Rename 2FA controller

author: Frederic Guillot <fred@kanboard.net> 2016-05-26 21:05:54 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-05-26 21:05:54 -0400
commit: 33dea152fc6b0c061b1f61060cc75710dd0ec236 (patch)
tree: dd40e7501f42703957244171b89905b9050fe1d0 /app/Controller/TwoFactorController.php
parent: d9101da79e839984e0e782b48113dc61157d6688 (diff)
1 files changed, 202 insertions, 0 deletions
diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php
new file mode 100644
index 00000000..c8540f85
--- /dev/null
+++ b/app/Controller/TwoFactorController.php
@@ -0,0 +1,202 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Controller\AccessForbiddenException;
+
+/**
+ * Two Factor Auth controller
+ *
+ * @package  Kanboard/Controller
+ * @author   Frederic Guillot
+ */
+class TwoFactorController extends UserViewController
+{
+    /**
+     * Only the current user can access to 2FA settings
+     *
+     * @access private
+     * @param  array $user
+     * @throws AccessForbiddenException
+     */
+    private function checkCurrentUser(array $user)
+    {
+        if ($user['id'] != $this->userSession->getId()) {
+            throw new AccessForbiddenException();
+        }
+    }
+
+    /**
+     * Show form to disable/enable 2FA
+     *
+     * @access public
+     */
+    public function index()
+    {
+        $user = $this->getUser();
+        $this->checkCurrentUser($user);
+        unset($this->sessionStorage->twoFactorSecret);
+
+        $this->response->html($this->helper->layout->user('twofactor/index', array(
+            'user' => $user,
+            'provider' => $this->authenticationManager->getPostAuthenticationProvider()->getName(),
+        )));
+    }
+
+    /**
+     * Show page with secret and test form
+     *
+     * @access public
+     */
+    public function show()
+    {
+        $user = $this->getUser();
+        $this->checkCurrentUser($user);
+
+        $label = $user['email'] ?: $user['username'];
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
+
+        if (! isset($this->sessionStorage->twoFactorSecret)) {
+            $provider->generateSecret();
+            $provider->beforeCode();
+            $this->sessionStorage->twoFactorSecret = $provider->getSecret();
+        } else {
+            $provider->setSecret($this->sessionStorage->twoFactorSecret);
+        }
+
+        $this->response->html($this->helper->layout->user('twofactor/show', array(
+            'user' => $user,
+            'secret' => $this->sessionStorage->twoFactorSecret,
+            'qrcode_url' => $provider->getQrCodeUrl($label),
+            'key_url' => $provider->getKeyUrl($label),
+        )));
+    }
+
+    /**
+     * Test code and save secret
+     *
+     * @access public
+     */
+    public function test()
+    {
+        $user = $this->getUser();
+        $this->checkCurrentUser($user);
+
+        $values = $this->request->getValues();
+
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
+        $provider->setCode(empty($values['code']) ? '' : $values['code']);
+        $provider->setSecret($this->sessionStorage->twoFactorSecret);
+
+        if ($provider->authenticate()) {
+            $this->flash->success(t('The two factor authentication code is valid.'));
+
+            $this->user->update(array(
+                'id' => $user['id'],
+                'twofactor_activated' => 1,
+                'twofactor_secret' => $this->authenticationManager->getPostAuthenticationProvider()->getSecret(),
+            ));
+
+            unset($this->sessionStorage->twoFactorSecret);
+            $this->userSession->disablePostAuthentication();
+
+            $this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id'])));
+        } else {
+            $this->flash->failure(t('The two factor authentication code is not valid.'));
+            $this->response->redirect($this->helper->url->to('TwoFactorController', 'show', array('user_id' => $user['id'])));
+        }
+    }
+
+    /**
+     * Disable 2FA for the current user
+     *
+     * @access public
+     */
+    public function deactivate()
+    {
+        $user = $this->getUser();
+        $this->checkCurrentUser($user);
+
+        $this->user->update(array(
+            'id' => $user['id'],
+            'twofactor_activated' => 0,
+            'twofactor_secret' => '',
+        ));
+
+        // Allow the user to test or disable the feature
+        $this->userSession->disablePostAuthentication();
+
+        $this->flash->success(t('User updated successfully.'));
+        $this->response->redirect($this->helper->url->to('TwoFactorController', 'index', array('user_id' => $user['id'])));
+    }
+
+    /**
+     * Check 2FA
+     *
+     * @access public
+     */
+    public function check()
+    {
+        $user = $this->getUser();
+        $this->checkCurrentUser($user);
+
+        $values = $this->request->getValues();
+
+        $provider = $this->authenticationManager->getPostAuthenticationProvider();
+        $provider->setCode(empty($values['code']) ? '' : $values['code']);
+        $provider->setSecret($user['twofactor_secret']);
+
+        if ($provider->authenticate()) {
+            $this->userSession->validatePostAuthentication();
+            $this->flash->success(t('The two factor authentication code is valid.'));
+            $this->response->redirect($this->helper->url->to('DashboardController', 'show'));
+        } else {
+            $this->flash->failure(t('The two factor authentication code is not valid.'));
+            $this->response->redirect($this->helper->url->to('TwoFactorController', 'code'));
+        }
+    }
+
+    /**
+     * Ask the 2FA code
+     *
+     * @access public
+     */
+    public function code()
+    {
+        if (! isset($this->sessionStorage->twoFactorBeforeCodeCalled)) {
+            $provider = $this->authenticationManager->getPostAuthenticationProvider();
+            $provider->beforeCode();
+            $this->sessionStorage->twoFactorBeforeCodeCalled = true;
+        }
+
+        $this->response->html($this->helper->layout->app('twofactor/check', array(
+            'title' => t('Check two factor authentication code'),
+        )));
+    }
+
+    /**
+     * Disable 2FA for a user
+     *
+     * @access public
+     */
+    public function disable()
+    {
+        $user = $this->getUser();
+
+        if ($this->request->getStringParam('disable') === 'yes') {
+            $this->checkCSRFParam();
+
+            $this->user->update(array(
+                'id' => $user['id'],
+                'twofactor_activated' => 0,
+                'twofactor_secret' => '',
+            ));
+
+            return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
+        }
+
+        return $this->response->html($this->helper->layout->user('twofactor/disable', array(
+            'user' => $user,
+        )));
+    }
+}
author	Frederic Guillot <fred@kanboard.net>	2016-05-26 21:05:54 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-05-26 21:05:54 -0400
commit	33dea152fc6b0c061b1f61060cc75710dd0ec236 (patch)
tree	dd40e7501f42703957244171b89905b9050fe1d0 /app/Controller/TwoFactorController.php
parent	d9101da79e839984e0e782b48113dc61157d6688 (diff)