3 * @copyright Copyright (C) 2010-2022, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Security\TwoFactor\Model;
24 use Friendica\Database\DBA;
25 use Friendica\Util\DateTimeFormat;
26 use PragmaRX\Random\Random;
27 use PragmaRX\Recovery\Recovery;
30 * Manages users' two-factor recovery codes in the 2fa_recovery_codes table
35 * Returns the number of code the provided users can still use to replace a TOTP code
37 * @param int $uid User ID
41 public static function countValidForUser($uid)
43 return DBA::count('2fa_recovery_codes', ['uid' => $uid, 'used' => null]);
47 * Checks the provided code is available to use for login by the provided user
49 * @param int $uid User ID
54 public static function existsForUser($uid, $code)
56 return DBA::exists('2fa_recovery_codes', ['uid' => $uid, 'code' => $code, 'used' => null]);
60 * Returns a complete list of all recovery codes for the provided user, including the used status
62 * @param int $uid User ID
66 public static function getListForUser($uid)
68 $codesStmt = DBA::select('2fa_recovery_codes', ['code', 'used'], ['uid' => $uid]);
70 return DBA::toArray($codesStmt);
74 * Marks the provided code as used for the provided user.
75 * Returns false if the code doesn't exist for the user or it has been used already.
77 * @param int $uid User ID
82 public static function markUsedForUser($uid, $code)
84 DBA::update('2fa_recovery_codes', ['used' => DateTimeFormat::utcNow()], ['uid' => $uid, 'code' => $code, 'used' => null]);
86 return DBA::affectedRows() > 0;
90 * Generates a fresh set of recovery codes for the provided user.
91 * Generates 12 codes constituted of 2 blocks of 6 characters separated by a dash.
93 * @param int $uid User ID
96 public static function generateForUser($uid)
98 $Random = (new Random())->pattern('[a-z0-9]');
100 $RecoveryGenerator = new Recovery($Random);
102 $codes = $RecoveryGenerator
109 $generated = DateTimeFormat::utcNow();
110 foreach ($codes as $code) {
111 DBA::insert('2fa_recovery_codes', [
114 'generated' => $generated
120 * Deletes all the recovery codes for the provided user.
122 * @param int $uid User ID
125 public static function deleteForUser($uid)
127 DBA::delete('2fa_recovery_codes', ['uid' => $uid]);
131 * Replaces the existing recovery codes for the provided user by a freshly generated set.
133 * @param int $uid User ID
136 public static function regenerateForUser($uid)
138 self::deleteForUser($uid);
139 self::generateForUser($uid);