Better 2fa handling

2025-09-20 11:19:16 +00:00 · 2017-02-17 20:15:17 +01:00
parent 48c26c5837
commit f7642beb7c
6 changed files with 27 additions and 34 deletions
--- a/app/Handlers/Events/UserEventHandler.php
+++ b/app/Handlers/Events/UserEventHandler.php
@@ -19,7 +19,6 @@ use FireflyIII\Repositories\User\UserRepositoryInterface;
 use Illuminate\Mail\Message;
 use Log;
 use Mail;
 use Session;
 use Swift_TransportException;
 /**
@@ -54,20 +53,6 @@ class UserEventHandler
        return true;
    }
    /**
     * Handle user logout events.
     *
     * @return bool
     */
    public function logoutUser(): bool
    {
        // dump stuff from the session:
        Session::forget('twoFactorAuthenticated');
        Session::forget('twoFactorAuthenticatedDate');
        return true;
    }
    /**
     * @param RequestedNewPassword $event
     *
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -16,6 +16,7 @@ use Config;
 use FireflyConfig;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\User;
 use Illuminate\Cookie\CookieJar;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Lang;
@@ -75,22 +76,25 @@ class LoginController extends Controller
    /**
     * @param Request   $request
     * @param CookieJar $cookieJar
     *
-     * @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @return $this
     */
-    public function logout(Request $request)
+    public function logout(Request $request, CookieJar $cookieJar)
    {
        if (intval(getenv('SANDSTORM')) === 1) {
            return view('error')->with('message', strval(trans('firefly.sandstorm_not_available')));
        }
        $cookie = $cookieJar->forever('twoFactorAuthenticated', 'false');
        $this->guard()->logout();
        $request->session()->flush();
        $request->session()->regenerate();
-        return redirect('/');
+        return redirect('/')->withCookie($cookie);
    }
    /**
--- a/app/Http/Controllers/Auth/TwoFactorController.php
+++ b/app/Http/Controllers/Auth/TwoFactorController.php
@@ -13,14 +13,13 @@ declare(strict_types = 1);
 namespace FireflyIII\Http\Controllers\Auth;
 use Carbon\Carbon;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\Http\Requests\TokenFormRequest;
 use Illuminate\Cookie\CookieJar;
 use Illuminate\Http\Request;
 use Log;
 use Preferences;
 use Session;
 /**
 * Class TwoFactorController
@@ -84,12 +83,12 @@ class TwoFactorController extends Controller
     *
     * @return mixed
     */
-    public function postIndex(TokenFormRequest $request)
+    public function postIndex(TokenFormRequest $request, CookieJar $cookieJar)
    {
-        Session::put('twoFactorAuthenticated', true);
+        // set cookie!
-        Session::put('twoFactorAuthenticatedDate', new Carbon);
+        $cookie = $cookieJar->forever('twoFactorAuthenticated', 'true');
-        return redirect(route('home'));
+        return redirect(route('home'))->withCookie($cookie);
    }
 }
--- a/app/Http/Middleware/AuthenticateTwoFactor.php
+++ b/app/Http/Middleware/AuthenticateTwoFactor.php
@@ -14,8 +14,10 @@ declare(strict_types = 1);
 namespace FireflyIII\Http\Middleware;
 use Closure;
 use Cookie;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Log;
 use Preferences;
 use Session;
@@ -55,8 +57,13 @@ class AuthenticateTwoFactor
        }
        $is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
        $has2faSecret = !is_null(Preferences::get('twoFactorAuthSecret'));
-        $is2faAuthed  = Session::get('twofactor-authenticated');
+
        // grab 2auth information from cookie, not from session.
        $is2faAuthed = Cookie::get('twoFactorAuthenticated') === 'true';
        if ($is2faEnabled && $has2faSecret && !$is2faAuthed) {
            Log::debug('Does not seem to be 2 factor authed, redirect.');
            return redirect(route('two-factor.index'));
        }
--- a/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php
@@ -17,7 +17,8 @@ use Closure;
 use Illuminate\Support\Facades\Auth;
 use Preferences;
 use Session;
-
+use Log;
 use Cookie;
 /**
 * Class RedirectIfTwoFactorAuthenticated
 *
@@ -40,7 +41,10 @@ class RedirectIfTwoFactorAuthenticated
            $is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
            $has2faSecret = !is_null(Preferences::get('twoFactorAuthSecret'));
-            $is2faAuthed  = Session::get('twoFactorAuthenticated');
+
            // grab 2auth information from cookie
            $is2faAuthed = Cookie::get('twoFactorAuthenticated') === 'true';
            if ($is2faEnabled && $has2faSecret && $is2faAuthed) {
                return redirect('/');
            }
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -56,12 +56,6 @@ class EventServiceProvider extends ServiceProvider
                    'FireflyIII\Handlers\Events\UpdatedJournalEventHandler@scanBills',
                    'FireflyIII\Handlers\Events\UpdatedJournalEventHandler@processRules',
                ],
            // LARAVEL EVENTS:
            'Illuminate\Auth\Events\Logout'               =>
                [
                    'FireflyIII\Handlers\Events\UserEventHandler@logoutUser',
                ],
        ];
    /**