3 * @copyright Copyright (C) 2010-2023, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Module\Settings\TwoFactor;
24 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
25 use BaconQrCode\Renderer\ImageRenderer;
26 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
27 use BaconQrCode\Writer;
29 use Friendica\Core\L10n;
30 use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
31 use Friendica\Core\Renderer;
32 use Friendica\Core\Session\Capability\IHandleUserSessions;
33 use Friendica\Module\BaseSettings;
34 use Friendica\Module\Response;
35 use Friendica\Module\Security\Login;
36 use Friendica\Navigation\SystemMessages;
37 use Friendica\Util\Profiler;
38 use PragmaRX\Google2FA\Google2FA;
39 use Psr\Log\LoggerInterface;
42 * // Page 4: 2FA enabled but not verified, QR code and verification
44 * @package Friendica\Module\TwoFactor\Settings
46 class Verify extends BaseSettings
48 /** @var IManagePersonalConfigValues */
50 /** @var SystemMessages */
51 protected $systemMessages;
53 public function __construct(SystemMessages $systemMessages, IManagePersonalConfigValues $pConfig, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
55 parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
57 $this->pConfig = $pConfig;
58 $this->systemMessages = $systemMessages;
60 if (!$this->session->getLocalUserId()) {
64 $secret = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret');
65 $verified = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'verified');
67 if ($secret && $verified) {
68 $this->baseUrl->redirect('settings/2fa');
71 if (!self::checkFormSecurityToken('settings_2fa_password', 't')) {
72 $this->systemMessages->addNotice($this->t('Please enter your password to access this page.'));
73 $this->baseUrl->redirect('settings/2fa');
77 protected function post(array $request = [])
79 if (!$this->session->getLocalUserId()) {
83 if (($request['action'] ?? '') == 'verify') {
84 self::checkFormSecurityTokenRedirectOnError('settings/2fa/verify', 'settings_2fa_verify');
86 $google2fa = new Google2FA();
88 $valid = $google2fa->verifyKey($this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret'), $request['verify_code'] ?? '');
91 $this->pConfig->set($this->session->getLocalUserId(), '2fa', 'verified', true);
92 $this->session->set('2fa', true);
94 $this->systemMessages->addInfo($this->t('Two-factor authentication successfully activated.'));
96 $this->baseUrl->redirect('settings/2fa');
98 $this->systemMessages->addNotice($this->t('Invalid code, please retry.'));
103 protected function content(array $request = []): string
105 if (!$this->session->getLocalUserId()) {
106 return Login::form('settings/2fa/verify');
111 $company = 'Friendica';
112 $holder = $this->session->get('my_address');
113 $secret = $this->pConfig->get($this->session->getLocalUserId(), '2fa', 'secret');
115 $otpauthUrl = (new Google2FA())->getQRCodeUrl($company, $holder, $secret);
117 $renderer = new ImageRenderer(
118 new RendererStyle(256),
119 new SvgImageBackEnd()
122 $writer = new Writer($renderer);
124 $qrcode_image = str_replace('<?xml version="1.0" encoding="UTF-8"?>', '', $writer->writeString($otpauthUrl));
126 $shortOtpauthUrl = explode('?', $otpauthUrl)[0];
128 $manual_message = $this->t('<p>Or you can submit the authentication settings manually:</p>
132 <dt>Account Name</dt>
138 <dt>Number of digits</dt>
140 <dt>Hashing algorithm</dt>
142 </dl>', $company, $holder, $secret);
144 return Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/twofactor/verify.tpl'), [
145 '$form_security_token' => self::getFormSecurityToken('settings_2fa_verify'),
146 '$password_security_token' => self::getFormSecurityToken('settings_2fa_password'),
148 '$title' => $this->t('Two-factor code verification'),
149 '$help_label' => $this->t('Help'),
150 '$message' => $this->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
151 '$qrcode_image' => $qrcode_image,
152 '$qrcode_url_message' => $this->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
153 '$manual_message' => $manual_message,
154 '$company' => $company,
155 '$holder' => $holder,
156 '$secret' => $secret,
158 '$verify_code' => ['verify_code', $this->t('Please enter a code from your authentication app'), '', '', $this->t('Required'), 'autofocus autocomplete="off" placeholder="000000"'],
159 '$verify_label' => $this->t('Verify code and enable two-factor authentication'),