Can use backup codes to login.

2025-01-02 12:17:22 -06:00 · 2019-08-04 07:10:18 +02:00 · 2019-08-04 07:10:18 +02:00 · e41211bed7
commit e41211bed7
parent 0b6c3efe8d
3 changed files with 51 additions and 10 deletions
--- a/app/Http/Controllers/Auth/TwoFactorController.php
+++ b/app/Http/Controllers/Auth/TwoFactorController.php
@ -64,6 +64,17 @@ class TwoFactorController extends Controller
            // otp auth success!
            return redirect(route('home'));
        }
+
+        // could be user has a backup code.
+        if ($this->isBackupCode($mfaCode)) {
+            $this->removeFromBackupCodes($mfaCode);
+            $authenticator->login();
+
+            session()->flash('info', trans('firefly.mfa_backup_code'));
+
+            return redirect(route('home'));
+        }
+
        session()->flash('error', trans('firefly.wrong_mfa_code'));

        return redirect(route('home'));
@ -213,4 +224,33 @@ class TwoFactorController extends Controller

        return false;
    }
+
+    /**
+     * Checks if code is in users backup codes.
+     *
+     * @param string $mfaCode
+     *
+     * @return bool
+     */
+    private function isBackupCode(string $mfaCode): bool
+    {
+        $list = Preferences::get('mfa_recovery', [])->data;
+        if (in_array($mfaCode, $list, true)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Remove the used code from the list of backup codes.
+     *
+     * @param string $mfaCode
+     */
+    private function removeFromBackupCodes(string $mfaCode): void
+    {
+        $list    = Preferences::get('mfa_recovery', [])->data;
+        $newList = array_values(array_diff($list, [$mfaCode]));
+        Preferences::set('mfa_recovery', $newList);
+    }
 }
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@ -91,15 +91,16 @@ return [
    'two_factor_forgot_title'          => 'Lost two factor authentication',
    'two_factor_forgot'                => 'I forgot my two-factor thing.',
    'two_factor_lost_header'           => 'Lost your two factor authentication?',
-    'two_factor_lost_intro'            => 'If you lost your backup codes as well, you have bad luck. This is not something you can fix from the web interface. You have two choices.',
-    'two_factor_lost_fix_self'         => 'If you run your own instance of Firefly III, check the logs in <code>storage/logs</code> for instructions, or run <code>docker logs &lt;container_id&gt;</code> to see the instructions (refresh this page).',
-    'two_factor_lost_fix_owner'        => 'Otherwise, email the site owner, <a href="mailto::site_owner">:site_owner</a> and ask them to reset your two factor authentication.',
-    'warning_much_data'                => ':days days of data may take a while to load.',
-    'registered'                       => 'You have registered successfully!',
-    'Default asset account'            => 'Default asset account',
-    'no_budget_pointer'                => 'You seem to have no budgets yet. You should create some on the <a href=":link">budgets</a>-page. Budgets can help you keep track of expenses.',
-    'Savings account'                            => 'Savings account',
-    'Credit card'                                => 'Credit card',
+    'two_factor_lost_intro'     => 'If you lost your backup codes as well, you have bad luck. This is not something you can fix from the web interface. You have two choices.',
+    'two_factor_lost_fix_self'  => 'If you run your own instance of Firefly III, check the logs in <code>storage/logs</code> for instructions, or run <code>docker logs &lt;container_id&gt;</code> to see the instructions (refresh this page).',
+    'two_factor_lost_fix_owner' => 'Otherwise, email the site owner, <a href="mailto::site_owner">:site_owner</a> and ask them to reset your two factor authentication.',
+    'mfa_backup_code'           => 'You have used a backup code to login to Firefly III. It can\'t be used again, so cross it from your list.',
+    'warning_much_data'         => ':days days of data may take a while to load.',
+    'registered'                => 'You have registered successfully!',
+    'Default asset account'     => 'Default asset account',
+    'no_budget_pointer'         => 'You seem to have no budgets yet. You should create some on the <a href=":link">budgets</a>-page. Budgets can help you keep track of expenses.',
+    'Savings account'           => 'Savings account',
+    'Credit card'               => 'Credit card',
    'source_accounts'                            => 'Source account(s)',
    'destination_accounts'                       => 'Destination account(s)',
    'user_id_is'                                 => 'Your user id is <strong>:user</strong>',
--- a/resources/views/v1/auth/mfa.twig
+++ b/resources/views/v1/auth/mfa.twig
@ -18,7 +18,7 @@
            <input type="hidden" name="_token" value="{{ csrf_token() }}"/>

            <div class="form-group has-feedback">
-                <input type="number" name="one_time_password" class="form-control" placeholder="{{ 'two_factor_code_here'|_ }}"/>
+                <input type="text" name="one_time_password" class="form-control" placeholder="{{ 'two_factor_code_here'|_ }}"/>
            </div>

            <div class="row">