Follow Redirects on TOTP page in the manager

modxcms · Jun 22, 2023 · 974e986 · 974e986
1 parent 3858b67
commit 974e986
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 8 deletions.
diff --git a/_build/gpm.json b/_build/gpm.json
@@ -3,7 +3,7 @@
   "lowCaseName": "twilio",
   "description": "Twilio for MODX Revolution 3.x",
   "author": "John Peca",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "menus": [
     {
       "text": "twilio.users",

diff --git a/assets/components/twilio/js/mgr/widgets/totp.panel.js b/assets/components/twilio/js/mgr/widgets/totp.panel.js
@@ -15,7 +15,11 @@ twilio.panel.Totp = function (config) {
         localStorage.setItem('twilio_device_id', twilioDeviceId);
     } else {
         if (MODx.request.device_id == null) {
-            MODx.loadPage('totp', 'namespace=twilio&device_id=' + twilioDeviceId);
+            var url = 'namespace=twilio&device_id=' + twilioDeviceId;
+            if (MODx.request.return) {
+                url += '&return=' + MODx.request.return;
+            }
+            MODx.loadPage('totp', url);
         }
     }
     config = config || {};
@@ -39,8 +43,21 @@ twilio.panel.Totp = function (config) {
             url: MODx.config.connector_url,
             waitMsg: _('twilio.verifying'),
             success: function (form, action) {
-                console.log(action.result);
-                window.location = MODx.config.manager_url;
+                var url = MODx.config.manager_url;
+                if (MODx.request.return) {
+                    var return_url = JSON.parse(decodeURIComponent(MODx.request.return));
+                    console.log(return_url);
+                    if (return_url.a) {
+                        url += '?a=' + return_url.a;
+                    }
+                    if (return_url.namespace) {
+                        url += '&namespace=' + return_url.namespace;
+                    }
+                    if (return_url.id) {
+                        url += '&id=' + return_url.id;
+                    }
+                }
+                window.location = url;
             },
             failure: function (form, action) {
                 Ext.Msg.alert(_('error'), action.result.message);

diff --git a/core/components/twilio/controllers/totp.class.php b/core/components/twilio/controllers/totp.class.php
@@ -9,7 +9,7 @@ public function process(array $scriptProperties = array())
     {
         $deviceID = $_REQUEST['device_id'] ?? null;
         if (isset($_SESSION['twilio_totp_verified']) && $_SESSION['twilio_totp_verified']) {
-            $this->modx->sendRedirect(MODX_MANAGER_URL);
+            $this->modx->sendRedirect($this->getManagerUrl());
         }
         $user = $this->modx->user;
         $this->checkDevice($deviceID, $user);
@@ -65,7 +65,7 @@ public function checkDevice($device, $user)
             in_array($device, $userTwilio['remembered'], true)
         ) {
             $_SESSION['twilio_totp_verified'] = true;
-            $this->modx->sendRedirect(MODX_MANAGER_URL);
+            $this->modx->sendRedirect($this->getManagerUrl());
         } elseif (!empty($device)) {
             $failed = $profile->get('failedlogincount') ?? 0;
             ++$failed;
@@ -82,4 +82,22 @@ public function checkDevice($device, $user)
             }
         }
     }
+    private function getManagerUrl()
+    {
+        $url = MODX_MANAGER_URL;
+        if ($_REQUEST['return']) {
+            $url .= '?';
+            $return = json_decode($_REQUEST['return'], true);
+            if (isset($return['a'])) {
+                $url .= '&a='.$return['a'];
+            }
+            if (isset($return['namespace'])) {
+                $url .= '&namespace='.$return['namespace'];
+            }
+            if (isset($return['id'])) {
+                $url .= '&id='.$return['id'];
+            }
+        }
+        return $url;
+    }
 }
diff --git a/core/components/twilio/docs/changelog.txt b/core/components/twilio/docs/changelog.txt
@@ -1,3 +1,7 @@
+Twilio 2.0.3
+==============
+- Follow Redirects on TOTP page in the manager
+
 Twilio 2.0.2
 ==============
 - Fixing permissions issue

diff --git a/core/components/twilio/index.class.php b/core/components/twilio/index.class.php
@@ -4,7 +4,7 @@
 
 abstract class TwilioBaseManagerController extends modManagerController
 {
-    public string $version = '1.0.0';
+    public string $version = '2.0.3';
 
     public function checkPermissions()
     {

diff --git a/core/components/twilio/src/Event/OnBeforeManagerPageInit.php b/core/components/twilio/src/Event/OnBeforeManagerPageInit.php
@@ -11,14 +11,25 @@ public function run()
         // System Wide
         $enforceTotp = $this->getOption('twilio.totp_enforce', false);
         $action = $this->getOption('action');
+        $namespace = $this->getOption('namespace');
         $user = $this->modx->user;
         if (!$user || $user->id === 0) {
             return false;
         }
         // User Specific
         $userTotp = $user->getOption('twilio.totp', $user->getSettings(), false);
         if ($enforceTotp && $userTotp && !$_SESSION['twilio_totp_verified'] && $action !== 'totp') {
-            $this->modx->sendRedirect(MODX_MANAGER_URL . 'index.php?a=totp&namespace=twilio');
+            $return = [];
+            if (isset($action)) {
+                $return['a'] = $action;
+            }
+            if (isset($namespace)) {
+                $return['namespace'] = $namespace;
+            }
+            if (isset($_REQUEST['id'])) {
+                $return['id'] = $_REQUEST['id'];
+            }
+            $this->modx->sendRedirect(MODX_MANAGER_URL . 'index.php?a=totp&namespace=twilio&return='.json_encode($return));
         }
     }
 }