src/Module/Security/TwoFactor/Recovery.php

   1 <?php
   2
   3 namespace Friendica\Module\Security\TwoFactor;
   4
   5 use Friendica\BaseModule;
   6 use Friendica\App\Authentication;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Core\Session;
  10 use Friendica\Model\TwoFactor\RecoveryCode;
  11
  12 /**
  13  * // Page 1a: Recovery code verification
  14  *
  15  * @package Friendica\Module\TwoFactor
  16  */
  17 class Recovery extends BaseModule
  18 {
  19         public static function init(array $parameters = [])
  20         {
  21                 if (!local_user()) {
  22                         return;
  23                 }
  24         }
  25
  26         public static function post(array $parameters = [])
  27         {
  28                 if (!local_user()) {
  29                         return;
  30                 }
  31
  32                 if (($_POST['action'] ?? '') == 'recover') {
  33                         self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_recovery');
  34
  35                         $a = self::getApp();
  36
  37                         $recovery_code = $_POST['recovery_code'] ?? '';
  38
  39                         if (RecoveryCode::existsForUser(local_user(), $recovery_code)) {
  40                                 RecoveryCode::markUsedForUser(local_user(), $recovery_code);
  41                                 Session::set('2fa', true);
  42                                 notice(L10n::t('Remaining recovery codes: %d', RecoveryCode::countValidForUser(local_user())));
  43
  44                                 // Resume normal login workflow
  45                                 /** @var Authentication $authentication */
  46                                 $authentication = self::getClass(Authentication::class);
  47                                 $authentication->setForUser($a, $a->user, true, true);
  48                         } else {
  49                                 notice(L10n::t('Invalid code, please retry.'));
  50                         }
  51                 }
  52         }
  53
  54         public static function content(array $parameters = [])
  55         {
  56                 if (!local_user()) {
  57                         self::getApp()->internalRedirect();
  58                 }
  59
  60                 // Already authenticated with 2FA token
  61                 if (Session::get('2fa')) {
  62                         self::getApp()->internalRedirect();
  63                 }
  64
  65                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/recovery.tpl'), [
  66                         '$form_security_token' => self::getFormSecurityToken('twofactor_recovery'),
  67
  68                         '$title'            => L10n::t('Two-factor recovery'),
  69                         '$message'          => L10n::t('<p>You can enter one of your one-time recovery codes in case you lost access to your mobile device.</p>'),
  70                         '$recovery_message' => L10n::t('Don’t have your phone? <a href="%s">Enter a two-factor recovery code</a>', '2fa/recovery'),
  71                         '$recovery_code'    => ['recovery_code', L10n::t('Please enter a recovery code'), '', '', '', 'placeholder="000000-000000"'],
  72                         '$recovery_label'   => L10n::t('Submit recovery code and complete login'),
  73                 ]);
  74         }
  75 }