3 * @copyright Copyright (C) 2010-2022, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Security\TwoFactor;
25 use Friendica\BaseModule;
26 use Friendica\Core\L10n;
27 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
28 use Friendica\Core\Renderer;
29 use Friendica\Core\Session\Capability\IHandleUserSessions;
30 use Friendica\Module\Response;
31 use Friendica\Util\Profiler;
32 use PragmaRX\Google2FA\Google2FA;
33 use Friendica\Security\TwoFactor;
34 use Psr\Log\LoggerInterface;
37 * Page 1: Authenticator code verification
39 * @package Friendica\Module\TwoFactor
41 class Verify extends BaseModule
43 protected $errors = [];
45 /** @var IManagePersonalConfigValues */
47 /** @var IHandleUserSessions */
50 public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, $server, array $parameters = [])
52 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
54 $this->session = $session;
55 $this->pConfig = $pConfig;
58 protected function post(array $request = [])
60 if (!$this->session->getLocalUserId()) {
64 if (($request['action'] ?? '') === 'verify') {
65 self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_verify');
67 $code = $request['verify_code'] ?? '';
69 $valid = (new Google2FA())->verifyKey($this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'), $code);
71 // The same code can't be used twice even if it's valid
72 if ($valid && $this->session->get('2fa') !== $code) {
73 $this->session->set('2fa', $code);
75 $this->baseUrl->redirect('2fa/trust');
77 $this->errors[] = $this->t('Invalid code, please retry.');
82 protected function content(array $request = []): string
84 if (!$this->session->getLocalUserId()) {
85 $this->baseUrl->redirect();
88 // Already authenticated with 2FA token
89 if ($this->session->get('2fa')) {
90 $this->baseUrl->redirect();
93 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/verify.tpl'), [
94 '$form_security_token' => self::getFormSecurityToken('twofactor_verify'),
96 '$title' => $this->t('Two-factor authentication'),
97 '$message' => $this->t('<p>Open the two-factor authentication app on your device to get an authentication code and verify your identity.</p>'),
98 '$errors_label' => $this->tt('Error', 'Errors', count($this->errors)),
99 '$errors' => $this->errors,
100 '$recovery_message' => $this->t('If you do not have access to your authentication code you can use a <a href="%s">two-factor recovery code</a>.', '2fa/recovery'),
101 '$verify_code' => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="one-time-code" placeholder="000000" inputmode="numeric" pattern="[0-9]*"'],
102 '$verify_label' => $this->t('Verify code and complete login'),