mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-12-26 08:51:12 -06:00
Do not give the user the secret.
This commit is contained in:
parent
a26acf4a25
commit
fb165ef28b
@ -37,10 +37,11 @@ class PreferencesController extends Controller
|
||||
{
|
||||
$domain = $this->getDomain();
|
||||
$secret = $google2fa->generateSecretKey(16, Auth::user()->id);
|
||||
Session::flash('two-factor-secret', $secret);
|
||||
$image = $google2fa->getQRCodeInline('Firefly III at ' . $domain, null, $secret, 150);
|
||||
|
||||
|
||||
return view('preferences.code', compact('secret', 'image'));
|
||||
return view('preferences.code', compact('image'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -29,8 +29,7 @@ class TokenFormRequest extends Request
|
||||
{
|
||||
|
||||
$rules = [
|
||||
'secret' => 'required',
|
||||
'code' => 'required|2faCode:secret',
|
||||
'code' => 'required|2faCode',
|
||||
];
|
||||
|
||||
return $rules;
|
||||
|
@ -18,8 +18,8 @@ use FireflyIII\Rules\Triggers\TriggerInterface;
|
||||
use FireflyIII\User;
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Illuminate\Validation\Validator;
|
||||
use Input;
|
||||
use Log;
|
||||
use Session;
|
||||
use Symfony\Component\Translation\TranslatorInterface;
|
||||
|
||||
/**
|
||||
@ -59,9 +59,7 @@ class FireflyValidator extends Validator
|
||||
return false;
|
||||
}
|
||||
|
||||
// Retrieve the secret from our hidden form field.
|
||||
$secret = Input::get($parameters[0]);
|
||||
|
||||
$secret = Session::get('two-factor-secret');
|
||||
$google2fa = app('PragmaRX\Google2FA\Google2FA');
|
||||
|
||||
return $google2fa->verifyKey($secret, $value);
|
||||
|
@ -6,8 +6,6 @@
|
||||
|
||||
{% block content %}
|
||||
{{ Form.open({'class' : 'form-horizontal','id' : 'preferences.code'}) }}
|
||||
<input type="hidden" name="secret" value="{{ secret }}"/>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 col-sm-6">
|
||||
<div class="box">
|
||||
@ -19,19 +17,14 @@
|
||||
{{ 'pref_two_factor_auth_code_help'|_ }}
|
||||
</p>
|
||||
<div class="form group">
|
||||
|
||||
<div class="col-sm-8 col-md-offset-4">
|
||||
<img src="{{ image }}" />
|
||||
<img src="{{ image }}" alt="" title="" />
|
||||
<br /><br />
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="form group">
|
||||
<div class="col-sm-8 col-md-offset-4">
|
||||
<p>{{ secret }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{ ExpandedForm.text('code', code, {'label' : 'Code'}) }}
|
||||
|
||||
{{ ExpandedForm.text('code', code) }}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user