src/Module/TwoFactor/Recovery.php

   1 <?php
   2
   3 namespace Friendica\Module\TwoFactor;
   4
   5 use Friendica\BaseModule;
   6 use Friendica\Core\L10n;
   7 use Friendica\Core\Renderer;
   8 use Friendica\Core\Session;
   9 use Friendica\Model\TwoFactor\RecoveryCode;
  10
  11 /**
  12  * // Page 1a: Recovery code verification
  13  *
  14  * @package Friendica\Module\TwoFactor
  15  */
  16 class Recovery extends BaseModule
  17 {
  18         public static function init($parameters)
  19         {
  20                 if (!local_user()) {
  21                         return;
  22                 }
  23         }
  24
  25         public static function post($parameters)
  26         {
  27                 if (!local_user()) {
  28                         return;
  29                 }
  30
  31                 if (($_POST['action'] ?? '') == 'recover') {
  32                         self::checkFormSecurityTokenRedirectOnError('2fa', 'twofactor_recovery');
  33
  34                         $a = self::getApp();
  35
  36                         $recovery_code = $_POST['recovery_code'] ?? '';
  37
  38                         if (RecoveryCode::existsForUser(local_user(), $recovery_code)) {
  39                                 RecoveryCode::markUsedForUser(local_user(), $recovery_code);
  40                                 Session::set('2fa', true);
  41                                 notice(L10n::t('Remaining recovery codes: %d', RecoveryCode::countValidForUser(local_user())));
  42
  43                                 // Resume normal login workflow
  44                                 Session::setAuthenticatedForUser($a, $a->user, true, true);
  45                         } else {
  46                                 notice(L10n::t('Invalid code, please retry.'));
  47                         }
  48                 }
  49         }
  50
  51         public static function content($parameters)
  52         {
  53                 if (!local_user()) {
  54                         self::getApp()->internalRedirect();
  55                 }
  56
  57                 // Already authenticated with 2FA token
  58                 if (Session::get('2fa')) {
  59                         self::getApp()->internalRedirect();
  60                 }
  61
  62                 return Renderer::replaceMacros(Renderer::getMarkupTemplate('twofactor/recovery.tpl'), [
  63                         '$form_security_token' => self::getFormSecurityToken('twofactor_recovery'),
  64
  65                         '$title'            => L10n::t('Two-factor recovery'),
  66                         '$message'          => L10n::t('<p>You can enter one of your one-time recovery codes in case you lost access to your mobile device.</p>'),
  67                         '$recovery_message' => L10n::t('Don’t have your phone? <a href="%s">Enter a two-factor recovery code</a>', '2fa/recovery'),
  68                         '$recovery_code'    => ['recovery_code', L10n::t('Please enter a recovery code'), '', '', '', 'placeholder="000000-000000"'],
  69                         '$recovery_label'   => L10n::t('Submit recovery code and complete login'),
  70                 ]);
  71         }
  72 }