3 * @copyright Copyright (C) 2010-2022, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Security\TwoFactor;
25 use Friendica\BaseModule;
26 use Friendica\Core\L10n;
27 use Friendica\Core\Renderer;
28 use Friendica\Core\Session\Capability\IHandleUserSessions;
30 use Friendica\Model\User;
31 use Friendica\Model\User\Cookie;
32 use Friendica\Module\Response;
33 use Friendica\Network\HTTPException\FoundException;
34 use Friendica\Network\HTTPException\MovedPermanentlyException;
35 use Friendica\Network\HTTPException\TemporaryRedirectException;
36 use Friendica\Security\Authentication;
37 use Friendica\Security\TwoFactor\Exception\TrustedBrowserNotFoundException;
38 use Friendica\Security\TwoFactor\Exception\TrustedBrowserPersistenceException;
39 use Friendica\Util\Profiler;
40 use Friendica\Security\TwoFactor;
41 use Psr\Log\LoggerInterface;
44 * Page 2: Trust Browser dialog
46 * @package Friendica\Module\TwoFactor
48 class Trust extends BaseModule
52 /** @var Authentication */
54 /** @var IHandleUserSessions */
58 /** @var TwoFactor\Factory\TrustedBrowser */
59 protected $trustedBrowserFactory;
60 /** @var TwoFactor\Repository\TrustedBrowser */
61 protected $trustedBrowserRepository;
63 public function __construct(App $app, Authentication $auth, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, IHandleUserSessions $session, Cookie $cookie, TwoFactor\Factory\TrustedBrowser $trustedBrowserFactory, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Response $response, array $server, array $parameters = [])
65 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
69 $this->session = $session;
70 $this->cookie = $cookie;
71 $this->trustedBrowserFactory = $trustedBrowserFactory;
72 $this->trustedBrowserRepository = $trustedBrowserRepositoy;
75 protected function post(array $request = [])
77 if (!$this->session->getLocalUserId() || !$this->session->get('2fa')) {
78 $this->logger->info('Invalid call', ['request' => $request]);
82 $action = $request['action'] ?? '';
84 if (!empty($action)) {
85 self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_trust');
90 $trustedBrowser = $this->trustedBrowserFactory->createForUserWithUserAgent($this->session->getLocalUserId(), $this->server['HTTP_USER_AGENT'], $action === 'trust');
92 $this->trustedBrowserRepository->save($trustedBrowser);
94 // The string is sent to the browser to be sent back with each request
95 if (!$this->cookie->set('2fa_cookie_hash', $trustedBrowser->cookie_hash)) {
96 DI::sysmsg()->addNotice($this->t('Couldn\'t save browser to Cookie.'));
98 } catch (TrustedBrowserPersistenceException $exception) {
99 $this->logger->warning('Unexpected error when saving the trusted browser.', ['trustedBrowser' => $trustedBrowser, 'exception' => $exception]);
105 $this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
106 $this->baseUrl->redirect($this->session->pop('return_path', ''));
107 } catch (FoundException | TemporaryRedirectException | MovedPermanentlyException $e) {
110 } catch (\Exception $e) {
111 $this->logger->warning('Unexpected error during authentication.', ['user' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
116 protected function content(array $request = []): string
118 if (!$this->session->getLocalUserId() || !$this->session->get('2fa')) {
119 $this->baseUrl->redirect();
122 if ($this->cookie->get('2fa_cookie_hash')) {
124 $trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
125 if (!$trustedBrowser->trusted) {
126 $this->auth->setForUser($this->app, User::getById($this->app->getLoggedInUserId()), true, true);
127 $this->baseUrl->redirect($this->session->pop('return_path', ''));
129 } catch (TrustedBrowserNotFoundException $exception) {
130 $this->logger->notice('Trusted Browser of the cookie not found.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
131 } catch (TrustedBrowserPersistenceException $exception) {
132 $this->logger->warning('Unexpected persistence exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
133 } catch (\Exception $exception) {
134 $this->logger->warning('Unexpected exception.', ['cookie_hash' => $this->cookie->get('trusted'), 'uid' => $this->app->getLoggedInUserId(), 'exception' => $exception]);
138 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/trust.tpl'), [
139 '$form_security_token' => self::getFormSecurityToken('twofactor_trust'),
141 '$title' => $this->t('Trust this browser?'),
142 '$message' => $this->t('<p>If you choose to trust this browser, you will not be asked for a verification code the next time you sign in.</p>'),
143 '$not_now_label' => $this->t('Not now'),
144 '$dont_trust_label' => $this->t('Don\'t trust'),
145 '$trust_label' => $this->t('Trust'),