BookStack/app/Access/Controllers/MfaTotpController.php

105 lines
3.1 KiB
PHP
Raw Normal View History

<?php
2023-05-17 12:56:55 -04:00
namespace BookStack\Access\Controllers;
2023-05-17 12:56:55 -04:00
use BookStack\Access\LoginService;
use BookStack\Access\Mfa\MfaSession;
use BookStack\Access\Mfa\MfaValue;
use BookStack\Access\Mfa\TotpService;
use BookStack\Access\Mfa\TotpValidationRule;
use BookStack\Activity\ActivityType;
use BookStack\Exceptions\NotFoundException;
use BookStack\Http\Controller;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class MfaTotpController extends Controller
{
use HandlesPartialLogins;
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
2024-03-17 12:52:19 -04:00
public function __construct(
protected TotpService $totp
) {
}
/**
* Show a view that generates and displays a TOTP QR code.
*/
2024-03-17 12:52:19 -04:00
public function generate()
{
if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
$totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
} else {
2024-03-17 12:52:19 -04:00
$totpSecret = $this->totp->generateSecret();
session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
}
2024-03-17 12:52:19 -04:00
$qrCodeUrl = $this->totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
$svg = $this->totp->generateQrCodeSvg($qrCodeUrl);
$this->setPageTitle(trans('auth.mfa_gen_totp_title'));
return view('mfa.totp-generate', [
'url' => $qrCodeUrl,
'svg' => $svg,
]);
}
/**
* Confirm the setup of TOTP and save the auth method secret
* against the current user.
2021-08-21 10:49:40 -04:00
*
* @throws ValidationException
* @throws NotFoundException
*/
public function confirm(Request $request)
{
$totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
$this->validate($request, [
'code' => [
'required',
'max:12', 'min:4',
2024-03-17 12:52:19 -04:00
new TotpValidationRule($totpSecret, $this->totp),
2021-08-21 10:49:40 -04:00
],
]);
MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
session()->remove(static::SETUP_SECRET_SESSION_KEY);
$this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
2021-08-21 10:49:40 -04:00
return redirect('/login');
}
return redirect('/mfa/setup');
}
2021-08-02 10:04:43 -04:00
/**
* Verify the MFA method submission on check.
2021-08-21 10:49:40 -04:00
*
2021-08-02 10:04:43 -04:00
* @throws NotFoundException
*/
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
{
$user = $this->currentOrLastAttemptedUser();
$totpSecret = MfaValue::getValueForUser($user, MfaValue::METHOD_TOTP);
$this->validate($request, [
'code' => [
'required',
'max:12', 'min:4',
2024-03-17 12:52:19 -04:00
new TotpValidationRule($totpSecret, $this->totp),
2021-08-21 10:49:40 -04:00
],
2021-08-02 10:04:43 -04:00
]);
$mfaSession->markVerifiedForUser($user);
$loginService->reattemptLoginFor($user);
2021-08-02 10:04:43 -04:00
return redirect()->intended();
}
}