3 * @copyright Copyright (C) 2010-2022, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Security\TwoFactor;
25 use Friendica\BaseModule;
26 use Friendica\Core\L10n;
27 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
28 use Friendica\Core\Renderer;
29 use Friendica\Core\Session;
30 use Friendica\Core\Session\Capability\IHandleSessions;
31 use Friendica\Module\Response;
32 use Friendica\Util\Profiler;
33 use PragmaRX\Google2FA\Google2FA;
34 use Friendica\Security\TwoFactor;
35 use Psr\Log\LoggerInterface;
38 * Page 1: Authenticator code verification
40 * @package Friendica\Module\TwoFactor
42 class Verify extends BaseModule
44 protected $errors = [];
46 /** @var IHandleSessions */
48 /** @var IManagePersonalConfigValues */
51 public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IManagePersonalConfigValues $pConfig, IHandleSessions $session, array $server, array $parameters = [])
53 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
55 $this->session = $session;
56 $this->pConfig = $pConfig;
59 protected function post(array $request = [])
61 if (!Session::getLocalUser()) {
65 if (($request['action'] ?? '') === 'verify') {
66 self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_verify');
68 $code = $request['verify_code'] ?? '';
70 $valid = (new Google2FA())->verifyKey($this->pConfig->get(Session::getLocalUser(), '2fa', 'secret'), $code);
72 // The same code can't be used twice even if it's valid
73 if ($valid && $this->session->get('2fa') !== $code) {
74 $this->session->set('2fa', $code);
76 $this->baseUrl->redirect('2fa/trust');
78 $this->errors[] = $this->t('Invalid code, please retry.');
83 protected function content(array $request = []): string
85 if (!Session::getLocalUser()) {
86 $this->baseUrl->redirect();
89 // Already authenticated with 2FA token
90 if ($this->session->get('2fa')) {
91 $this->baseUrl->redirect();
94 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/verify.tpl'), [
95 '$form_security_token' => self::getFormSecurityToken('twofactor_verify'),
97 '$title' => $this->t('Two-factor authentication'),
98 '$message' => $this->t('<p>Open the two-factor authentication app on your device to get an authentication code and verify your identity.</p>'),
99 '$errors_label' => $this->tt('Error', 'Errors', count($this->errors)),
100 '$errors' => $this->errors,
101 '$recovery_message' => $this->t('If you do not have access to your authentication code you can use a <a href="%s">two-factor recovery code</a>.', '2fa/recovery'),
102 '$verify_code' => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="one-time-code" placeholder="000000" inputmode="numeric" pattern="[0-9]*"'],
103 '$verify_label' => $this->t('Verify code and complete login'),