Merge pull request #886 from twetech/0.1.8.4

Remember Me Tokens, and AI Enhancements
2024-02-22 17:34:10 -05:00 · 2024-02-22 17:34:10 -05:00 · 46344c962b
parent f363e7e6fc 5d620d041a
commit 46344c962b
7 changed files with 58 additions and 18 deletions
--- a/database_updates.php
+++ b/database_updates.php
@ -1607,10 +1607,17 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.6'");
    }

-    // if (CURRENT_DATABASE_VERSION == '1.0.6') {
-    //     // Insert queries here required to update to DB version 1.0.7
+    if (CURRENT_DATABASE_VERSION == '1.0.6') {
+        // Insert queries here required to update to DB version 1.0.7
+        mysqli_query($mysqli, "CREATE TABLE `remember_tokens` (`remember_token_id` int(11) NOT NULL AUTO_INCREMENT,`remember_token_token` varchar(255) NOT NULL,`remember_token_user_id` int(11) NOT NULL,`remember_token_created_at` datetime NOT NULL DEFAULT current_timestamp()");
+        // Then, update the database to the next sequential version
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
+    }
+
+    // if (CURRENT_DATABASE_VERSION == '1.0.7') {
+    //     // Insert queries here required to update to DB version 1.0.8
    //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.7'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.0.8'");
    // }

 } else {
--- a/database_version.php
+++ b/database_version.php
@ -5,5 +5,5 @@
 * It is used in conjunction with database_updates.php
 */

-DEFINE("LATEST_DATABASE_VERSION", "1.0.6");
+DEFINE("LATEST_DATABASE_VERSION", "1.0.7");

--- a/db.sql
+++ b/db.sql
@ -1041,6 +1041,22 @@ CREATE TABLE `recurring_expenses` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;

+--
+-- Table structure for table remember_tokens
+--
+
+DROP TABLE IF EXISTS `remember_tokens`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `remember_tokens` (
+  `remember_token_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `remember_token_user_id` int(10) unsigned NOT NULL,
+  `remember_token_token` varchar(100) NOT NULL,
+  `remember_token_created_at` timestamp NOT NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+
 --
 -- Table structure for table `revenues`
 --
--- a/js/ai_reword.js
+++ b/js/ai_reword.js
@ -1,5 +1,6 @@
 document.getElementById('rewordButton').addEventListener('click', function() {
    var textInput = document.getElementById('textInput');
+    var ticketDescription = document.getElementById('ticketDescription');
    var rewordButton = document.getElementById('rewordButton');
    var undoButton = document.getElementById('undoButton');
    var previousText = textInput.value; // Store the current text
@ -13,7 +14,11 @@ document.getElementById('rewordButton').addEventListener('click', function() {
        headers: {
            'Content-Type': 'application/json',
        },
-        body: JSON.stringify({ text: textInput.value }),
+        // Body with the text to reword and the ticket description
+        body: JSON.stringify({
+            text: textInput.value,
+            ticketDescription: ticketDescription.innerText.valueOf(),
+        }),
    })
    .then(response => response.json())
    .then(data => {
--- a/login.php
+++ b/login.php
@ -111,14 +111,24 @@ if (isset($_POST['login'])) {
        $user_email = sanitizeInput($row['user_email']);
        $token = sanitizeInput($row['user_token']);
        $force_mfa = intval($row['user_config_force_mfa']);
-        $remember_token = $row['user_config_remember_me_token'];
+        $user_role = intval($row['user_role']);
+        $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
+        $user_extension_key = $row['user_extension_key'];
        if($force_mfa == 1 && $token == NULL) {
            $config_start_page = "user_security.php";
        }

+        // Get remember tokens less than 2 days old
+        $remember_tokens = mysqli_query($mysqli, "SELECT remember_token_token FROM remember_tokens WHERE remember_token_user_id = $user_id AND remember_token_created_at > (NOW() - INTERVAL 2 DAY)");
+
        $bypass_2fa = false;
-        if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
-            $bypass_2fa = true;
+        if (isset($_COOKIE['rememberme'])) {
+            while ($row = mysqli_fetch_assoc($remember_tokens)) {
+                if (hash_equals($row['remember_token_token'], $_COOKIE['rememberme'])) {
+                    $bypass_2fa = true;
+                    break;
+                }
+            }
        } elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
            $bypass_2fa = true;
        }
@ -127,7 +137,7 @@ if (isset($_POST['login'])) {
            if (isset($_POST['remember_me'])) {
                $newRememberToken = bin2hex(random_bytes(64));
                setcookie('rememberme', $newRememberToken, time() + 86400*2, "/", null, true, true);
-                $updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
+                $updateTokenQuery = "INSERT INTO remember_tokens (remember_token_user_id, remember_token_token) VALUES ($user_id, '$newRememberToken')";
                mysqli_query($mysqli, $updateTokenQuery);
            }

@ -171,21 +181,20 @@ if (isset($_POST['login'])) {
            // Session info
            $_SESSION['user_id'] = $user_id;
            $_SESSION['user_name'] = $user_name;
-            $_SESSION['user_role'] = intval($row['user_role']);
+            $_SESSION['user_role'] = $user_role;
            $_SESSION['csrf_token'] = randomString(156);
            $_SESSION['logged'] = true;

            // Setup encryption session key
-            if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
-                $user_encryption_ciphertext = $row['user_specific_encryption_ciphertext'];
+            if (is_null($user_encryption_ciphertext) && $user_role > 1) {
                $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
                generateUserSessionKey($site_encryption_master_key);

                // Setup extension
-                if (isset($row['user_extension_key']) && !empty($row['user_extension_key'])) {
+                if (is_null($user_extension_key)) {
                    // Extension cookie
                    // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
-                    setcookie("user_extension_key", "$row[user_extension_key]", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
+                    setcookie("user_extension_key", "$user_extension_key", ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'None']);

                    // Set PHP session in DB, so we can access the session encryption data (above)
                    $user_php_session = session_id();
--- a/post/ai.php
+++ b/post/ai.php
@ -12,14 +12,15 @@ if (isset($_GET['ai_reword'])) {
    $inputJSON = file_get_contents('php://input');
    $input = json_decode($inputJSON, TRUE); // Convert JSON into array.

-    // Prefix the input text with "reword: "
-    $prefixedText = "reword: " . $input['text'];
+    $promptText = "You are an experienced technician at a help desk, training a new technician. You are helping rewrite response for clarity and professionalism, but dont make it too wordy.";
+    $userText = $input['text'];

    // Preparing the data for the OpenAI Chat API request.
    $data = [
        "model" => "$config_ai_model", // Specify the model
        "messages" => [
-            ["role" => "user", "content" => $prefixedText]
+            ["role" => "system", "content" => $promptText],
+            ["role" => "user", "content" => $userText],
        ],
        "temperature" => 0.7
    ];
@ -45,6 +46,8 @@ if (isset($_GET['ai_reword'])) {

    // Check if the response contains the expected data and return it.
    if (isset($responseData['choices'][0]['message']['content'])) {
+        // Remove any square brackets and their contents from the response.
+        $responseData['choices'][0]['message']['content'] = preg_replace('/\[.*?\]/', '', $responseData['choices'][0]['message']['content']);
        echo json_encode(['rewordedText' => trim($responseData['choices'][0]['message']['content'])]);
    } else {
        // Handle errors or unexpected response structure.
--- a/ticket.php
+++ b/ticket.php
@ -285,7 +285,7 @@ if (isset($_GET['ticket_id'])) {
                            <h3 class="card-title text-bold"><?php echo $ticket_subject; ?></h3>
                        </div>

-                        <div class="card-body prettyContent">
+                        <div class="card-body prettyContent" id="ticketDetails">
                            <?php echo $ticket_details; ?>

                            <?php