adaptions

This commit is contained in:
Philipp 2022-06-26 10:13:32 +02:00
parent 2248850f78
commit b67e488236
No known key found for this signature in database
GPG key ID: 24A7501396EB5432
3 changed files with 24 additions and 19 deletions

View file

@ -38,7 +38,7 @@ use Psr\Log\LoggerInterface;
* *
* @package Friendica\Module\TwoFactor * @package Friendica\Module\TwoFactor
*/ */
class Signout extends BaseModule class SignOut extends BaseModule
{ {
protected $errors = []; protected $errors = [];
@ -47,15 +47,15 @@ class Signout extends BaseModule
/** @var Cookie */ /** @var Cookie */
protected $cookie; protected $cookie;
/** @var TwoFactor\Repository\TrustedBrowser */ /** @var TwoFactor\Repository\TrustedBrowser */
protected $trustedBrowserRepositoy; protected $trustedBrowserRepository;
public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, IHandleSessions $session, Cookie $cookie, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepositoy, Profiler $profiler, Response $response, array $server, array $parameters = []) public function __construct(L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, IHandleSessions $session, Cookie $cookie, TwoFactor\Repository\TrustedBrowser $trustedBrowserRepository, Profiler $profiler, Response $response, array $server, array $parameters = [])
{ {
parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
$this->session = $session; $this->session = $session;
$this->cookie = $cookie; $this->cookie = $cookie;
$this->trustedBrowserRepositoy = $trustedBrowserRepositoy; $this->trustedBrowserRepository = $trustedBrowserRepository;
} }
protected function post(array $request = []) protected function post(array $request = [])
@ -79,7 +79,7 @@ class Signout extends BaseModule
$this->baseUrl->redirect(); $this->baseUrl->redirect();
break; break;
case 'sign_out': case 'sign_out':
$this->trustedBrowserRepositoy->removeForUser(local_user(), $this->cookie->get('2fa_cookie_hash')); $this->trustedBrowserRepository->removeForUser(local_user(), $this->cookie->get('2fa_cookie_hash'));
$this->cookie->clear(); $this->cookie->clear();
$this->session->clear(); $this->session->clear();
@ -99,7 +99,7 @@ class Signout extends BaseModule
} }
try { try {
$trustedBrowser = $this->trustedBrowserRepositoy->selectOneByHash($this->cookie->get('2fa_cookie_hash')); $trustedBrowser = $this->trustedBrowserRepository->selectOneByHash($this->cookie->get('2fa_cookie_hash'));
if (!$trustedBrowser->trusted) { if (!$trustedBrowser->trusted) {
$trusted = $this->cookie->get('2fa_cookie_hash'); $trusted = $this->cookie->get('2fa_cookie_hash');
$this->cookie->reset(['2fa_cookie_hash' => $trusted]); $this->cookie->reset(['2fa_cookie_hash' => $trusted]);

View file

@ -45,8 +45,8 @@ class Index extends BaseSettings
try { try {
User::getIdFromPasswordAuthentication(local_user(), $_POST['password'] ?? ''); User::getIdFromPasswordAuthentication(local_user(), $_POST['password'] ?? '');
$has_secret = (bool) DI::pConfig()->get(local_user(), '2fa', 'secret'); $has_secret = (bool)DI::pConfig()->get(local_user(), '2fa', 'secret');
$verified = DI::pConfig()->get(local_user(), '2fa', 'verified'); $verified = DI::pConfig()->get(local_user(), '2fa', 'verified');
switch ($_POST['action'] ?? '') { switch ($_POST['action'] ?? '') {
case 'enable': case 'enable':
@ -55,7 +55,8 @@ class Index extends BaseSettings
DI::pConfig()->set(local_user(), '2fa', 'secret', $Google2FA->generateSecretKey(32)); DI::pConfig()->set(local_user(), '2fa', 'secret', $Google2FA->generateSecretKey(32));
DI::baseUrl()->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password')); DI::baseUrl()
->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password'));
} }
break; break;
case 'disable': case 'disable':
@ -71,29 +72,33 @@ class Index extends BaseSettings
break; break;
case 'recovery': case 'recovery':
if ($has_secret) { if ($has_secret) {
DI::baseUrl()->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password')); DI::baseUrl()
->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password'));
} }
break; break;
case 'app_specific': case 'app_specific':
if ($has_secret) { if ($has_secret) {
DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password')); DI::baseUrl()
->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
} }
break; break;
case 'trusted': case 'trusted':
if ($has_secret) { if ($has_secret) {
DI::baseUrl()->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password')); DI::baseUrl()
->redirect('settings/2fa/trusted?t=' . self::getFormSecurityToken('settings_2fa_password'));
} }
break; break;
case 'configure': case 'configure':
if (!$verified) { if (!$verified) {
DI::baseUrl()->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password')); DI::baseUrl()
->redirect('settings/2fa/verify?t=' . self::getFormSecurityToken('settings_2fa_password'));
} }
break; break;
} }
} catch (FoundException $exception) {
// Nothing to do here
} catch (\Exception $e) { } catch (\Exception $e) {
if (!($e instanceof FoundException)) { notice(DI::l10n()->t($e->getMessage()));
notice(DI::l10n()->t($e->getMessage()));
}
} }
} }

View file

@ -166,7 +166,7 @@ return [
'[/]' => [Module\Security\TwoFactor\Verify::class, [R::GET, R::POST]], '[/]' => [Module\Security\TwoFactor\Verify::class, [R::GET, R::POST]],
'/recovery' => [Module\Security\TwoFactor\Recovery::class, [R::GET, R::POST]], '/recovery' => [Module\Security\TwoFactor\Recovery::class, [R::GET, R::POST]],
'/trust' => [Module\Security\TwoFactor\Trust::class, [R::GET, R::POST]], '/trust' => [Module\Security\TwoFactor\Trust::class, [R::GET, R::POST]],
'/signout' => [Module\Security\TwoFactor\Signout::class, [R::GET, R::POST]], '/signout' => [Module\Security\TwoFactor\SignOut::class, [R::GET, R::POST]],
], ],
'/api' => [ '/api' => [