From 3cb3c7f60f37f18ff62276c9b055f2f1b1e1f0f2 Mon Sep 17 00:00:00 2001 From: James Cole Date: Wed, 22 Nov 2017 20:20:57 +0100 Subject: [PATCH] Code for 2fa --- app/Http/Controllers/Auth/LoginController.php | 54 ++++++++++++++++++- .../Controllers/Auth/TwoFactorController.php | 24 +++++++-- app/Http/Middleware/AuthenticateTwoFactor.php | 2 +- .../RedirectIfTwoFactorAuthenticated.php | 4 +- config/session.php | 2 +- 5 files changed, 76 insertions(+), 10 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index b6d80cf1ca..94da2b319f 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -71,6 +71,58 @@ class LoginController extends Controller $this->middleware('guest')->except('logout'); } + /** + * Handle a login request to the application. + * + * @param \Illuminate\Http\Request $request + * + * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse + */ + public function login(Request $request) + { + $this->validateLogin($request); + + // If the class is using the ThrottlesLogins trait, we can automatically throttle + // the login attempts for this application. We'll key this by the username and + // the IP address of the client making these requests into this application. + if ($this->hasTooManyLoginAttempts($request)) { + $this->fireLockoutEvent($request); + + return $this->sendLockoutResponse($request); + } + + if ($this->attemptLogin($request)) { + + // user is logged in. Save in session if the user requested session to be remembered: + $request->session()->put('remember_login', $request->filled('remember')); + + return $this->sendLoginResponse($request); + } + + // If the login attempt was unsuccessful we will increment the number of attempts + // to login and redirect the user back to the login form. Of course, when this + // user surpasses their maximum number of attempts they will get locked out. + $this->incrementLoginAttempts($request); + + return $this->sendFailedLoginResponse($request); + } + + /** + * Log the user out of the application. + * + * @param \Illuminate\Http\Request $request + * @return \Illuminate\Http\Response + */ + public function logout(Request $request, CookieJar $cookieJar) + { + $this->guard()->logout(); + + $request->session()->invalidate(); + $cookie = $cookieJar->forget('twoFactorAuthenticated'); + + return redirect('/')->withCookie($cookie); + } + /** * Show the application's login form. * @@ -100,7 +152,7 @@ class LoginController extends Controller return view('error', compact('message')); } - // forget 2fa cookie: + // forget 2fa session thing. $request->session()->forget('twoFactorAuthenticated'); // is allowed to? diff --git a/app/Http/Controllers/Auth/TwoFactorController.php b/app/Http/Controllers/Auth/TwoFactorController.php index 5924d5be9e..de2da698d8 100644 --- a/app/Http/Controllers/Auth/TwoFactorController.php +++ b/app/Http/Controllers/Auth/TwoFactorController.php @@ -74,9 +74,9 @@ class TwoFactorController extends Controller */ public function lostTwoFactor() { - $user = auth()->user(); + $user = auth()->user(); $siteOwner = env('SITE_OWNER', ''); - $title = strval(trans('firefly.two_factor_forgot_title')); + $title = strval(trans('firefly.two_factor_forgot_title')); Log::info( 'To reset the two factor authentication for user #' . $user->id . @@ -96,9 +96,23 @@ class TwoFactorController extends Controller */ public function postIndex(TokenFormRequest $request, CookieJar $cookieJar) { - // update session, not cookie: - $request->session()->put('twoFactorAuthenticated', true); + // wants to remember session? + $remember = $request->session()->get('remember_login') ?? false; - return redirect(route('home')); + + + $minutes = config('session.lifetime'); + if ($remember === true) { + // set cookie with a long lifetime (30 days) + $minutes = 43200; + } + $cookie = $cookieJar->make( + 'twoFactorAuthenticated', 'true', $minutes, config('session.path'), config('session.domain'), config('session.secure'), config('session.http_only') + ); + + // whatever the case, forget about it: + $request->session()->forget('remember_login'); + + return redirect(route('home'))->withCookie($cookie); } } diff --git a/app/Http/Middleware/AuthenticateTwoFactor.php b/app/Http/Middleware/AuthenticateTwoFactor.php index 8b0ae9e071..648185d382 100644 --- a/app/Http/Middleware/AuthenticateTwoFactor.php +++ b/app/Http/Middleware/AuthenticateTwoFactor.php @@ -65,7 +65,7 @@ class AuthenticateTwoFactor $has2faSecret = null !== Preferences::get('twoFactorAuthSecret'); // grab 2auth information from session. - $is2faAuthed = true === $request->session()->get('twoFactorAuthenticated'); + $is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated'); if ($is2faEnabled && $has2faSecret && !$is2faAuthed) { Log::debug('Does not seem to be 2 factor authed, redirect.'); diff --git a/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php b/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php index 7b379fd462..5e43aa7837 100644 --- a/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php +++ b/app/Http/Middleware/RedirectIfTwoFactorAuthenticated.php @@ -47,8 +47,8 @@ class RedirectIfTwoFactorAuthenticated $is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data; $has2faSecret = null !== Preferences::get('twoFactorAuthSecret'); - // grab 2auth information from session. - $is2faAuthed = true === $request->session()->get('twoFactorAuthenticated'); + // grab 2auth information from cookie. + $is2faAuthed = 'true' === $request->cookie('twoFactorAuthenticated'); if ($is2faEnabled && $has2faSecret && $is2faAuthed) { return redirect('/'); diff --git a/config/session.php b/config/session.php index 0dd3edfc10..3ca75340f1 100644 --- a/config/session.php +++ b/config/session.php @@ -24,7 +24,7 @@ declare(strict_types=1); return [ 'driver' => env('SESSION_DRIVER', 'file'), - 'lifetime' => 10080, + 'lifetime' => 120, 'expire_on_close' => false, 'encrypt' => true, 'files' => storage_path('framework/sessions'),