mirror of
https://github.com/slawkens/myaac.git
synced 2026-02-06 21:26:22 +01:00
[WIP] 2fa
* Don't allow per get request to disable 2fa * Fix google recaptcha issue * Fix rec key check * Make input auth code required + autofocus
This commit is contained in:
slawkens
@@ -3,14 +3,24 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
if (!isRequestMethod('post')) {
|
||||
error('This page cannot be accessed directly.');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$account_logged->isLoaded()) {
|
||||
error('Account not found!');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$twoFactorAuth->isActive($twoFactorAuth::TYPE_APP)) {
|
||||
error("Your account does not have Two Factor App Authentication enabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
$twoFactorAuth->disable();
|
||||
|
||||
$twig->display('success.html.twig', [
|
||||
'title' => 'Disabled',
|
||||
'description' => 'Two Factor Authentication has been disabled.'
|
||||
'description' => 'Two Factor App Authentication has been disabled.'
|
||||
]);
|
||||
|
||||
@@ -5,9 +5,9 @@ use MyAAC\TwoFactorAuth\TwoFactorAuth;
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
if (!empty($account_logged->getCustomField('2fa_secret'))) {
|
||||
|
||||
$twig->display('account/2fa/app/enable.already_connected.html.twig');
|
||||
if ($twoFactorAuth->isActive()) {
|
||||
$errors[] = 'Two-factor authentication is already enabled on your account.';
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -12,11 +12,6 @@ $title = 'Two Factor Authentication';
|
||||
*/
|
||||
$code = $_REQUEST['auth-code'] ?? '';
|
||||
|
||||
if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Account two-factor e-mail authentication disabled.']]);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$account_logged->isLoaded()) {
|
||||
$current_session = getSession('account');
|
||||
if($current_session) {
|
||||
|
||||
@@ -3,14 +3,26 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
|
||||
// $twoFactorAuth->resendEmailCode();
|
||||
//}
|
||||
if ((!setting('core.mail_enabled'))) {
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Account Two-Factor E-Mail Authentication disabled.']]);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isRequestMethod('post')) {
|
||||
error('This page cannot be accessed directly.');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$account_logged->isLoaded()) {
|
||||
error('Account not found!');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$twoFactorAuth->isActive($twoFactorAuth::TYPE_EMAIL)) {
|
||||
error("Your account does not have Two Factor E-Mail Authentication enabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
/*if (isset($_POST['save'])) {
|
||||
if (!empty($code)) {
|
||||
if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
|
||||
*/
|
||||
$twoFactorAuth->disable();
|
||||
$twoFactorAuth->deleteOldCodes();
|
||||
|
||||
@@ -20,18 +32,3 @@ $twig->display('success.html.twig',
|
||||
'description' => 'You have successfully <strong>disabled</strong> the <b>Email Code Authentication</b> for your account.'
|
||||
]
|
||||
);
|
||||
/*
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Invalid email code!';
|
||||
}
|
||||
}
|
||||
}*/
|
||||
|
||||
/*
|
||||
if (!empty($errors)) {
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
}
|
||||
|
||||
$twig->display('account/2fa/email/deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
|
||||
*/
|
||||
|
||||
@@ -6,6 +6,18 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
if ((!setting('core.mail_enabled'))) {
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Account Two-Factor E-Mail Authentication disabled.']]);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($twoFactorAuth->isActive()) {
|
||||
$errors[] = 'Two-factor authentication is already enabled on your account.';
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
|
||||
$twoFactorAuth->resendEmailCode();
|
||||
}
|
||||
|
||||
@@ -3,8 +3,23 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
if ($twoFactorAuth->hasRecentEmailCode(1 * 60)) {
|
||||
$errors = ['Sorry, one email per 15 minutes'];
|
||||
if ((!setting('core.mail_enabled'))) {
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Account Two-Factor E-Mail Authentication disabled.']]);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$account_logged->isLoaded()) {
|
||||
error('Account not found!');
|
||||
return;
|
||||
}
|
||||
|
||||
if ($twoFactorAuth->isActive($twoFactorAuth::TYPE_APP)) {
|
||||
error('You have to disable the app auth first!');
|
||||
return;
|
||||
}
|
||||
|
||||
if ($twoFactorAuth->hasRecentEmailCode(30 * 60)) {
|
||||
$errors = ['Sorry, one email per 30 minutes'];
|
||||
}
|
||||
else {
|
||||
$twoFactorAuth->resendEmailCode();
|
||||
@@ -14,4 +29,4 @@ if (!empty($errors)) {
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
}
|
||||
|
||||
$twig->display('account/2fa/email/login.html.twig');
|
||||
$twig->display('account/2fa/email/enable.html.twig');
|
||||
|
||||
@@ -55,6 +55,10 @@ if(!empty($login_account) && !empty($login_password))
|
||||
} else {
|
||||
setSession('account', $account_logged->getId());
|
||||
|
||||
if (!$hooks->trigger(HOOK_ACCOUNT_LOGIN_PRE)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
|
||||
if (!$twoFactorAuth->process($login_account, $login_password, $remember_me, $_POST['auth-code'] ?? '')) {
|
||||
return;
|
||||
|
||||
Reference in New Issue
Block a user