Removed remaining dynamic action usages in joint permission queries

[bookstack] / app / Http / Controllers / Auth / MfaTotpController.php

diff --git a/app/Http/Controllers/Auth/MfaTotpController.php b/app/Http/Controllers/Auth/MfaTotpController.php
index 828af6b03281689772696c360cc08f5bfc0b4f2d..a4cb63155a138f9b172bca736caeaace79ddb030 100644 (file)
--- a/app/Http/Controllers/Auth/MfaTotpController.php
+++ b/app/Http/Controllers/Auth/MfaTotpController.php
@@ -3,6 +3,8 @@
 namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Actions\ActivityType;
 namespace BookStack\Http\Controllers\Auth;
 
 use BookStack\Actions\ActivityType;

+use BookStack\Auth\Access\LoginService;
+use BookStack\Auth\Access\Mfa\MfaSession;

 use BookStack\Auth\Access\Mfa\MfaValue;
 use BookStack\Auth\Access\Mfa\TotpService;
 use BookStack\Auth\Access\Mfa\TotpValidationRule;
 use BookStack\Auth\Access\Mfa\MfaValue;
 use BookStack\Auth\Access\Mfa\TotpService;
 use BookStack\Auth\Access\Mfa\TotpValidationRule;


@@ -29,11 +31,13 @@ class MfaTotpController extends Controller
             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
         }
 
             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
         }
 

-        $qrCodeUrl = $totp->generateUrl($totpSecret);
+        $qrCodeUrl = $totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());

         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
 
         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
 

+        $this->setPageTitle(trans('auth.mfa_gen_totp_title'));
+

         return view('mfa.totp-generate', [
         return view('mfa.totp-generate', [

-            'secret' => $totpSecret,
+            'url' => $qrCodeUrl,

             'svg' => $svg,
         ]);
     }
             'svg' => $svg,
         ]);
     }


@@ -41,6 +45,7 @@ class MfaTotpController extends Controller
     /**
      * Confirm the setup of TOTP and save the auth method secret
      * against the current user.
     /**
      * Confirm the setup of TOTP and save the auth method secret
      * against the current user.

+     *

      * @throws ValidationException
      * @throws NotFoundException
      */
      * @throws ValidationException
      * @throws NotFoundException
      */


@@ -52,13 +57,43 @@ class MfaTotpController extends Controller
                 'required',
                 'max:12', 'min:4',
                 new TotpValidationRule($totpSecret),
                 'required',
                 'max:12', 'min:4',
                 new TotpValidationRule($totpSecret),

-            ]
+            ],

         ]);
 
         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
         session()->remove(static::SETUP_SECRET_SESSION_KEY);
         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
 
         ]);
 
         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
         session()->remove(static::SETUP_SECRET_SESSION_KEY);
         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
 

+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+
+            return redirect('/login');
+        }
+

         return redirect('/mfa/setup');
     }
         return redirect('/mfa/setup');
     }

+
+    /**
+     * Verify the MFA method submission on check.
+     *
+     * @throws NotFoundException
+     */
+    public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
+    {
+        $user = $this->currentOrLastAttemptedUser();
+        $totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
+
+        $this->validate($request, [
+            'code' => [
+                'required',
+                'max:12', 'min:4',
+                new TotpValidationRule($totpSecret),
+            ],
+        ]);
+
+        $mfaSession->markVerifiedForUser($user);
+        $loginService->reattemptLoginFor($user);
+
+        return redirect()->intended();
+    }

 }
 }