[WIP] Working 2fa email auth

2025-10-17 11:13:27 +02:00 · 2025-06-22 18:50:54 +02:00
parent 96d6e04bd2
commit b3dfc56c96
17 changed files with 513 additions and 195 deletions
--- a/system/pages/account/2fa.php
+++ b/system/pages/account/2fa.php
@@ -20,61 +20,102 @@ csrfProtect();
 /**
 * @var OTS_Account $account_logged
 */
-$step = isset($_REQUEST['step']) ?? '';
+$step = $_REQUEST['step'] ?? '';
+$code = $_REQUEST['email-code'] ?? '';

 if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
 	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
 	return;
 }

-$twoFactorAuth = new TwoFactorAuth($account_logged);
+if (!isset($account_logged) || !$account_logged->isLoaded()) {
+	$current_session = getSession('account');
+	if($current_session) {
+		$account_logged->load($current_session);
+	}
+}
+
+$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);

 if (ACTION == 'email-code') {
-	if ($step === 'verify') {
-		$code = $_POST['email-code'] ?? '';
-		if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
-			$twoFactorAuth->getAuthGateway()->deleteOldCodes();
-
-			//session(['2fa_skip' => true]);
-			header('Location: account/manage');
-			exit;
-		}
-	}
-	else if ($step == 'resend') {
-		$twoFactorAuth->getAuthGateway()->resendEmailCode();
-
-		$twig->display('account.2fa.email_code.html.twig');
-	}
-	else if ($step == 'confirm-activate') {
-		$account2faCode = $account_logged->getCustomField('2fa_email_code');
-		$account2faCodeTimeout = $account_logged->getCustomField('2fa_email_code_timeout');
-
-		if (!empty($account2faCodeTimeout) && time() - (int)$account2faCodeTimeout < (24 * 60 * 60)) {
-			$postCode = $_POST['email-code'] ?? '';
-			if (!empty($account2faCode)) {
-				if (!empty($postCode)) {
-					if ($postCode == $account2faCode) {
-						$twig->display('account.2fa.email-code.success.html.twig');
-					}
-				}
-				else {
-
-				}
-			}
-			else {
-				$errors[] = 'Your account dont have 2fa E-Mail code sent.';
-
-			}
+	if ($step == 'resend') {
+		if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
+			$errors = ['Sorry, one email per 15 minutes'];
 		}
 		else {
-			$errors[] = 'E-Mail Code expired.';
+			$twoFactorAuth->resendEmailCode();
 		}
+
+		if (!empty($errors)) {
+			$twig->display('error_box.html.twig',  ['errors' => $errors]);
+		}
+
+		$twig->display('account.2fa.email-code.login.html.twig');
+	}
+	else if ($step == 'activate') {
+		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
+			$twoFactorAuth->resendEmailCode();
+		}
+
+		if (isset($_POST['save'])) {
+			if (!empty($code)) {
+				$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
+				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
+					$serverName = configLua('serverName');
+
+					$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
+					$twoFactorAuth->deleteOldCodes();
+
+					$twig->display('success.html.twig', [
+						'title' => 'Email Code Authentication Activated',
+						'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
+					]);
+
+					return;
+				}
+				else {
+					$errors[] = 'Invalid email code!';
+				}
+			}
+		}
+
+		if (!empty($errors)) {
+			$twig->display('error_box.html.twig', ['errors' => $errors]);
+		}
+
+		$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
+	}
+	else if ($step == 'deactivate') {
+		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
+			$twoFactorAuth->resendEmailCode();
+		}
+
+		if (isset($_POST['save'])) {
+			if (!empty($code)) {
+				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
+
+					$twoFactorAuth->disable();
+					$twoFactorAuth->deleteOldCodes();
+
+					$twig->display('success.html.twig',
+						[
+							'title' => 'Email Code Authentication Deactivated',
+							'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
+						]
+					);
+
+					return;
+				}
+				else {
+					$errors[] = 'Invalid email code!';
+				}
+			}
+		}
+
+		if (!empty($errors)) {
+			$twig->display('error_box.html.twig', ['errors' => $errors]);
+		}
+
+		$twig->display('account.2fa.email-code.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 }
-
-if (!empty($errors)) {
-	$twig->display('error_box.html.twig',  ['errors' => $errors]);
-	$twig->display('account.back_button.html.twig', [
-		'new_line' => true
-	]);
-}
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -58,8 +58,8 @@ if(!empty($login_account) && !empty($login_password))
 				setSession('remember_me', true);
 			}

-			$twoFactorAuth = new TwoFactorAuth($account_logged);
-			if (!$twoFactorAuth->process()) {
+			$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
+			if (!$twoFactorAuth->process($_POST['email-code'] ?? '')) {
 				return;
 			}

--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
+
+use MyAAC\TwoFactorAuth\TwoFactorAuth;
+
 defined('MYAAC') or die('Direct access not allowed!');

 $title = 'Account Management';
@@ -111,6 +114,8 @@ $twig->display('account.management.html.twig', array(
 	'account_registered' => $account_registered,
 	'account_rlname' => $account_rlname,
 	'account_location' => $account_location,
+	'twoFactorViews' => TwoFactorAuth::getInstance($account_logged)->getAccountManageViews(),
+
 	'actions' => $actions,
-	'players' => $account_players
+	'players' => $account_players,
 ));