Unverified Commit 137788b0 authored by daniel's avatar daniel Committed by GitHub
Browse files

Merge pull request #705 from pixelfed/frontend-ui-refactor

Frontend ui refactor
parents 6c2ead05 ce6ba4cd
...@@ -339,6 +339,11 @@ class AccountController extends Controller ...@@ -339,6 +339,11 @@ class AccountController extends Controller
$request->session()->push('2fa.session.active', true); $request->session()->push('2fa.session.active', true);
return redirect('/'); return redirect('/');
} else { } else {
if($this->twoFactorBackupCheck($request, $code, $user)) {
return redirect('/');
}
if($request->session()->has('2fa.attempts')) { if($request->session()->has('2fa.attempts')) {
$count = (int) $request->session()->has('2fa.attempts'); $count = (int) $request->session()->has('2fa.attempts');
$request->session()->push('2fa.attempts', $count + 1); $request->session()->push('2fa.attempts', $count + 1);
...@@ -350,4 +355,31 @@ class AccountController extends Controller ...@@ -350,4 +355,31 @@ class AccountController extends Controller
]); ]);
} }
} }
protected function twoFactorBackupCheck($request, $code, User $user)
{
$backupCodes = $user->{'2fa_backup_codes'};
if($backupCodes) {
$codes = json_decode($backupCodes, true);
foreach ($codes as $c) {
if(hash_equals($c, $code)) {
// remove code
$codes = array_flatten(array_diff($codes, [$code]));
$user->{'2fa_backup_codes'} = json_encode($codes);
$user->save();
$request->session()->push('2fa.session.active', true);
return true;
} else {
return false;
}
}
} else {
return false;
}
}
public function accountRestored(Request $request)
{
//
}
} }
...@@ -110,6 +110,19 @@ trait SecuritySettings ...@@ -110,6 +110,19 @@ trait SecuritySettings
return view('settings.security.2fa.recovery-codes', compact('user', 'codes')); return view('settings.security.2fa.recovery-codes', compact('user', 'codes'));
} }
public function securityTwoFactorRecoveryCodesRegenerate(Request $request)
{
$user = Auth::user();
if(!$user->{'2fa_enabled'} || !$user->{'2fa_secret'}) {
abort(403);
}
$backups = $this->generateBackupCodes();
$user->{'2fa_backup_codes'} = json_encode($backups);
$user->save();
return redirect(route('settings.security.2fa.recovery'));
}
public function securityTwoFactorUpdate(Request $request) public function securityTwoFactorUpdate(Request $request)
{ {
$user = Auth::user(); $user = Auth::user();
......
...@@ -23,7 +23,7 @@ return [ ...@@ -23,7 +23,7 @@ return [
| This value is the version of your PixelFed instance. | This value is the version of your PixelFed instance.
| |
*/ */
'version' => '0.7.5', 'version' => '0.7.6',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
......
...@@ -7,16 +7,26 @@ ...@@ -7,16 +7,26 @@
</div> </div>
<hr> <hr>
@if(count($codes) > 0)
<p class="lead pb-3"> <p class="lead pb-3">
Each code can only be used once. Each code can only be used once.
</p> </p>
<ul class="list-group">
<p class="lead"></p> @foreach($codes as $code)
<ul class="list-group"> <li class="list-group-item"><code>{{$code}}</code></li>
@foreach($codes as $code) @endforeach
<li class="list-group-item"><code>{{$code}}</code></li> </ul>
@endforeach @else
</ul> <div class="pt-5">
<h4 class="font-weight-bold">You are out of recovery codes</h4>
<p class="lead">Generate more recovery codes and store them in a safe place.</p>
<p>
<form method="post">
@csrf
<button type="submit" class="btn btn-primary font-weight-bold">Generate Recovery Codes</button>
</form>
</p>
</div>
@endif
@endsection @endsection
\ No newline at end of file
...@@ -166,6 +166,10 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact ...@@ -166,6 +166,10 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
'2fa/recovery-codes', '2fa/recovery-codes',
'SettingsController@securityTwoFactorRecoveryCodes' 'SettingsController@securityTwoFactorRecoveryCodes'
)->name('settings.security.2fa.recovery'); )->name('settings.security.2fa.recovery');
Route::post(
'2fa/recovery-codes',
'SettingsController@securityTwoFactorRecoveryCodesRegenerate'
);
}); });
Route::get('applications', 'SettingsController@applications')->name('settings.applications'); Route::get('applications', 'SettingsController@applications')->name('settings.applications');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment