From abeeba71672a711dab98194bb8ae751ee95e3385 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Tue, 31 Mar 2015 22:48:14 -0400
Subject: Add two factor authentication

---
 app/Controller/Base.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'app/Controller/Base.php')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 6420e0ee..f498c3ce 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -176,6 +176,7 @@ abstract class Base
 
         if (! $this->acl->isPublicAction($controller, $action)) {
             $this->handleAuthentication();
+            $this->handle2FA($controller, $action);
             $this->handleAuthorization($controller, $action);
 
             $this->session['has_subtask_inprogress'] = $this->subtask->hasSubtaskInProgress($this->userSession->getId());
@@ -199,6 +200,26 @@ abstract class Base
         }
     }
 
+    /**
+     * Check 2FA
+     *
+     * @access public
+     */
+    public function handle2FA($controller, $action)
+    {
+        $controllers = array('twofactor', 'user');
+        $actions = array('code', 'check', 'logout');
+
+        if ($this->userSession->has2FA() && ! $this->userSession->check2FA() && ! in_array($controller, $controllers) && ! in_array($action, $actions)) {
+
+            if ($this->request->isAjax()) {
+                $this->response->text('Not Authorized', 401);
+            }
+
+            $this->response->redirect($this->helper->url('twofactor', 'code', array('user_id' => $user['id'])));
+        }
+    }
+
     /**
      * Check page access and authorization
      *
-- 
cgit v1.2.3