Completed
Push — master ( ddf0b9...4ab397 )
by Andrii
02:09
created

TotpController::actionToggle()   A

Complexity

Conditions 2
Paths 2

Size

Total Lines 6
Code Lines 3

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 0
CRAP Score 6

Importance

Changes 0
Metric Value
c 0
b 0
f 0
dl 0
loc 6
ccs 0
cts 5
cp 0
rs 9.4285
cc 2
eloc 3
nc 2
nop 1
crap 6
1
<?php
2
/**
3
 * Yii2 module providing multi-factor authentication
4
 *
5
 * @link      https://github.com/hiqdev/yii2-mfa
6
 * @package   yii2-mfa
7
 * @license   BSD-3-Clause
8
 * @copyright Copyright (c) 2016, HiQDev (http://hiqdev.com/)
9
 */
10
11
namespace hiqdev\yii2\mfa\controllers;
12
13
use hiqdev\yii2\mfa\forms\InputForm;
14
use Yii;
15
use yii\helpers\Url;
16
use yii\filters\AccessControl;
17
18
/**
19
 * TOTP controller.
20
 * Time-based One Time Password.
21
 */
22
class TotpController extends \yii\web\Controller
23
{
24
    public function behaviors()
25
    {
26
        return array_merge(parent::behaviors(), [
27
            'access' => [
28
                'class' => AccessControl::class,
29
                'denyCallback' => [$this, 'denyCallback'],
30
                'rules' => [
31
                    // ? - guest
32
                    [
33
                        'actions' => ['check'],
34
                        'roles' => ['?'],
35
                        'allow' => true,
36
                    ],
37
                    // @ - authenticated
38
                    [
39
                        'actions' => ['enable', 'disable', 'toggle'],
40
                        'roles' => ['@'],
41
                        'allow' => true,
42
                    ],
43
                ],
44
            ],
45
        ]);
46
    }
47
48
    public function denyCallback()
49
    {
50
        return $this->goHome();
51
    }
52
53
    public function actionEnable($back = null)
54
    {
55
        $user = Yii::$app->user->identity;
56 View Code Duplication
        if ($user->totp_secret) {
0 ignored issues
show
Duplication introduced by Andrii Vasyliev
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
57
            Yii::$app->session->setFlash('error', Yii::t('mfa', 'Two-factor authentication is already enabled. Disable first.'));
58
59
            return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
60
        }
61
62
        $model = new InputForm();
63
        $secret = $this->module->getTotp()->getSecret();
64
65
        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
66
            if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
67
                $user->totp_secret = $secret;
68
                $this->module->getTotp()->setIsVerified(true);
69
                if ($user->save() && Yii::$app->user->login($user)) {
70
                    Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully enabled.'));
71
72
                    return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
73 View Code Duplication
                } else {
0 ignored issues
show
Duplication introduced by Andrii Vasyliev
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
74
                    Yii::$app->session->setFlash('error', Yii::t('mfa', 'Sorry, we have failed to enable two-factor authentication.'));
75
76
                    return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
77
                }
78
            } else {
79
                $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
80
            }
81
        }
82
83
        $qrcode = $this->module->getTotp()->getQRCodeImageAsDataUri($user->username, $secret);
84
85
        return $this->render('enable', compact('model', 'secret', 'qrcode'));
86
    }
87
88
    public function actionDisable($back = null)
89
    {
90
        $this->module->getTotp()->removeSecret();
91
        $user = Yii::$app->user->identity;
92
        $user->totp_secret = '';
93
        if ($user->save()) {
94
            Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully disabled.'));
95
        }
96
97
        return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
98
    }
99
100
    public function deferredRedirect($url = null)
101
    {
102
        return $this->render('redirect', compact('url'));
103
    }
104
105
    public function actionToggle($back = null)
106
    {
107
        $user = Yii::$app->user->identity;
108
109
        return empty($user->totp_secret) ? $this->actionEnable($back) : $this->actionDisable($back);
110
    }
111
112
    public function actionCheck()
113
    {
114
        $user = $this->module->getHalfUser();
115
        $model = new InputForm();
116
117
        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
118
            if ($this->module->getTotp()->verifyCode($user->totp_secret, $model->code)) {
119
                $this->module->getTotp()->setIsVerified(true);
120
                Yii::$app->user->login($user);
121
122
                return $this->goBack();
123
            } else {
124
                $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
125
            }
126
        }
127
128
        return $this->render('check', [
129
            'model' => $model,
130
            'issuer' => $this->module->getTotp()->issuer,
131
            'username' => $user->username,
132
        ]);
133
    }
134
}
135