mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Code for 2fa
This commit is contained in:
James Cole
parent
0faa599b4c
commit
3cb3c7f60f
@ -71,6 +71,58 @@ class LoginController extends Controller
|
||||
$this->middleware('guest')->except('logout');
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle a login request to the application.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
|
||||
*/
|
||||
public function login(Request $request)
|
||||
{
|
||||
$this->validateLogin($request);
|
||||
|
||||
// If the class is using the ThrottlesLogins trait, we can automatically throttle
|
||||
// the login attempts for this application. We'll key this by the username and
|
||||
// the IP address of the client making these requests into this application.
|
||||
if ($this->hasTooManyLoginAttempts($request)) {
|
||||
$this->fireLockoutEvent($request);
|
||||
|
||||
return $this->sendLockoutResponse($request);
|
||||
}
|
||||
|
||||
if ($this->attemptLogin($request)) {
|
||||
|
||||
// user is logged in. Save in session if the user requested session to be remembered:
|
||||
$request->session()->put('remember_login', $request->filled('remember'));
|
||||
|
||||
return $this->sendLoginResponse($request);
|
||||
}
|
||||
|
||||
// If the login attempt was unsuccessful we will increment the number of attempts
|
||||
// to login and redirect the user back to the login form. Of course, when this
|
||||
// user surpasses their maximum number of attempts they will get locked out.
|
||||
$this->incrementLoginAttempts($request);
|
||||
|
||||
return $this->sendFailedLoginResponse($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log the user out of the application.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function logout(Request $request, CookieJar $cookieJar)
|
||||
{
|
||||
$this->guard()->logout();
|
||||
|
||||
$request->session()->invalidate();
|
||||
$cookie = $cookieJar->forget('twoFactorAuthenticated');
|
||||
|
||||
return redirect('/')->withCookie($cookie);
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the application's login form.
|
||||
*
|
||||
@ -100,7 +152,7 @@ class LoginController extends Controller
|
||||
return view('error', compact('message'));
|
||||
}
|
||||
|
||||
// forget 2fa cookie:
|
||||
// forget 2fa session thing.
|
||||
$request->session()->forget('twoFactorAuthenticated');
|
||||
|
||||
// is allowed to?
|
||||
|
||||
@ -74,9 +74,9 @@ class TwoFactorController extends Controller
|
||||
*/
|
||||
public function lostTwoFactor()
|
||||
{
|
||||
$user = auth()->user();
|
||||
$user = auth()->user();
|
||||
$siteOwner = env('SITE_OWNER', '');
|
||||
$title = strval(trans('firefly.two_factor_forgot_title'));
|
||||
$title = strval(trans('firefly.two_factor_forgot_title'));
|
||||
|
||||
Log::info(
|
||||
'To reset the two factor authentication for user #' . $user->id .
|
||||
@ -96,9 +96,23 @@ class TwoFactorController extends Controller
|
||||
*/
|
||||
public function postIndex(TokenFormRequest $request, CookieJar $cookieJar)
|
||||
{
|
||||
// update session, not cookie:
|
||||
$request->session()->put('twoFactorAuthenticated', true);
|
||||
// wants to remember session?
|
||||
$remember = $request->session()->get('remember_login') ?? false;
|
||||
|
||||
return redirect(route('home'));
|
||||
|
||||
|
||||
$minutes = config('session.lifetime');
|
||||
if ($remember === true) {
|
||||
// set cookie with a long lifetime (30 days)
|
||||
$minutes = 43200;
|
||||
}
|
||||
$cookie = $cookieJar->make(
|
||||
'twoFactorAuthenticated', 'true', $minutes, config('session.path'), config('session.domain'), config('session.secure'), config('session.http_only')
|
||||
);
|
||||
|
||||
// whatever the case, forget about it:
|
||||
$request->session()->forget('remember_login');
|
||||
|
||||
return redirect(route('home'))->withCookie($cookie);
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,7 +65,7 @@ class AuthenticateTwoFactor
|
||||
$has2faSecret = null !== Preferences::get('twoFactorAuthSecret');
|
||||
|
||||
// grab 2auth information from session.
|
||||
$is2faAuthed = true === $request->session()->get('twoFactorAuthenticated');
|
||||
$is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated');
|
||||
|
||||
if ($is2faEnabled && $has2faSecret && !$is2faAuthed) {
|
||||
Log::debug('Does not seem to be 2 factor authed, redirect.');
|
||||
|
||||
@ -47,8 +47,8 @@ class RedirectIfTwoFactorAuthenticated
|
||||
$is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
|
||||
$has2faSecret = null !== Preferences::get('twoFactorAuthSecret');
|
||||
|
||||
// grab 2auth information from session.
|
||||
$is2faAuthed = true === $request->session()->get('twoFactorAuthenticated');
|
||||
// grab 2auth information from cookie.
|
||||
$is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated');
|
||||
|
||||
if ($is2faEnabled && $has2faSecret && $is2faAuthed) {
|
||||
return redirect('/');
|
||||
|
||||
@ -24,7 +24,7 @@ declare(strict_types=1);
|
||||
|
||||
return [
|
||||
'driver' => env('SESSION_DRIVER', 'file'),
|
||||
'lifetime' => 10080,
|
||||
'lifetime' => 120,
|
||||
'expire_on_close' => false,
|
||||
'encrypt' => true,
|
||||
'files' => storage_path('framework/sessions'),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user