mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Better 2fa handling
This commit is contained in:
James Cole
parent
48c26c5837
commit
f7642beb7c
@ -19,7 +19,6 @@ use FireflyIII\Repositories\User\UserRepositoryInterface;
|
||||
use Illuminate\Mail\Message;
|
||||
use Log;
|
||||
use Mail;
|
||||
use Session;
|
||||
use Swift_TransportException;
|
||||
|
||||
/**
|
||||
@ -54,20 +53,6 @@ class UserEventHandler
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle user logout events.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function logoutUser(): bool
|
||||
{
|
||||
// dump stuff from the session:
|
||||
Session::forget('twoFactorAuthenticated');
|
||||
Session::forget('twoFactorAuthenticatedDate');
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param RequestedNewPassword $event
|
||||
*
|
||||
|
||||
@ -16,6 +16,7 @@ use Config;
|
||||
use FireflyConfig;
|
||||
use FireflyIII\Http\Controllers\Controller;
|
||||
use FireflyIII\User;
|
||||
use Illuminate\Cookie\CookieJar;
|
||||
use Illuminate\Foundation\Auth\AuthenticatesUsers;
|
||||
use Illuminate\Http\Request;
|
||||
use Lang;
|
||||
@ -74,23 +75,26 @@ class LoginController extends Controller
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Request $request
|
||||
* @param Request $request
|
||||
* @param CookieJar $cookieJar
|
||||
*
|
||||
* @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
|
||||
* @return $this
|
||||
*/
|
||||
public function logout(Request $request)
|
||||
public function logout(Request $request, CookieJar $cookieJar)
|
||||
{
|
||||
if (intval(getenv('SANDSTORM')) === 1) {
|
||||
return view('error')->with('message', strval(trans('firefly.sandstorm_not_available')));
|
||||
}
|
||||
|
||||
$cookie = $cookieJar->forever('twoFactorAuthenticated', 'false');
|
||||
|
||||
$this->guard()->logout();
|
||||
|
||||
$request->session()->flush();
|
||||
|
||||
$request->session()->regenerate();
|
||||
|
||||
return redirect('/');
|
||||
return redirect('/')->withCookie($cookie);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -13,14 +13,13 @@ declare(strict_types = 1);
|
||||
|
||||
namespace FireflyIII\Http\Controllers\Auth;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use FireflyIII\Exceptions\FireflyException;
|
||||
use FireflyIII\Http\Controllers\Controller;
|
||||
use FireflyIII\Http\Requests\TokenFormRequest;
|
||||
use Illuminate\Cookie\CookieJar;
|
||||
use Illuminate\Http\Request;
|
||||
use Log;
|
||||
use Preferences;
|
||||
use Session;
|
||||
|
||||
/**
|
||||
* Class TwoFactorController
|
||||
@ -84,12 +83,12 @@ class TwoFactorController extends Controller
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function postIndex(TokenFormRequest $request)
|
||||
public function postIndex(TokenFormRequest $request, CookieJar $cookieJar)
|
||||
{
|
||||
Session::put('twoFactorAuthenticated', true);
|
||||
Session::put('twoFactorAuthenticatedDate', new Carbon);
|
||||
// set cookie!
|
||||
$cookie = $cookieJar->forever('twoFactorAuthenticated', 'true');
|
||||
|
||||
return redirect(route('home'));
|
||||
return redirect(route('home'))->withCookie($cookie);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -14,8 +14,10 @@ declare(strict_types = 1);
|
||||
namespace FireflyIII\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Cookie;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Log;
|
||||
use Preferences;
|
||||
use Session;
|
||||
|
||||
@ -55,8 +57,13 @@ class AuthenticateTwoFactor
|
||||
}
|
||||
$is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
|
||||
$has2faSecret = !is_null(Preferences::get('twoFactorAuthSecret'));
|
||||
$is2faAuthed = Session::get('twofactor-authenticated');
|
||||
|
||||
// grab 2auth information from cookie, not from session.
|
||||
$is2faAuthed = Cookie::get('twoFactorAuthenticated') === 'true';
|
||||
|
||||
if ($is2faEnabled && $has2faSecret && !$is2faAuthed) {
|
||||
Log::debug('Does not seem to be 2 factor authed, redirect.');
|
||||
|
||||
return redirect(route('two-factor.index'));
|
||||
}
|
||||
|
||||
|
||||
@ -17,7 +17,8 @@ use Closure;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Preferences;
|
||||
use Session;
|
||||
|
||||
use Log;
|
||||
use Cookie;
|
||||
/**
|
||||
* Class RedirectIfTwoFactorAuthenticated
|
||||
*
|
||||
@ -40,7 +41,10 @@ class RedirectIfTwoFactorAuthenticated
|
||||
|
||||
$is2faEnabled = Preferences::get('twoFactorAuthEnabled', false)->data;
|
||||
$has2faSecret = !is_null(Preferences::get('twoFactorAuthSecret'));
|
||||
$is2faAuthed = Session::get('twoFactorAuthenticated');
|
||||
|
||||
// grab 2auth information from cookie
|
||||
$is2faAuthed = Cookie::get('twoFactorAuthenticated') === 'true';
|
||||
|
||||
if ($is2faEnabled && $has2faSecret && $is2faAuthed) {
|
||||
return redirect('/');
|
||||
}
|
||||
|
||||
@ -56,12 +56,6 @@ class EventServiceProvider extends ServiceProvider
|
||||
'FireflyIII\Handlers\Events\UpdatedJournalEventHandler@scanBills',
|
||||
'FireflyIII\Handlers\Events\UpdatedJournalEventHandler@processRules',
|
||||
],
|
||||
|
||||
// LARAVEL EVENTS:
|
||||
'Illuminate\Auth\Events\Logout' =>
|
||||
[
|
||||
'FireflyIII\Handlers\Events\UserEventHandler@logoutUser',
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user