]> BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/MfaTotpController.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Cleaned some unused elements during testing
[bookstack] / app / Http / Controllers / Auth / MfaTotpController.php
1 <?php
2
3 namespace BookStack\Http\Controllers\Auth;
4
5 use BookStack\Actions\ActivityType;
6 use BookStack\Auth\Access\LoginService;
7 use BookStack\Auth\Access\Mfa\MfaSession;
8 use BookStack\Auth\Access\Mfa\MfaValue;
9 use BookStack\Auth\Access\Mfa\TotpService;
10 use BookStack\Auth\Access\Mfa\TotpValidationRule;
11 use BookStack\Exceptions\NotFoundException;
12 use BookStack\Http\Controllers\Controller;
13 use Illuminate\Http\Request;
14 use Illuminate\Validation\ValidationException;
15
16 class MfaTotpController extends Controller
17 {
18     use HandlesPartialLogins;
19
20     protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
21
22     /**
23      * Show a view that generates and displays a TOTP QR code.
24      */
25     public function generate(TotpService $totp)
26     {
27         if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
28             $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
29         } else {
30             $totpSecret = $totp->generateSecret();
31             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
32         }
33
34         $qrCodeUrl = $totp->generateUrl($totpSecret);
35         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
36
37         return view('mfa.totp-generate', [
38             'secret' => $totpSecret,
39             'svg' => $svg,
40         ]);
41     }
42
43     /**
44      * Confirm the setup of TOTP and save the auth method secret
45      * against the current user.
46      * @throws ValidationException
47      * @throws NotFoundException
48      */
49     public function confirm(Request $request)
50     {
51         $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
52         $this->validate($request, [
53             'code' => [
54                 'required',
55                 'max:12', 'min:4',
56                 new TotpValidationRule($totpSecret),
57             ]
58         ]);
59
60         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
61         session()->remove(static::SETUP_SECRET_SESSION_KEY);
62         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
63
64         if (!auth()->check()) {
65             $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
66             return redirect('/login');
67         }
68
69         return redirect('/mfa/setup');
70     }
71
72     /**
73      * Verify the MFA method submission on check.
74      * @throws NotFoundException
75      */
76     public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
77     {
78         $user = $this->currentOrLastAttemptedUser();
79         $totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
80
81         $this->validate($request, [
82             'code' => [
83                 'required',
84                 'max:12', 'min:4',
85                 new TotpValidationRule($totpSecret),
86             ]
87         ]);
88
89         $mfaSession->markVerifiedForUser($user);
90         $loginService->reattemptLoginFor($user);
91
92         return redirect()->intended();
93     }
94 }
The core source code for the BookStack project.