2021-07-02 15:53:33 -04:00
|
|
|
<?php
|
|
|
|
|
2023-05-17 12:56:55 -04:00
|
|
|
namespace BookStack\Access\Controllers;
|
2021-07-02 15:53:33 -04:00
|
|
|
|
2023-05-17 12:56:55 -04:00
|
|
|
use BookStack\Access\LoginService;
|
|
|
|
use BookStack\Access\Mfa\MfaSession;
|
|
|
|
use BookStack\Access\Mfa\MfaValue;
|
|
|
|
use BookStack\Access\Mfa\TotpService;
|
|
|
|
use BookStack\Access\Mfa\TotpValidationRule;
|
|
|
|
use BookStack\Activity\ActivityType;
|
2021-07-18 11:52:31 -04:00
|
|
|
use BookStack\Exceptions\NotFoundException;
|
2023-05-18 15:53:39 -04:00
|
|
|
use BookStack\Http\Controller;
|
2021-07-02 15:53:33 -04:00
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
|
|
|
|
class MfaTotpController extends Controller
|
|
|
|
{
|
2021-07-18 11:52:31 -04:00
|
|
|
use HandlesPartialLogins;
|
|
|
|
|
2021-07-02 15:53:33 -04:00
|
|
|
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
|
|
|
|
|
2024-03-17 12:52:19 -04:00
|
|
|
public function __construct(
|
|
|
|
protected TotpService $totp
|
|
|
|
) {
|
|
|
|
}
|
|
|
|
|
2021-07-02 15:53:33 -04:00
|
|
|
/**
|
|
|
|
* Show a view that generates and displays a TOTP QR code.
|
|
|
|
*/
|
2024-03-17 12:52:19 -04:00
|
|
|
public function generate()
|
2021-07-02 15:53:33 -04:00
|
|
|
{
|
|
|
|
if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
|
|
|
|
$totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
|
|
|
|
} else {
|
2024-03-17 12:52:19 -04:00
|
|
|
$totpSecret = $this->totp->generateSecret();
|
2021-07-02 15:53:33 -04:00
|
|
|
session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
|
|
|
|
}
|
|
|
|
|
2024-03-17 12:52:19 -04:00
|
|
|
$qrCodeUrl = $this->totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
|
|
|
|
$svg = $this->totp->generateQrCodeSvg($qrCodeUrl);
|
2021-07-02 15:53:33 -04:00
|
|
|
|
2022-01-04 08:33:24 -05:00
|
|
|
$this->setPageTitle(trans('auth.mfa_gen_totp_title'));
|
|
|
|
|
2021-07-02 15:53:33 -04:00
|
|
|
return view('mfa.totp-generate', [
|
2021-09-01 15:58:19 -04:00
|
|
|
'url' => $qrCodeUrl,
|
|
|
|
'svg' => $svg,
|
2021-07-02 15:53:33 -04:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Confirm the setup of TOTP and save the auth method secret
|
|
|
|
* against the current user.
|
2021-08-21 10:49:40 -04:00
|
|
|
*
|
2021-07-02 15:53:33 -04:00
|
|
|
* @throws ValidationException
|
2021-07-18 11:52:31 -04:00
|
|
|
* @throws NotFoundException
|
2021-07-02 15:53:33 -04:00
|
|
|
*/
|
|
|
|
public function confirm(Request $request)
|
|
|
|
{
|
|
|
|
$totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
|
|
|
|
$this->validate($request, [
|
|
|
|
'code' => [
|
|
|
|
'required',
|
|
|
|
'max:12', 'min:4',
|
2024-03-17 12:52:19 -04:00
|
|
|
new TotpValidationRule($totpSecret, $this->totp),
|
2021-08-21 10:49:40 -04:00
|
|
|
],
|
2021-07-02 15:53:33 -04:00
|
|
|
]);
|
|
|
|
|
2021-07-18 11:52:31 -04:00
|
|
|
MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
|
2021-07-02 15:53:33 -04:00
|
|
|
session()->remove(static::SETUP_SECRET_SESSION_KEY);
|
|
|
|
$this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
|
|
|
|
|
2021-08-21 10:14:24 -04:00
|
|
|
if (!auth()->check()) {
|
|
|
|
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
|
2021-08-21 10:49:40 -04:00
|
|
|
|
2021-08-21 10:14:24 -04:00
|
|
|
return redirect('/login');
|
|
|
|
}
|
|
|
|
|
2021-07-02 15:53:33 -04:00
|
|
|
return redirect('/mfa/setup');
|
|
|
|
}
|
2021-08-02 10:04:43 -04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Verify the MFA method submission on check.
|
2021-08-21 10:49:40 -04:00
|
|
|
*
|
2021-08-02 10:04:43 -04:00
|
|
|
* @throws NotFoundException
|
|
|
|
*/
|
|
|
|
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
|
|
|
|
{
|
|
|
|
$user = $this->currentOrLastAttemptedUser();
|
|
|
|
$totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
|
|
|
|
|
|
|
|
$this->validate($request, [
|
|
|
|
'code' => [
|
|
|
|
'required',
|
|
|
|
'max:12', 'min:4',
|
2024-03-17 12:52:19 -04:00
|
|
|
new TotpValidationRule($totpSecret, $this->totp),
|
2021-08-21 10:49:40 -04:00
|
|
|
],
|
2021-08-02 10:04:43 -04:00
|
|
|
]);
|
|
|
|
|
|
|
|
$mfaSession->markVerifiedForUser($user);
|
2021-08-02 17:02:25 -04:00
|
|
|
$loginService->reattemptLoginFor($user);
|
2021-08-02 10:04:43 -04:00
|
|
|
|
|
|
|
return redirect()->intended();
|
|
|
|
}
|
2021-07-02 15:53:33 -04:00
|
|
|
}
|