src/Module/Settings/TwoFactor/Verify.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2022, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Settings\TwoFactor;
  23
  24 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
  25 use BaconQrCode\Renderer\ImageRenderer;
  26 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
  27 use BaconQrCode\Writer;
  28 use Friendica\App;
  29 use Friendica\Core\L10n;
  30 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
  31 use Friendica\Core\Renderer;
  32 use Friendica\Core\Session;
  33 use Friendica\DI;
  34 use Friendica\Module\BaseSettings;
  35 use Friendica\Module\Response;
  36 use Friendica\Module\Security\Login;
  37 use Friendica\Util\Profiler;
  38 use PragmaRX\Google2FA\Google2FA;
  39 use Psr\Log\LoggerInterface;
  40
  41 /**
  42  * // Page 4: 2FA enabled but not verified, QR code and verification
  43  *
  44  * @package Friendica\Module\TwoFactor\Settings
  45  */
  46 class Verify extends BaseSettings
  47 {
  48         /** @var IManagePersonalConfigValues */
  49         protected $pConfig;
  50
  51         public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, IManagePersonalConfigValues $pConfig, array $server, array $parameters = [])
  52         {
  53                 parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
  54
  55                 $this->pConfig = $pConfig;
  56
  57                 if (!local_user()) {
  58                         return;
  59                 }
  60
  61                 $secret   = $this->pConfig->get(local_user(), '2fa', 'secret');
  62                 $verified = $this->pConfig->get(local_user(), '2fa', 'verified');
  63
  64                 if ($secret && $verified) {
  65                         $this->baseUrl->redirect('settings/2fa');
  66                 }
  67
  68                 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
  69                         DI::sysmsg()->addNotice($this->t('Please enter your password to access this page.'));
  70                         $this->baseUrl->redirect('settings/2fa');
  71                 }
  72         }
  73
  74         protected function post(array $request = [])
  75         {
  76                 if (!local_user()) {
  77                         return;
  78                 }
  79
  80                 if (($_POST['action'] ?? '') == 'verify') {
  81                         self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
  82
  83                         $google2fa = new Google2FA();
  84
  85                         $valid = $google2fa->verifyKey($this->pConfig->get(local_user(), '2fa', 'secret'), $_POST['verify_code'] ?? '');
  86
  87                         if ($valid) {
  88                                 $this->pConfig->set(local_user(), '2fa', 'verified', true);
  89                                 DI::session()->set('2fa', true);
  90
  91                                 DI::sysmsg()->addInfo($this->t('Two-factor authentication successfully activated.'));
  92
  93                                 $this->baseUrl->redirect('settings/2fa');
  94                         } else {
  95                                 DI::sysmsg()->addNotice($this->t('Invalid code, please retry.'));
  96                         }
  97                 }
  98         }
  99
 100         protected function content(array $request = []): string
 101         {
 102                 if (!local_user()) {
 103                         return Login::form('settings/2fa/verify');
 104                 }
 105
 106                 parent::content();
 107
 108                 $company = 'Friendica';
 109                 $holder = DI::session()->get('my_address');
 110                 $secret = $this->pConfig->get(local_user(), '2fa', 'secret');
 111
 112                 $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
 113
 114                 $renderer = new ImageRenderer(
 115                         new RendererStyle(256),
 116                         new SvgImageBackEnd()
 117                 );
 118
 119                 $writer = new Writer($renderer);
 120
 121                 $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
 122
 123                 $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
 124
 125                 $manual_message = $this->t('<p>Or you can submit the authentication settings manually:</p>
 126 <dl>
 127         <dt>Issuer</dt>
 128         <dd>%s</dd>
 129         <dt>Account Name</dt>
 130         <dd>%s</dd>
 131         <dt>Secret Key</dt>
 132         <dd>%s</dd>
 133         <dt>Type</dt>
 134         <dd>Time-based</dd>
 135         <dt>Number of digits</dt>
 136         <dd>6</dd>
 137         <dt>Hashing algorithm</dt>
 138         <dd>SHA-1</dd>
 139 </dl>', $company, $holder, $secret);
 140
 141                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
 142                         '$form_security_token'     => self::getFormSecurityToken('settings_2fa_verify'),
 143                         '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
 144
 145                         '$title'              => $this->t('Two-factor code verification'),
 146                         '$help_label'         => $this->t('Help'),
 147                         '$message'            => $this->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
 148                         '$qrcode_image'       => $qrcode_image,
 149                         '$qrcode_url_message' => $this->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
 150                         '$manual_message'     => $manual_message,
 151                         '$company'            => $company,
 152                         '$holder'             => $holder,
 153                         '$secret'             => $secret,
 154
 155                         '$verify_code'  => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="off" placeholder="000000"'],
 156                         '$verify_label' => $this->t('Verify code and enable two-factor authentication'),
 157                 ]);
 158         }
 159 }