Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

119 lines
4.8 KiB

  1. <?php
  2. namespace Friendica\Module\Settings\TwoFactor;
  3. use Friendica\Core\L10n;
  4. use Friendica\Core\Renderer;
  5. use Friendica\Core\Session;
  6. use Friendica\DI;
  7. use Friendica\Model\TwoFactor\AppSpecificPassword;
  8. use Friendica\Model\TwoFactor\RecoveryCode;
  9. use Friendica\Model\User;
  10. use Friendica\Module\BaseSettingsModule;
  11. use Friendica\Module\Security\Login;
  12. use PragmaRX\Google2FA\Google2FA;
  13. class Index extends BaseSettingsModule
  14. {
  15. public static function post(array $parameters = [])
  16. {
  17. if (!local_user()) {
  18. return;
  19. }
  20. self::checkFormSecurityTokenRedirectOnError('settings/2fa', 'settings_2fa');
  21. try {
  22. User::getIdFromPasswordAuthentication(local_user(), $_POST['password'] ?? '');
  23. $has_secret = (bool) DI::pConfig()->get(local_user(), '2fa', 'secret');
  24. $verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
  25. switch ($_POST['action'] ?? '') {
  26. case 'enable':
  27. if (!$has_secret && !$verified) {
  28. $Google2FA = new Google2FA();
  29. DI::pConfig()->set(local_user(), '2fa', 'secret', $Google2FA->generateSecretKey(32));
  30. DI::baseUrl()->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password'));
  31. }
  32. break;
  33. case 'disable':
  34. if ($has_secret) {
  35. RecoveryCode::deleteForUser(local_user());
  36. DI::pConfig()->delete(local_user(), '2fa', 'secret');
  37. DI::pConfig()->delete(local_user(), '2fa', 'verified');
  38. Session::remove('2fa');
  39. notice(L10n::t('Two-factor authentication successfully disabled.'));
  40. DI::baseUrl()->redirect('settings/2fa');
  41. }
  42. break;
  43. case 'recovery':
  44. if ($has_secret) {
  45. DI::baseUrl()->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password'));
  46. }
  47. break;
  48. case 'app_specific':
  49. if ($has_secret) {
  50. DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
  51. }
  52. break;
  53. case 'configure':
  54. if (!$verified) {
  55. DI::baseUrl()->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password'));
  56. }
  57. break;
  58. }
  59. } catch (\Exception $e) {
  60. notice(L10n::t('Wrong Password'));
  61. }
  62. }
  63. public static function content(array $parameters = [])
  64. {
  65. if (!local_user()) {
  66. return Login::form('settings/2fa');
  67. }
  68. parent::content($parameters);
  69. $has_secret = (bool) DI::pConfig()->get(local_user(), '2fa', 'secret');
  70. $verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
  71. return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/index.tpl'), [
  72. '$form_security_token' => self::getFormSecurityToken('settings_2fa'),
  73. '$title' => L10n::t('Two-factor authentication'),
  74. '$help_label' => L10n::t('Help'),
  75. '$status_title' => L10n::t('Status'),
  76. '$message' => L10n::t('<p>Use an application on a mobile device to get two-factor authentication codes when prompted on login.</p>'),
  77. '$has_secret' => $has_secret,
  78. '$verified' => $verified,
  79. '$auth_app_label' => L10n::t('Authenticator app'),
  80. '$app_status' => $has_secret ? $verified ? L10n::t('Configured') : L10n::t('Not Configured') : L10n::t('Disabled'),
  81. '$not_configured_message' => L10n::t('<p>You haven\'t finished configuring your authenticator app.</p>'),
  82. '$configured_message' => L10n::t('<p>Your authenticator app is correctly configured.</p>'),
  83. '$recovery_codes_title' => L10n::t('Recovery codes'),
  84. '$recovery_codes_remaining' => L10n::t('Remaining valid codes'),
  85. '$recovery_codes_count' => RecoveryCode::countValidForUser(local_user()),
  86. '$recovery_codes_message' => L10n::t('<p>These one-use codes can replace an authenticator app code in case you have lost access to it.</p>'),
  87. '$app_specific_passwords_title' => L10n::t('App-specific passwords'),
  88. '$app_specific_passwords_remaining' => L10n::t('Generated app-specific passwords'),
  89. '$app_specific_passwords_count' => AppSpecificPassword::countForUser(local_user()),
  90. '$app_specific_passwords_message' => L10n::t('<p>These randomly generated passwords allow you to authenticate on apps not supporting two-factor authentication.</p>'),
  91. '$action_title' => L10n::t('Actions'),
  92. '$password' => ['password', L10n::t('Current password:'), '', L10n::t('You need to provide your current password to change two-factor authentication settings.'), 'required', 'autofocus'],
  93. '$enable_label' => L10n::t('Enable two-factor authentication'),
  94. '$disable_label' => L10n::t('Disable two-factor authentication'),
  95. '$recovery_codes_label' => L10n::t('Show recovery codes'),
  96. '$app_specific_passwords_label' => L10n::t('Manage app-specific passwords'),
  97. '$configure_label' => L10n::t('Finish app configuration'),
  98. ]);
  99. }
  100. }