3 namespace Friendica\Model\TwoFactor;
5 use Friendica\BaseObject;
6 use Friendica\Database\DBA;
7 use Friendica\Model\User;
8 use Friendica\Util\DateTimeFormat;
9 use Friendica\Util\Temporal;
10 use PragmaRX\Random\Random;
13 * Manages users' two-factor recovery hashed_passwords in the 2fa_app_specific_passwords table
15 * @package Friendica\Model
17 class AppSpecificPassword extends BaseObject
19 public static function countForUser($uid)
21 return DBA::count('2fa_app_specific_password', ['uid' => $uid]);
24 public static function checkDuplicateForUser($uid, $description)
26 return DBA::exists('2fa_app_specific_password', ['uid' => $uid, 'description' => $description]);
30 * Checks the provided hashed_password is available to use for login by the provided user
32 * @param int $uid User ID
33 * @param string $plaintextPassword
37 public static function authenticateUser($uid, $plaintextPassword)
39 $appSpecificPasswords = self::getListForUser($uid);
43 foreach ($appSpecificPasswords as $appSpecificPassword) {
44 if (password_verify($plaintextPassword, $appSpecificPassword['hashed_password'])) {
45 $fields = ['last_used' => DateTimeFormat::utcNow()];
46 if (password_needs_rehash($appSpecificPassword['hashed_password'], PASSWORD_DEFAULT)) {
47 $fields['hashed_password'] = User::hashPassword($plaintextPassword);
50 self::update($appSpecificPassword['id'], $fields);
60 * Returns a complete list of all recovery hashed_passwords for the provided user, including the used status
62 * @param int $uid User ID
66 public static function getListForUser($uid)
68 $appSpecificPasswordsStmt = DBA::select('2fa_app_specific_password', ['id', 'description', 'hashed_password', 'last_used'], ['uid' => $uid]);
70 $appSpecificPasswords = DBA::toArray($appSpecificPasswordsStmt);
72 array_walk($appSpecificPasswords, function (&$value) {
73 $value['ago'] = Temporal::getRelativeDate($value['last_used']);
76 return $appSpecificPasswords;
80 * Generates a new app specific password for the provided user and hashes it in the database.
82 * @param int $uid User ID
83 * @param string $description Password description
84 * @return array The new app-specific password data structure with the plaintext password added
87 public static function generateForUser(int $uid, $description)
89 $Random = (new Random())->size(40);
91 $plaintextPassword = $Random->get();
93 $generated = DateTimeFormat::utcNow();
97 'description' => $description,
98 'hashed_password' => User::hashPassword($plaintextPassword),
99 'generated' => $generated,
102 DBA::insert('2fa_app_specific_password', $fields);
104 $fields['id'] = DBA::lastInsertId();
105 $fields['plaintext_password'] = $plaintextPassword;
110 private static function update($appSpecificPasswordId, $fields)
112 return DBA::update('2fa_app_specific_password', $fields, ['id' => $appSpecificPasswordId]);
116 * Deletes all the recovery hashed_passwords for the provided user.
118 * @param int $uid User ID
122 public static function deleteAllForUser(int $uid)
124 return DBA::delete('2fa_app_specific_password', ['uid' => $uid]);
129 * @param int $app_specific_password_id
133 public static function deleteForUser(int $uid, int $app_specific_password_id)
135 return DBA::delete('2fa_app_specific_password', ['id' => $app_specific_password_id, 'uid' => $uid]);