3 * @copyright Copyright (C) 2010-2023, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Settings\TwoFactor;
24 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
25 use BaconQrCode\Renderer\ImageRenderer;
26 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
27 use BaconQrCode\Writer;
29 use Friendica\Core\L10n;
30 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
31 use Friendica\Core\Renderer;
32 use Friendica\Core\Session\Capability\IHandleUserSessions;
34 use Friendica\Module\BaseSettings;
35 use Friendica\Module\Response;
36 use Friendica\Module\Security\Login;
37 use Friendica\Util\Profiler;
38 use PragmaRX\Google2FA\Google2FA;
39 use Psr\Log\LoggerInterface;
42 * // Page 4: 2FA enabled but not verified, QR code and verification
44 * @package Friendica\Module\TwoFactor\Settings
46 class Verify extends BaseSettings
48 /** @var IManagePersonalConfigValues */
51 public function __construct(IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
53 parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
55 $this->pConfig = $pConfig;
57 if (!DI::userSession()->getLocalUserId()) {
61 $secret = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret');
62 $verified = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'verified');
64 if ($secret && $verified) {
65 $this->baseUrl->redirect('settings/2fa');
68 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
69 DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.'));
70 $this->baseUrl->redirect('settings/2fa');
74 protected function post(array $request = [])
76 if (!DI::userSession()->getLocalUserId()) {
80 if (($_POST['action'] ?? '') == 'verify') {
81 self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
83 $google2fa = new Google2FA();
85 $valid = $google2fa->verifyKey($this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret'), $_POST['verify_code'] ?? '');
88 $this->pConfig->set(DI::userSession()->getLocalUserId(), '2fa', 'verified', true);
89 DI::session()->set('2fa', true);
91 DI::sysmsg()->addInfo($this->t('Two-factor authentication successfully activated.'));
93 $this->baseUrl->redirect('settings/2fa');
95 DI::sysmsg()->addNotice($this->t('Invalid code, please retry.'));
100 protected function content(array $request = []): string
102 if (!DI::userSession()->getLocalUserId()) {
103 return Login::form('settings/2fa/verify');
108 $company = 'Friendica';
109 $holder = DI::session()->get('my_address');
110 $secret = $this->pConfig->get(DI::userSession()->getLocalUserId(), '2fa', 'secret');
112 $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
114 $renderer = new ImageRenderer(
115 new RendererStyle(256),
116 new SvgImageBackEnd()
119 $writer = new Writer($renderer);
121 $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
123 $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
125 $manual_message = $this->t('<p>Or you can submit the authentication settings manually:</p>
129 <dt>Account Name</dt>
135 <dt>Number of digits</dt>
137 <dt>Hashing algorithm</dt>
139 </dl>', $company, $holder, $secret);
141 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
142 '$form_security_token' => self::getFormSecurityToken('settings_2fa_verify'),
143 '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
145 '$title' => $this->t('Two-factor code verification'),
146 '$help_label' => $this->t('Help'),
147 '$message' => $this->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
148 '$qrcode_image' => $qrcode_image,
149 '$qrcode_url_message' => $this->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
150 '$manual_message' => $manual_message,
151 '$company' => $company,
152 '$holder' => $holder,
153 '$secret' => $secret,
155 '$verify_code' => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="off" placeholder="000000"'],
156 '$verify_label' => $this->t('Verify code and enable two-factor authentication'),