|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Yii2 module providing multi-factor authentication |
|
4
|
|
|
* |
|
5
|
|
|
* @link https://github.com/hiqdev/yii2-mfa |
|
6
|
|
|
* @package yii2-mfa |
|
7
|
|
|
* @license BSD-3-Clause |
|
8
|
|
|
* @copyright Copyright (c) 2016, HiQDev (http://hiqdev.com/) |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace hiqdev\yii2\mfa\controllers; |
|
12
|
|
|
|
|
13
|
|
|
use hiqdev\yii2\mfa\forms\InputForm; |
|
14
|
|
|
use Yii; |
|
15
|
|
|
use yii\helpers\Url; |
|
16
|
|
|
use yii\filters\AccessControl; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* TOTP controller. |
|
20
|
|
|
* Time-based One Time Password. |
|
21
|
|
|
*/ |
|
22
|
|
|
class TotpController extends \yii\web\Controller |
|
23
|
|
|
{ |
|
24
|
|
|
public function behaviors() |
|
25
|
|
|
{ |
|
26
|
|
|
return array_merge(parent::behaviors(), [ |
|
27
|
|
|
'access' => [ |
|
28
|
|
|
'class' => AccessControl::class, |
|
29
|
|
|
'denyCallback' => [$this, 'denyCallback'], |
|
30
|
|
|
'rules' => [ |
|
31
|
|
|
// ? - guest |
|
32
|
|
|
[ |
|
33
|
|
|
'actions' => ['check'], |
|
34
|
|
|
'roles' => ['?'], |
|
35
|
|
|
'allow' => true, |
|
36
|
|
|
], |
|
37
|
|
|
// @ - authenticated |
|
38
|
|
|
[ |
|
39
|
|
|
'actions' => ['enable', 'disable', 'toggle'], |
|
40
|
|
|
'roles' => ['@'], |
|
41
|
|
|
'allow' => true, |
|
42
|
|
|
], |
|
43
|
|
|
], |
|
44
|
|
|
], |
|
45
|
|
|
]); |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
public function denyCallback() |
|
49
|
|
|
{ |
|
50
|
|
|
return $this->goHome(); |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
public function actionEnable($back = null) |
|
54
|
|
|
{ |
|
55
|
|
|
$user = Yii::$app->user->identity; |
|
56
|
|
View Code Duplication |
if ($user->totp_secret) { |
|
|
|
|
|
|
57
|
|
|
Yii::$app->session->setFlash('error', Yii::t('mfa', 'Two-factor authentication is already enabled. Disable first.')); |
|
58
|
|
|
|
|
59
|
|
|
return empty($back) ? $this->goHome() : $this->deferredRedirect($back); |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
$model = new InputForm(); |
|
63
|
|
|
$secret = $this->module->getTotp()->getSecret(); |
|
64
|
|
|
|
|
65
|
|
|
if ($model->load(Yii::$app->request->post()) && $model->validate()) { |
|
66
|
|
|
if ($this->module->getTotp()->verifyCode($secret, $model->code)) { |
|
67
|
|
|
$user->totp_secret = $secret; |
|
68
|
|
|
$this->module->getTotp()->setIsVerified(true); |
|
69
|
|
|
if ($user->save() && Yii::$app->user->login($user)) { |
|
70
|
|
|
Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully enabled.')); |
|
71
|
|
|
|
|
72
|
|
|
return empty($back) ? $this->goBack() : $this->deferredRedirect($back); |
|
73
|
|
View Code Duplication |
} else { |
|
|
|
|
|
|
74
|
|
|
Yii::$app->session->setFlash('error', Yii::t('mfa', 'Sorry, we have failed to enable two-factor authentication.')); |
|
75
|
|
|
|
|
76
|
|
|
return empty($back) ? $this->goHome() : $this->deferredRedirect($back); |
|
77
|
|
|
} |
|
78
|
|
|
} else { |
|
79
|
|
|
$model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.')); |
|
80
|
|
|
} |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
$qrcode = $this->module->getTotp()->getQRCodeImageAsDataUri($user->username, $secret); |
|
84
|
|
|
|
|
85
|
|
|
return $this->render('enable', compact('model', 'secret', 'qrcode')); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
public function actionDisable($back = null) |
|
89
|
|
|
{ |
|
90
|
|
|
$this->module->getTotp()->removeSecret(); |
|
91
|
|
|
$user = Yii::$app->user->identity; |
|
92
|
|
|
$user->totp_secret = ''; |
|
93
|
|
|
if ($user->save()) { |
|
94
|
|
|
Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully disabled.')); |
|
95
|
|
|
} |
|
96
|
|
|
|
|
97
|
|
|
return empty($back) ? $this->goBack() : $this->deferredRedirect($back); |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
public function deferredRedirect($url = null) |
|
101
|
|
|
{ |
|
102
|
|
|
return $this->render('redirect', compact('url')); |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
public function actionToggle($back = null) |
|
106
|
|
|
{ |
|
107
|
|
|
$user = Yii::$app->user->identity; |
|
108
|
|
|
|
|
109
|
|
|
return empty($user->totp_secret) ? $this->actionEnable($back) : $this->actionDisable($back); |
|
110
|
|
|
} |
|
111
|
|
|
|
|
112
|
|
|
public function actionCheck() |
|
113
|
|
|
{ |
|
114
|
|
|
$user = $this->module->getHalfUser(); |
|
115
|
|
|
$model = new InputForm(); |
|
116
|
|
|
|
|
117
|
|
|
if ($model->load(Yii::$app->request->post()) && $model->validate()) { |
|
118
|
|
|
if ($this->module->getTotp()->verifyCode($user->totp_secret, $model->code)) { |
|
119
|
|
|
$this->module->getTotp()->setIsVerified(true); |
|
120
|
|
|
Yii::$app->user->login($user); |
|
121
|
|
|
|
|
122
|
|
|
return $this->goBack(); |
|
123
|
|
|
} else { |
|
124
|
|
|
$model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.')); |
|
125
|
|
|
} |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
return $this->render('check', [ |
|
129
|
|
|
'model' => $model, |
|
130
|
|
|
'issuer' => $this->module->getTotp()->issuer, |
|
131
|
|
|
'username' => $user->username, |
|
132
|
|
|
]); |
|
133
|
|
|
} |
|
134
|
|
|
} |
|
135
|
|
|
|
hiqdev /
yii2-mfa
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.