimiter->addToBlacklist($_POST['ip_address'], $is_network, $_POST['reason'], $currentUser, $user_id, $expiry_hours)) {
throw new Exception('Failed to add IP to blacklist'); Feedback::flash('SECURITY', 'BLACKLIST_ADD_FAILED');
} else {
Feedback::flash('SECURITY', 'BLACKLIST_ADD_SUCCESS');
} }
Feedback::flash('SECURITY', 'BLACKLIST_ADD_SUCCESS');
} else { } else {
Feedback::flash('SECURITY', 'BLACKLIST_ADD_ERROR', $validator->getFirstError()); Feedback::flash('SECURITY', 'BLACKLIST_ADD_ERROR_IP', $validator->getFirstError());
} }
break; break;
case 'remove_blacklist': case 'remove_blacklist':
if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) { if (!$userObject->hasRight($user_id, 'superuser') && !$userObject->hasRight($user_id, 'edit blacklist')) {
throw new Exception('Unauthorized action'); Feedback::flash('SECURITY', 'PERMISSION_DENIED');
break;
} }
$rules = [ $rules = [
'ip_address' => [ 'ip_address' => [
'required' => true, 'required' => true,
'max' => 45 'max' => 45,
'ip' => true
] ]
]; ];
if ($validator->validate($rules)) { if ($validator->validate($rules)) {
if (!$rateLimiter->removeFromBlacklist($_POST['ip_address'], $currentUser, $user_id)) { if (!$rateLimiter->removeFromBlacklist($_POST['ip_address'], $currentUser, $user_id)) {
throw new Exception('Failed to remove IP from blacklist'); Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_FAILED');
} else {
Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_SUCCESS');
} }
Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_SUCCESS');
} else { } else {
Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_ERROR', $validator->getFirstError()); Feedback::flash('SECURITY', 'BLACKLIST_REMOVE_FAILED', $validator->getFirstError());
} }
break; break;
default: default:
throw new Exception('Invalid action'); Feedback::flash('ERROR', 'INVALID_ACTION');
} }
} catch (Exception $e) { } catch (Exception $e) {
Feedback::flash('SECURITY', 'ERROR', $e->getMessage()); Feedback::flash('ERROR', $e->getMessage());
} }
// Redirect back to the appropriate section // Redirect back to the appropriate section