BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/MfaTotpController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Actions\ActivityType;
   6 use BookStack\Auth\Access\LoginService;
   7 use BookStack\Auth\Access\Mfa\MfaSession;
   8 use BookStack\Auth\Access\Mfa\MfaValue;
   9 use BookStack\Auth\Access\Mfa\TotpService;
  10 use BookStack\Auth\Access\Mfa\TotpValidationRule;
  11 use BookStack\Exceptions\NotFoundException;
  12 use BookStack\Http\Controllers\Controller;
  13 use Illuminate\Http\Request;
  14 use Illuminate\Validation\ValidationException;
  15
  16 class MfaTotpController extends Controller
  17 {
  18     use HandlesPartialLogins;
  19
  20     protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
  21
  22     /**
  23      * Show a view that generates and displays a TOTP QR code.
  24      */
  25     public function generate(TotpService $totp)
  26     {
  27         if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
  28             $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
  29         } else {
  30             $totpSecret = $totp->generateSecret();
  31             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
  32         }
  33
  34         $qrCodeUrl = $totp->generateUrl($totpSecret);
  35         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
  36
  37         return view('mfa.totp-generate', [
  38             'secret' => $totpSecret,
  39             'svg' => $svg,
  40         ]);
  41     }
  42
  43     /**
  44      * Confirm the setup of TOTP and save the auth method secret
  45      * against the current user.
  46      * @throws ValidationException
  47      * @throws NotFoundException
  48      */
  49     public function confirm(Request $request)
  50     {
  51         $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
  52         $this->validate($request, [
  53             'code' => [
  54                 'required',
  55                 'max:12', 'min:4',
  56                 new TotpValidationRule($totpSecret),
  57             ]
  58         ]);
  59
  60         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
  61         session()->remove(static::SETUP_SECRET_SESSION_KEY);
  62         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
  63
  64         return redirect('/mfa/setup');
  65     }
  66
  67     /**
  68      * Verify the MFA method submission on check.
  69      * @throws NotFoundException
  70      */
  71     public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
  72     {
  73         $user = $this->currentOrLastAttemptedUser();
  74         $totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
  75
  76         $this->validate($request, [
  77             'code' => [
  78                 'required',
  79                 'max:12', 'min:4',
  80                 new TotpValidationRule($totpSecret),
  81             ]
  82         ]);
  83
  84         $mfaSession->markVerifiedForUser($user);
  85         $loginService->reattemptLoginFor($user);
  86
  87         return redirect()->intended();
  88     }
  89 }