BookStack Code Mirror - bookstack/blob - app/Access/Controllers/MfaTotpController.php

   1 <?php
   2
   3 namespace BookStack\Access\Controllers;
   4
   5 use BookStack\Access\LoginService;
   6 use BookStack\Access\Mfa\MfaSession;
   7 use BookStack\Access\Mfa\MfaValue;
   8 use BookStack\Access\Mfa\TotpService;
   9 use BookStack\Access\Mfa\TotpValidationRule;
  10 use BookStack\Activity\ActivityType;
  11 use BookStack\Exceptions\NotFoundException;
  12 use BookStack\Http\Controllers\Controller;
  13 use Illuminate\Http\Request;
  14 use Illuminate\Validation\ValidationException;
  15
  16 class MfaTotpController extends Controller
  17 {
  18     use HandlesPartialLogins;
  19
  20     protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
  21
  22     /**
  23      * Show a view that generates and displays a TOTP QR code.
  24      */
  25     public function generate(TotpService $totp)
  26     {
  27         if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
  28             $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
  29         } else {
  30             $totpSecret = $totp->generateSecret();
  31             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
  32         }
  33
  34         $qrCodeUrl = $totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
  35         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
  36
  37         $this->setPageTitle(trans('auth.mfa_gen_totp_title'));
  38
  39         return view('mfa.totp-generate', [
  40             'url' => $qrCodeUrl,
  41             'svg' => $svg,
  42         ]);
  43     }
  44
  45     /**
  46      * Confirm the setup of TOTP and save the auth method secret
  47      * against the current user.
  48      *
  49      * @throws ValidationException
  50      * @throws NotFoundException
  51      */
  52     public function confirm(Request $request)
  53     {
  54         $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
  55         $this->validate($request, [
  56             'code' => [
  57                 'required',
  58                 'max:12', 'min:4',
  59                 new TotpValidationRule($totpSecret),
  60             ],
  61         ]);
  62
  63         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
  64         session()->remove(static::SETUP_SECRET_SESSION_KEY);
  65         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
  66
  67         if (!auth()->check()) {
  68             $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
  69
  70             return redirect('/login');
  71         }
  72
  73         return redirect('/mfa/setup');
  74     }
  75
  76     /**
  77      * Verify the MFA method submission on check.
  78      *
  79      * @throws NotFoundException
  80      */
  81     public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
  82     {
  83         $user = $this->currentOrLastAttemptedUser();
  84         $totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
  85
  86         $this->validate($request, [
  87             'code' => [
  88                 'required',
  89                 'max:12', 'min:4',
  90                 new TotpValidationRule($totpSecret),
  91             ],
  92         ]);
  93
  94         $mfaSession->markVerifiedForUser($user);
  95         $loginService->reattemptLoginFor($user);
  96
  97         return redirect()->intended();
  98     }
  99 }