Add two-factor authentication
- Add 2FA login interception in Session::setAuthenticatedForUser - Add 2fa session variable holding the last auth code
This commit is contained in:
parent
a7feb4bf9f
commit
d7e9b91181
7 changed files with 194 additions and 0 deletions
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
namespace Friendica\Core;
|
||||
|
||||
use Friendica\App;
|
||||
use Friendica\BaseObject;
|
||||
use Friendica\Util\BaseURL;
|
||||
|
||||
|
|
@ -61,5 +62,26 @@ class Authentication extends BaseObject
|
|||
session_unset();
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
public static function twoFactorCheck($uid, App $a)
|
||||
{
|
||||
// Check user setting, if 2FA disabled return
|
||||
if (!PConfig::get($uid, '2fa', 'verified')) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Check current path, if 2fa authentication module return
|
||||
if ($a->argc > 0 && in_array($a->argv[0], ['ping', '2fa', 'view', 'help', 'logout'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Case 1: 2FA session present and valid: return
|
||||
if (Session::get('2fa')) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Case 2: No valid 2FA session: redirect to code verification page
|
||||
$a->internalRedirect('2fa');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -186,6 +186,8 @@ class Session
|
|||
}
|
||||
}
|
||||
|
||||
Authentication::twoFactorCheck($user_record['uid'], $a);
|
||||
|
||||
if ($interactive) {
|
||||
if ($user_record['login_date'] <= DBA::NULL_DATETIME) {
|
||||
info(L10n::t('Welcome %s', $user_record['username']));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue