2019-05-13 05:36:09 +00:00
< ? php
2020-02-09 14:45:36 +00:00
/**
2022-01-02 07:27:47 +00:00
* @ copyright Copyright ( C ) 2010 - 2022 , the Friendica project
2020-02-09 14:45:36 +00:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
*/
2019-05-13 05:36:09 +00:00
2019-12-27 21:19:28 +00:00
namespace Friendica\Module\Security\TwoFactor ;
2019-05-13 05:36:09 +00:00
2022-06-25 12:45:33 +00:00
use Friendica\App ;
2019-05-13 05:36:09 +00:00
use Friendica\BaseModule ;
2022-06-25 12:45:33 +00:00
use Friendica\Core\L10n ;
use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues ;
2019-05-13 05:36:09 +00:00
use Friendica\Core\Renderer ;
2022-10-20 21:35:01 +00:00
use Friendica\Core\Session\Capability\IHandleUserSessions ;
2022-06-25 12:45:33 +00:00
use Friendica\Module\Response ;
use Friendica\Util\Profiler ;
2019-05-13 05:36:09 +00:00
use PragmaRX\Google2FA\Google2FA ;
2021-01-19 04:32:48 +00:00
use Friendica\Security\TwoFactor ;
2022-06-25 12:45:33 +00:00
use Psr\Log\LoggerInterface ;
2019-05-13 05:36:09 +00:00
/**
* Page 1 : Authenticator code verification
*
* @ package Friendica\Module\TwoFactor
*/
class Verify extends BaseModule
{
2022-06-25 12:45:33 +00:00
protected $errors = [];
/** @var IManagePersonalConfigValues */
protected $pConfig ;
2022-10-20 21:35:01 +00:00
/** @var IHandleUserSessions */
2022-10-23 18:41:17 +00:00
protected $session ;
2022-06-25 12:45:33 +00:00
2022-10-23 18:41:17 +00:00
public function __construct ( L10n $l10n , App\BaseURL $baseUrl , App\Arguments $args , LoggerInterface $logger , Profiler $profiler , Response $response , IManagePersonalConfigValues $pConfig , IHandleUserSessions $session , $server , array $parameters = [])
2022-06-25 12:45:33 +00:00
{
parent :: __construct ( $l10n , $baseUrl , $args , $logger , $profiler , $response , $server , $parameters );
2022-10-20 21:35:01 +00:00
$this -> session = $session ;
$this -> pConfig = $pConfig ;
2022-06-25 12:45:33 +00:00
}
2019-07-24 00:02:26 +00:00
2021-11-28 12:44:42 +00:00
protected function post ( array $request = [])
2019-05-13 05:36:09 +00:00
{
2022-10-23 18:41:17 +00:00
if ( ! $this -> session -> getLocalUserId ()) {
2019-05-13 05:36:09 +00:00
return ;
}
2022-06-25 12:45:33 +00:00
if (( $request [ 'action' ] ? ? '' ) === 'verify' ) {
2019-05-13 05:36:09 +00:00
self :: checkFormSecurityTokenRedirectOnError ( '2fa' , 'twofactor_verify' );
2022-06-25 12:45:33 +00:00
$code = $request [ 'verify_code' ] ? ? '' ;
2019-05-13 05:36:09 +00:00
2022-10-23 18:41:17 +00:00
$valid = ( new Google2FA ()) -> verifyKey ( $this -> pConfig -> get ( $this -> session -> getLocalUserId (), '2fa' , 'secret' ), $code );
2019-05-13 05:36:09 +00:00
// The same code can't be used twice even if it's valid
2022-06-25 12:45:33 +00:00
if ( $valid && $this -> session -> get ( '2fa' ) !== $code ) {
$this -> session -> set ( '2fa' , $code );
2021-01-19 04:32:48 +00:00
2022-06-25 12:45:33 +00:00
$this -> baseUrl -> redirect ( '2fa/trust' );
2019-05-13 05:36:09 +00:00
} else {
2022-06-25 12:45:33 +00:00
$this -> errors [] = $this -> t ( 'Invalid code, please retry.' );
2019-05-13 05:36:09 +00:00
}
}
}
2021-11-20 14:38:03 +00:00
protected function content ( array $request = []) : string
2019-05-13 05:36:09 +00:00
{
2022-10-23 18:41:17 +00:00
if ( ! $this -> session -> getLocalUserId ()) {
2022-06-25 12:45:33 +00:00
$this -> baseUrl -> redirect ();
2019-05-13 05:36:09 +00:00
}
// Already authenticated with 2FA token
2022-06-25 12:45:33 +00:00
if ( $this -> session -> get ( '2fa' )) {
$this -> baseUrl -> redirect ();
2019-05-13 05:36:09 +00:00
}
return Renderer :: replaceMacros ( Renderer :: getMarkupTemplate ( 'twofactor/verify.tpl' ), [
'$form_security_token' => self :: getFormSecurityToken ( 'twofactor_verify' ),
2019-05-13 17:31:08 +00:00
2022-06-25 12:45:33 +00:00
'$title' => $this -> t ( 'Two-factor authentication' ),
'$message' => $this -> t ( '<p>Open the two-factor authentication app on your device to get an authentication code and verify your identity.</p>' ),
'$errors_label' => $this -> tt ( 'Error' , 'Errors' , count ( $this -> errors )),
'$errors' => $this -> errors ,
'$recovery_message' => $this -> t ( 'If you do not have access to your authentication code you can use a <a href="%s">two-factor recovery code</a>.' , '2fa/recovery' ),
'$verify_code' => [ 'verify_code' , $this -> t ( 'Please enter a code from your authentication app' ), '' , '' , $this -> t ( 'Required' ), 'autofocus autocomplete="one-time-code" placeholder="000000" inputmode="numeric" pattern="[0-9]*"' ],
'$verify_label' => $this -> t ( 'Verify code and complete login' ),
2019-05-13 05:36:09 +00:00
]);
}
}