AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename 2FA controller

Browse Source
This commit is contained in:
Frederic Guillot
2016-05-26 21:05:54 -04:00
parent d9101da79e
commit 33dea152fc
9 changed files with 21 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
app/Controller/TwoFactorController.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
namespace Kanboard\Controller;
use Kanboard\Core\Controller\AccessForbiddenException;
/**
* Two Factor Auth controller
*
* @package Kanboard/Controller
* @author Frederic Guillot
*/
class TwoFactorController extends UserViewController
{
/**
* Only the current user can access to 2FA settings
*
* @access private
* @param array $user
* @throws AccessForbiddenException
*/
private function checkCurrentUser(array $user)
{
if ($user['id'] != $this->userSession->getId()) {
throw new AccessForbiddenException();
}
}
/**
* Show form to disable/enable 2FA
*
* @access public
*/
public function index()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
unset($this->sessionStorage->twoFactorSecret);
$this->response->html($this->helper->layout->user('twofactor/index', array(
'user' => $user,
'provider' => $this->authenticationManager->getPostAuthenticationProvider()->getName(),
)));
}
/**
* Show page with secret and test form
*
* @access public
*/
public function show()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$label = $user['email'] ?: $user['username'];
$provider = $this->authenticationManager->getPostAuthenticationProvider();
if (! isset($this->sessionStorage->twoFactorSecret)) {
$provider->generateSecret();
$provider->beforeCode();
$this->sessionStorage->twoFactorSecret = $provider->getSecret();
} else {
$provider->setSecret($this->sessionStorage->twoFactorSecret);
}
$this->response->html($this->helper->layout->user('twofactor/show', array(
'user' => $user,
'secret' => $this->sessionStorage->twoFactorSecret,
'qrcode_url' => $provider->getQrCodeUrl($label),
'key_url' => $provider->getKeyUrl($label),
)));
}
/**
* Test code and save secret
*
* @access public
*/
public function test()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$values = $this->request->getValues();
$provider = $this->authenticationManager->getPostAuthenticationProvider();
$provider->setCode(empty($values['code']) ? '' : $values['code']);
$provider->setSecret($this->sessionStorage->twoFactorSecret);
if ($provider->authenticate()) {
$this->flash->success(t('The two factor authentication code is valid.'));
$this->user->update(array(
'id' => $user['id'],
'twofactor_activated' => 1,
'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(),
));
unset($this->sessionStorage->twoFactorSecret);
$this->userSession->disablePostAuthentication();
$this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id'])));
} else {
$this->flash->failure(t('The two factor authentication code is not valid.'));
$this->response->redirect($this->helper->url->to('TwoFactorController', 'show', array('user_id' => $user['id'])));
}
}
/**
* Disable 2FA for the current user
*
* @access public
*/
public function deactivate()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$this->user->update(array(
'id' => $user['id'],
'twofactor_activated' => 0,
'twofactor_secret' => '',
));
// Allow the user to test or disable the feature
$this->userSession->disablePostAuthentication();
$this->flash->success(t('User updated successfully.'));
$this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id'])));
}
/**
* Check 2FA
*
* @access public
*/
public function check()
{
$user = $this->getUser();
$this->checkCurrentUser($user);
$values = $this->request->getValues();
$provider = $this->authenticationManager->getPostAuthenticationProvider();
$provider->setCode(empty($values['code']) ? '' : $values['code']);
$provider->setSecret($user['twofactor_secret']);
if ($provider->authenticate()) {
$this->userSession->validatePostAuthentication();
$this->flash->success(t('The two factor authentication code is valid.'));
$this->response->redirect($this->helper->url->to('DashboardController', 'show'));
} else {
$this->flash->failure(t('The two factor authentication code is not valid.'));
$this->response->redirect($this->helper->url->to('TwoFactorController', 'code'));
}
}
/**
* Ask the 2FA code
*
* @access public
*/
public function code()
{
if (! isset($this->sessionStorage->twoFactorBeforeCodeCalled)) {
$provider = $this->authenticationManager->getPostAuthenticationProvider();
$provider->beforeCode();
$this->sessionStorage->twoFactorBeforeCodeCalled = true;
}
$this->response->html($this->helper->layout->app('twofactor/check', array(
'title' => t('Check two factor authentication code'),
)));
}
/**
* Disable 2FA for a user
*
* @access public
*/
public function disable()
{
$user = $this->getUser();
if ($this->request->getStringParam('disable') === 'yes') {
$this->checkCSRFParam();
$this->user->update(array(
'id' => $user['id'],
'twofactor_activated' => 0,
'twofactor_secret' => '',
));
return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
}
return $this->response->html($this->helper->layout->user('twofactor/disable', array(
'user' => $user,
)));
}
}