BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Auth/MfaController.php

index 39a4e852f774dafcbbd2425620de155a9e616eda..6f6beb873e4911c6a509450694550edbe98cc953 100644 (file)

--- a/app/Http/Controllers/Auth/MfaController.php

+++ b/app/Http/Controllers/Auth/MfaController.php

@@ -5,17 +5,24 @@ namespace BookStack\Http\Controllers\Auth;

use BookStack\Actions\ActivityType;

use BookStack\Auth\Access\Mfa\MfaValue;

use BookStack\Http\Controllers\Controller;

+use Illuminate\Http\Request;

class MfaController extends Controller

{

+ use HandlesPartialLogins;

/**

* Show the view to setup MFA for the current user.

public function setup()

{

- $userMethods = user()->mfaValues()

+ $userMethods = $this->currentOrLastAttemptedUser()

+ ->mfaValues()

->get(['id', 'method'])

->groupBy('method');

+ $this->setPageTitle(trans('auth.mfa_setup'));

return view('mfa.setup', [

'userMethods' => $userMethods,

]);

@@ -23,6 +30,7 @@ class MfaController extends Controller

/**

* Remove an MFA method for the current user.

+ *

* @throws \Exception

public function remove(string $method)

@@ -41,14 +49,25 @@ class MfaController extends Controller

/**

* Show the page to start an MFA verification.

- public function verify()

+ public function verify(Request $request)

{

- $userMethods = user()->mfaValues()

+ $desiredMethod = $request->get('method');

+ $userMethods = $this->currentOrLastAttemptedUser()

+ ->mfaValues()

->get(['id', 'method'])

->groupBy('method');

+ // Basic search for the default option for a user.

+ // (Prioritises totp over backup codes)

+ $method = $userMethods->has($desiredMethod) ? $desiredMethod : $userMethods->keys()->sort()->reverse()->first();

+ $otherMethods = $userMethods->keys()->filter(function ($userMethod) use ($method) {

+ return $method !== $userMethod;

+ })->all();

return view('mfa.verify', [

- 'userMethods' => $userMethods,

+ 'userMethods' => $userMethods,

+ 'method' => $method,

+ 'otherMethods' => $otherMethods,

]);

}