Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

128 rivejä
3.9 KiB

  1. <?php
  2. namespace Friendica\Module\Settings\TwoFactor;
  3. use BaconQrCode\Renderer\Image\SvgImageBackEnd;
  4. use BaconQrCode\Renderer\ImageRenderer;
  5. use BaconQrCode\Renderer\RendererStyle\RendererStyle;
  6. use BaconQrCode\Writer;
  7. use Friendica\Core\L10n;
  8. use Friendica\Core\Renderer;
  9. use Friendica\Core\Session;
  10. use Friendica\DI;
  11. use Friendica\Module\BaseSettingsModule;
  12. use Friendica\Module\Security\Login;
  13. use PragmaRX\Google2FA\Google2FA;
  14. /**
  15. * // Page 4: 2FA enabled but not verified, QR code and verification
  16. *
  17. * @package Friendica\Module\TwoFactor\Settings
  18. */
  19. class Verify extends BaseSettingsModule
  20. {
  21. public static function init(array $parameters = [])
  22. {
  23. if (!local_user()) {
  24. return;
  25. }
  26. $secret = DI::pConfig()->get(local_user(), '2fa', 'secret');
  27. $verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
  28. if ($secret && $verified) {
  29. DI::baseUrl()->redirect('settings/2fa');
  30. }
  31. if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
  32. notice(L10n::t('Please enter your password to access this page.'));
  33. DI::baseUrl()->redirect('settings/2fa');
  34. }
  35. }
  36. public static function post(array $parameters = [])
  37. {
  38. if (!local_user()) {
  39. return;
  40. }
  41. if (($_POST['action'] ?? '') == 'verify') {
  42. self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
  43. $google2fa = new Google2FA();
  44. $valid = $google2fa->verifyKey(DI::pConfig()->get(local_user(), '2fa', 'secret'), $_POST['verify_code'] ?? '');
  45. if ($valid) {
  46. DI::pConfig()->set(local_user(), '2fa', 'verified', true);
  47. Session::set('2fa', true);
  48. notice(L10n::t('Two-factor authentication successfully activated.'));
  49. DI::baseUrl()->redirect('settings/2fa');
  50. } else {
  51. notice(L10n::t('Invalid code, please retry.'));
  52. }
  53. }
  54. }
  55. public static function content(array $parameters = [])
  56. {
  57. if (!local_user()) {
  58. return Login::form('settings/2fa/verify');
  59. }
  60. parent::content($parameters);
  61. $company = 'Friendica';
  62. $holder = Session::get('my_address');
  63. $secret = DI::pConfig()->get(local_user(), '2fa', 'secret');
  64. $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
  65. $renderer = (new \BaconQrCode\Renderer\Image\Svg())
  66. ->setHeight(256)
  67. ->setWidth(256);
  68. $writer = new Writer($renderer);
  69. $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
  70. $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
  71. $manual_message = L10n::t('<p>Or you can submit the authentication settings manually:</p>
  72. <dl>
  73. <dt>Issuer</dt>
  74. <dd>%s</dd>
  75. <dt>Account Name</dt>
  76. <dd>%s</dd>
  77. <dt>Secret Key</dt>
  78. <dd>%s</dd>
  79. <dt>Type</dt>
  80. <dd>Time-based</dd>
  81. <dt>Number of digits</dt>
  82. <dd>6</dd>
  83. <dt>Hashing algorithm</dt>
  84. <dd>SHA-1</dd>
  85. </dl>', $company, $holder, $secret);
  86. return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
  87. '$form_security_token' => self::getFormSecurityToken('settings_2fa_verify'),
  88. '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
  89. '$title' => L10n::t('Two-factor code verification'),
  90. '$help_label' => L10n::t('Help'),
  91. '$message' => L10n::t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
  92. '$qrcode_image' => $qrcode_image,
  93. '$qrcode_url_message' => L10n::t('<p>Or you can open the following URL in your mobile devicde:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
  94. '$manual_message' => $manual_message,
  95. '$company' => $company,
  96. '$holder' => $holder,
  97. '$secret' => $secret,
  98. '$verify_code' => ['verify_code', L10n::t('Please enter a code from your authentication app'), '', '', 'required', 'autofocus placeholder="000000"'],
  99. '$verify_label' => L10n::t('Verify code and enable two-factor authentication'),
  100. ]);
  101. }
  102. }