src/Module/Settings/TwoFactor/Verify.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2021, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Settings\TwoFactor;
  23
  24 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
  25 use BaconQrCode\Renderer\ImageRenderer;
  26 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
  27 use BaconQrCode\Writer;
  28 use Friendica\App;
  29 use Friendica\Core\L10n;
  30 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
  31 use Friendica\Core\Renderer;
  32 use Friendica\Core\Session;
  33 use Friendica\Module\BaseSettings;
  34 use Friendica\Module\Response;
  35 use Friendica\Module\Security\Login;
  36 use Friendica\Util\Profiler;
  37 use PragmaRX\Google2FA\Google2FA;
  38 use Psr\Log\LoggerInterface;
  39
  40 /**
  41  * // Page 4: 2FA enabled but not verified, QR code and verification
  42  *
  43  * @package Friendica\Module\TwoFactor\Settings
  44  */
  45 class Verify extends BaseSettings
  46 {
  47         /** @var IManagePersonalConfigValues */
  48         protected $pConfig;
  49
  50         public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IManagePersonalConfigValues $pConfig, array $server, array $parameters = [])
  51         {
  52                 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
  53
  54                 $this->pConfig = $pConfig;
  55
  56                 if (!local_user()) {
  57                         return;
  58                 }
  59
  60                 $secret   = $this->pConfig->get(local_user(), '2fa', 'secret');
  61                 $verified = $this->pConfig->get(local_user(), '2fa', 'verified');
  62
  63                 if ($secret && $verified) {
  64                         $this->baseUrl->redirect('settings/2fa');
  65                 }
  66
  67                 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
  68                         notice($this->t('Please enter your password to access this page.'));
  69                         $this->baseUrl->redirect('settings/2fa');
  70                 }
  71         }
  72
  73         protected function post(array $request = [])
  74         {
  75                 if (!local_user()) {
  76                         return;
  77                 }
  78
  79                 if (($_POST['action'] ?? '') == 'verify') {
  80                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
  81
  82                         $google2fa = new Google2FA();
  83
  84                         $valid = $google2fa->verifyKey($this->pConfig->get(local_user(), '2fa', 'secret'), $_POST['verify_code'] ?? '');
  85
  86                         if ($valid) {
  87                                 $this->pConfig->set(local_user(), '2fa', 'verified', true);
  88                                 Session::set('2fa', true);
  89
  90                                 info($this->t('Two-factor authentication successfully activated.'));
  91
  92                                 $this->baseUrl->redirect('settings/2fa');
  93                         } else {
  94                                 notice($this->t('Invalid code, please retry.'));
  95                         }
  96                 }
  97         }
  98
  99         protected function content(array $request = []): string
 100         {
 101                 if (!local_user()) {
 102                         return Login::form('settings/2fa/verify');
 103                 }
 104
 105                 parent::content();
 106
 107                 $company = 'Friendica';
 108                 $holder = Session::get('my_address');
 109                 $secret = $this->pConfig->get(local_user(), '2fa', 'secret');
 110
 111                 $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
 112
 113                 $renderer = new ImageRenderer(
 114                         new RendererStyle(256),
 115                         new SvgImageBackEnd()
 116                 );
 117
 118                 $writer = new Writer($renderer);
 119
 120                 $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
 121
 122                 $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
 123
 124                 $manual_message = $this->t('<p>Or you can submit the authentication settings manually:</p>
 125 <dl>
 126         <dt>Issuer</dt>
 127         <dd>%s</dd>
 128         <dt>Account Name</dt>
 129         <dd>%s</dd>
 130         <dt>Secret Key</dt>
 131         <dd>%s</dd>
 132         <dt>Type</dt>
 133         <dd>Time-based</dd>
 134         <dt>Number of digits</dt>
 135         <dd>6</dd>
 136         <dt>Hashing algorithm</dt>
 137         <dd>SHA-1</dd>
 138 </dl>', $company, $holder, $secret);
 139
 140                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
 141                         '$form_security_token'     => self::getFormSecurityToken('settings_2fa_verify'),
 142                         '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
 143
 144                         '$title'              => $this->t('Two-factor code verification'),
 145                         '$help_label'         => $this->t('Help'),
 146                         '$message'            => $this->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
 147                         '$qrcode_image'       => $qrcode_image,
 148                         '$qrcode_url_message' => $this->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
 149                         '$manual_message'     => $manual_message,
 150                         '$company'            => $company,
 151                         '$holder'             => $holder,
 152                         '$secret'             => $secret,
 153
 154                         '$verify_code'  => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="off" placeholder="000000"'],
 155                         '$verify_label' => $this->t('Verify code and enable two-factor authentication'),
 156                 ]);
 157         }
 158 }