src/Module/Settings/TwoFactor/AppSpecific.php

   1 <?php
   2
   3
   4 namespace Friendica\Module\Settings\TwoFactor;
   5
   6
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\PConfig;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Model\TwoFactor\AppSpecificPassword;
  11 use Friendica\Module\BaseSettingsModule;
  12 use Friendica\Module\Login;
  13
  14 /**
  15  * // Page 5: 2FA enabled, app-specific password generation
  16  *
  17  * @package Friendica\Module\TwoFactor
  18  */
  19 class AppSpecific extends BaseSettingsModule
  20 {
  21         private static $appSpecificPassword = null;
  22
  23         public static function init($parameters)
  24         {
  25                 if (!local_user()) {
  26                         return;
  27                 }
  28
  29                 $verified = PConfig::get(local_user(), '2fa', 'verified');
  30
  31                 if (!$verified) {
  32                         self::getApp()->internalRedirect('settings/2fa');
  33                 }
  34
  35                 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
  36                         notice(L10n::t('Please enter your password to access this page.'));
  37                         self::getApp()->internalRedirect('settings/2fa');
  38                 }
  39         }
  40
  41         public static function post($parameters)
  42         {
  43                 if (!local_user()) {
  44                         return;
  45                 }
  46
  47                 if (!empty($_POST['action'])) {
  48                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/app_specific', 'settings_2fa_app_specific');
  49
  50                         switch ($_POST['action']) {
  51                                 case 'generate':
  52                                         $description = $_POST['description'] ?? '';
  53                                         if (empty($description)) {
  54                                                 notice(L10n::t('App-specific password generation failed: The description is empty.'));
  55                                                 self::getApp()->internalRedirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
  56                                         } elseif (AppSpecificPassword::checkDuplicateForUser(local_user(), $description)) {
  57                                                 notice(L10n::t('App-specific password generation failed: This description already exists.'));
  58                                                 self::getApp()->internalRedirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
  59                                         } else {
  60                                                 self::$appSpecificPassword = AppSpecificPassword::generateForUser(local_user(), $_POST['description'] ?? '');
  61                                                 notice(L10n::t('New app-specific password generated.'));
  62                                         }
  63
  64                                         break;
  65                                 case 'revoke_all' :
  66                                         AppSpecificPassword::deleteAllForUser(local_user());
  67                                         notice(L10n::t('App-specific passwords successfully revoked.'));
  68                                         self::getApp()->internalRedirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
  69                                         break;
  70                         }
  71                 }
  72
  73                 if (!empty($_POST['revoke_id'])) {
  74                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/app_specific', 'settings_2fa_app_specific');
  75
  76                         if (AppSpecificPassword::deleteForUser(local_user(), $_POST['revoke_id'])) {
  77                                 notice(L10n::t('App-specific password successfully revoked.'));
  78                         }
  79
  80                         self::getApp()->internalRedirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
  81                 }
  82         }
  83
  84         public static function content($parameters)
  85         {
  86                 if (!local_user()) {
  87                         return Login::form('settings/2fa/app_specific');
  88                 }
  89
  90                 parent::content($parameters);
  91
  92                 $appSpecificPasswords = AppSpecificPassword::getListForUser(local_user());
  93
  94                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/app_specific.tpl'), [
  95                         '$form_security_token'     => self::getFormSecurityToken('settings_2fa_app_specific'),
  96                         '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
  97
  98                         '$title'                  => L10n::t('Two-factor app-specific passwords'),
  99                         '$help_label'             => L10n::t('Help'),
 100                         '$message'                => L10n::t('<p>App-specific passwords are randomly generated passwords used instead your regular password to authenticate your account on third-party applications that don\'t support two-factor authentication.</p>'),
 101                         '$generated_message'      => L10n::t('Make sure to copy your new app-specific password now. You won’t be able to see it again!'),
 102                         '$generated_app_specific_password' => self::$appSpecificPassword,
 103
 104                         '$description_label'      => L10n::t('Description'),
 105                         '$last_used_label'        => L10n::t('Last Used'),
 106                         '$revoke_label'           => L10n::t('Revoke'),
 107                         '$revoke_all_label'       => L10n::t('Revoke All'),
 108
 109                         '$app_specific_passwords' => $appSpecificPasswords,
 110                         '$generate_message'       => L10n::t('When you generate a new app-specific password, you must use it right away, it will be shown to you once after you generate it.'),
 111                         '$generate_title'         => L10n::t('Generate new app-specific password'),
 112                         '$description_placeholder_label' => L10n::t('Friendiqa on my Fairphone 2...'),
 113                         '$generate_label' => L10n::t('Generate'),
 114                 ]);
 115         }
 116 }