. */ declare(strict_types=1); namespace FireflyIII\Http\Controllers\Auth; use FireflyIII\Exceptions\FireflyException; use FireflyIII\Http\Controllers\Controller; use FireflyIII\Http\Requests\TokenFormRequest; use Illuminate\Cookie\CookieJar; use Illuminate\Http\Request; use Log; use Preferences; /** * Class TwoFactorController. */ class TwoFactorController extends Controller { /** * @param Request $request * * @return \Illuminate\Contracts\View\Factory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Illuminate\View\View * * @throws FireflyException * * @SuppressWarnings(PHPMD.CyclomaticComplexity) */ public function index(Request $request) { $user = auth()->user(); // to make sure the validator in the next step gets the secret, we push it in session $secretPreference = Preferences::get('twoFactorAuthSecret', null); $secret = null === $secretPreference ? null : $secretPreference->data; $title = strval(trans('firefly.two_factor_title')); // make sure the user has two factor configured: $has2FA = Preferences::get('twoFactorAuthEnabled', false)->data; if (null === $has2FA || false === $has2FA) { return redirect(route('index')); } if (0 === strlen(strval($secret))) { throw new FireflyException('Your two factor authentication secret is empty, which it cannot be at this point. Please check the log files.'); } $request->session()->flash('two-factor-secret', $secret); return view('auth.two-factor', compact('user', 'title')); } /** * @return mixed * * @throws FireflyException */ public function lostTwoFactor() { $user = auth()->user(); $siteOwner = env('SITE_OWNER', ''); $title = strval(trans('firefly.two_factor_forgot_title')); Log::info( 'To reset the two factor authentication for user #' . $user->id . ' (' . $user->email . '), simply open the "preferences" table and delete the entries with the names "twoFactorAuthEnabled" and' . ' "twoFactorAuthSecret" for user_id ' . $user->id . '. That will take care of it.' ); return view('auth.lost-two-factor', compact('user', 'siteOwner', 'title')); } /** * @param TokenFormRequest $request * @param CookieJar $cookieJar * * @return mixed * @SuppressWarnings(PHPMD.UnusedFormalParameter) // it's unused but the class does some validation. */ public function postIndex(TokenFormRequest $request, CookieJar $cookieJar) { // wants to remember session? $remember = $request->session()->get('remember_login') ?? false; $minutes = config('session.lifetime'); if (true === $remember) { // set cookie with a long lifetime (30 days) $minutes = 43200; } $cookie = $cookieJar->make( 'twoFactorAuthenticated', 'true', $minutes, config('session.path'), config('session.domain'), config('session.secure'), config('session.http_only') ); // whatever the case, forget about it: $request->session()->forget('remember_login'); return redirect(route('home'))->withCookie($cookie); } }