Item14459: Add docs on user registration.

Fix a couple of issues.
foswiki · Aug 19, 2017 · 2442e70 · 2442e70
1 parent 16bf052
commit 2442e70
Show file tree

Hide file tree

Showing 5 changed files with 127 additions and 18 deletions.
diff --git a/data/System/SmsAuthRegistrationParts.txt b/data/System/SmsAuthRegistrationParts.txt
@@ -0,0 +1,53 @@
+%META:TOPICINFO{author="ProjectContributor" comment="" date="1450471494" format="1.1" version="1"}%
+%META:TOPICPARENT{name="AdminToolsCategory"}%
+<noautolink>
+
+---+ SMS 2-Step Authentication: User Registration components
+
+This topic contains the pieces that are assembled into the UserRegistration page.  There is no need to modify this topic.
+If a section of the same name is found in the [[%USERSWEB%.UserRegistration]] topic, it will be used instead of or in addition to sections in this topic.
+
+   * Read general customisation instructions in [[%SYSTEMWEB%.UserAuthentication]]
+
+This topic contains 3 fields for 2-step authentication, and allows them two be
+captured during user registration.  In order to enable these fields,  edit
+your %USERSWEB%.UserRegistration page and update the below settings:
+
+   1 Add this topic name to the "REGPARTS" setting:
+      * !%SET{"REGPARTS" value="%WEB%.%TOPIC%,%SYSTEMWEB%.UserRegistrationParts,%SYSTEMWEB%.SmsAuthRegistrationParts"}%
+   1 Enable the extra fields from the FIELDS setting.  Note that extraField_mobile and extraField_mobileCarrier.   The third field, extraField_twoStepAuth is only used if two-step authentication is optional.
+      * !%SET{"FIELDS" value="extraField_mobile,extraField_mobileCarrier,extraField_twoStepAuth"}%
+
+%JQREQUIRE{"chili"}%
+
+---++ Fields included on registration forms
+---+++ Optional field: =Mobile Number=
+<verbatim class="tml">
+%STARTSECTION{"extraField_mobile"}%<li><label class="desc" for="Fwk0Mobile">%MAKETEXT{"Mobile number:"}%</label>
+<div><input type="text" id="Fwk0Mibile" name="Fwk0Mobile" size="40" class="foswikiInputField" value="" tabindex="11" /></div></li>%ENDSECTION{"extraField_mobile"}%
+</verbatim>
+
+---+++ Optional field: =Mobile Carrier=
+<verbatim class="tml">
+%STARTSECTION{"extraField_mobileCarrier"}%<li><label class="desc" for="Fwk0MobileCarrier">%MAKETEXT{"Mobile carrier:"}%</label>
+<div><select id="Fwk0MobileCarrier" name="Fwk0MobileCarrier" tabindex="12" />%INCLUDE{"%SYSTEMWEB%.SmsTwoStepAuthContrib" section="carrierselect"}%</select>
+</div></li>%ENDSECTION{"extraField_mobileCarrier"}%
+</verbatim>
+
+---+++ Optional field: =Two Step Auth=
+<verbatim class="tml">
+%STARTSECTION{"extraField_twoStepAuth"}%<li><label class="desc" for="Fwk0TwoStepAuth">%MAKETEXT{"Use Two Step Authorization:"}%</label>
+<div><rinput type="radio" id="Fwk0TwoStepAuth" name="" value="on" tabindex="13" />
+<input type="radio" name="Fwk0TwoStepAuth" value="on"><label>Enabled</label><br>
+<input type="radio" name="Fwk0TwoStepAuth" value="off"><label>Disabled</label><br>
+</div></li>%ENDSECTION{"extraField_twoStepAuth"}%
+</verbatim>
+
+---++ Formfields used in User form:
+The above 3 fields capture data into the following User form fields:
+| Mobile | text | 60 | | Mobile number | |
+| Mobile Carrier | select | 1 | , %INCLUDE{ "%SYSTEMWEB%.SmsTwoStepAuthContrib" section="carrierlist" }% | Mobile carrier | |
+| Two Step Auth | radio | 2 | off, on | Select on to use two-factor authentication | |
+
+
+%META:PREFERENCE{name="ALLOWTOPICVIEW" title="ALLOWTOPICVIEW" type="Set" value="*"}%
diff --git a/data/System/SmsAuthUserForm.txt b/data/System/SmsAuthUserForm.txt
@@ -0,0 +1,31 @@
+%META:TOPICINFO{author="ProjectContributor" date="1447730097" format="1.1" version="1"}%
+%META:TOPICPARENT{name="AdminToolsCategory"}%
+---+ User Form
+
+This is a maintenance topic, used by the Wiki administrator.
+
+---++ Data form definition of user topics
+%INCLUDE{"%SYSTEMWEB%.UserFormHelp" section="note"}%
+
+|*Name*  |*Type*  |*Size*  |*Values*  |*Tooltip message*  |*Attributes*  |
+| <nop>FirstName | text | 40 | | | |
+| <nop>LastName | text | 40 | | | |
+| <nop>OrganisationName | text | 40 | | | |
+| <nop>OrganisationURL | text | 40 | | | |
+| Profession | text | 40 | | | |
+| [[%SYSTEMWEB%.CountryList][Country]] | select | 1 | | | |
+| State | text | 40 | | | |
+| Address | text | 40 | | | |
+| Location | text | 40 | | | |
+| Telephone | text | 40 | | | |
+| Mobile | text | 60 | | Mobile number | |
+| Mobile Carrier | select | 1 | , %INCLUDE{ "%SYSTEMWEB%.SmsTwoStepAuthContrib" section="carrierlist" }% | Mobile carrier | |
+| Two Step Auth | radio | 2 | off, on | Select on to use two-factor authentication | |
+| <nop>VoIP | text | 40 | | | |
+| <nop>InstantMessaging (IM) | textarea | 50x4 | | (One account per line, if several) | |
+| Email | text | 40 | | | |
+| <nop>HomePage | text | 40 | | | |
+| Comment | textarea | 50x6 | | | |
+
+%INCLUDE{"%SYSTEMWEB%.UserFormHelp" section="customform"}%
+%META:PREFERENCE{name="ALLOWTOPICVIEW" title="ALLOWTOPICVIEW" type="Set" value="*"}%
diff --git a/data/System/SmsTwoStepAuthContrib.txt b/data/System/SmsTwoStepAuthContrib.txt
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="ProjectContributor" date="1502939431" format="1.1" version="1"}%
+%META:TOPICINFO{author="BaseUserMapping_333" comment="" date="1503108486" format="1.1" version="2"}%
 ---+!! SMS Two-Step Authentication Contrib Package
 <sticky>
 <div style="float:right; background-color:#EBEEF0; margin:0 0 20px 20px; padding: 0 10px 0 10px;">
@@ -83,11 +83,25 @@ Users get an SMS as part of the second authentication step. This extension sends
 | E2SMS | UK: Vodafone | 44$phone@vodafone.net | ^\+?(44)? | Dial 242 for info. activate via website |
 </noautolink>
 
+__Legend of columns:__
+
+   * *Type:* Has to be !E2SMS
+   * *Carrier:* Name of carrier in format =Country: Carrier=. Keep the name short.
+   * *E-mail:* Gateway e-mail address. =$phone= expands to the user's mobile number.
+   * *Filter:* [[RegularExpression][Regular expression]] filter to clean up the mobile number. Typically used to strip country code and leading zeros. If a gateway requires the country code, strip it from the mobile number, then add it in the e-mail address.
+   * *Activation:* Some carriers require users to activate the e-mail to SMS gateway. Activation info is listed here, if any.
+
+__Carrier missing?__ Find more in these e-mail to SMS gateway lists:
+
+   * http://www.ukrainecalling.com/email-to-text.aspx
+   * http://www.emailtextmessages.com/
+   * http://www.wigwag.com/devblog/send-free-sms-texts-through-gateways/
+
 ---+++ Section carrierlist
 
 The "carrierlist" section returns a comma separated list of carriers listed in this topic; it also sets spreadsheet hashes for later use.
 
-<div style="display: block;">
+<div style="display: none;">
 %STARTSECTION{carrierlist}%%SEARCH{
  "^\| *E2SMS *\|"
  type="regex"
@@ -96,30 +110,36 @@ The "carrierlist" section returns a comma separated list of carriers listed in t
  nonoise="on"
  multiple="on"
  format="$pattern(.*\| *E2SMS *\|\s*([^\|]+).*)"
- separator=", "
+ separator=","
 }%%ENDSECTION{carrierlist}%
 </div>
 
-__Legend of columns:__
-
-   * *Type:* Has to be !E2SMS
-   * *Carrier:* Name of carrier in format =Country: Carrier=. Keep the name short.
-   * *E-mail:* Gateway e-mail address. =$phone= expands to the user's mobile number.
-   * *Filter:* [[RegularExpression][Regular expression]] filter to clean up the mobile number. Typically used to strip country code and leading zeros. If a gateway requires the country code, strip it from the mobile number, then add it in the e-mail address.
-   * *Activation:* Some carriers require users to activate the e-mail to SMS gateway. Activation info is listed here, if any.
-
-__Carrier missing?__ Find more in these e-mail to SMS gateway lists:
-
-   * http://www.ukrainecalling.com/email-to-text.aspx
-   * http://www.emailtextmessages.com/
-   * http://www.wigwag.com/devblog/send-free-sms-texts-through-gateways/
+<div style="display: none;">
+%STARTSECTION{carrierselect}%
+%FORMAT{"%SEARCH{
+ "^\| *E2SMS *\|"
+ type="regex"
+ web="%WEB%"
+ topic="%TOPIC%"
+ nonoise="on"
+ multiple="on"
+ format="$pattern(.*\| *E2SMS *\|\s*([^\|]+).*)"
+ separator=","
+}%"
+type="string"
+format="<option value=\"$item\">$item</option>"
+}%
+%ENDSECTION{carrierselect}%
+</div>
 
 ---++ Security Considerations
 
 This extension is primarily intended for access restricted Foswiki sites that are installed in a public cloud, such as Amazon AWS. We recommend to install an SSL certificate and to enforce the https protocol.
 
 IP address spoofing cannot be done because establishing an SSL connection requires a handshake. The response to a request is sent to the indicated IP address, and if spoofed, it ends up at the actual address, not the intruder's. Thus a handshake fails because the would-be intruder does not receive the response.
 
+This extension stores the user's Mobile number in the !UserForm.  This can reveal mobile numbers if the user's topics are publicly readable.
+
 ---++ Installation Instructions
 
 You do not need to install anything on the browser to use this extension. These instructions are for the administrator who installs the package on the server where Foswiki is running.
@@ -225,8 +245,9 @@ Many thanks to the following sponsors for supporting this work:
 %META:FIELD{name="Author" title="Author" value="TWiki:Main.PeteerThoeny, Foswiki:Main.GeorgeClark"}%
 %META:FIELD{name="Version" title="Version" value="%25$VERSION%25"}%
 %META:FIELD{name="Release" title="Release" value="%25$RELEASE%25"}%
+%META:FIELD{name="Description" title="Description" value=""}%
 %META:FIELD{name="Repository" title="Repository" value="https://github.com/foswiki/SmsTwoFactorAuthContrib"}%
-%META:FIELD{name="Copyright" title="Copyright" value="&copy; 2014 Wave Systems Corp. %BR% &copy; 2014-2016 TWiki:Main.PeterThoeny %BR% &copy; 2014-2016 TWiki:TWiki.TWikiContributor %BR% &copy; 2017 ProjectContributors"}%
+%META:FIELD{name="Copyright" title="Copyright" value="&copy; 2014 Wave Systems Corp. %25BR%25 &copy; 2014-2016 TWiki:Main.PeterThoeny %25BR%25 &copy; 2014-2016 TWiki:TWiki.TWikiContributor %25BR%25 &copy; 2017 ProjectContributors"}%
 %META:FIELD{name="License" title="License" value="[[http://www.gnu.org/licenses/gpl.html][GPL (Gnu General Public License)]]"}%
 %META:FIELD{name="Home" title="Home" value="Foswiki:Extensions.%25$ROOTMODULE%25"}%
 %META:FIELD{name="Support" title="Support" value="Foswiki:Support.%25$ROOTMODULE%25"}%

diff --git a/lib/Foswiki/Contrib/SmsTwoStepAuthContrib/MANIFEST b/lib/Foswiki/Contrib/SmsTwoStepAuthContrib/MANIFEST
@@ -1,3 +1,5 @@
+data/System/SmsAuthRegistrationParts.txt 0775
+data/System/SmsAuthUserForm.txt 0664
 data/System/SmsTwoStepAuthContrib.txt 0644
 lib/Foswiki/Contrib/SmsTwoStepAuthContrib.pm 0644
 lib/Foswiki/Contrib/SmsTwoStepAuthContrib/Config.spec 0644

diff --git a/lib/Foswiki/LoginManager/SmsTwoStepLogin.pm b/lib/Foswiki/LoginManager/SmsTwoStepLogin.pm
@@ -382,7 +382,9 @@ sub secondStepAuth {
     $field = $topicObject->get( 'FIELD', 'Mobile' );
     $mobile = $field->{value} if ($field);
     $field = $topicObject->get( 'FIELD', 'MobileCarrier' );
-    $carrier = $field->{value} if ($field);
+
+    # AT&T will end up with the & entity encoded.
+    $carrier = Foswiki::entityDecode( $field->{value} ) if ($field);
 
 # get gateway e-mail from mobile carrier table row based on user's Mobile Carrier field
     my ( $meta, $text ) =