src/Module/Settings/TwoFactor/Trusted.php

   1 <?php
   2
   3 namespace Friendica\Module\Settings\TwoFactor;
   4
   5 use Friendica\App\BaseURL;
   6 use Friendica\Core\L10n;
   7 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Module\BaseSettings;
  10 use Friendica\Security\TwoFactor;
  11 use Friendica\Util\Temporal;
  12 use UAParser\Parser;
  13
  14 /**
  15  * Manages users' two-factor trusted browsers in the 2fa_trusted_browsers table
  16  */
  17 class Trusted extends BaseSettings
  18 {
  19         /** @var IManagePersonalConfigValues */
  20         protected $pConfig;
  21         /** @var BaseURL */
  22         protected $baseUrl;
  23         /** @var TwoFactor\Repository\TrustedBrowser */
  24         protected $trustedBrowserRepo;
  25
  26         public function __construct(IManagePersonalConfigValues $pConfig, BaseURL $baseUrl, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepo, L10n $l10n, array $parameters = [])
  27         {
  28                 parent::__construct($l10n, $parameters);
  29
  30                 $this->pConfig            = $pConfig;
  31                 $this->baseUrl            = $baseUrl;
  32                 $this->trustedBrowserRepo = $trustedBrowserRepo;
  33
  34                 if (!local_user()) {
  35                         return;
  36                 }
  37
  38                 $verified = $this->pConfig->get(local_user(), '2fa', 'verified');
  39
  40                 if (!$verified) {
  41                         $this->baseUrl->redirect('settings/2fa');
  42                 }
  43
  44                 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
  45                         notice($this->t('Please enter your password to access this page.'));
  46                         $this->baseUrl->redirect('settings/2fa');
  47                 }
  48         }
  49
  50         public function post()
  51         {
  52                 if (!local_user()) {
  53                         return;
  54                 }
  55
  56                 if (!empty($_POST['action'])) {
  57                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
  58
  59                         switch ($_POST['action']) {
  60                                 case 'remove_all' :
  61                                         $this->trustedBrowserRepo->removeAllForUser(local_user());
  62                                         info($this->t('Trusted browsers successfully removed.'));
  63                                         $this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
  64                                         break;
  65                         }
  66                 }
  67
  68                 if (!empty($_POST['remove_id'])) {
  69                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/trusted', 'settings_2fa_trusted');
  70
  71                         if ($this->trustedBrowserRepo->removeForUser(local_user(), $_POST['remove_id'])) {
  72                                 info($this->t('Trusted browser successfully removed.'));
  73                         }
  74
  75                         $this->baseUrl->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
  76                 }
  77         }
  78
  79
  80         public function content(): string
  81         {
  82                 parent::content();
  83
  84                 $trustedBrowsers = $this->trustedBrowserRepo->selectAllByUid(local_user());
  85
  86                 $parser = Parser::create();
  87
  88                 $trustedBrowserDisplay = array_map(function (TwoFactor\Model\TrustedBrowser $trustedBrowser) use ($parser) {
  89                         $dates = [
  90                                 'created_ago' => Temporal::getRelativeDate($trustedBrowser->created),
  91                                 'last_used_ago' => Temporal::getRelativeDate($trustedBrowser->last_used),
  92                         ];
  93
  94                         $result = $parser->parse($trustedBrowser->user_agent);
  95
  96                         $uaData = [
  97                                 'os' => $result->os->family,
  98                                 'device' => $result->device->family,
  99                                 'browser' => $result->ua->family,
 100                         ];
 101
 102                         return $trustedBrowser->toArray() + $dates + $uaData;
 103                 }, $trustedBrowsers->getArrayCopy());
 104
 105                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/trusted_browsers.tpl'), [
 106                         '$form_security_token' => self::getFormSecurityToken('settings_2fa_trusted'),
 107                         '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
 108
 109                         '$title'               => $this->t('Two-factor Trusted Browsers'),
 110                         '$message'             => $this->t('Trusted browsers are individual browsers you chose to skip two-factor authentication to access Friendica. Please use this feature sparingly, as it can negate the benefit of two-factor authentication.'),
 111                         '$device_label'        => $this->t('Device'),
 112                         '$os_label'            => $this->t('OS'),
 113                         '$browser_label'       => $this->t('Browser'),
 114                         '$created_label'       => $this->t('Trusted'),
 115                         '$last_used_label'     => $this->t('Last Use'),
 116                         '$remove_label'        => $this->t('Remove'),
 117                         '$remove_all_label'    => $this->t('Remove All'),
 118
 119                         '$trusted_browsers'    => $trustedBrowserDisplay,
 120                 ]);
 121         }
 122 }