friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
1
2
Fork 1
Code Issues Releases 48 Wiki Activity
Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25994 Commits
2 Branches
237 MiB
 
 
 
 
 
 
Tree: 800694e9b3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '800694e9b3'
${ noResults }
friendica/src/Module/Settings/TwoFactor/Verify.php

128 lines
3.9 KiB
Raw Blame History 

  1. <?php

  2. 

  3. namespace Friendica\Module\Settings\TwoFactor;

  4. 

  5. use BaconQrCode\Renderer\Image\SvgImageBackEnd;

  6. use BaconQrCode\Renderer\ImageRenderer;

  7. use BaconQrCode\Renderer\RendererStyle\RendererStyle;

  8. use BaconQrCode\Writer;

  9. use Friendica\Core\L10n;

  10. use Friendica\Core\Renderer;

  11. use Friendica\Core\Session;

  12. use Friendica\DI;

  13. use Friendica\Module\BaseSettingsModule;

  14. use Friendica\Module\Security\Login;

  15. use PragmaRX\Google2FA\Google2FA;

  16. 

  17. /**

  18.  * // Page 4: 2FA enabled but not verified, QR code and verification

  19.  *

  20.  * @package Friendica\Module\TwoFactor\Settings

  21.  */

  22. class Verify extends BaseSettingsModule

  23. {

  24. 	public static function init(array $parameters = [])

  25. 	{

  26. 		if (!local_user()) {

  27. 			return;

  28. 		}

  29. 

  30. 		$secret = DI::pConfig()->get(local_user(), '2fa', 'secret');

  31. 		$verified = DI::pConfig()->get(local_user(), '2fa', 'verified');

  32. 

  33. 		if ($secret && $verified) {

  34. 			DI::baseUrl()->redirect('settings/2fa');

  35. 		}

  36. 

  37. 		if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {

  38. 			notice(L10n::t('Please enter your password to access this page.'));

  39. 			DI::baseUrl()->redirect('settings/2fa');

  40. 		}

  41. 	}

  42. 

  43. 	public static function post(array $parameters = [])

  44. 	{

  45. 		if (!local_user()) {

  46. 			return;

  47. 		}

  48. 

  49. 		if (($_POST['action'] ?? '') == 'verify') {

  50. 			self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');

  51. 

  52. 			$google2fa = new Google2FA();

  53. 

  54. 			$valid = $google2fa->verifyKey(DI::pConfig()->get(local_user(), '2fa', 'secret'), $_POST['verify_code'] ?? '');

  55. 

  56. 			if ($valid) {

  57. 				DI::pConfig()->set(local_user(), '2fa', 'verified', true);

  58. 				Session::set('2fa', true);

  59. 

  60. 				notice(L10n::t('Two-factor authentication successfully activated.'));

  61. 

  62. 				DI::baseUrl()->redirect('settings/2fa');

  63. 			} else {

  64. 				notice(L10n::t('Invalid code, please retry.'));

  65. 			}

  66. 		}

  67. 	}

  68. 

  69. 	public static function content(array $parameters = [])

  70. 	{

  71. 		if (!local_user()) {

  72. 			return Login::form('settings/2fa/verify');

  73. 		}

  74. 

  75. 		parent::content($parameters);

  76. 

  77. 		$company = 'Friendica';

  78. 		$holder = Session::get('my_address');

  79. 		$secret = DI::pConfig()->get(local_user(), '2fa', 'secret');

  80. 

  81. 		$otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);

  82. 

  83. 		$renderer = (new \BaconQrCode\Renderer\Image\Svg())

  84. 			->setHeight(256)

  85. 			->setWidth(256);

  86. 

  87. 		$writer = new Writer($renderer);

  88. 

  89. 		$qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));

  90. 

  91. 		$shortOtpauthUrl = explode('?', $otpauthUrl)[0];

  92. 

  93. 		$manual_message = L10n::t('<p>Or you can submit the authentication settings manually:</p>

  94. <dl>

  95. 	<dt>Issuer</dt>

  96. 	<dd>%s</dd>

  97. 	<dt>Account Name</dt>

  98. 	<dd>%s</dd>

  99. 	<dt>Secret Key</dt>

  100. 	<dd>%s</dd>

  101. 	<dt>Type</dt>

  102. 	<dd>Time-based</dd>

  103. 	<dt>Number of digits</dt>

  104. 	<dd>6</dd>

  105. 	<dt>Hashing algorithm</dt>

  106. 	<dd>SHA-1</dd>

  107. </dl>', $company, $holder, $secret);

  108. 

  109. 		return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [

  110. 			'$form_security_token'     => self::getFormSecurityToken('settings_2fa_verify'),

  111. 			'$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),

  112. 

  113. 			'$title'              => L10n::t('Two-factor code verification'),

  114. 			'$help_label'         => L10n::t('Help'),

  115. 			'$message'            => L10n::t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),

  116. 			'$qrcode_image'       => $qrcode_image,

  117. 			'$qrcode_url_message' => L10n::t('<p>Or you can open the following URL in your mobile devicde:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),

  118. 			'$manual_message'     => $manual_message,

  119. 			'$company'            => $company,

  120. 			'$holder'             => $holder,

  121. 			'$secret'             => $secret,

  122. 

  123. 			'$verify_code'  => ['verify_code', L10n::t('Please enter a code from your authentication app'), '', '', 'required', 'autofocus placeholder="000000"'],

  124. 			'$verify_label' => L10n::t('Verify code and enable two-factor authentication'),

  125. 		]);

  126. 	}

  127. }