diff options
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 8 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Auth/GoogleAuth.pm | 27 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Default.pm | 17 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/FixMyStreet.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Oxfordshire.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/UK.pm | 5 |
9 files changed, 62 insertions, 27 deletions
diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm index 1173523bc..f62deae3a 100644 --- a/perllib/FixMyStreet/App.pm +++ b/perllib/FixMyStreet/App.pm @@ -13,7 +13,7 @@ use FixMyStreet::Email::Sender; use FixMyStreet::PhotoStorage; use Utils; -use Auth::GoogleAuth; +use FixMyStreet::Auth::GoogleAuth; use Path::Tiny 'path'; use Try::Tiny; use Text::CSV; @@ -27,6 +27,7 @@ use Catalyst ( 'Session::State::Cookie', # FIXME - we're using our own override atm 'Authentication', 'SmartURI', + 'FixMyStreet::Session::RotateSession', 'FixMyStreet::Session::StoreSessions', ); @@ -198,7 +199,7 @@ sub setup_request { my $cobrand = $c->cobrand; FixMyStreet::DB->schema->cobrand($cobrand); - $cobrand->call_hook('add_response_headers'); + $cobrand->add_response_headers; # append the cobrand templates to the include path $c->stash->{additional_template_paths} = $cobrand->path_to_web_templates; @@ -527,7 +528,7 @@ sub check_2fa { my ($c, $secret32) = @_; if (my $code = $c->get_param('2fa_code')) { - my $auth = Auth::GoogleAuth->new; + my $auth = FixMyStreet::Auth::GoogleAuth->new; return 1 if $auth->verify($code, 2, $secret32); $c->stash->{incorrect_code} = 1; } diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 8265506ab..4660f45dd 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -364,8 +364,8 @@ sub signup_2fa : Private { } if ($action eq 'activate') { - my $auth = Auth::GoogleAuth->new; - $c->stash->{qr_code} = $auth->qr_code($secret, $user->email, 'FixMyStreet'); + my $auth = FixMyStreet::Auth::GoogleAuth->new; + $c->stash->{qr_code} = $auth->qr_code($secret, $user->email, $c->cobrand->base_url); $c->stash->{secret32} = $auth->secret32; $c->stash->{stage} = 'activate'; } diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index a1bbfc570..a89c6f539 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -216,8 +216,8 @@ sub generate_token : Path('/auth/generate_token') { } if ($action eq 'activate') { - my $auth = Auth::GoogleAuth->new; - $c->stash->{qr_code} = $auth->qr_code($secret, $c->user->email, 'FixMyStreet'); + my $auth = FixMyStreet::Auth::GoogleAuth->new; + $c->stash->{qr_code} = $auth->qr_code($secret, $c->user->email, $c->cobrand->base_url); $c->stash->{secret32} = $auth->secret32; $c->stash->{stage} = 'activate'; } diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 585337d8b..b748a34e0 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -514,9 +514,11 @@ sub initialize_report : Private { ->first; if ($report) { - # log the problem creation user in to the site - $c->authenticate( { email => $report->user->email, email_verified => 1 }, - 'no_password' ); + # log the problem creation user in to the site, if not already logged in + if (!$c->user_exists || $c->user->email ne $report->user->email) { + $c->authenticate( { email => $report->user->email, email_verified => 1 }, + 'no_password' ); + } # save the token to delete at the end $c->stash->{partial_token} = $token if $report; diff --git a/perllib/FixMyStreet/Auth/GoogleAuth.pm b/perllib/FixMyStreet/Auth/GoogleAuth.pm new file mode 100644 index 000000000..ffe58b2dd --- /dev/null +++ b/perllib/FixMyStreet/Auth/GoogleAuth.pm @@ -0,0 +1,27 @@ +package FixMyStreet::Auth::GoogleAuth; + +use parent 'Auth::GoogleAuth'; + +use strict; +use warnings; +use Image::PNG::QRCode 'qrpng'; +use URI; + +# Overridden to return a data: URI of the image +sub qr_code { + my $self = shift; + my ( $secret32, $key_id, $issuer, $return_otpauth ) = @_; + + # Make issuer a bit nicer to read + $issuer =~ s{https?://}{}; + + my $otpauth = $self->SUPER::qr_code($secret32, $key_id, $issuer, 1); + return $otpauth if $return_otpauth; + + my $u = URI->new('data:'); + $u->media_type('image/png'); + $u->data(qrpng(text => $otpauth)); + return $u; +} + +1; diff --git a/perllib/FixMyStreet/Cobrand/Default.pm b/perllib/FixMyStreet/Cobrand/Default.pm index 620183078..1f2e48994 100644 --- a/perllib/FixMyStreet/Cobrand/Default.pm +++ b/perllib/FixMyStreet/Cobrand/Default.pm @@ -14,6 +14,7 @@ use Digest::MD5 qw(md5_hex); use Carp; use mySociety::PostcodeUtil; +use mySociety::Random; =head1 The default cobrand @@ -74,6 +75,22 @@ sub feature { return $features->{$feature}->{$self->moniker}; } +sub csp_config { + FixMyStreet->config('CONTENT_SECURITY_POLICY'); +} + +sub add_response_headers { + my $self = shift; + # uncoverable branch true + return if $self->{c}->debug; + if (my $csp_domains = $self->csp_config) { + $csp_domains = '' if $csp_domains eq '1'; + $csp_domains = join(' ', @$csp_domains) if ref $csp_domains; + my $csp_nonce = $self->{c}->stash->{csp_nonce} = unpack('h*', mySociety::Random::random_bytes(16, 1)); + $self->{c}->res->header('Content-Security-Policy', "script-src 'self' 'unsafe-inline' 'nonce-$csp_nonce' $csp_domains; object-src 'none'; base-uri 'none'") + } +} + =item password_minimum_length Returns the minimum length a password can be set to. diff --git a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm index 8ef51f328..0d2bf3663 100644 --- a/perllib/FixMyStreet/Cobrand/FixMyStreet.pm +++ b/perllib/FixMyStreet/Cobrand/FixMyStreet.pm @@ -4,8 +4,6 @@ use base 'FixMyStreet::Cobrand::UK'; use strict; use warnings; -use mySociety::Random; - use constant COUNCIL_ID_BROMLEY => 2482; use constant COUNCIL_ID_ISLEOFWIGHT => 2636; @@ -25,14 +23,6 @@ sub path_to_email_templates { ]; } -sub add_response_headers { - my $self = shift; - # uncoverable branch true - return if $self->{c}->debug; - my $csp_nonce = $self->{c}->stash->{csp_nonce} = unpack('h*', mySociety::Random::random_bytes(16, 1)); - $self->{c}->res->header('Content-Security-Policy', "script-src 'self' www.google-analytics.com www.googleadservices.com 'unsafe-inline' 'nonce-$csp_nonce'") -} - # FixMyStreet should return all cobrands sub restriction { return {}; diff --git a/perllib/FixMyStreet/Cobrand/Oxfordshire.pm b/perllib/FixMyStreet/Cobrand/Oxfordshire.pm index 6f6284c7a..db6d120ed 100644 --- a/perllib/FixMyStreet/Cobrand/Oxfordshire.pm +++ b/perllib/FixMyStreet/Cobrand/Oxfordshire.pm @@ -193,13 +193,6 @@ sub available_permissions { my $perms = $self->next::method(); $perms->{Bodies}->{defect_type_edit} = "Add/edit defect types"; - delete $perms->{Problems}->{report_edit}; - delete $perms->{Problems}->{report_edit_category}; - delete $perms->{Problems}->{report_edit_priority}; - delete $perms->{Problems}->{report_inspect}; - delete $perms->{Problems}->{report_instruct}; - delete $perms->{Problems}->{planned_reports}; - return $perms; } diff --git a/perllib/FixMyStreet/Cobrand/UK.pm b/perllib/FixMyStreet/Cobrand/UK.pm index 18bf01476..83df590db 100644 --- a/perllib/FixMyStreet/Cobrand/UK.pm +++ b/perllib/FixMyStreet/Cobrand/UK.pm @@ -11,6 +11,11 @@ sub country { return 'GB'; } sub area_types { [ 'DIS', 'LBO', 'MTD', 'UTA', 'CTY', 'COI', 'LGD' ] } sub area_types_children { $mySociety::VotingArea::council_child_types } +sub csp_config { + my $self = shift; + return $self->feature('content_security_policy'); +} + sub enter_postcode_text { my ( $self ) = @_; return _("Enter a nearby UK postcode, or street name and area"); |