Enable the creation of a MFA token in users auth app, and store the MFA secret in profile.

2025-09-25 06:51:08 +00:00 · 2019-08-03 20:09:09 +02:00
parent 2554840714
commit cc76be1aad
3 changed files with 35 additions and 13 deletions
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -45,6 +45,8 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Collection;
 use Laravel\Passport\ClientRepository;
 use Log;
+use PragmaRX\Recovery\Recovery;
+use Preferences;

 /**
 * Class ProfileController.
@@ -140,9 +142,20 @@ class ProfileController extends Controller
        $secret = Google2FA::generateSecretKey();
        session()->flash('two-factor-secret', $secret);

+        // generate recovery codes:
+        $recovery = app( Recovery::class);
+        $recoveryCodes =$recovery->lowercase()
+            ->setCount(8)     // Generate 8 codes
+            ->setBlocks(2)    // Every code must have 7 blocks
+            ->setChars(6)    // Each block must have 16 chars
+            ->toArray();
+        $codes = implode("\r\n", $recoveryCodes);
+
+        Preferences::set('mfa_recovery', $recoveryCodes);
+
        $image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret);

-        return view('profile.code', compact('image', 'secret'));
+        return view('profile.code', compact('image', 'secret','codes'));
    }

    /**
@@ -234,18 +247,18 @@ class ProfileController extends Controller
     */
    public function enable2FA()
    {
-        die('this method is deprecated.');
-        $hasSecret = (null !== app('preferences')->get('twoFactorAuthSecret'));
+        /** @var User $user */
+        $user       = auth()->user();
+        $enabledMFA = null !== $user->mfa_secret;

        // if we don't have a valid secret yet, redirect to the code page to get one.
-        if (!$hasSecret) {
+        if (!$enabledMFA) {
            return redirect(route('profile.code'));
        }

        // If FF3 already has a secret, just set the two factor auth enabled to 1,
        // and let the user continue with the existing secret.
-
-        app('preferences')->set('twoFactorAuthEnabled', 1);
+        session()->flash('info', (string)trans('firefly.2fa_already_enabled'));

        return redirect(route('profile.index'));
    }
@@ -388,9 +401,14 @@ class ProfileController extends Controller
     */
    public function postCode(TokenFormRequest $request)
    {
-        die('this method is deprecated');
-        app('preferences')->set('twoFactorAuthEnabled', 1);
-        app('preferences')->set('twoFactorAuthSecret', session()->get('two-factor-secret'));
+        /** @var User $user */
+        $user = auth()->user();
+        /** @var UserRepositoryInterface $repository */
+        $repository = app(UserRepositoryInterface::class);
+        /** @var string $secret */
+        $secret = session()->get('two-factor-secret');
+
+        $repository->setMFACode($user, $secret);

        session()->flash('success', (string)trans('firefly.saved_preferences'));
        app('preferences')->mark();
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@@ -486,7 +486,7 @@ return [
    'pref_two_factor_auth_code_help'   => 'Scan the QR code with an application on your phone such as Authy or Google Authenticator and enter the generated code.',
    'pref_two_factor_auth_reset_code'  => 'Reset verification code',
    'pref_two_factor_auth_disable_2fa' => 'Disable 2FA',
-    '2fa_use_secret_instead'           => 'If you cannot scan the QR code, feel free to use the secret instead: :secret.',
+    '2fa_use_secret_instead'           => 'If you cannot scan the QR code, feel free to use the secret instead: <code>:secret</code>.',
    '2fa_backup_codes'                 => 'Store these backup codes for access in case you lose your device.',
    '2fa_already_enabled'              => '2-step verification is already enabled.',
    'pref_save_settings'               => 'Save settings',
--- a/resources/views/v1/profile/code.twig
+++ b/resources/views/v1/profile/code.twig
@@ -8,7 +8,7 @@
    <form method="POST" action="{{ route('profile.code.store') }}" accept-charset="UTF-8" class="form-horizontal" id="preferences_code">
        <input name="_token" type="hidden" value="{{ csrf_token() }}">
        <div class="row">
-            <div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12 col-xs-12">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
                <div class="box">
                    <div class="box-header with-border">
                        <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
@@ -23,15 +23,19 @@
                                     style="border:1px #ddd solid;"/>
                            </div>
                            <p>
-                                {{ trans('firefly.2fa_use_secret_instead', {secret: secret}) }}
+                                {{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
                            </p>
+                            <p>
+                                {{ '2fa_backup_codes'|_ }}
+                            </p>
+                            <pre>{{ codes }}</pre>
                        </div>
                    </div>
                </div>
            </div>
        </div>
        <div class="row">
-            <div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12 col-xs-12">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
                <div class="box">
                    <div class="box-body">
                        {{ ExpandedForm.text('code', code) }}