2021-06-28 21:02:45 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace BookStack\Http\Controllers\Auth;
|
|
|
|
|
|
2021-06-29 21:06:49 +00:00
|
|
|
use BaconQrCode\Renderer\Color\Rgb;
|
|
|
|
|
use BaconQrCode\Renderer\Image\SvgImageBackEnd;
|
|
|
|
|
use BaconQrCode\Renderer\ImageRenderer;
|
|
|
|
|
use BaconQrCode\Renderer\RendererStyle\Fill;
|
|
|
|
|
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
|
|
|
|
|
use BaconQrCode\Writer;
|
2021-06-28 21:02:45 +00:00
|
|
|
use BookStack\Http\Controllers\Controller;
|
|
|
|
|
use Illuminate\Http\Request;
|
2021-06-29 21:06:49 +00:00
|
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
|
use PragmaRX\Google2FA\Exceptions\IncompatibleWithGoogleAuthenticatorException;
|
|
|
|
|
use PragmaRX\Google2FA\Exceptions\InvalidCharactersException;
|
|
|
|
|
use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;
|
|
|
|
|
use PragmaRX\Google2FA\Google2FA;
|
2021-06-28 21:02:45 +00:00
|
|
|
|
|
|
|
|
class MfaController extends Controller
|
|
|
|
|
{
|
2021-06-29 21:06:49 +00:00
|
|
|
protected const TOTP_SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
|
|
|
|
|
|
2021-06-28 21:02:45 +00:00
|
|
|
/**
|
|
|
|
|
* Show the view to setup MFA for the current user.
|
|
|
|
|
*/
|
|
|
|
|
public function setup()
|
|
|
|
|
{
|
|
|
|
|
// TODO - Redirect back to profile/edit if already setup?
|
|
|
|
|
// Show MFA setup route
|
|
|
|
|
return view('mfa.setup');
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-29 21:06:49 +00:00
|
|
|
/**
|
|
|
|
|
* Show a view that generates and displays a TOTP QR code.
|
|
|
|
|
* @throws IncompatibleWithGoogleAuthenticatorException
|
|
|
|
|
* @throws InvalidCharactersException
|
|
|
|
|
* @throws SecretKeyTooShortException
|
|
|
|
|
*/
|
|
|
|
|
public function totpGenerate()
|
2021-06-28 21:02:45 +00:00
|
|
|
{
|
2021-06-29 21:06:49 +00:00
|
|
|
// TODO - Ensure a QR code doesn't already exist? Or overwrite?
|
|
|
|
|
$google2fa = new Google2FA();
|
|
|
|
|
if (session()->has(static::TOTP_SETUP_SECRET_SESSION_KEY)) {
|
|
|
|
|
$totpSecret = decrypt(session()->get(static::TOTP_SETUP_SECRET_SESSION_KEY));
|
|
|
|
|
} else {
|
|
|
|
|
$totpSecret = $google2fa->generateSecretKey();
|
|
|
|
|
session()->put(static::TOTP_SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$qrCodeUrl = $google2fa->getQRCodeUrl(
|
|
|
|
|
setting('app-name'),
|
|
|
|
|
user()->email,
|
|
|
|
|
$totpSecret
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));
|
|
|
|
|
$svg = (new Writer(
|
|
|
|
|
new ImageRenderer(
|
|
|
|
|
new RendererStyle(192, 0, null, null, $color),
|
|
|
|
|
new SvgImageBackEnd
|
|
|
|
|
)
|
|
|
|
|
))->writeString($qrCodeUrl);
|
2021-06-28 21:02:45 +00:00
|
|
|
|
|
|
|
|
// Get user to verify setup via responding once.
|
|
|
|
|
// If correct response, Save key against user
|
2021-06-29 21:06:49 +00:00
|
|
|
return view('mfa.totp-generate', [
|
|
|
|
|
'secret' => $totpSecret,
|
|
|
|
|
'svg' => $svg,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Confirm the setup of TOTP and save the auth method secret
|
|
|
|
|
* against the current user.
|
|
|
|
|
* @throws ValidationException
|
|
|
|
|
*/
|
|
|
|
|
public function totpConfirm(Request $request)
|
|
|
|
|
{
|
|
|
|
|
$this->validate($request, [
|
|
|
|
|
'code' => 'required|max:12|min:4'
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// TODO - Confirm code
|
|
|
|
|
dd($request->input('code'));
|
2021-06-28 21:02:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
