src/Module/Security/TwoFactor/Verify.php

   1 <?php
   2
   3 namespace Friendica\Module\Security\TwoFactor;
   4
   5 use Friendica\BaseModule;
   6 use Friendica\App\Authentication;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\PConfig;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Core\Session;
  11 use Friendica\DI;
  12 use PragmaRX\Google2FA\Google2FA;
  13
  14 /**
  15  * Page 1: Authenticator code verification
  16  *
  17  * @package Friendica\Module\TwoFactor
  18  */
  19 class Verify extends BaseModule
  20 {
  21         private static $errors = [];
  22
  23         public static function post(array $parameters = [])
  24         {
  25                 if (!local_user()) {
  26                         return;
  27                 }
  28
  29                 if (($_POST['action'] ?? '') == 'verify') {
  30                         self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_verify');
  31
  32                         $a = DI::app();
  33
  34                         $code = $_POST['verify_code'] ?? '';
  35
  36                         $valid = (new Google2FA())->verifyKey(DI::pConfig()->get(local_user(), '2fa', 'secret'), $code);
  37
  38                         // The same code can't be used twice even if it's valid
  39                         if ($valid && Session::get('2fa') !== $code) {
  40                                 Session::set('2fa', $code);
  41
  42                                 // Resume normal login workflow
  43                                 DI::auth()->setForUser($a, $a->user, true, true);
  44                         } else {
  45                                 self::$errors[] = L10n::t('Invalid code, please retry.');
  46                         }
  47                 }
  48         }
  49
  50         public static function content(array $parameters = [])
  51         {
  52                 if (!local_user()) {
  53                         DI::baseUrl()->redirect();
  54                 }
  55
  56                 // Already authenticated with 2FA token
  57                 if (Session::get('2fa')) {
  58                         DI::baseUrl()->redirect();
  59                 }
  60
  61                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/verify.tpl'), [
  62                         '$form_security_token' => self::getFormSecurityToken('twofactor_verify'),
  63
  64                         '$title'            => L10n::t('Two-factor authentication'),
  65                         '$message'          => L10n::t('<p>Open the two-factor authentication app on your device to get an authentication code and verify your identity.</p>'),
  66                         '$errors_label'     => L10n::tt('Error', 'Errors', count(self::$errors)),
  67                         '$errors'           => self::$errors,
  68                         '$recovery_message' => L10n::t('Don’t have your phone? <a href="%s">Enter a two-factor recovery code</a>', '2fa/recovery'),
  69                         '$verify_code'      => ['verify_code', L10n::t('Please enter a code from your authentication app'), '', '', 'required', 'autofocus placeholder="000000"', 'tel'],
  70                         '$verify_label'     => L10n::t('Verify code and complete login'),
  71                 ]);
  72         }
  73 }