kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

Refactor tests and code to handle new 2FA methods.

Browse Source
This commit is contained in:
James Cole
2019-08-04 10:27:37 +02:00
parent d3be043aa7
commit 62b5cf04ad
12 changed files with 12 additions and 662 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/Admin/UserController.php
View File

@@ -125,16 +125,10 @@ class UserController extends Controller
$users = $this->repository->all();
// add meta stuff.
die('the 2FA references here should be refactored.');
$users->each(
function (User $user) {
$list = ['twoFactorAuthEnabled', 'twoFactorAuthSecret'];
$preferences = app('preferences')->getArrayForUser($user, $list);
$user->isAdmin = $this->repository->hasRole($user, 'owner');
$is2faEnabled = 1 === $preferences['twoFactorAuthEnabled'];
$has2faSecret = null !== $preferences['twoFactorAuthSecret'];
$user->has2FA = ($is2faEnabled && $has2faSecret);
$user->prefs = $preferences;
$user->has2FA = null !== $user->mfa_secret;
}
);

64
app/Http/Controllers/Auth/TwoFactorController.php
View File

@@ -39,6 +39,8 @@ class TwoFactorController extends Controller
{
/**
* @param Request $request
*
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function submitMFA(Request $request)
{
@@ -119,40 +121,6 @@ class TwoFactorController extends Controller
Preferences::set('mfa_history', $newHistory);
}
/**
* Show 2FA screen.
*
* @param Request $request
*
* @return \Illuminate\Contracts\View\Factory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Illuminate\View\View
*
* @throws FireflyException
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
*/
public function index(Request $request)
{
die('this auth controller must be refactored.');
$user = auth()->user();
// to make sure the validator in the next step gets the secret, we push it in session
$secretPreference = app('preferences')->get('twoFactorAuthSecret', null);
$secret = null === $secretPreference ? null : $secretPreference->data;
$title = (string)trans('firefly.two_factor_title');
// make sure the user has two factor configured:
$has2FA = app('preferences')->get('twoFactorAuthEnabled', false)->data;
if (null === $has2FA || false === $has2FA) {
return redirect(route('index'));
}
if ('' === (string)$secret) {
throw new FireflyException('Your two factor authentication secret is empty, which it cannot be at this point. Please check the log files.');
}
$request->session()->flash('two-factor-secret', $secret);
return view('auth.two-factor', compact('user', 'title'));
}
/**
* What to do if 2FA lost?
*
@@ -174,34 +142,6 @@ class TwoFactorController extends Controller
return view('auth.lost-two-factor', compact('user', 'siteOwner', 'title'));
}
/**
* Submit 2FA code.
*
* @param TokenFormRequest $request
* @param CookieJar $cookieJar
*
* @return mixed
*/
public function postIndex(TokenFormRequest $request, CookieJar $cookieJar)
{
// wants to remember session?
$remember = $request->session()->get('remember_login') ?? false;
$minutes = config('session.lifetime');
if (true === $remember) {
// set cookie with a long lifetime (30 days)
$minutes = 43200;
}
$cookie = $cookieJar->make(
'twoFactorAuthenticated', 'true', $minutes, config('session.path'), config('session.domain'), config('session.secure'), config('session.http_only')
);
// whatever the case, forget about it:
$request->session()->forget('remember_login');
return redirect(route('home'))->withCookie($cookie);
}
/**
* Each MFA history has a timestamp and a code, saving the MFA entries for 5 minutes. So if the
* submitted MFA code has been submitted in the last 5 minutes, it won't work despite being valid.

90
app/Http/Middleware/AuthenticateTwoFactor.php
View File

@@ -1,90 +0,0 @@
<?php
/**
* AuthenticateTwoFactor.php
* Copyright (c) 2017 thegrumpydictator@gmail.com
*
* This file is part of Firefly III.
*
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
/** @noinspection PhpMethodParametersCountMismatchInspection */
declare(strict_types=1);
namespace FireflyIII\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Factory as Auth;
use Log;
/**
* Class AuthenticateTwoFactor.
*/
class AuthenticateTwoFactor
{
/**
* The authentication factory instance.
*
* @var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* @param \Illuminate\Contracts\Auth\Factory $auth
*
* @return void
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Handle 2FA request.
*
* @param $request
* @param Closure $next
*
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|mixed
* @throws \Psr\Container\NotFoundExceptionInterface
* @throws \Psr\Container\ContainerExceptionInterface
*
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
*/
public function handle($request, Closure $next)
{
die('this middleware is deprecated.');
/** @noinspection PhpUndefinedMethodInspection */
if ($this->auth->guest()) {
return response()->redirectTo(route('login'));
}
$is2faEnabled = app('preferences')->get('twoFactorAuthEnabled', false)->data;
$has2faSecret = null !== app('preferences')->get('twoFactorAuthSecret');
/** @noinspection PhpUndefinedMethodInspection */
$is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated');
if ($is2faEnabled && $has2faSecret && !$is2faAuthed) {
Log::debug('Does not seem to be 2 factor authed, redirect.');
return response()->redirectTo(route('two-factor.index'));
}
return $next($request);
}
}

59
app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php
View File

@@ -1,59 +0,0 @@
<?php
/**
* RedirectIfTwoFactorAuthenticated.php
* Copyright (c) 2017 thegrumpydictator@gmail.com
*
* This file is part of Firefly III.
*
* Firefly III is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Firefly III is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Firefly III. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace FireflyIII\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
/**
* Class RedirectIfTwoFactorAuthenticated.
*/
class RedirectIfTwoFactorAuthenticated
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
*
* @return mixed
*
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
*/
public function handle($request, Closure $next, $guard = null)
{
die('this middleware is deprecated.');
if (Auth::guard($guard)->check()) {
$is2faEnabled = app('preferences')->get('twoFactorAuthEnabled', false)->data;
$has2faSecret = null !== app('preferences')->get('twoFactorAuthSecret');
$is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated');
if ($is2faEnabled && $has2faSecret && $is2faAuthed) {
return response()->redirectTo(route('index'));
}
}
return $next($request);
}
}