Add two factor authentication

2 files changed, 29 insertions, 1 deletions

diff --git a/app/Model/User.php b/app/Model/User.php
index 7586f3c4..6c348caa 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -60,7 +60,8 @@ class User extends Base
                         'is_ldap_user',
                         'notifications_enabled',
                         'google_id',
-                        'github_id'
+                        'github_id',
+                        'twofactor_activated'
                     );
     }
 
diff --git a/app/Model/UserSession.php b/app/Model/UserSession.php
index 6d9a2ebc..efb02722 100644
--- a/app/Model/UserSession.php
+++ b/app/Model/UserSession.php
@@ -28,15 +28,42 @@ class UserSession extends Base
             unset($user['password']);
         }
 
+        if (isset($user['twofactor_secret'])) {
+            unset($user['twofactor_secret']);
+        }
+
         $user['id'] = (int) $user['id'];
         $user['default_project_id'] = (int) $user['default_project_id'];
         $user['is_admin'] = (bool) $user['is_admin'];
         $user['is_ldap_user'] = (bool) $user['is_ldap_user'];
+        $user['twofactor_activated'] = (bool) $user['twofactor_activated'];
 
         $this->session['user'] = $user;
     }
 
     /**
+     * Return true if the user has validated the 2FA key
+     *
+     * @access public
+     * @return bool
+     */
+    public function check2FA()
+    {
+        return isset($this->session['2fa_validated']) && $this->session['2fa_validated'] === true;
+    }
+
+    /**
+     * Return true if the user has 2FA enabled
+     *
+     * @access public
+     * @return bool
+     */
+    public function has2FA()
+    {
+        return isset($this->session['user']['twofactor_activated']) && $this->session['user']['twofactor_activated'] === true;
+    }
+
+    /**
      * Return true if the logged user is admin
      *
      * @access public