3 * @copyright Copyright (C) 2010-2021, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Settings\TwoFactor;
24 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
25 use BaconQrCode\Renderer\ImageRenderer;
26 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
27 use BaconQrCode\Writer;
29 use Friendica\Core\L10n;
30 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
31 use Friendica\Core\Renderer;
32 use Friendica\Core\Session;
33 use Friendica\Module\BaseSettings;
34 use Friendica\Module\Response;
35 use Friendica\Module\Security\Login;
36 use Friendica\Util\Profiler;
37 use PragmaRX\Google2FA\Google2FA;
38 use Psr\Log\LoggerInterface;
41 * // Page 4: 2FA enabled but not verified, QR code and verification
43 * @package Friendica\Module\TwoFactor\Settings
45 class Verify extends BaseSettings
47 /** @var IManagePersonalConfigValues */
50 public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IManagePersonalConfigValues $pConfig, array $server, array $parameters = [])
52 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
54 $this->pConfig = $pConfig;
60 $secret = $this->pConfig->get(local_user(), '2fa', 'secret');
61 $verified = $this->pConfig->get(local_user(), '2fa', 'verified');
63 if ($secret && $verified) {
64 $this->baseUrl->redirect('settings/2fa');
67 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
68 notice($this->t('Please enter your password to access this page.'));
69 $this->baseUrl->redirect('settings/2fa');
73 protected function post(array $request = [], array $post = [])
79 if (($_POST['action'] ?? '') == 'verify') {
80 self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
82 $google2fa = new Google2FA();
84 $valid = $google2fa->verifyKey($this->pConfig->get(local_user(), '2fa', 'secret'), $_POST['verify_code'] ?? '');
87 $this->pConfig->set(local_user(), '2fa', 'verified', true);
88 Session::set('2fa', true);
90 info($this->t('Two-factor authentication successfully activated.'));
92 $this->baseUrl->redirect('settings/2fa');
94 notice($this->t('Invalid code, please retry.'));
99 protected function content(array $request = []): string
102 return Login::form('settings/2fa/verify');
107 $company = 'Friendica';
108 $holder = Session::get('my_address');
109 $secret = $this->pConfig->get(local_user(), '2fa', 'secret');
111 $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
113 $renderer = (new \BaconQrCode\Renderer\Image\Svg())
117 $writer = new Writer($renderer);
119 $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
121 $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
123 $manual_message = $this->t('<p>Or you can submit the authentication settings manually:</p>
127 <dt>Account Name</dt>
133 <dt>Number of digits</dt>
135 <dt>Hashing algorithm</dt>
137 </dl>', $company, $holder, $secret);
139 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
140 '$form_security_token' => self::getFormSecurityToken('settings_2fa_verify'),
141 '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
143 '$title' => $this->t('Two-factor code verification'),
144 '$help_label' => $this->t('Help'),
145 '$message' => $this->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
146 '$qrcode_image' => $qrcode_image,
147 '$qrcode_url_message' => $this->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
148 '$manual_message' => $manual_message,
149 '$company' => $company,
150 '$holder' => $holder,
151 '$secret' => $secret,
153 '$verify_code' => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="off" placeholder="000000"'],
154 '$verify_label' => $this->t('Verify code and enable two-factor authentication'),