BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/MfaBackupCodesController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Auth;
   4
   5 use BookStack\Actions\ActivityType;
   6 use BookStack\Auth\Access\Mfa\BackupCodeService;
   7 use BookStack\Auth\Access\Mfa\MfaValue;
   8 use BookStack\Http\Controllers\Controller;
   9 use Exception;
  10
  11 class MfaBackupCodesController extends Controller
  12 {
  13     use HandlesPartialLogins;
  14
  15     protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes';
  16
  17     /**
  18      * Show a view that generates and displays backup codes
  19      */
  20     public function generate(BackupCodeService $codeService)
  21     {
  22         $codes = $codeService->generateNewSet();
  23         session()->put(self::SETUP_SECRET_SESSION_KEY, encrypt($codes));
  24
  25         $downloadUrl = 'data:application/octet-stream;base64,' . base64_encode(implode("\n\n", $codes));
  26
  27         return view('mfa.backup-codes-generate', [
  28             'codes' => $codes,
  29             'downloadUrl' => $downloadUrl,
  30         ]);
  31     }
  32
  33     /**
  34      * Confirm the setup of backup codes, storing them against the user.
  35      * @throws Exception
  36      */
  37     public function confirm()
  38     {
  39         if (!session()->has(self::SETUP_SECRET_SESSION_KEY)) {
  40             return response('No generated codes found in the session', 500);
  41         }
  42
  43         $codes = decrypt(session()->pull(self::SETUP_SECRET_SESSION_KEY));
  44         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_BACKUP_CODES, json_encode($codes));
  45
  46         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'backup-codes');
  47         return redirect('/mfa/setup');
  48     }
  49 }