2019-05-13 07:36:09 +02:00
< ? php
2020-02-09 15:45:36 +01:00
/**
2022-01-02 08:27:47 +01:00
* @ copyright Copyright ( C ) 2010 - 2022 , the Friendica project
2020-02-09 15:45:36 +01:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
*/
2019-05-13 07:36:09 +02:00
2019-12-27 22:19:28 +01:00
namespace Friendica\Module\Security\TwoFactor ;
2019-05-13 07:36:09 +02:00
2022-06-25 14:45:33 +02:00
use Friendica\App ;
2019-05-13 07:36:09 +02:00
use Friendica\BaseModule ;
2022-06-25 14:45:33 +02:00
use Friendica\Core\L10n ;
use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues ;
2019-05-13 07:36:09 +02:00
use Friendica\Core\Renderer ;
2022-06-25 14:45:33 +02:00
use Friendica\Core\Session\Capability\IHandleSessions ;
use Friendica\Module\Response ;
use Friendica\Util\Profiler ;
2019-05-13 07:36:09 +02:00
use PragmaRX\Google2FA\Google2FA ;
2021-01-19 05:32:48 +01:00
use Friendica\Security\TwoFactor ;
2022-06-25 14:45:33 +02:00
use Psr\Log\LoggerInterface ;
2019-05-13 07:36:09 +02:00
/**
* Page 1 : Authenticator code verification
*
* @ package Friendica\Module\TwoFactor
*/
class Verify extends BaseModule
{
2022-06-25 14:45:33 +02:00
protected $errors = [];
/** @var IHandleSessions */
protected $session ;
/** @var IManagePersonalConfigValues */
protected $pConfig ;
public function __construct ( L10n $l10n , App\BaseURL $baseUrl , App\Arguments $args , LoggerInterface $logger , Profiler $profiler , Response $response , IManagePersonalConfigValues $pConfig , IHandleSessions $session , array $server , array $parameters = [])
{
parent :: __construct ( $l10n , $baseUrl , $args , $logger , $profiler , $response , $server , $parameters );
$this -> session = $session ;
$this -> pConfig = $pConfig ;
}
2019-07-24 02:02:26 +02:00
2021-11-28 13:44:42 +01:00
protected function post ( array $request = [])
2019-05-13 07:36:09 +02:00
{
if ( ! local_user ()) {
return ;
}
2022-06-25 14:45:33 +02:00
if (( $request [ 'action' ] ? ? '' ) === 'verify' ) {
2019-05-13 07:36:09 +02:00
self :: checkFormSecurityTokenRedirectOnError ( '2fa' , 'twofactor_verify' );
2022-06-25 14:45:33 +02:00
$code = $request [ 'verify_code' ] ? ? '' ;
2019-05-13 07:36:09 +02:00
2022-06-25 14:45:33 +02:00
$valid = ( new Google2FA ()) -> verifyKey ( $this -> pConfig -> get ( local_user (), '2fa' , 'secret' ), $code );
2019-05-13 07:36:09 +02:00
// The same code can't be used twice even if it's valid
2022-06-25 14:45:33 +02:00
if ( $valid && $this -> session -> get ( '2fa' ) !== $code ) {
$this -> session -> set ( '2fa' , $code );
2021-01-19 05:32:48 +01:00
2022-06-25 14:45:33 +02:00
$this -> baseUrl -> redirect ( '2fa/trust' );
2019-05-13 07:36:09 +02:00
} else {
2022-06-25 14:45:33 +02:00
$this -> errors [] = $this -> t ( 'Invalid code, please retry.' );
2019-05-13 07:36:09 +02:00
}
}
}
2021-11-20 15:38:03 +01:00
protected function content ( array $request = []) : string
2019-05-13 07:36:09 +02:00
{
if ( ! local_user ()) {
2022-06-25 14:45:33 +02:00
$this -> baseUrl -> redirect ();
2019-05-13 07:36:09 +02:00
}
// Already authenticated with 2FA token
2022-06-25 14:45:33 +02:00
if ( $this -> session -> get ( '2fa' )) {
$this -> baseUrl -> redirect ();
2019-05-13 07:36:09 +02:00
}
return Renderer :: replaceMacros ( Renderer :: getMarkupTemplate ( 'twofactor/verify.tpl' ), [
'$form_security_token' => self :: getFormSecurityToken ( 'twofactor_verify' ),
2019-05-13 19:31:08 +02:00
2022-06-25 14:45:33 +02:00
'$title' => $this -> t ( 'Two-factor authentication' ),
'$message' => $this -> t ( '<p>Open the two-factor authentication app on your device to get an authentication code and verify your identity.</p>' ),
'$errors_label' => $this -> tt ( 'Error' , 'Errors' , count ( $this -> errors )),
'$errors' => $this -> errors ,
'$recovery_message' => $this -> t ( 'If you do not have access to your authentication code you can use a <a href="%s">two-factor recovery code</a>.' , '2fa/recovery' ),
'$verify_code' => [ 'verify_code' , $this -> t ( 'Please enter a code from your authentication app' ), '' , '' , $this -> t ( 'Required' ), 'autofocus autocomplete="one-time-code" placeholder="000000" inputmode="numeric" pattern="[0-9]*"' ],
'$verify_label' => $this -> t ( 'Verify code and complete login' ),
2019-05-13 07:36:09 +02:00
]);
}
}