3 namespace Friendica\Model\TwoFactor;
5 use Friendica\Database\DBA;
6 use Friendica\Model\User;
7 use Friendica\Util\DateTimeFormat;
8 use Friendica\Util\Temporal;
9 use PragmaRX\Random\Random;
12 * Manages users' two-factor recovery hashed_passwords in the 2fa_app_specific_passwords table
14 * @package Friendica\Model
16 class AppSpecificPassword
18 public static function countForUser($uid)
20 return DBA::count('2fa_app_specific_password', ['uid' => $uid]);
23 public static function checkDuplicateForUser($uid, $description)
25 return DBA::exists('2fa_app_specific_password', ['uid' => $uid, 'description' => $description]);
29 * Checks the provided hashed_password is available to use for login by the provided user
31 * @param int $uid User ID
32 * @param string $plaintextPassword
36 public static function authenticateUser($uid, $plaintextPassword)
38 $appSpecificPasswords = self::getListForUser($uid);
42 foreach ($appSpecificPasswords as $appSpecificPassword) {
43 if (password_verify($plaintextPassword, $appSpecificPassword['hashed_password'])) {
44 $fields = ['last_used' => DateTimeFormat::utcNow()];
45 if (password_needs_rehash($appSpecificPassword['hashed_password'], PASSWORD_DEFAULT)) {
46 $fields['hashed_password'] = User::hashPassword($plaintextPassword);
49 self::update($appSpecificPassword['id'], $fields);
59 * Returns a complete list of all recovery hashed_passwords for the provided user, including the used status
61 * @param int $uid User ID
65 public static function getListForUser($uid)
67 $appSpecificPasswordsStmt = DBA::select('2fa_app_specific_password', ['id', 'description', 'hashed_password', 'last_used'], ['uid' => $uid]);
69 $appSpecificPasswords = DBA::toArray($appSpecificPasswordsStmt);
71 array_walk($appSpecificPasswords, function (&$value) {
72 $value['ago'] = Temporal::getRelativeDate($value['last_used']);
75 return $appSpecificPasswords;
79 * Generates a new app specific password for the provided user and hashes it in the database.
81 * @param int $uid User ID
82 * @param string $description Password description
83 * @return array The new app-specific password data structure with the plaintext password added
86 public static function generateForUser(int $uid, $description)
88 $Random = (new Random())->size(40);
90 $plaintextPassword = $Random->get();
92 $generated = DateTimeFormat::utcNow();
96 'description' => $description,
97 'hashed_password' => User::hashPassword($plaintextPassword),
98 'generated' => $generated,
101 DBA::insert('2fa_app_specific_password', $fields);
103 $fields['id'] = DBA::lastInsertId();
104 $fields['plaintext_password'] = $plaintextPassword;
109 private static function update($appSpecificPasswordId, $fields)
111 return DBA::update('2fa_app_specific_password', $fields, ['id' => $appSpecificPasswordId]);
115 * Deletes all the recovery hashed_passwords for the provided user.
117 * @param int $uid User ID
121 public static function deleteAllForUser(int $uid)
123 return DBA::delete('2fa_app_specific_password', ['uid' => $uid]);
128 * @param int $app_specific_password_id
132 public static function deleteForUser(int $uid, int $app_specific_password_id)
134 return DBA::delete('2fa_app_specific_password', ['id' => $app_specific_password_id, 'uid' => $uid]);