X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a3f19ebe96063eae54384fd56d2da8b66e625c14..refs/pull/3598/head:/app/Http/Controllers/Auth/MfaTotpController.php

diff --git a/app/Http/Controllers/Auth/MfaTotpController.php b/app/Http/Controllers/Auth/MfaTotpController.php
index dd1651970..a4cb63155 100644
--- a/app/Http/Controllers/Auth/MfaTotpController.php
+++ b/app/Http/Controllers/Auth/MfaTotpController.php
@@ -31,11 +31,13 @@ class MfaTotpController extends Controller
             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
         }
 
-        $qrCodeUrl = $totp->generateUrl($totpSecret);
+        $qrCodeUrl = $totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
 
+        $this->setPageTitle(trans('auth.mfa_gen_totp_title'));
+
         return view('mfa.totp-generate', [
-            'secret' => $totpSecret,
+            'url' => $qrCodeUrl,
             'svg' => $svg,
         ]);
     }
@@ -43,6 +45,7 @@ class MfaTotpController extends Controller
     /**
      * Confirm the setup of TOTP and save the auth method secret
      * against the current user.
+     *
      * @throws ValidationException
      * @throws NotFoundException
      */
@@ -54,18 +57,25 @@ class MfaTotpController extends Controller
                 'required',
                 'max:12', 'min:4',
                 new TotpValidationRule($totpSecret),
-            ]
+            ],
         ]);
 
         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
         session()->remove(static::SETUP_SECRET_SESSION_KEY);
         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
 
+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+
+            return redirect('/login');
+        }
+
         return redirect('/mfa/setup');
     }
 
     /**
      * Verify the MFA method submission on check.
+     *
      * @throws NotFoundException
      */
     public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
@@ -78,11 +88,11 @@ class MfaTotpController extends Controller
                 'required',
                 'max:12', 'min:4',
                 new TotpValidationRule($totpSecret),
-            ]
+            ],
         ]);
 
         $mfaSession->markVerifiedForUser($user);
-        $loginService->reattemptLoginFor($user, 'mfa-totp');
+        $loginService->reattemptLoginFor($user);
 
         return redirect()->intended();
     }