mirror of
https://github.com/slawkens/myaac.git
synced 2026-01-23 06:26:22 +01:00
[WIP] 2fa - Optimize code, views
This commit is contained in:
slawkens
@@ -3,19 +3,11 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
require __DIR__ . '/../base.php';
|
||||
|
||||
$account = \MyAAC\Models\Account::find($account_logged->getId());
|
||||
if (!$account) {
|
||||
if (!$account_logged->isLoaded()) {
|
||||
error('Account not found!');
|
||||
return;
|
||||
}
|
||||
|
||||
if ($db->hasColumn('accounts', 'secret')) {
|
||||
$account->secret = NULL;
|
||||
}
|
||||
|
||||
$account->{'2fa_secret'} = '';
|
||||
$account->save();
|
||||
|
||||
$twoFactorAuth->disable();
|
||||
|
||||
$twig->display('success.html.twig', [
|
||||
|
||||
@@ -14,57 +14,60 @@ if (!empty($account_logged->getCustomField('2fa_secret'))) {
|
||||
return;
|
||||
}
|
||||
|
||||
$explodeRecoveryKey = explode('-', $account_logged->getCustomField('key'));
|
||||
$newRecoveryKeyFormat = (count($explodeRecoveryKey) == 4);
|
||||
|
||||
if (ACTION == 'request') {
|
||||
$clock = new NativeClock();
|
||||
|
||||
$secret = generateRandom2faSecret();
|
||||
if ($newRecoveryKeyFormat) {
|
||||
$key = $_POST['key1'] . '-' . $_POST['key2'] . '-' . $_POST['key3'] . '-' . $_POST['key4'];
|
||||
}
|
||||
else {
|
||||
$key = $_POST['key'];
|
||||
}
|
||||
|
||||
$otp = TOTP::createFromSecret($secret);
|
||||
$accountKey = $account_logged->getCustomField('key');
|
||||
if (!empty($key) && $key == $accountKey) {
|
||||
$clock = new NativeClock();
|
||||
|
||||
setSession('2fa_secret', $secret);
|
||||
$secret = getSession('2fa_secret');
|
||||
if ($secret === null) {
|
||||
$secret = generateRandom2faSecret();
|
||||
setSession('2fa_secret', $secret);
|
||||
}
|
||||
|
||||
$otp->setLabel($account_logged->getEmail());
|
||||
$otp->setIssuer(configLua('serverName'));
|
||||
$twoFactorAuth->appDisplayEnable($secret);
|
||||
|
||||
$grCodeUri = $otp->getQrCodeUri(
|
||||
'https://api.qrserver.com/v1/create-qr-code/?data=[DATA]&size=200x200&ecc=M',
|
||||
'[DATA]'
|
||||
);
|
||||
|
||||
$twig->display('account/2fa/app/enable.html.twig', [
|
||||
'grCodeUri' => $grCodeUri,
|
||||
'secret' => $secret,
|
||||
]);
|
||||
|
||||
return;
|
||||
return;
|
||||
}
|
||||
else {
|
||||
if (empty($key)) {
|
||||
$errors[] = 'Please enter the recovery key!';
|
||||
}
|
||||
else {
|
||||
$errors[] = 'Invalid recovery key!';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (ACTION == 'link') {
|
||||
$secret = getSession('2fa_secret');
|
||||
|
||||
if ($secret === null) {
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Secret not set']]);
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Secret not set. Go back and try again.']]);
|
||||
return;
|
||||
}
|
||||
|
||||
$totp = $_POST['totp'] ?? '';
|
||||
if (!empty($totp)) {
|
||||
$otp = TOTP::createFromSecret($secret);
|
||||
$authCode = $_POST['auth-code'] ?? '';
|
||||
if (!empty($authCode)) {
|
||||
$otp = $twoFactorAuth->appInitTOTP($secret);
|
||||
|
||||
$otp->setLabel($account_logged->getEmail());
|
||||
$otp->setIssuer(configLua('serverName'));
|
||||
if (!$otp->verify($authCode)) {
|
||||
$errors = ['Token is invalid!'];
|
||||
|
||||
if (!$otp->verify($totp)) {
|
||||
$grCodeUri = $otp->getQrCodeUri(
|
||||
'https://api.qrserver.com/v1/create-qr-code/?data=[DATA]&size=200x200&ecc=M',
|
||||
'[DATA]'
|
||||
);
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
|
||||
$twig->display('error_box.html.twig', ['errors' => ['Token is invalid!']]);
|
||||
|
||||
$twig->display('account/2fa/app/enable.html.twig', [
|
||||
'grCodeUri' => $grCodeUri,
|
||||
'secret' => $secret,
|
||||
]);
|
||||
$twoFactorAuth->appDisplayEnable($secret, $otp, $errors);
|
||||
|
||||
return;
|
||||
}
|
||||
@@ -85,10 +88,22 @@ if (ACTION == 'link') {
|
||||
|
||||
return;
|
||||
}
|
||||
else {
|
||||
$errors = ['You have to enter the code generated by the authenticator!'];
|
||||
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
$twoFactorAuth->appDisplayEnable($secret, null, $errors);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($errors)) {
|
||||
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
||||
}
|
||||
|
||||
$twig->display('account/2fa/app/enable.warning.html.twig', ['wrongCode' => count($errors) > 0]);
|
||||
$twig->display('account/2fa/app/enable.warning.html.twig',
|
||||
[
|
||||
'newRecoveryKeyFormat' => $newRecoveryKeyFormat,
|
||||
'errors' => $errors,
|
||||
]
|
||||
);
|
||||
|
||||
@@ -16,8 +16,8 @@ $twoFactorAuth->deleteOldCodes();
|
||||
|
||||
$twig->display('success.html.twig',
|
||||
[
|
||||
'title' => 'Email Code Authentication Deactivated',
|
||||
'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
|
||||
'title' => 'Email Code Authentication Disabled',
|
||||
'description' => 'You have successfully <strong>disabled</strong> the <b>Email Code Authentication</b> for your account.'
|
||||
]
|
||||
);
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user