friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity
friendica/src/Module/Security/TwoFactor/Trust.php

145 lines
5.8 KiB
PHP
Raw Blame History

<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Module\Security\TwoFactor;
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\Session\Capability\IHandleSessions;
use Friendica\Model\User;
use Friendica\Model\User\Cookie;
use Friendica\Module\Response;
use Friendica\Network\HTTPException\FoundException;
use Friendica\Network\HTTPException\MovedPermanentlyException;
use Friendica\Network\HTTPException\TemporaryRedirectException;
use Friendica\Security\Authentication;
use Friendica\Util\Profiler;
use Friendica\Security\TwoFactor;
use Psr\Log\LoggerInterface;
/**
* Page 2: Trust Browser dialog
*
* @package Friendica\Module\TwoFactor
*/
class Trust extends BaseModule
{
/** @var App */
protected $app;
/** @var Authentication */
protected $auth;
/** @var IHandleSessions */
protected $session;
/** @var Cookie */
protected $cookie;
/** @var TwoFactor\Factory\TrustedBrowser */
protected $trustedBrowserFactory;
/** @var TwoFactor\Repository\TrustedBrowser */
protected $trustedBrowserRepository;
public function __construct(App $app, Authentication $auth, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, IHandleSessions $session, Cookie $cookie, TwoFactor\Factory\TrustedBrowser $trustedBrowserFactory, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Response $response, array $server, array $parameters = [])
{
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->app = $app;
$this->auth = $auth;
$this->session = $session;
$this->cookie = $cookie;
$this->trustedBrowserFactory = $trustedBrowserFactory;
$this->trustedBrowserRepository = $trustedBrowserRepositoy;
}
protected function post(array $request = [])
{
if (!local_user() || !$this->session->get('2fa')) {
$this->logger->info('Invalid call', ['request' => $request]);
return;
}
$action = $request['action'] ?? '';
if (!empty($action)) {
self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_trust');
switch ($action) {
case 'trust':
case 'dont_trust':
$trustedBrowser = $this->trustedBrowserFactory->createForUserWithUserAgent(local_user(), $this->server['HTTP_USER_AGENT'], $action === 'trust');
try {
$this->trustedBrowserRepository->save($trustedBrowser);
// The string is sent to the browser to be sent back with each request
if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) {
notice($this->t('Couldn\'t save browser to Cookie.'));
};
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected error when saving the trusted browser.', ['trustedBrowser' => $trustedBrowser, 'exception' => $exception]);
}
break;
}
try {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
} catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) {
// exception wanted!
throw $e;
} catch (\Exception $e) {
$this->logger->warning('Unexpected error during authentication.', ['user' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
}
}
}
protected function content(array $request = []): string
{
if (!local_user() || !$this->session->get('2fa')) {
$this->baseUrl->redirect();
}
if ($this->cookie->get('2fa_cookie_hash')) {
try {
$trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
if (!$trustedBrowser->trusted) {
$this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
$this->baseUrl->redirect();
}
} catch (TwoFactor\Exception\TrustedBrowserNotFoundException $exception) {
$this->logger->notice('Trusted Browser of the cookie not found.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (TwoFactor\Exception\TrustedBrowserPersistenceException $exception) {
$this->logger->warning('Unexpected persistence exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
} catch (\Exception $exception) {
$this->logger->warning('Unexpected exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
}
}
return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/trust.tpl'), [
'$form_security_token' => self::getFormSecurityToken('twofactor_trust'),
'$title' => $this->t('Trust this browser?'),
'$message' => $this->t('<p>If you choose to trust this browser, you will not be asked for a verification code the next time you sign in.</p>'),
'$not_now_label' => $this->t('Not now'),
'$dont_trust_label' => $this->t('Don\'t trust'),
'$trust_label' => $this->t('Trust'),
]);
}
}
View Git Blame Copy Permalink