diff --git a/app/Http/Controllers/PreferencesController.php b/app/Http/Controllers/PreferencesController.php index 7f68c9875d..b4e5d68855 100644 --- a/app/Http/Controllers/PreferencesController.php +++ b/app/Http/Controllers/PreferencesController.php @@ -22,11 +22,9 @@ declare(strict_types=1); namespace FireflyIII\Http\Controllers; -use FireflyIII\Http\Requests\TokenFormRequest; use FireflyIII\Models\AccountType; use FireflyIII\Repositories\Account\AccountRepositoryInterface; use FireflyIII\Repositories\User\UserRepositoryInterface; -use Google2FA; use Illuminate\Http\Request; use Preferences; use Session; @@ -54,35 +52,6 @@ class PreferencesController extends Controller ); } - /** - * @return View - */ - public function code() - { - $domain = $this->getDomain(); - $secret = Google2FA::generateSecretKey(); - Session::flash('two-factor-secret', $secret); - $image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret, 200); - - return view('preferences.code', compact('image')); - } - - /** - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector - * - * @throws \Exception - * @throws \Exception - */ - public function deleteCode() - { - Preferences::delete('twoFactorAuthEnabled'); - Preferences::delete('twoFactorAuthSecret'); - Session::flash('success', strval(trans('firefly.pref_two_factor_auth_disabled'))); - Session::flash('info', strval(trans('firefly.pref_two_factor_auth_remove_it'))); - - return redirect(route('preferences.index')); - } - /** * @param AccountRepositoryInterface $repository * @@ -97,12 +66,9 @@ class PreferencesController extends Controller $language = Preferences::get('language', config('firefly.default_language', 'en_US'))->data; $listPageSize = Preferences::get('listPageSize', 50)->data; $customFiscalYear = Preferences::get('customFiscalYear', 0)->data; - $showDeps = Preferences::get('showDepositsFrontpage', false)->data; $fiscalYearStartStr = Preferences::get('fiscalYearStart', '01-01')->data; $fiscalYearStart = date('Y') . '-' . $fiscalYearStartStr; $tjOptionalFields = Preferences::get('transaction_journal_optional_fields', [])->data; - $is2faEnabled = Preferences::get('twoFactorAuthEnabled', 0)->data; // twoFactorAuthEnabled - $has2faSecret = null !== Preferences::get('twoFactorAuthSecret'); // hasTwoFactorAuthSecret return view( 'preferences.index', @@ -114,31 +80,11 @@ class PreferencesController extends Controller 'viewRange', 'customFiscalYear', 'listPageSize', - 'fiscalYearStart', - 'is2faEnabled', - 'has2faSecret', - 'showDeps' + 'fiscalYearStart' ) ); } - /** - * @param TokenFormRequest $request - * - * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector - * @SuppressWarnings(PHPMD.UnusedFormalParameter) // it's unused but the class does some validation. - */ - public function postCode(/** @scrutinizer ignore-unused */ TokenFormRequest $request) - { - Preferences::set('twoFactorAuthEnabled', 1); - Preferences::set('twoFactorAuthSecret', Session::get('two-factor-secret')); - - Session::flash('success', strval(trans('firefly.saved_preferences'))); - Preferences::mark(); - - return redirect(route('preferences.index')); - } - /** * @param Request $request * @param UserRepositoryInterface $repository @@ -169,10 +115,6 @@ class PreferencesController extends Controller Preferences::set('customFiscalYear', $customFiscalYear); Preferences::set('fiscalYearStart', $fiscalYearStart); - // show deposits frontpage: - $showDepositsFrontpage = 1 === intval($request->get('showDepositsFrontpage')); - Preferences::set('showDepositsFrontpage', $showDepositsFrontpage); - // save page size: Preferences::set('listPageSize', 50); $listPageSize = intval($request->get('listPageSize')); @@ -180,19 +122,6 @@ class PreferencesController extends Controller Preferences::set('listPageSize', $listPageSize); } - $twoFactorAuthEnabled = false; - $hasTwoFactorAuthSecret = false; - if (!$repository->hasRole(auth()->user(), 'demo')) { - // two factor auth - $twoFactorAuthEnabled = intval($request->get('twoFactorAuthEnabled')); - $hasTwoFactorAuthSecret = null !== Preferences::get('twoFactorAuthSecret'); - - // If we already have a secret, just set the two factor auth enabled to 1, and let the user continue with the existing secret. - if ($hasTwoFactorAuthSecret) { - Preferences::set('twoFactorAuthEnabled', $twoFactorAuthEnabled); - } - } - // language: $lang = $request->get('language'); if (in_array($lang, array_keys(config('firefly.languages')))) { @@ -217,23 +146,6 @@ class PreferencesController extends Controller Session::flash('success', strval(trans('firefly.saved_preferences'))); Preferences::mark(); - // if we don't have a valid secret yet, redirect to the code page. - // AND USER HAS ACTUALLY ENABLED 2FA - if (!$hasTwoFactorAuthSecret && 1 === $twoFactorAuthEnabled) { - return redirect(route('preferences.code')); - } - return redirect(route('preferences.index')); } - - /** - * @return string - */ - private function getDomain(): string - { - $url = url()->to('/'); - $parts = parse_url($url); - - return $parts['host']; - } } diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index ceb9ad16ae..b3aca1d3e7 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -31,9 +31,11 @@ use FireflyIII\Http\Middleware\IsSandStormUser; use FireflyIII\Http\Requests\DeleteAccountFormRequest; use FireflyIII\Http\Requests\EmailFormRequest; use FireflyIII\Http\Requests\ProfileFormRequest; +use FireflyIII\Http\Requests\TokenFormRequest; use FireflyIII\Models\Preference; use FireflyIII\Repositories\User\UserRepositoryInterface; use FireflyIII\User; +use Google2FA; use Hash; use Illuminate\Contracts\Auth\Guard; use Log; @@ -92,6 +94,50 @@ class ProfileController extends Controller return view('profile.change-password', compact('title', 'subTitle', 'subTitleIcon')); } + /** + * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + */ + public function deleteCode() + { + Preferences::delete('twoFactorAuthEnabled'); + Preferences::delete('twoFactorAuthSecret'); + Session::flash('success', strval(trans('firefly.pref_two_factor_auth_disabled'))); + Session::flash('info', strval(trans('firefly.pref_two_factor_auth_remove_it'))); + + return redirect(route('profile.index')); + } + + /** + * View that generates a 2FA code for the user. + * @return View + */ + public function code() + { + $domain = $this->getDomain(); + $secret = Google2FA::generateSecretKey(); + Session::flash('two-factor-secret', $secret); + $image = Google2FA::getQRCodeInline($domain, auth()->user()->email, $secret, 200); + + return view('profile.code', compact('image')); + } + + /** + * @param TokenFormRequest $request + * + * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + * @SuppressWarnings(PHPMD.UnusedFormalParameter) // it's unused but the class does some validation. + */ + public function postCode(TokenFormRequest $request) + { + Preferences::set('twoFactorAuthEnabled', 1); + Preferences::set('twoFactorAuthSecret', Session::get('two-factor-secret')); + + Session::flash('success', strval(trans('firefly.saved_preferences'))); + Preferences::mark(); + + return redirect(route('profile.index')); + } + /** * @param UserRepositoryInterface $repository * @param string $token @@ -139,13 +185,37 @@ class ProfileController extends Controller return view('profile.delete-account', compact('title', 'subTitle', 'subTitleIcon')); } + /** + * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector + */ + public function enable2FA(UserRepositoryInterface $repository) + { + if ($repository->hasRole(auth()->user(), 'demo')) { + return redirect(route('profile.index')); + } + $hasTwoFactorAuthSecret = (null !== Preferences::get('twoFactorAuthSecret')); + + // if we don't have a valid secret yet, redirect to the code page to get one. + if (!$hasTwoFactorAuthSecret) { + return redirect(route('profile.code')); + } + + // If FF3 already has a secret, just set the two factor auth enabled to 1, + // and let the user continue with the existing secret. + + Preferences::set('twoFactorAuthEnabled', 1); + + return redirect(route('profile.index')); + } + /** * @return View */ public function index() { - $subTitle = auth()->user()->email; - $userId = auth()->user()->id; + $subTitle = auth()->user()->email; + $userId = auth()->user()->id; + $enabled2FA = intval(Preferences::get('twoFactorAuthEnabled', 0)->data) === 1; // get access token or create one. $accessToken = Preferences::get('access_token', null); @@ -154,7 +224,7 @@ class ProfileController extends Controller $accessToken = Preferences::set('access_token', $token); } - return view('profile.index', compact('subTitle', 'userId', 'accessToken')); + return view('profile.index', compact('subTitle', 'userId', 'accessToken', 'enabled2FA')); } /** @@ -332,4 +402,15 @@ class ProfileController extends Controller return true; } + + /** + * @return string + */ + private function getDomain(): string + { + $url = url()->to('/'); + $parts = parse_url($url); + + return $parts['host']; + } } diff --git a/app/Support/Preferences.php b/app/Support/Preferences.php index f5cd8f454a..1f7048c922 100644 --- a/app/Support/Preferences.php +++ b/app/Support/Preferences.php @@ -23,6 +23,7 @@ declare(strict_types=1); namespace FireflyIII\Support; use Cache; +use Exception; use FireflyIII\Models\Preference; use FireflyIII\User; use Illuminate\Support\Collection; @@ -50,8 +51,6 @@ class Preferences * @param $name * * @return bool - * - * @throws \Exception */ public function delete(string $name): bool { @@ -59,7 +58,11 @@ class Preferences if (Cache::has($fullName)) { Cache::forget($fullName); } - Preference::where('user_id', auth()->user()->id)->where('name', $name)->delete(); + try { + Preference::where('user_id', auth()->user()->id)->where('name', $name)->delete(); + } catch (Exception $e) { + // don't care. + } return true; } diff --git a/resources/lang/en_US/firefly.php b/resources/lang/en_US/firefly.php index f5e15f7b4c..68fc407b58 100644 --- a/resources/lang/en_US/firefly.php +++ b/resources/lang/en_US/firefly.php @@ -446,8 +446,7 @@ return [ 'pref_two_factor_auth_code' => 'Verify code', 'pref_two_factor_auth_code_help' => 'Scan the QR code with an application on your phone such as Authy or Google Authenticator and enter the generated code.', 'pref_two_factor_auth_reset_code' => 'Reset verification code', - 'pref_two_factor_auth_remove_code' => 'Remove verification code', - 'pref_two_factor_auth_remove_will_disable' => '(this will also disable two-factor authentication)', + 'pref_two_factor_auth_disable_2fa' => 'Disable 2FA', 'pref_save_settings' => 'Save settings', 'saved_preferences' => 'Preferences saved!', 'preferences_general' => 'General', diff --git a/resources/views/preferences/index.twig b/resources/views/preferences/index.twig index 17e9fec4cc..37e6c58496 100644 --- a/resources/views/preferences/index.twig +++ b/resources/views/preferences/index.twig @@ -15,7 +15,6 @@
{{ 'pref_home_show_deposits_info'|_ }}
-{{ 'pref_two_factor_auth_help'|_ }}
-