mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
78f9c01519
Discovered some difficult edge cases: - User image loading in header bar when using local_secure storage - 404s showing user-specific visible content due to content listing on 404 page since user is in semi-logged in state. Maybe need to go through and change up how logins are handled to centralise and provide us better control at login time to prevent any auth level.
55 lines
1.3 KiB
PHP
55 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Controllers\Auth;
|
|
|
|
use BookStack\Actions\ActivityType;
|
|
use BookStack\Auth\Access\Mfa\MfaValue;
|
|
use BookStack\Http\Controllers\Controller;
|
|
|
|
class MfaController extends Controller
|
|
{
|
|
/**
|
|
* Show the view to setup MFA for the current user.
|
|
*/
|
|
public function setup()
|
|
{
|
|
$userMethods = user()->mfaValues()
|
|
->get(['id', 'method'])
|
|
->groupBy('method');
|
|
return view('mfa.setup', [
|
|
'userMethods' => $userMethods,
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Remove an MFA method for the current user.
|
|
* @throws \Exception
|
|
*/
|
|
public function remove(string $method)
|
|
{
|
|
if (in_array($method, MfaValue::allMethods())) {
|
|
$value = user()->mfaValues()->where('method', '=', $method)->first();
|
|
if ($value) {
|
|
$value->delete();
|
|
$this->logActivity(ActivityType::MFA_REMOVE_METHOD, $method);
|
|
}
|
|
}
|
|
|
|
return redirect('/mfa/setup');
|
|
}
|
|
|
|
/**
|
|
* Show the page to start an MFA verification.
|
|
*/
|
|
public function verify()
|
|
{
|
|
$userMethods = user()->mfaValues()
|
|
->get(['id', 'method'])
|
|
->groupBy('method');
|
|
|
|
return view('mfa.verify', [
|
|
'userMethods' => $userMethods,
|
|
]);
|
|
}
|
|
}
|